[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] while i'm on the subject, other things that ought t
From: |
Richard Levitte |
Subject: |
Re: [Monotone-devel] while i'm on the subject, other things that ought to be done to key handling... |
Date: |
Mon, 04 Feb 2008 18:12:56 +0100 (CET) |
In message <address@hidden> on Mon, 4 Feb 2008 11:29:33 -0500, "Zack Weinberg"
<address@hidden> said:
zackw> The on-disk keystore format is currently a single file per
zackw> keypair containing a packet representation of both the public
zackw> and private keys. It should be changed to two files per
zackw> keypair, one with the public and one with the private key, each
zackw> in PEM format - natively understood by Botan, and also
zackw> understood by external tools. Alternatively, the public key
zackw> could be formatted the way ssh identity.pub files are
zackw> formatted, which would eliminate the need for the
zackw> ssh_agent_export subcommand. Obviously we should sanity-check
zackw> the public against the private key at load time.
I assume that you know that the private key file, be it a SSH key or a
PEM formatted key, normally contains both the private and public part.
A separate file for the public key is normally seen as a convenience
for the user and not much more. The software usually don't give the
public key files a rat's ass...
zackw> And let's switch from 3DES to AES for private key encryption
zackw> while we're making changes.
We should start with having a algorithm indicator in the file.
Cheers,
Richard
--
Richard Levitte address@hidden
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis