GPGME and multiple subkeys
david.anderson at calixo.net
Thu Oct 30 22:16:38 CET 2003
Werner Koch wrote:
> The question is on how to detect what the Gobelins key is. The simple
> method would be to have the user enter the keyID are more advanced one
> to use notation data to detected the desired subkey.
Good point, we hadn't actually thought that far. I myself am in charge
of developping the networking layer for the project, which should manage
authentication and encryption 99% transparently (user interaction will
still be required for things like a passphrase to unlock secret keys).
Unfortunately, I am not as versed in PGP/GPG as I'd like to be, and I
had no ideas for subkey selection other than ID specification. What is
notation data? How could I use this to find the right subkey?
> You are right, GPGME does not yet support enforcing the use of a
> specific subkey. Thanks for noting this. We should definitely do
> something about it. When doing that we should also allow for more
> flexibility, so that for example a subkey may be selected using
> notation data or other attributes. We need to think about the API.
I have not looked in detail at the source code of GPGME, but I would be
willing to lend a hand in implementing this functionnality.
Concerning the API, the main selection function would of course be by
subkey ID. However, something which would be useful is a 'flags'
parameter, in which you could logical-OR the attributes the subkey
should have. For instance, if I wanted to search for a decryption
subkey, I would combine the SUBKEY_ENCRYPTION and SUBKEY_SECRET
parameters, in order to refine the search.
The basic API would then look something like:
gpgme_subkey_t gpgme_subkey_select(struct gpgme_key_t key,
gpgme_subkey_t last_subkey, const char *keyid, const unsigned char flags);
with last_subkey being NULL if you want to search all subkeys, or set to
the last subkey returned to return the next subkey.
Then all crypto functions would have to be adapted to take an extra
subkey argument (if NULL, a function to select the appropriate subkey
for the task is run).
What do you think?
> pipe and fork/exec is obviously a choice, however a way to sel;ect a
> specific subkey is something we require in GPGME anyway.
The problem with interfacing gpg directly is that I have to call an
external program, which I normally don't like doing.
But as I said, if I can help get the function I need into GPGME, I'd be
quite happy to lend a hand.
More information about the Gnupg-devel