How about "--with-packet-data" instead?

Michael Young mwy-gpg41 at the-youngs.org
Sat Feb 1 08:02:02 CET 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> From: Werner Koch <wk at gnupg.org>
> 
> On Mon, 20 Jan 2003 17:54:42 -0500, Michael Young said:
> 
> > The "--with-key-data" switch only dumps the MPIs, and that's
> > not nearly enough for my needs.
> 
> > A "--with-packet-data" switch might be even more useful for
> > scripting.  What do others think... would this be better?
> 
> That would expose details of the OpenPGP protocol; GnuPG is supposed
> to hide this.

This seems like a pretty thin distinction that isn't always followed now.

The "--with-key-data" switch exposes some internals, too.  I can't say
for sure, but I'd guess that this switch was offered to allow useful
analysis (e.g., statistics on public keyrings), or to convert keys for
use with another program.  The latter is exactly what I'd like to do
with a "--with-packet-data" switch; exposing the packets allows easy
reassembly into something that other OpenPGP applications can use.

Exporting a key already exposes the OpenPGP data.  The only
new detail that this switch would be exposing is the packet
boundaries.  The existence of packets is hardly a secret.

Further, GnuPG provides all sorts of protocol-oriented options:
choice of cipher, hash, compression, and even string-to-key
algorithms; showing session keys; control over interoperability
behavior.  GnuPG allows these aspects of the protocol to
show through because users want to see them.  Exposing
packet boundaries doesn't seem like much of a stretch, if any.

So, let me ask a more pointed question: if I were to implement
this switch, would you accept this option, or would you reject it?

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPjrhoOc3iHYL8FknEQLyZQCgoo2cQTRaP3pCcrplyEVsKX1QqrYAnifC
Ba3t8iQMoPjkjpEM6/jDO9+h
=S1K2
-----END PGP SIGNATURE-----






More information about the Gnupg-devel mailing list