[Help-gnutls] PGP api

Angus angus at uducat.com
Mon Nov 26 15:41:53 CET 2007


On Friday 23 November 2007 18:40, Brad Hards wrote:
> Sorry, I'm still not sure what you are trying to accomplish.
>
> On Saturday 24 November 2007 01:21:33 am Angus wrote:
> > On Thursday 22 November 2007 18:27, Brad Hards wrote:
> > > On Friday 23 November 2007 08:17:05 am Angus wrote:
> > > > I need a C (or C++) API to PGP encrypt stuff. Unfortunately, I have
> > > > no experience with public key encryption, and I'm having a hard time
> > > > figuring out what available APIs even do this.
> > >
> > > I'm not sure what you are asking. Are you trying to do PGP with TLS?
> >
> > 	From what I can tell, OpenCDK falls under TLS, so yes.
>
> Lets not worry about the implementation stuff just yet.
>
> When you said "PGP encrypt stuff", can you explain exactly what you are
> trying to do? In particular, are you trying to use PGP to authenticate a
> TLS connection (as described in RFC5081 -
> http://www.rfc-editor.org/rfc/rfc5081.txt) or are you trying to encrypt a
> file (as described in RFC4880, Section 3.1)?

	I'm not trying to authenticate, but section 3.1 doesn't specify or generalize 
what I'm trying to do either. I'm sorry, I don't have much experience with 
public key encryption. I just had the idea that the contents of e-mails could 
be encrypted with PGP, and the more popular mail clients had the facilities 
to decrypt such e-mails.

> > > If you are just trying to encrypt a file, why not just use GPGME:
> > > http://www.gnupg.org/related_software/gpgme/
> > > It is a library that talks to the gnupg binary over a special machine
> > > interface.
> >
> > 	I'm looking at GPGME, and it looks a little too DIY. From what I can
> > tell, all it does is open a socket to an algorithmic backend, and pipes
> > data to and from it--no place to insert things like public and private
> > keys and whatever else PGP needs.
>
> GPGME is designed to support mail user agents handled PGP encryped/signed
> messages. Use of it for something wildly different is going to be messy.

	That does like what I'm trying to do. I have my own mail-sending daemon, you 
see. It can do things like attach files, include special X- headers, and now 
I want to encrypt the contents of these e-mails.

> I can't help you with a better suggestion unless you can explain what you
> are trying to do. Are you trying to generate the keys yourself, or do you
> already have them? How are you planning on transferring the private key?

	I don't understand. From what I thought I knew about PGP, the private key 
shouldn't enter into the encryption of anything. I imagined the encryption 
algorithm would just take the content to encrypt, the public key, and let the 
recipient worry about the private key.

> Are you trying to back-up, or transfer a file? More detail please.

	I'm not trying to back anything up, but a file could be attached, but it 
might not be. I would have to be ready for either case.





More information about the Gnutls-help mailing list