[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] while i'm on the subject, other things that ought t

From: Richard Levitte
Subject: Re: [Monotone-devel] while i'm on the subject, other things that ought to be done to key handling...
Date: Mon, 04 Feb 2008 18:12:56 +0100 (CET)

In message <address@hidden> on Mon, 4 Feb 2008 11:29:33 -0500, "Zack Weinberg" 
<address@hidden> said:

zackw> The on-disk keystore format is currently a single file per
zackw> keypair containing a packet representation of both the public
zackw> and private keys.  It should be changed to two files per
zackw> keypair, one with the public and one with the private key, each
zackw> in PEM format - natively understood by Botan, and also
zackw> understood by external tools.  Alternatively, the public key
zackw> could be formatted the way ssh files are
zackw> formatted, which would eliminate the need for the
zackw> ssh_agent_export subcommand.  Obviously we should sanity-check
zackw> the public against the private key at load time.

I assume that you know that the private key file, be it a SSH key or a
PEM formatted key, normally contains both the private and public part.
A separate file for the public key is normally seen as a convenience
for the user and not much more.  The software usually don't give the
public key files a rat's ass...

zackw> And let's switch from 3DES to AES for private key encryption
zackw> while we're making changes.

We should start with having a algorithm indicator in the file.


Richard Levitte                         address@hidden

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis

reply via email to

[Prev in Thread] Current Thread [Next in Thread]