gnutls-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: openpgp + subkeys


From: Nikos Mavrogiannopoulos
Subject: Re: openpgp + subkeys
Date: Tue, 26 Feb 2008 22:24:23 +0200
User-agent: Thunderbird 2.0.0.6 (X11/20071022)

Simon Josefsson wrote:
Nikos Mavrogiannopoulos <address@hidden> writes:

I've been working a bit lately on the openpgp support of gnutls. The planned changes are:
1. To handle subkeys
2. To list/generate keyrings using certtool
3. To list openpgp certificates/keys using certtool

The first is partially completed. However I've come across a limitation of the current protocol for openpgp keys (rfc5081). It seems currently there is no way to indicate to the peer which subkey to use, thus always the primary key has to be used.

:-(

I've already issued a fixed rfc5081bis that is used in the released code (devel).

Is this a gnupg problem?  I assume the OpenPGP spec allows it.
I recall GnuPG asked me about authentication/encryption/etc keys when I
used a smart card with GnuPG.  So maybe it is possible.  Ask on the
gnupg list?

I seems I should...

On the development release I plan to implement a subkey negotiation -by sending a keyid at the initial hello messages to indicate the (sub)key that will be used during this handshake.
This is finished now, right?

indeed.

Is there any recommendations from the openpgp spec?  It seems the
question of which subkey to use would come up for every openpgp
implementation.

No unfortunately not.

regards,
Nikos




reply via email to

[Prev in Thread] Current Thread [Next in Thread]