[Help-gnutls] Re: Getting keys for my own crtypto functions (opencdk)

Simon Josefsson simon at josefsson.org
Mon Jan 8 16:45:00 CET 2007

Mario Lenz <mario.lenz at gmx.net> writes:

> Hi!
> I'd like to use opencdk to get keys from a key ring and then use them in
> my own cryptographic functions. There are two functions in pubkey.c
> which do exactly what I need: seckey_to_sexp() and pubkey_to_sexp().
> Unfortunately, they are static :-(
> You wouldn't make them part of the API, would you?

Hi!  Those functions use a gcry_sexp_t type... having types that are
specific to libgcrypt in the public API for OpenCDK strikes me as a
bad idea.

However, we could add a new API function that use those two functions
internally, but use a char* representation of the sexp as the external
interface?  For example:

cdk_pubkey_to_sexp (cdk_pkt_pubkey_t pk, char **sexp, size_t *len)

cdk_seckey_to_sexp (cdk_pkt_seckey_t sk, char **sexp, size_t *len)

The functions would call seckey_to_sexp and pubkey_to_sexp internally,
and then use gcry_sexp_sprint() to print the sexp into a newly
allocated string?  You'd have to use gcry_sexp_new() to re-import the
char* though, if you use libgcrypt, but I think that is a small price
to pay to keep the OpenCDK API independent of libgcrypt.

This approach seems acceptable, and if you implement it (or some
variant of this), I'd be happy to make that part of the official API.


PS.  Maybe you are aware of it, but did you look at GPGME?  It has
more PGP stuff, and written in a more GnuPG compatible way.  I know it
has some limitations though.  I'd wish that GnuTLS could use it
instead of OpenCDK, but right now it doesn't...

More information about the Gnutls-help mailing list