[Help-gnutls] Re: Failure to import an OpenPGP private key

Ludovic Courtès ludovic.courtes at laas.fr
Fri Jan 5 13:57:23 CET 2007


Simon Josefsson <simon at josefsson.org> writes:

> However, your patch changes the external API/ABI, which is something
> we _really_ don't want to do unless we can avoid it.

Only `_gnutls' functions are changed so does that really count as an
API/ABI change (given that the `_gnutls' functions are not part of the
documented API and are not meant to be used by application programs)?

However, changing `_E_gnutls_openpgp_raw_privkey_to_gkey' may be an
issue (ABI change in `libgnutls-extra').

Also, my understanding was that the API/ABI policy may be less strict
for 1.7 than for 1.6?

> It seems a better patch would be to have
> _gnutls_openpgp_raw_privkey_to_gkey be able to figure out the format
> of the input automatically -- that seems possible to implement.  Just
> go over the input and look for non-ASCII characters (or just some
> specific non-ASCII character like \0, which I assume is guaranteed to
> always be present in OpenPGP binary keys, to avoid problems with
> non-ASCII characters in a Comment: field or similar), and set the
> armor flag accordingly.  What do you think?  If you agree, I'd
> appreciate if you could suggest a specific patch to implement this.

That seems like a fragile solution, especially since the information
(the input format) is already explicitly passed in
`gnutls_openpgp_privkey_import ()'.  That said, perhaps we could
implement this solution for 1.6 and keep the other one (or something
similar) for 1.7.  Would that be acceptable?

> Btw, to be able to use your patch, we'd might need a copyright
> assignment, if the patch is large..  would that be a problem?  I can
> send you the forms offline.

No problem, you can send it to me.


More information about the Gnutls-help mailing list