using gpg keys with tls
Joel N. Weber II
devnull at gnu.org
Thu Apr 3 07:08:01 CEST 2003
-----BEGIN PGP SIGNED MESSAGE-----
It appears to be the case that the correct way to implement support
for OpenPGP keys in a TLS implmentation is as follows, ignoring for
the moment the possibility of client certificates:
1) The server does gpg --export on the key it wants to use, and sends
that data as the certificate in the TLS protocol.
2) The client and server do some extra handshaking to acknowlege the
possibility of using OpenPGP keys.
3) The server does some magic to get the actual bits of the RSA or DSA
private key, and feeds them into the TLS implementation, which then
does the same thing it would have done if it had gotten the private
key that corresponds to an X.509 certificate.
What's not obvious to me is the correct way to get the bits from the
GPG for step 3. Can someone tell me?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (NetBSD)
-----END PGP SIGNATURE-----
More information about the Gnupg-devel