From wk at gnupg.org Wed Apr 7 20:52:57 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Apr 7 20:36:51 2004 Subject: Any comments on the last release? Message-ID: <87wu4r62nq.fsf@vigenere.g10code.de> Hi! I have not seen many comments on the last libgcrypt release. Was it so awful that you all gave up sending bug reports ;-?. Soem questions: * Are there any problems building it? * Did you try to use it with your application? * Comments on the new thread support scheme? And the final one: * Are we ready for 1.2? Werner From nmav at gnutls.org Wed Apr 7 22:53:59 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Wed Apr 7 21:47:48 2004 Subject: Any comments on the last release? In-Reply-To: <87wu4r62nq.fsf@vigenere.g10code.de> References: <87wu4r62nq.fsf@vigenere.g10code.de> Message-ID: <200404072353.59207.nmav@gnutls.org> On Wednesday 07 April 2004 21:52, Werner Koch wrote: > I have not seen many comments on the last libgcrypt release. ?Was it > so awful that you all gave up sending bug reports ;-?. ?Soem questions: > * Are there any problems building it? > * Did you try to use it with your application? > * Comments on the new thread support scheme? I've tested it with gnutls and a multi-threaded web server and worked fine. I have noticed, however, a delay in the RSA parameters generation (at least for the 512 bits that are used by gnutls). Were there any changes on this part? -- Nikos Mavroyanopoulos From wk at gnupg.org Thu Apr 8 08:30:31 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Apr 8 08:16:51 2004 Subject: Any comments on the last release? In-Reply-To: <200404072353.59207.nmav@gnutls.org> (Nikos Mavroyanopoulos's message of "Wed, 7 Apr 2004 23:53:59 +0300") References: <87wu4r62nq.fsf@vigenere.g10code.de> <200404072353.59207.nmav@gnutls.org> Message-ID: <87oeq356d4.fsf@vigenere.g10code.de> On Wed, 7 Apr 2004 23:53:59 +0300, Nikos Mavroyanopoulos said: > I've tested it with gnutls and a multi-threaded web server and worked fine. > I have noticed, however, a delay in the RSA parameters generation (at least > for the 512 bits that are used by gnutls). Were there any changes on this > part? There is one change in the prime generator where the callback is called at other places using the new modes: #define GCRY_PRIME_CHECK_AT_GOT_PRIME 1 #define GCRY_PRIME_CHECK_AT_MAYBE_PRIME 2 if you probably check for mode (which used to be 0 in previous versions), it should not make any difference. Werner From lnxmatt at earthlink.net Wed Apr 14 06:27:17 2004 From: lnxmatt at earthlink.net (Matthew Reath) Date: Wed Apr 14 04:22:56 2004 Subject: Palm OS 5 Port of libgcrypt Message-ID: <0356EA3C-8DCC-11D8-A041-000A95D140C2@earthlink.net> I'm looking to get libgcrypt running on my Tungsten. Does anybody know of any active ports? By using GCC its possible to install GLib libraries as shared libraries on the palm. Once I have libgcrypt running on the Palm I'm going to be developing a suite of encryption and management applications. From craig at twolips-translations.co.uk Wed Apr 14 08:23:15 2004 From: craig at twolips-translations.co.uk (Craig Graham) Date: Wed Apr 14 08:20:11 2004 Subject: Newbie help Message-ID: <014b01c421e8$f870fc60$fe01010a@craigloft> I've installed libgcrypt 1.1.42 and libgpg-error 0.6 but am having problems building the example "basic.c" from the tests directory. This is likely to be something quite simple because I've never manually built anything before on Linux! I'm using Borland CBuilderX and it compiles fine, but on linking I get many errors. By doing the linking step manually I can reproduce the problem in a more portable way; [root@splosh Debug_Build]# g++ -o test basic.o -lgcrypt -lgpg-error basic.o(.text+0x10e): In function `check_cbc_mac_cipher': /usr/NETDRIVE/Work/basic.c:108: undefined reference to `gpg_strerror(unsigned)' basic.o(.text+0x2a8):/usr/NETDRIVE/Work/basic.c:130: undefined reference to `gpg_strerror(unsigned)' basic.o(.text+0x328):/usr/NETDRIVE/Work/basic.c:138: undefined reference to `gpg_strerror(unsigned)' basic.o(.text+0x467):/usr/NETDRIVE/Work/basic.c:152: undefined reference to `gpg_strerror(unsigned)' basic.o(.text+0x621): In function `check_aes128_cbc_cts_cipher': /usr/NETDRIVE/Work/basic.c:224: undefined reference to `gpg_strerror(unsigned)' basic.o(.text+0x670):/usr/NETDRIVE/Work/basic.c:231: more undefined references to `gpg_strerror(unsigned)' follow collect2: ld returned 1 exit status It makes no difference which order I put the last three arguments in. I've confirmed that the function is in the library; [root@splosh craig]# nm /usr/local/lib/libgpg-error.so |grep gpg_strerror 00000990 T gpg_strerror 00000af0 T gpg_strerror_r [root@splosh craig]# and since g+ has given no error about being able to find the two libraries, and it does give errors if I mistype the name to test, it seems to be able to load them. Can anyone point out my mistake? -- Dr. Craig Graham, Software Engineer Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/ From craig at twolips-translations.co.uk Wed Apr 14 10:00:19 2004 From: craig at twolips-translations.co.uk (Craig Graham) Date: Wed Apr 14 09:57:17 2004 Subject: Newbie help References: <014b01c421e8$f870fc60$fe01010a@craigloft> Message-ID: <027801c421f6$87ad00b0$fe01010a@craigloft> Craig Graham wrote: > I'm using Borland CBuilderX and it compiles fine, but on linking I > get many errors. By doing the linking step manually I can reproduce > the problem in a more portable way; I remembered that I had to make some code changes to get things to compile- mainly because I'm unfamiliar with all the "dialect" options and was getting errors about illegal typecasting (I first started playing with this a couple of weeks ago and have been trying things on and off). So I've gone back to the original directory and tried doing simply "make basic" and "make keygen"; the results are the same [root@splosh tests]# make basic /bin/sh ../libtool --mode=link gcc -g -O2 -Wall -o basic basic.o ../src/libgcrypt.la -lnsl -lnsl gcc -g -O2 -Wall -o .libs/basic basic.o ../src/.libs/libgcrypt.so -lnsl -Wl,--rpath -Wl,/usr/local/lib basic.o(.text+0x2a0): In function `check_cbc_mac_cipher': /usr/NETDRIVE/Inbox/PGP/libgcrypt-1.1.42/tests/basic.c:120: undefined reference to `gpg_strerror' basic.o(.text+0x30d):/usr/NETDRIVE/Inbox/PGP/libgcrypt-1.1.42/tests/basic.c: 154: undefined reference to `gpg_strerror' basic.o(.text+0x32f):/usr/NETDRIVE/Inbox/PGP/libgcrypt-1.1.42/tests/basic.c: 145: undefined reference to `gpg_strerror' basic.o(.text+0x351):/usr/NETDRIVE/Inbox/PGP/libgcrypt-1.1.42/tests/basic.c: 168: undefined reference to `gpg_strerror' basic.o(.text+0x3e3): In function `check_aes128_cbc_cts_cipher': /usr/NETDRIVE/Inbox/PGP/libgcrypt-1.1.42/tests/basic.c:235: undefined reference to `gpg_strerror' basic.o(.text+0x56d):/usr/NETDRIVE/Inbox/PGP/libgcrypt-1.1.42/tests/basic.c: 242: more undefined references to `gpg_strerror' follow ../src/.libs/libgcrypt.so: undefined reference to `gpg_err_code_from_errno' ../src/.libs/libgcrypt.so: undefined reference to `gpg_strsource' collect2: ld returned 1 exit status make: *** [basic] Error 1 [root@splosh tests]# make keygen /bin/sh ../libtool --mode=link gcc -g -O2 -Wall -o keygen keygen.o ../src/libgcrypt.la -lnsl -lnsl gcc -g -O2 -Wall -o .libs/keygen keygen.o ../src/.libs/libgcrypt.so -lnsl -Wl,--rpath -Wl,/usr/local/lib keygen.o(.text+0x85): In function `print_mpi': /usr/NETDRIVE/Inbox/PGP/libgcrypt-1.1.42/tests/keygen.c:64: undefined reference to `gpg_strerror' keygen.o(.text+0x1da): In function `check_generated_rsa_key': /usr/NETDRIVE/Inbox/PGP/libgcrypt-1.1.42/tests/keygen.c:111: undefined reference to `gpg_strerror' keygen.o(.text+0x3e5): In function `check_rsa_keys': /usr/NETDRIVE/Inbox/PGP/libgcrypt-1.1.42/tests/keygen.c:131: undefined reference to `gpg_strerror' keygen.o(.text+0x425):/usr/NETDRIVE/Inbox/PGP/libgcrypt-1.1.42/tests/keygen. c:135: undefined reference to `gpg_strerror' keygen.o(.text+0x445):/usr/NETDRIVE/Inbox/PGP/libgcrypt-1.1.42/tests/keygen. c:171: undefined reference to `gpg_strerror' keygen.o(.text+0x47d):/usr/NETDRIVE/Inbox/PGP/libgcrypt-1.1.42/tests/keygen. c:167: more undefined references to `gpg_strerror' follow ../src/.libs/libgcrypt.so: undefined reference to `gpg_err_code_from_errno' ../src/.libs/libgcrypt.so: undefined reference to `gpg_strsource' collect2: ld returned 1 exit status make: *** [keygen] Error 1 Can't get simpler than this. Any suggestions as to what is going wrong? -- Dr. Craig Graham, Software Engineer Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/ From wk at gnupg.org Wed Apr 14 10:56:11 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Apr 14 10:41:32 2004 Subject: Newbie help In-Reply-To: <014b01c421e8$f870fc60$fe01010a@craigloft> (Craig Graham's message of "Wed, 14 Apr 2004 07:23:15 +0100") References: <014b01c421e8$f870fc60$fe01010a@craigloft> Message-ID: <87n05fos44.fsf@vigenere.g10code.de> On Wed, 14 Apr 2004 07:23:15 +0100, Craig Graham said: > I've installed libgcrypt 1.1.42 and libgpg-error 0.6 but am having problems > building the example "basic.c" from the tests directory. This is likely to Please don't use this versions - use 1.1.94 this will be the real stable thing in a couple of days. > [root@splosh Debug_Build]# g++ -o test basic.o -lgcrypt -lgpg-error You are using a C++ compiler to build C programs - that may work or may not work. In this case you should get the latest libgpg-error (0.7) because it allows to use gpg-error.h with C++. > and since g+ has given no error about being able to find the two libraries, It did ("undefined reference..."). You should also run libgcrypt-config --libs to see the command line arguments you need to pass to the compiler (note the -L) Hth, Werner From craig at twolips-translations.co.uk Wed Apr 14 12:22:29 2004 From: craig at twolips-translations.co.uk (Craig Graham) Date: Wed Apr 14 12:19:27 2004 Subject: Newbie help References: <014b01c421e8$f870fc60$fe01010a@craigloft> <87n05fos44.fsf@vigenere.g10code.de> Message-ID: <029c01c4220a$642cee20$fe01010a@craigloft> Werner Koch wrote: > Please don't use this versions - use 1.1.94 this will be the real > stable thing in a couple of days. Thanks for the response. How do I obtain 1.1.94 and the new gpg-error? The latest tarball I can find is 1.1.42 and I can't seem to get it from CVS; [root@splosh libgcrypt-CVS]# cvs -z3 -d :pserver:anoncvs@cvs.gnupg.org:/cvs/gnupg checkout libgcrypt cvs checkout: warning: failed to open /root/.cvspass for reading: No such file or directory cvs checkout: authorization failed: server cvs.gnupg.org rejected access to /cvs/gnupg for user anoncvs cvs checkout: used empty password; try "cvs login" with a real password [root@splosh libgcrypt-CVS]# -- Dr. Craig Graham, Software Engineer Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/ From lnxmatt at earthlink.net Wed Apr 14 06:24:03 2004 From: lnxmatt at earthlink.net (Matthew Reath) Date: Wed Apr 14 13:43:25 2004 Subject: Palm OS 5 Port of libgcrypt Message-ID: <8F7D44B5-8DCB-11D8-A041-000A95D140C2@earthlink.net> I'm looking to get libgcrypt running on my Tungsten. Does anybody know of any active ports? By using GCC its possible to install GLib libraries as shared libraries on the palm. Once I have libgcrypt running on the Palm I'm going to be developing a suite of encryption and management applications. From jst3290 at ritvax.isc.rit.edu Wed Apr 14 13:30:07 2004 From: jst3290 at ritvax.isc.rit.edu (Joseph S. Testa II) Date: Wed Apr 14 13:43:27 2004 Subject: Newbie help In-Reply-To: <029c01c4220a$642cee20$fe01010a@craigloft> References: <014b01c421e8$f870fc60$fe01010a@craigloft> <87n05fos44.fsf@vigenere.g10code.de> <029c01c4220a$642cee20$fe01010a@craigloft> Message-ID: <407D20BF.1020900@rit.edu> Craig Graham wrote: >How do I obtain 1.1.94 and the new gpg-error? > ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.94.tar.gz ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.94.tar.gz.sig ftp://ftp.gnupg.org/gcrypt/alpha/libgpg-error/libgpg-error-0.7.tar.gz ftp://ftp.gnupg.org/gcrypt/alpha/libgpg-error/libgpg-error-0.7.tar.gz.sig The link on the gnupg.org web site still links to v1.1.42, so its not your fault that you couldn't find these... - Joe From wk at gnupg.org Wed Apr 14 16:34:31 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Apr 14 16:16:30 2004 Subject: Palm OS 5 Port of libgcrypt In-Reply-To: <8F7D44B5-8DCB-11D8-A041-000A95D140C2@earthlink.net> (Matthew Reath's message of "Tue, 13 Apr 2004 21:24:03 -0700") References: <8F7D44B5-8DCB-11D8-A041-000A95D140C2@earthlink.net> Message-ID: <87oepuocg8.fsf@vigenere.g10code.de> On Tue, 13 Apr 2004 21:24:03 -0700, Matthew Reath said: > I'm looking to get libgcrypt running on my Tungsten. Does anybody know > of any active ports? By using GCC its possible to install GLib If it is a POSIX alike system chances are good that you can build it tehre. The only problematic part is on how to gather the entropy for the RNG. Werner From wk at gnupg.org Wed Apr 14 16:35:53 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Apr 14 16:21:30 2004 Subject: Newbie help In-Reply-To: <407D20BF.1020900@rit.edu> (Joseph S. Testa, II's message of "Wed, 14 Apr 2004 07:30:07 -0400") References: <014b01c421e8$f870fc60$fe01010a@craigloft> <87n05fos44.fsf@vigenere.g10code.de> <029c01c4220a$642cee20$fe01010a@craigloft> <407D20BF.1020900@rit.edu> Message-ID: <87k70iocdy.fsf@vigenere.g10code.de> On Wed, 14 Apr 2004 07:30:07 -0400, Joseph S Testa said: > The link on the gnupg.org web site still links to v1.1.42, so its > not your fault that you couldn't find these... Thanks, I'll fix it. Werner From wk at gnupg.org Wed Apr 14 16:42:42 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Apr 14 16:26:29 2004 Subject: Newbie help In-Reply-To: <029c01c4220a$642cee20$fe01010a@craigloft> (Craig Graham's message of "Wed, 14 Apr 2004 11:22:29 +0100") References: <014b01c421e8$f870fc60$fe01010a@craigloft> <87n05fos44.fsf@vigenere.g10code.de> <029c01c4220a$642cee20$fe01010a@craigloft> Message-ID: <87fzb6oc2l.fsf@vigenere.g10code.de> On Wed, 14 Apr 2004 11:22:29 +0100, Craig Graham said: > How do I obtain 1.1.94 and the new gpg-error? The latest tarball I can find > is 1.1.42 and I can't seem to get it from CVS; I see now that the GNU directory lists the excact tarball instead of just the directory. ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/ is the canonical location for the development version of library; the URL without "alpha" will soon carry the stable version. > [root@splosh libgcrypt-CVS]# cvs -z3 -d > :pserver:anoncvs@cvs.gnupg.org:/cvs/gnupg checkout libgcrypt Did you do a cvs -d :pserver:anoncvs@cvs.gnupg.org:/cvs/gnupg login using password "anoncvs" prior of checking out? Werner From craig at twolips-translations.co.uk Wed Apr 14 17:21:41 2004 From: craig at twolips-translations.co.uk (Craig Graham) Date: Wed Apr 14 17:18:51 2004 Subject: Newbie help References: <014b01c421e8$f870fc60$fe01010a@craigloft><87n05fos44.fsf@vigenere.g10code.de><029c01c4220a$642cee20$fe01010a@craigloft> <87fzb6oc2l.fsf@vigenere.g10code.de> Message-ID: <03d301c42234$30256f60$fe01010a@craigloft> Werner Koch wrote: > On Wed, 14 Apr 2004 11:22:29 +0100, Craig Graham said: >> [root@splosh libgcrypt-CVS]# cvs -z3 -d >>> pserver:anoncvs@cvs.gnupg.org:/cvs/gnupg checkout libgcrypt > > Did you do a > > cvs -d :pserver:anoncvs@cvs.gnupg.org:/cvs/gnupg login > > using password "anoncvs" prior of checking out? > > > Werner Ah- now it works. I've not done anonymous CVS before. >From an email from you earlier it seems I've been barking up the wrong tree. GPGME seems a more appropriate way to go, and I'm playing with it at the moment. Having trouble running (not building) the test apps manually, but since "make" is able to do it it's my lack of understanding on library linking and search paths. My attemps build and link but cannot find the library at run time. I'm ready to quit for the day now, so maybe inspiration will hit overnight. At least I've actually got somewhere today :) -- Dr. Craig Graham, Software Engineer Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/ From lnxmatt at earthlink.net Wed Apr 14 20:12:09 2004 From: lnxmatt at earthlink.net (Matthew Reath) Date: Wed Apr 14 20:09:22 2004 Subject: Palm OS 5 Port of libgcrypt Message-ID: <19176174.1081966331818.JavaMail.root@bert.psp.pas.earthlink.net> Basically my ultimate goal is to create a suite of messaging tools that support encryption through OpenPGP public-key encryption. I have designs for an email client that supports encryption/signing, instant messaging client that supports encryption/signing, a key management application (be able to beam send/receive public-keys, create keys, import keys, export keys, etc.), and a file encryption utility (encrypt files and encrypt entire SD/MMC, memory stick, CF cards.) I would create the code for Palm OS 5 with ARM support for the intense encryption functions. An ARM 400MHz processor will do the trick. But again it leaves me with the random number issue. I wonder if there is a RNG library available for the palm. I'll have to look. I would like to use GPL or LGPL libraries to do this and release the entire suite under the GPL. Any insight, suggestions, etc would be greatly appreciated. I've been using GPG for years now and am versed in C/C++ programming and Palm programming. Matt -----Original Message----- From: Werner Koch Sent: Apr 14, 2004 9:34 AM To: Matthew Reath Cc: gcrypt-devel@gnupg.org Subject: Re: Palm OS 5 Port of libgcrypt On Tue, 13 Apr 2004 21:24:03 -0700, Matthew Reath said: > I'm looking to get libgcrypt running on my Tungsten. Does anybody know > of any active ports? By using GCC its possible to install GLib If it is a POSIX alike system chances are good that you can build it tehre. The only problematic part is on how to gather the entropy for the RNG. Werner From craig at twolips-translations.co.uk Thu Apr 15 09:10:49 2004 From: craig at twolips-translations.co.uk (Craig Graham) Date: Thu Apr 15 09:08:01 2004 Subject: GPGME on Windows References: <19176174.1081966331818.JavaMail.root@bert.psp.pas.earthlink.net> Message-ID: <002b01c422b8$c812ab10$fe01010a@craigloft> Is there a way to get GPGME working natively under Windows (as a DLL perhaps) rather than via CygWin? Google throws up hints and comments that it is but I can find nothing definite. -- Dr. Craig Graham, Software Engineer Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/ From moritz at g10code.com Fri Apr 16 17:26:07 2004 From: moritz at g10code.com (Moritz Schulte) Date: Fri Apr 16 18:20:26 2004 Subject: Libgcrypt-1.2.0 released Message-ID: We are pleased to announce the availability of Libgcrypt 1.2.0, which is the first stable release of this general purpose crypto library based on GnuPG code. Note, that Libgcrypt is neither a replacement for GnuPG nor does it contain a library version of GnuPG. It is only of interest for developers of crypto applications with a need for crypto building blocks available under the GNU Lesser General Public License. Complete source packages: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.0.tar.gz (927k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.0.tar.gz.sig Patch against version 1.9.94: ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.94-1.2.0.diff.gz (246k) Mirrors are listed at http://www.gnupg.org/download/mirrors.html. MD5 sums are: 5c508072d8387ce17d1ab05075c2be40 libgcrypt-1.2.0.tar.gz a1657523beebf926ca7992cc6b9ea9b5 libgcrypt-1.1.94-1.2.0.diff.gz Except for one bug fix this release is basically equivalent to the last pre-release. Thanks to all who have worked on Libgcrypt (and thanks to those who have worked on other things as well). Happy hacking. -- Moritz Schulte g10 Code GmbH http://www.g10code.com -=- The GnuPG Experts -=- From nmav at gnutls.org Sat Apr 17 18:53:30 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sat Apr 17 17:53:40 2004 Subject: Any comments on the last release? In-Reply-To: <87oeq356d4.fsf@vigenere.g10code.de> References: <87wu4r62nq.fsf@vigenere.g10code.de> <200404072353.59207.nmav@gnutls.org> <87oeq356d4.fsf@vigenere.g10code.de> Message-ID: <200404171953.30902.nmav@gnutls.org> On Thursday 08 April 2004 09:30, Werner Koch wrote: > > I've tested it with gnutls and a multi-threaded web server and worked > > fine. I have noticed, however, a delay in the RSA parameters generation > > (at least for the 512 bits that are used by gnutls). Were there any > > changes on this part? > There is one change in the prime generator where the callback is > called at other places using the new modes: > #define GCRY_PRIME_CHECK_AT_GOT_PRIME 1 > #define GCRY_PRIME_CHECK_AT_MAYBE_PRIME 2 > if you probably check for mode (which used to be 0 in previous > versions), it should not make any difference. How can I do that? I currently generate the parameters using gcry_pk_genkey() with a sexp of "(genkey(rsa(nbits %d)))". > Werner -- Nikos Mavroyanopoulos From wk at gnupg.org Mon Apr 19 14:47:41 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Apr 19 14:31:17 2004 Subject: Any comments on the last release? In-Reply-To: <200404171953.30902.nmav@gnutls.org> (Nikos Mavroyanopoulos's message of "Sat, 17 Apr 2004 19:53:30 +0300") References: <87wu4r62nq.fsf@vigenere.g10code.de> <200404072353.59207.nmav@gnutls.org> <87oeq356d4.fsf@vigenere.g10code.de> <200404171953.30902.nmav@gnutls.org> Message-ID: <87brlodthu.fsf@vigenere.g10code.de> On Sat, 17 Apr 2004 19:53:30 +0300, Nikos Mavroyanopoulos said: >> #define GCRY_PRIME_CHECK_AT_GOT_PRIME 1 >> #define GCRY_PRIME_CHECK_AT_MAYBE_PRIME 2 >> if you probably check for mode (which used to be 0 in previous >> versions), it should not make any difference. > How can I do that? I currently generate the