headers
Daniel Kahn Gillmor | 16 Jun 07:11
Face

openpgp fingerprints for subkeys

Hey Folks--

Another thought about OpenPGP certificate/key infrastructure (i'm
submitting this here because the trac installation seems to be defunct
From the spam, and i'm not sure what the rightful heir is).

gnutls_openpgp_privkey_get_fingerprint() and
gnutls_openpgp_crt_get_fingerprint() both are capable of returning the
fingerprint of the primary key.  However, subkeys can have
fingerprints too, and in many circumstances it can be useful to
calculate the subkey's fingerprint.

Having a parallel subkey-specific fingerprint function would be good.

If you want to verify the subkey fingerprint calculations, you can see
them emitted with gpg with two --fingerprint options:

 gpg --fingerprint --fingerprint --list-key "$KEYID"

Regards,

        --dkg

_______________________________________________
Gnutls-devel mailing list
Gnutls-devel <at> gnu.org
http://lists.gnu.org/mailman/listinfo/gnutls-devel
Permalink | Reply |
headers
Simon Josefsson | 16 Jun 11:55
Favicon
Gravatar

Re: openpgp fingerprints for subkeys

Daniel Kahn Gillmor <dkg-debian.org <at> fifthhorseman.net> writes:

> Hey Folks--
>
> Another thought about OpenPGP certificate/key infrastructure (i'm
> submitting this here because the trac installation seems to be defunct
> From the spam, and i'm not sure what the rightful heir is).

Hi!  This list is the best place for now...

> gnutls_openpgp_privkey_get_fingerprint() and
> gnutls_openpgp_crt_get_fingerprint() both are capable of returning the
> fingerprint of the primary key.  However, subkeys can have
> fingerprints too, and in many circumstances it can be useful to
> calculate the subkey's fingerprint.

Makes sense.

> Having a parallel subkey-specific fingerprint function would be good.
>
> If you want to verify the subkey fingerprint calculations, you can see
> them emitted with gpg with two --fingerprint options:
>
>  gpg --fingerprint --fingerprint --list-key "$KEYID"

Is it easy to implement this?  I think we could squeeze this addition
into 2.4.0 if you or Nikos come up with a patch soon.

/Simon
(Continue reading)

Permalink | Reply |
headers
Nikos Mavrogiannopoulos | 16 Jun 15:41

Re: openpgp fingerprints for subkeys

On Mon, Jun 16, 2008 at 11:55 AM, Simon Josefsson <simon <at> josefsson.org> wrote:
> Makes sense.
>
>> Having a parallel subkey-specific fingerprint function would be good.
>>
>> If you want to verify the subkey fingerprint calculations, you can see
>> them emitted with gpg with two --fingerprint options:
>>
>>  gpg --fingerprint --fingerprint --list-key "$KEYID"
>
> Is it easy to implement this?  I think we could squeeze this addition
> into 2.4.0 if you or Nikos come up with a patch soon.

Could be easy but please do not delay the 2.4.0 for this. The merging
of development with my branch is already very difficult!  Such a
function can be easily implemented at any point (currently I'm not
home so I cannot provide a quick patch).

regards,
Nikos
Permalink | Reply |
headers
Simon Josefsson | 16 Jun 15:56
Favicon
Gravatar

Re: openpgp fingerprints for subkeys

"Nikos Mavrogiannopoulos" <n.mavrogiannopoulos <at> gmail.com> writes:

> On Mon, Jun 16, 2008 at 11:55 AM, Simon Josefsson <simon <at> josefsson.org> wrote:
>> Makes sense.
>>
>>> Having a parallel subkey-specific fingerprint function would be good.
>>>
>>> If you want to verify the subkey fingerprint calculations, you can see
>>> them emitted with gpg with two --fingerprint options:
>>>
>>>  gpg --fingerprint --fingerprint --list-key "$KEYID"
>>
>> Is it easy to implement this?  I think we could squeeze this addition
>> into 2.4.0 if you or Nikos come up with a patch soon.
>
> Could be easy but please do not delay the 2.4.0 for this. The merging
> of development with my branch is already very difficult!  Such a
> function can be easily implemented at any point (currently I'm not
> home so I cannot provide a quick patch).

