|
From: | Ted Zlatanov |
Subject: | Re: security of the emacs package system, elpa, melpa and marmalade |
Date: | Mon, 30 Sep 2013 09:25:39 -0400 |
User-agent: | Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) |
On Sun, 29 Sep 2013 14:18:36 -0400 Ted Zlatanov <address@hidden> wrote: TZ> Let's just say I'll implement the OpenPGP protocol emulation as in TZ> http://tools.ietf.org/html/rfc4880 when I get to it, and anyone else TZ> that thinks it's worthwhile can work with me or do it themselves. Hmm, looks like libnettle (brought in with GnuTLS) already provides most of the infrastructure needed. The question for me is, should I bother with a full OpenPGP signature emulation, or is it sufficient to implement RSA/DSA/EC-based signatures for Emacs internal use only? The latter is going to be much less work; it's basically exposing the functions in http://www.lysator.liu.se/~nisse/nettle/nettle.html#RSA http://www.lysator.liu.se/~nisse/nettle/nettle.html#DSA http://www.lysator.liu.se/~nisse/nettle/nettle.html#Elliptic-curves to Emacs. Ted
[Prev in Thread] | Current Thread | [Next in Thread] |