[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] External signing API
From: |
Simon Josefsson |
Subject: |
Re: [gnutls-dev] External signing API |
Date: |
Mon, 13 Aug 2007 13:04:33 +0200 |
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) |
"Alon Bar-Lev" <address@hidden> writes:
> On 8/12/07, Simon Josefsson <address@hidden> wrote:
>> > 3. What do you expect the cert_type to be used? Can't it queried out the
>> > cert?
>>
>> No, the cert may be a PGP key, and this needs to be indicated somehow.
>> I haven't tested that PGP signing works through this interface yet, but
>> I think it makes sense to have cert_type there in case we support
>> external signing for PGP keys in the future.
>
> I don't understand why the type is not part of the certificate object...
> type = gnutls_get_cert_type (cert);
>
> This should be much cleaner than passing two variable to each method.
The cert in the sign callback is 'gnutls_datum_t', i.e., a raw binary
blob with the X.509 certificate or OpenPGP key. Binary data doesn't
know its own type, so it needs an out-of-band signal to denote the kind
of data it is.
There is no function gnutls_get_cert_type(binary_blob) that guesses
whether some binary blob is X.509 or OpenPGP, is adding such a function
what you are proposing? It seems rather fragile to me.
Btw, I reviewed the call-path for PGP authentication, and it seems this
callback function should function right now, if someone can write a
OpenPGP callback signer. I added gnutls_openpgp_privkey_sign_hash that
should be useful in the callback function. I'm not sure how useful this
will be though.
/Simon
- [gnutls-dev] External signing API, Simon Josefsson, 2007/08/10
- Re: [gnutls-dev] External signing API, Alon Bar-Lev, 2007/08/10
- Re: [gnutls-dev] External signing API, Simon Josefsson, 2007/08/10
- Re: [gnutls-dev] External signing API, Alon Bar-Lev, 2007/08/10
- Re: [gnutls-dev] External signing API, Simon Josefsson, 2007/08/11
- Re: [gnutls-dev] External signing API, Alon Bar-Lev, 2007/08/12
- Re: [gnutls-dev] External signing API, Simon Josefsson, 2007/08/12
- Re: [gnutls-dev] External signing API, Alon Bar-Lev, 2007/08/12
- Re: [gnutls-dev] External signing API,
Simon Josefsson <=
- Re: [gnutls-dev] External signing API, Simon Josefsson, 2007/08/13
- Re: [gnutls-dev] External signing API, Alon Bar-Lev, 2007/08/13
- Re: [gnutls-dev] External signing API, Alon Bar-Lev, 2007/08/13
- Re: [gnutls-dev] External signing API, Simon Josefsson, 2007/08/14
Re: [gnutls-dev] External signing API, Simon Josefsson, 2007/08/10