Qt security (Re: GPG Assuan protocol usage)
On Thursday 09 January 2014 at 14:02:05, Werner Koch wrote: . Since posting I've come across the Qt Cryptographic Architecture (qca) which looks to be a better approach for me as I'm already developing in Qt. You may want to view Ilja van Sprundel's lecture X security http://events.ccc.de/congress/2013/Fahrplan/events/5499.html Yes, the talk is interesting, there is only a little bit about Qt and the some responses from the Qt community are summarized here: https://daniel.molkentin.net/2014/01/04/on-practical-qt-security/ If somebody knows more about how qca fares as a crypto librariy or versus gnugp, I'd be interested in reviews (by pm, if you don't like to send it over the list.) -- www.intevation.de/~bernhard (CEO)www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPG Assuan protocol usage
Hi gpg-ers, I'm interested in utilizing GnuPG in software that I'm writing and it seems that communicating with the gpg-agent over a unix socket using the Assuan protocol is best suited for my use case but am open to other options if there are better approaches. My problem lies in getting the assuan protocol in practice to match up with the documentation herehttp://www.gnupg.org/documentation/manuals/gnupg-devel/Agent-Protocol.html#Agent-Protocol . When attempting to use the GENKEY command as described herehttp://www.gnupg.org/documentation/manuals/gnupg-devel/Agent-GENKEY.html#Agent-GENKEY as new user I always get an invalid data error when using the example client requests: socat /tmp/gpg-x/S.gpg-agent - OK Pleased to meet you, process 280 GENKEY INQUIRE KEYPARAM D (genkey (rsa (nbits 4096))) END ERR 67108943 Invalid data GPG Agent GENKEY INQUIRE KEYPARAM D (genkey (rsa (nbits 2048))) END ERR 67108943 Invalid data GPG Agent GENKEY INQUIRE KEYPARAM D (genkey (rsa (nbits 1024))) END ERR 67108943 Invalid data GPG Agent Starting gpg-agent with --debug 10 I get the following debug output: [user@host]:~$ gpg-agent --daemon --no-detach --debug 10 gpg-agent[]: directory `/home/user/.gnupg' created gpg-agent[]: directory `/home/user/.gnupg/private-keys-v1.d' created gpg-agent[]: failed to convert keyparam: Invalid length specifier in S-expression gpg-agent[]: command genkey failed: Invalid data gpg-agent[]: failed to convert keyparam: Invalid length specifier in S-expression gpg-agent[]: command genkey failed: Invalid data gpg-agent[]: failed to convert keyparam: Invalid length specifier in S-expression gpg-agent[]: command genkey failed: Invalid data This seems to suggest that there exist more parameters to the GENKEY command than are documented. What am I missing here? Taking a step back is this a good solution for 3rd party software to use GPG or are there libraries I should be using instead to accomplish the communication? Diving into the code to see if I can't figure it out but maybe you can help. Thanks, -Alan Meekins ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG Assuan protocol usage
On Wed, 8 Jan 2014 00:30, alan.meek...@gmail.com said: D (genkey (rsa (nbits 4096))) Use D (genkey (rsa (nbits 4:4096))) to match the S-expression syntax. A leading digit denotes a length and thus you can't enter a number without its length. Yes, this is a common pitfall. Instead of socat, I suggest the use of gpg-connect-agent (which even feature a simple script language). If gpg-agent is installed on a system gpg-connect-agent is also available. As an alternative you may also use the Assuan interface of GPGME (see gpa/src/cardman.c for examples). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG Assuan protocol usage
Ah thanks, that was the problem. Would be helpful if this pagehttp://www.gnupg.org/documentation/manuals/gnupg-devel/Agent-GENKEY.html#Agent-GENKEYwere updated to reflect the correct syntax for future users. Was just using socat for testing purposes. My system requires the lowest latency and fewest memcpy's possible so if I continue with the socket interface I will use it directly. Since posting I've come across the Qt Cryptographic Architecture (qca) which looks to be a better approach for me as I'm already developing in Qt. Thanks again, -Alan On Wed, Jan 8, 2014 at 4:09 AM, Werner Koch w...@gnupg.org wrote: On Wed, 8 Jan 2014 00:30, alan.meek...@gmail.com said: D (genkey (rsa (nbits 4096))) Use D (genkey (rsa (nbits 4:4096))) to match the S-expression syntax. A leading digit denotes a length and thus you can't enter a number without its length. Yes, this is a common pitfall. Instead of socat, I suggest the use of gpg-connect-agent (which even feature a simple script language). If gpg-agent is installed on a system gpg-connect-agent is also available. As an alternative you may also use the Assuan interface of GPGME (see gpa/src/cardman.c for examples). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
