[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] Guix - GNUnet binary ditribution roadmap

From: Ludovic Courtès
Subject: Re: [GNUnet-developers] Guix - GNUnet binary ditribution roadmap
Date: Fri, 14 Mar 2014 14:27:26 +0100
User-agent: Gnus/5.130007 (Ma Gnus v0.7) Emacs/24.3 (gnu/linux)

Christian Grothoff <address@hidden> skribis:

> On 03/14/2014 12:08 AM, Ludovic Courtès wrote:
>> Christian Grothoff <address@hidden> skribis:
>>> Ludo, would you please consider moving to the GNU Name System?
>> Guix uses the SPKI-like infrastructure for purposes unrelated to the
>> project at hand (to sign/authenticate archives.)
> Yes, so what? My point is that once you move to ECDSA/Curve25519
> to sign/authenticate archives, you will have better crypto and
> open the door for a potentially tight integration with GNS.

Sure, but we also want this sort of basic functionality to be available
even when Guix is used without GNUnet support.  So we can’t just get rid
of it.

>> However, it probably makes sense to rely more on GNS in whatever will be
>> developed as part of this GSoC.
>>> GNS is based on SDSI/SPKI (delegation certificates!), and has many
>>> other advantages (not to mention uses Curve25519 instead of RSA).
>>> GNUnet's identity management is based on Curve25519 ECDSA signatures,
>>> and we are using libgcrypt for those.
>> Guix uses libgcrypt too, essentially manipulating canonical sexps.  So
>> it could be that integration would be fairly simple?
> GNUnet doesn't use sexps in the wire format as it it both verbose and
> not really the canonical way to represent Curve25519 points (for that,
> there is a nice, compact 32-byte binary encoding).  But of course the
> conversion is trivial and we do that in libgnunetutil in various
> places.
> So sexps is really not the issue, the use of RSA vs. Curve25519 is
> more what I am concerned about

Guix is not tied to any particular public key crypto algorithm.
Currently we typically use RSA key, as you note, but we could just as
well tell libgcrypt to use something else, no?

--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> ,use(guix pk-crypto)
scheme@(guile-user)> (generate-key (string->canonical-sexp "(genkey (ecc (curve 
Ed25519)(flags transient-key)))"))
$6 = #<canonical-sexp 18b3ae0 | 7f1c4bc35030>
scheme@(guile-user)> (canonical-sexp->string $6)
$7 = "(key-data \n (public-key \n  (ecc \n   (curve Ed25519)\n   (q 
#23D88D433C8350EE110814B9E0B352C42687898B2DDC1A8025016A64049E9118#)\n   )\n  
)\n (private-key \n  (ecc \n   (curve Ed25519)\n   (q 
#23D88D433C8350EE110814B9E0B352C42687898B2DDC1A8025016A64049E9118#)\n   (d 
#47DF363B3B9A07D98700F1EF4914034C66D6750CA55604EBCE1F37F062E73278#)\n   )\n  
)\n )\n"
--8<---------------cut here---------------end--------------->8---


reply via email to

[Prev in Thread] Current Thread [Next in Thread]