parameters using > gcry_pk_genkey() with a sexp of "(genkey(rsa(nbits %d)))". That is only used for the primegen interface and not for the higher level public key generation. IIRC, you requested this interface for DH use? Anywat, the old code should have looked like this: static int cb (void *arg, int mode, gcry_mpi_t candidate) { if (!mode) return 1; return true_if_this prime_is_of_my_taste (candidate) } ... err = gcry_prime_generate (&prime, prime_specs[i].prime_bits, prime_specs[i].factor_bits, cb, cb_arg, GCRY_STRONG_RANDOM, prime_specs[i].flags); and new code making use of the other mode might look like this: static int cb (void *arg, int mode, gcry_mpi_t candidate) { switch (mode) { case GCRY_PRIME_CHECK_AT_FINISH /* This has the value 0 */: return true_if_this prime_is_of_my_taste (candidate); case GCRY_PRIME_CHECK_AT_GOT_PRIME: return true_if_prime_should_be_used_for_composition (candidate); case GCRY_PRIME_CHECK_AT_MAYBE_PRIME: return true_if_prime_check_shall_continue_for (candidate); default: return 1; } } Applications might want to check at GCRY_PRIME_CHECK_AT_MAYBE_PRIME time whether the candidate has the required properties (e.g. high bits sets) and avoid the expensive Rabin-Miller tests. Not, sure whether this is really useful, though. However it is important to return 1 for unknown values of MODE so that we can add new mode values. Salam-Shalom, Werner From nmav at gnutls.org Mon Apr 19 16:42:02 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Mon Apr 19 15:36:03 2004 Subject: Any comments on the last release? In-Reply-To: <87brlodthu.fsf@vigenere.g10code.de> References: <87wu4r62nq.fsf@vigenere.g10code.de> <200404171953.30902.nmav@gnutls.org> <87brlodthu.fsf@vigenere.g10code.de> Message-ID: <200404191742.02500.nmav@gnutls.org> On Monday 19 April 2004 15:47, Werner Koch wrote: > >> #define GCRY_PRIME_CHECK_AT_GOT_PRIME 1 > >> #define GCRY_PRIME_CHECK_AT_MAYBE_PRIME 2 > >> if you probably check for mode (which used to be 0 in previous > >> versions), it should not make any difference. > > How can I do that? I currently generate the parameters using > > gcry_pk_genkey() with a sexp of "(genkey(rsa(nbits %d)))". > That is only used for the primegen interface and not for the higher > level public key generation. IIRC, you requested this interface for > DH use? Yes that's true, but I didn't really care about the DH primes generation, since it was already slow. The difference was in RSA keys generation which was slowed down considerably (at least for 512 bit keys). I just debugged it a bit, and it seems like a false alarm. The long delay was in the random gatherer (probably due to blocking in /dev/random). It seems that the VERY_STRONG flag, is quite demanding :) > Salam-Shalom, > Werner -- Nikos Mavroyanopoulos From wk at gnupg.org Mon Apr 19 16:30:02 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Apr 19 16:11:21 2004 Subject: Any comments on the last release? In-Reply-To: <200404191742.02500.nmav@gnutls.org> (Nikos Mavroyanopoulos's message of "Mon, 19 Apr 2004 17:42:02 +0300") References: <87wu4r62nq.fsf@vigenere.g10code.de> <200404171953.30902.nmav@gnutls.org> <87brlodthu.fsf@vigenere.g10code.de> <200404191742.02500.nmav@gnutls.org> Message-ID: <87wu4cavmd.fsf@vigenere.g10code.de> On Mon, 19 Apr 2004 17:42:02 +0300, Nikos Mavroyanopoulos said: > in the random gatherer (probably due to blocking in /dev/random). It seems > that the VERY_STRONG flag, is quite demanding :) Yep, it requires that the pool is updated with at least 50% of data from /dev/random - 300 bytes once per session. So a random seed file is only of smaller help. Werner