That new API can go into a 2.4.1 as well.  I don't see a reason not to
release 2.4.0 on schedule on Thursday.

/Simon
Permalink | Reply |
headers
Daniel Kahn Gillmor | 16 Jun 16:21
Face

Re: openpgp fingerprints for subkeys

On Mon 2008-06-16 09:41:06 -0400, Nikos Mavrogiannopoulos wrote:

> On Mon, Jun 16, 2008 at 11:55 AM, Simon Josefsson <simon <at> josefsson.org> wrote:
>
>> Is it easy to implement this?  I think we could squeeze this
>> addition into 2.4.0 if you or Nikos come up with a patch soon.
>
> Could be easy but please do not delay the 2.4.0 for this. The
> merging of development with my branch is already very difficult!
> Such a function can be easily implemented at any point (currently
> I'm not home so I cannot provide a quick patch).

Attached, please find a patch to provide this functionality.  I've
tested it locally against private keys and certificates, and it seems
to work.  I still don't understand the test infrastructure, though, so
i haven't added a test, unfortunately.

Feedback on the patch is welcome.  I'm afraid it's a bit of a
cargo-cult patch (a fair bit of copy/paste from similar functions),
and it further aggravates the other concern i wrote about having too
many duplicate OpenPGP functions.  But it produces the correct
fingerprints for me.

Regards,

        --dkg

PS i also fixed a misleading comment in one of the existing
   fingerprint function headers.  Sorry to have two things in one
   patch.
(Continue reading)

Permalink | Reply |
headers
Simon Josefsson | 16 Jun 21:36
Favicon
Gravatar

Re: openpgp fingerprints for subkeys

Daniel Kahn Gillmor <dkg-debian.org <at> fifthhorseman.net> writes:

> On Mon 2008-06-16 09:41:06 -0400, Nikos Mavrogiannopoulos wrote:
>
>> On Mon, Jun 16, 2008 at 11:55 AM, Simon Josefsson <simon <at> josefsson.org> wrote:
>>
>>> Is it easy to implement this?  I think we could squeeze this
>>> addition into 2.4.0 if you or Nikos come up with a patch soon.
>>
>> Could be easy but please do not delay the 2.4.0 for this. The
>> merging of development with my branch is already very difficult!
>> Such a function can be easily implemented at any point (currently
>> I'm not home so I cannot provide a quick patch).
>
> Attached, please find a patch to provide this functionality.  I've
> tested it locally against private keys and certificates, and it seems
> to work.  I still don't understand the test infrastructure, though, so
> i haven't added a test, unfortunately.
>
> Feedback on the patch is welcome.  I'm afraid it's a bit of a
> cargo-cult patch (a fair bit of copy/paste from similar functions),
> and it further aggravates the other concern i wrote about having too
> many duplicate OpenPGP functions.  But it produces the correct
> fingerprints for me.

It looks small and harmless.  I think we should add it before v2.4.0.
Have you signed copyright papers with FSF?  My fencepost.gnu.org account
doesn't seem to work so I can't check it...  A copyright transfer is
required to use your work.  If not I can send you the forms offline.  If
you agree to sign them, I don't think we need to hold up the release
(Continue reading)

Permalink | Reply |
headers
Daniel Kahn Gillmor | 16 Jun 23:36
Face

Re: openpgp fingerprints for subkeys

On Mon 2008-06-16 15:36:03 -0400, Simon Josefsson wrote:

> It looks small and harmless.  I think we should add it before
> v2.4.0.  Have you signed copyright papers with FSF?  My
> fencepost.gnu.org account doesn't seem to work so I can't check
> it...  A copyright transfer is required to use your work.  If not I
> can send you the forms offline.  If you agree to sign them, I don't
> think we need to hold up the release before the FSF has received
> your papers.

Sounds good to me.  I've never signed copyright assignment papers with
the FSF, but i have no problem assigning copyright for my GnuTLS
OpenPGP subkey-fingerprinting patch to the FSF.  Send me whatever you
need for that to take effect, and i'll take care of it.

