Key Storage Abstraction?

Werner Koch wk at gnupg.org
Mon Oct 16 09:18:10 CEST 2017


Hello!

On Sun, 15 Oct 2017 22:35, gnupg-users at gnupg.org said:

> I've been looking for a way to provide GNUPGP with a custom

I assume you mean GnuPG.

> implementation of a key ring, as I gather there is such a thing as
> WKS, but I cannot find any documentation on how I can implement this

The Web Key Directory is a way to discovery a key belonging to a mail
address.  It is not a local ley storage or interface format.

> 1.) Sign Messages with a private key (of my choosing)

  $ gpg --batch -u YOURKEYID ....

> 2.) Encrypt messages with a public key (of my choosing)
>   - ideally to multiple recipients.

  $ gpg --batch -e -f KEYFILE1 -f KEYFILE2 ....

Note that the option -f is not yet supported by GPGME.

> 3.) Verify a message was signed by whoever owns a public key I have.
>   - I don't care about GPG's "Trust levels" and would like to disregard them.

  $ gpgv --keyring TRUSTEDKEYS  FILETOVERIFY

> 4.) Decrypt messages using a private key that I specify.

For what do you need this?  The OpenPGP format specifies the key
required for decryption.  Hidden recipients?

> Unrelated: This is in python, I see some GPG libraries, they all seem
> overly complicated, I'd like to actually access GPG *as* a library,

Use gpgme which has a maintained Python binding.

GnuPG is made up of several components which uses the process barrier to
separate tasks.  In case you really have overhead problems invoking gpg
it is possible to modify gpg and gpgme to run gpg as a co-process (we
already use gpgsm this way).


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 357 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20171016/64937582/attachment.sig>


More information about the Gnupg-users mailing list