libgcrypt, pk api, sample code

Vladimir Vukicevic vladimir@Intrepid.Com
Mon, 12 Jun 2000 00:02:40 -0700 (PDT)


Howdy.. I see that this list has not been used for a while now, but I'm
hoping that someone is still reading it ;-) We're developing some software
that needs to do public-key encryption, and since our software will be
GPL'd, using GnuPG seems the right way to go.. but I've got a few
questions.

I'm using the latest CVS snapshot of the gnupg codebase and I'm
trying to use the gcrypt library to do public key encyrption from
a server. (Server has its own keypair and clients can send encrypted
data to it or receieve data encrypted with the clients' own key.)
The first problem that I'm running into is that binaries that are
linked to the shared libgcrypt fail in random ways, but not all the time.
(i.e. gcry_pk_encrypt succeeds, but gcry_pk_decrypt fails.) A
statically-linked version works. I've sort of traced this down to a
problem in building libgcrypt -- the .so is only 400k big, while the .a is
about 1.3MB -- something is clearly wrong. For one, the .sym file that
contained the publicly-exported functions was very limited; it didn't suck
in the gcry_* functions from the mpi and cipher directories. But even
fixing that didn't fix the bug. Any thoughts?

Also, is there any sample code for -anything-? (Esp. the pk encryption.)
I've gotten as far as generating a keypair and encrypting and decrypting
simple data. The problems I run into is that I'm using gcry_mpi_scan to
convert arbitrary data into an MPI; at what block sizes should I do this
for large data? Also, by doing this for simple data using ElGemal, the
encrypted data comes out to be about 20x as big as the cleartext, which
seems to be wrong (I thought ElGemal ended up as 2x..) Some sample code to
encrypt a file to a simple format and decrypt it would be much
appreciated. (The gpg code itself helps, but since it uses iobufs and
slings a lot of structs containing state around, it's rather difficult to
glean the important bits -- plus that it doesn't fully use the gcrypt API
itself ;-)

Also, is any development on libgcrypt being done still? If not, is there
any interest at all in continuing it? What are the legalities of someone
in the US contributing to libgcrypt? (I'll be out of the country for most
of July & August, so that wouldn't be as much of an issue then.) Is there
a list of things that needs doing?

Thanks,
	- Vladimir
	- vladimir@helixcode.com