[Cryptography Team] Re: OpenPGP
Robert Withers
reefedjib at yahoo.com
Sat May 5 22:17:45 UTC 2007
On May 5, 2007, at 1:26 PM, Hans-Martin Mosner wrote:
> Hi Rob,
>
> Robert Withers schrieb:
>> Hey Hans,
>>
>> I just read the OpenPGP spec and browsed your code. You are close to
>> processing packets! Are you still developing this package? Let's
>> revive it.
> Well I haven't been doing anything on it for quite some time. I think
> the code is mostly able to read public and private key files. I never
> decided on a good abstraction for reading and writing encrypted files,
> though, so that part would need some design work.
Ok, I see where you are reading in the public and private keys. I
would need to be able to generate them as well, since I don't have an
OpenPGP/GPG installation. then we could come up with a default
location fo these files in the squeak default directory. For SMIME,
I keep all of the certificates and private key in a CertificateStore
object, which is serialized to disk as 'certificates/cert.store'.
Perhaps we need a 'security/pgpkeys.private' and 'security/
pgpkeys.public'. I could move 'certificates' under 'security'.
>>
>> I recently finished implementing SMIME, although it has yet to be
>> integrated with Celeste. I think it's possible to have both SMIME
>> and
>> OpenPGP support in Celeste, when we get around to it.
>>
>> What do you think?
>>
> That would be a very good idea. My main motivation for OpenPGP was
> that
> it could be used in code signing (back when I tinkered with my
> distributed code repository stuff) but its use in a mail client is
> definitely a good goal.
Ah, yes I recall you were working on that. Lots of choices now with
Monticello, Universes, packages, none with code signing. Perhaps the
mail client would be a good entry point for broader use.
>
> Do you happen to have an idea for a good abstraction for
> encrypted/signed files and streams?
Not really. It seems to me that there is an input stream (chunk),
with ancillary input state (public/private/session keys), which would
decode to an output stream (chunk).
Decryption failure is an exception as is signature verification
failure. We could then use a chain of responsibility of decoders.
I.e. the first attempt to verify the signature may fail/throw an
exception, shifting to a second decoder which would extract the
message without verifying the signature. A higher level would be
responsible for reporting the outcome, based on which decoder was
successful. A decoder (encoder) could be composite, so we could
handle/generate encrypted, signed packets.
I suspect all of this is above the layer you are talking about, which
is the internals of processing a single packet. For that I think of
the ASN.1 framework I implemented with help from VW. There is a
ASN1Stream holding BER encoded bytes, and you use a Type class to
control how to read or write those bytes. So there is an
OpenPGPStream holding encoded bytes, and you use a Type (Packet) to
control how to read or write those bytes. This is what you have, is
it not?
What kinds of abstractions were you thinking over?
cheers,
Robert
More information about the Cryptography
mailing list