Re: Key Storage Abstraction?
Hello! On Sun, 15 Oct 2017 22:35, gnupg-users@gnupg.org said: > I've been looking for a way to provide GNUPGP with a custom I assume you mean GnuPG. > implementation of a key ring, as I gather there is such a thing as > WKS, but I cannot find any documentation on how I can implement this The Web Key Directory is a way to discovery a key belonging to a mail address. It is not a local ley storage or interface format. > 1.) Sign Messages with a private key (of my choosing) $ gpg --batch -u YOURKEYID > 2.) Encrypt messages with a public key (of my choosing) > - ideally to multiple recipients. $ gpg --batch -e -f KEYFILE1 -f KEYFILE2 Note that the option -f is not yet supported by GPGME. > 3.) Verify a message was signed by whoever owns a public key I have. > - I don't care about GPG's "Trust levels" and would like to disregard them. $ gpgv --keyring TRUSTEDKEYS FILETOVERIFY > 4.) Decrypt messages using a private key that I specify. For what do you need this? The OpenPGP format specifies the key required for decryption. Hidden recipients? > Unrelated: This is in python, I see some GPG libraries, they all seem > overly complicated, I'd like to actually access GPG *as* a library, Use gpgme which has a maintained Python binding. GnuPG is made up of several components which uses the process barrier to separate tasks. In case you really have overhead problems invoking gpg it is possible to modify gpg and gpgme to run gpg as a co-process (we already use gpgsm this way). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpYPWrQRZF3g.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Key Storage Abstraction?
On 10/15/2017 08:35 PM, Jamie H. via Gnupg-users wrote:
> ...I'd like to actually access GPG*as* a library, but all the tools
I see seem to invoke GPG as a program and then operate on its standard
output...
What you need is GPG as a pure crypto-engine; completely divorced from
all key management and user interface functionality, so that both of
these tasks can be performed by applications that are tailored to meet
specific user population operational requirements.
This ("GPG crypto-engine" ?) would be a software package of significant
general utility.
In addition to the requirements you outlined, I would add one more: it
should abandon all attempts to protect the secrets (private key or
plaintext) from other users and processes running on the computer on
which it is running, and it should sacrifice the execution efficiency
whenever it significantly impacts the code. This would reduce the
complexity of the code, so that it could be more easily audited and made
platform independent. Ideally, it would be a BSD or similarly licensed,
so that it could be included in source form into applications such as yours.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Key Storage Abstraction?
Hello, I've been looking for a way to provide GNUPGP with a custom implementation of a key ring, as I gather there is such a thing as WKS, but I cannot find any documentation on how I can implement this myself. What I need from GPG is a tool that does this: 1.) Sign Messages with a private key (of my choosing) 2.) Encrypt messages with a public key (of my choosing) - ideally to multiple recipients. 3.) Verify a message was signed by whoever owns a public key I have. - I don't care about GPG's "Trust levels" and would like to disregard them. 4.) Decrypt messages using a private key that I specify. If things go the way I'd like, there may be several of these operations taking place in parallel. There may be thousands, or even millions of keys in my own database, I don't want to (and indeed, I would have to scrap the open source project) import anything into GPG's keyring. I don't particularly want to implement WKS, and if I did it would be read-only, I don't ever want PGP to "upload" anything or change the system in any way. The idea is, this application manages the keys (it needs to for other reasons not really related to GPG) So, I'm looking for a way to just feed GPG the keys it needs when it needs them. It'd be nice if I could just give it a shell script that takes an argument (whatever key it's looking for) and GPG reads the key on its standard input, but that doesn't seem possible. Any ideas? and any pointers on where I might look if I had to implement a subset of WKS? Unrelated: This is in python, I see some GPG libraries, they all seem overly complicated, I'd like to actually access GPG *as* a library, but all the tools I see seem to invoke GPG as a program and then operate on its standard output. Is there a recommended python library that, perhaps, uses GPG in a way that's more efficient? Maybe as a server mode or something? (I'd like it if there were capable of processing, mostly "verify", dozens of messages pr. second, ideally) Thanks! Jamie ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
