[gnutls-help] OpenPGP instead of X509: what kind of (sub)key?

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Sep 5 18:35:31 CEST 2016

On Mon, 2016-09-05 at 18:19 +0200, Garreau, Alexandre wrote:

> > It directly uses openpgp certificates and keys for signatures.
> So… if I run gnutls-server somewhere, and connect to it with
> gnutls-client… the fingerprints I will see are those of the opengpg
> masterkey? or of the signing subkey? or is it possible to use a
> subkey
> for this usage? what features/“usages” should have a openpgp cert
> used
> by GnuTLS? “sign”? “certificate”?  can I use the new GnuPG
> Curves25519?
> Or if I consider WoT doesn’t work enough [1], can I make so the key
> of
> each person I know is “allowed” to certificate only keys owned by
> this
> same very person (without having to “trust” everybody on everybody)?
> [1]
> https://lists.torproject.org/pipermail/tor-talk/2013-September/030235
> .html

If you are developing a new application, I'd simply suggest to ignore
this API and pretend it doesn't exist. It will go away.


More information about the Gnutls-help mailing list