Thanks for being so responsive on this during your time off.  I'm
looking forward to the 2.4.0 release.

Regards,

     --dkg

PS as far as i'm concerned, this publically-stated, OpenPGP-signed,
   published electronic message carries more weight than any forgeable
   dead-tree silliness, but i'm happy to take equivalent formal and/or
   archaic steps to smooth things out if other folks think they're
   needed.

_______________________________________________
(Continue reading)

Permalink | Reply |
headers
Daniel Kahn Gillmor | 16 Jun 23:36
Face

Re: openpgp fingerprints for subkeys

On Mon 2008-06-16 15:36:03 -0400, Simon Josefsson wrote:

> It looks small and harmless.  I think we should add it before
> v2.4.0.  Have you signed copyright papers with FSF?  My
> fencepost.gnu.org account doesn't seem to work so I can't check
> it...  A copyright transfer is required to use your work.  If not I
> can send you the forms offline.  If you agree to sign them, I don't
> think we need to hold up the release before the FSF has received
> your papers.

Sounds good to me.  I've never signed copyright assignment papers with
the FSF, but i have no problem assigning copyright for my GnuTLS
OpenPGP subkey-fingerprinting patch to the FSF.  Send me whatever you
need for that to take effect, and i'll take care of it.

Thanks for being so responsive on this during your time off.  I'm
looking forward to the 2.4.0 release.

Regards,

     --dkg

PS as far as i'm concerned, this publically-stated, OpenPGP-signed,
   published electronic message carries more weight than any forgeable
   dead-tree silliness, but i'm happy to take equivalent formal and/or
   archaic steps to smooth things out if other folks think they're
   needed.

_______________________________________________
(Continue reading)

Permalink | Reply |
headers
Simon Josefsson | 17 Jun 01:14
Favicon
Gravatar

Re: openpgp fingerprints for subkeys

Daniel Kahn Gillmor <dkg <at> fifthhorseman.net> writes:

> On Mon 2008-06-16 15:36:03 -0400, Simon Josefsson wrote:
>
>> It looks small and harmless.  I think we should add it before
>> v2.4.0.  Have you signed copyright papers with FSF?  My
>> fencepost.gnu.org account doesn't seem to work so I can't check
>> it...  A copyright transfer is required to use your work.  If not I
>> can send you the forms offline.  If you agree to sign them, I don't
>> think we need to hold up the release before the FSF has received
>> your papers.
>
> Sounds good to me.  I've never signed copyright assignment papers with
> the FSF, but i have no problem assigning copyright for my GnuTLS
> OpenPGP subkey-fingerprinting patch to the FSF.  Send me whatever you
> need for that to take effect, and i'll take care of it.

Sent privately, thank you.

> Thanks for being so responsive on this during your time off.  I'm
> looking forward to the 2.4.0 release.

Me too! :)

> PS as far as i'm concerned, this publically-stated, OpenPGP-signed,
>    published electronic message carries more weight than any forgeable
>    dead-tree silliness, but i'm happy to take equivalent formal and/or
>    archaic steps to smooth things out if other folks think they're
>    needed.
(Continue reading)

Permalink | Reply |
headers
Werner Koch | 17 Jun 21:21

Re: openpgp fingerprints for subkeys

On Mon, 16 Jun 2008 23:36, dkg <at> fifthhorseman.net said:

>    published electronic message carries more weight than any forgeable
>    dead-tree silliness, but i'm happy to take equivalent formal and/or
>    archaic steps to smooth things out if other folks think they're

Check out Bruce Schneier's latetest Cryptgram to see why paper and
pencil signatures have a lot of value.

Salam-Shalom,

   Werner

--

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.
Permalink | Reply |
headers
Simon Josefsson | 18 Jun 14:57
Favicon
Gravatar

Re: openpgp fingerprints for subkeys

Daniel Kahn Gillmor <dkg-debian.org <at> fifthhorseman.net> writes:

> Attached, please find a patch to provide this functionality.

Applied.

Thanks,
/Simon
Permalink | Reply |

Gmane