[gnutls-dev] Another openpgp question...
Charles 'Buck' Krasic
krasic at cs.ubc.ca
Tue Nov 25 17:43:11 CET 2003
Hi Nikos,
Thanks for your replies. They have been very helpful.
I've been able to get GnuTLS basically working in my video streaming
system. At first, I got it working with AES128 + SHA1. I noticed
that the CPU load was quite high (not a big suprise) so I started to try
and measure some other combinations. This is where I ran into a lot of
trouble. I'm not an expert in OpenPGP or gnupg, so it's not obvious to
me what kinds of keys are required for the different ciphers supported
in GnuTLS. I made some progress by enabling GnuTLS's logging, but I
still don't understand what is required to get certain ciphers to work.
For example, I can get the ARCFOUR_SHA cipher, but not ARCFOUR_MD5 (128
or 40).
I am basically content for now that I have some encryption working, but
it would be nice to have some clarification on issues above.
Are there many other users of GnuTLS's OpenPGP support?
-- Buck
On Tue, 2003-11-25 at 13:31, Nikos Mavroyanopoulos wrote:
> On Tue, Nov 25, 2003 at 12:57:48PM -0800, Charles 'Buck' Krasic wrote:
>
> > Hi,
> > I another question regarding OpenPGP and TLS. I would like the server
> > side of the TLS session to be able to query what key the client used
> > after the handshake has completed.
> > As far as I can tell, the closest thing to this right now is the
> > gnutls_openpgp_set_recv_key_function(), but this is only used if the
> > client sends a fingerprint instead of their public key. But, for the
> > case where the client just sends their key, the API doesn't provide any
> > way to find out what key the client used.
> > Would it be hard to add such a query to the API? I.e. something like:
> > gnutls_openpgp_get_peer_key()
> Hello Charles,
> You could use gnutls_certificate_get_peers(). The openpgp key authentication
> is part of the certificate authentication, so all the gnutls_certificate_*
> functions apply.
>
> > -- Buck
More information about the Gnutls-dev
mailing list