gpgme 0.3.0 released
Werner Koch
wk at gnupg.org
Sat Oct 11 22:58:11 CEST 2003
On Sat, 11 Oct 2003 02:55:02 +0200, Simon Josefsson said:
> I am evaluating implementing Kerberos PKINIT which need some X.509 and
> CMS code. I have noticed GNUTLS contain a X.509 library. Is libksba
> a good choice? Still developed? What are the differences between
yes. yes - gnupg 1.9 requires it and I intend to put other X.509
stuff into it as required.
> libksba and gnutls for X.509? Do GpgSM use libksba? Any other free
libksba privides all the X.509 and CMS stuff required for S/MIME, so
it is more complete than what is used in gnutls. Certificate creation
is missing but pkcs#10 request can be created.
> X.509/CMS implementations to consider? Considering the recipient
The Mozilla crypto code as everything but when I evaluated these
things I came to the conclusion that taht this code is too complex, a
bit hard to extend (we had some specific and strict requirements) not
easily to maintain. Thus I wrote libksba.
There is also OpenSSL with its GPL incompatibility and probably a lot
of Java code.
> (If it matters, my implementation is GPL, and already links with
> GNUTLS for other reasons.)
If you just need basic X.509 parsing, the code in gnutls should do. I
don't know whether the interface is exported, though.
Werner
--
Werner Koch <wk at gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org
More information about the Gpa-dev
mailing list