Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. devel
Most efficient way to look whether a secret key is for X.509 or for OpenPGP
rainer.perske at uni-muenster
Jan 2, 2019, 5:04 PM
Post #1 of 2 (250 views)
Permalink
Hello,

I use gpgsm and gpg2 concurrently. I can quickly and easily see whether
there are private keys in gnupghome/private-keys-v1.d/. But I cannot
easily see whether these keys belong to X.509 key pairs or to OpenPGP
key pairs.

For my application, I need to know:

a) What is the fastest way to detect whether I have a private X.509
key? I need a simple boolean answer: yes or no.

The response time of ? gpgsm --list-secret-key ? is .4 seconds, that
is far too long.

b) What is the fastest way to detect whether I have a private OpenPGP
key? I need a simple boolean answer: yes or no.

The response time of ? gpg2 --list-secret-key ? is .4 seconds, that
is far too long.

c) What is the fastest way to detect whether a private key in
gnupghome/private-keys-v1.d/ belongs to an X.509 key and/or to an
OpenPGP key? I need a simple answer: X.509-only, OpenPGP-only or
both.

The response time of ? gpgsm --list-secret-key '&'${filename%.key} ?
and ? gpg2 --with-keygrip --list-secret-key | grep ${filename%.key}
? is 1 second, that is far too long

(My application needs these responses very quickly without any visible
delay. There is no time to wait for startup of gpg-agent, dirmngr or
any other daemon first. Perhaps there is already any indicator in the
.key file?)

Best regards
--
Rainer Perske
Abteilung Systembetrieb und Leiter der Zertifizierungsstelle (WWUCA)
Zentrum f?r Informationsverarbeitung (Universit?tsrechenzentrum)

Westf?lische Wilhelms-Universit?t
Zentrum f?r Informationsverarbeitung
Rainer Perske
R?ntgenstra?e 7-13
48149 M?nster

Tel.: +49 251 83-31582
Fax.: +49 251 83-31555
E-Mail: rainer.perske@uni-muenster.de
WWW: https://www.uni-muenster.de/ZIV/Mitarbeiter/RainerPerske.shtml
B?ro: Raum 006, R?ntgenstra?e 11
Lageplan: http://wwwuv2.uni-muenster.de/uniplan/?action=spot&gebnr=7474

Zertifizierungsstelle der Universit?t M?nster (WWUCA):
Tel.: +49 251 83-31590
Fax.: +49 251 83-31555
E-Mail: ca@uni-muenster.de
WWW: https://www.uni-muenster.de/WWUCA/

Zentrum f?r Informationsverarbeitung (ZIV):
Tel.: +49 251 83-31600 (Mo-Fr 7:30-17:30 Uhr)
Fax.: +49 251 83-31555
E-Mail: ziv@uni-muenster.de
WWW: https://www.uni-muenster.de/ZIV/

Attached Files:

Re: Most efficient way to look whether a secret key is for X.509 or for OpenPGP [ In reply to ]
aheinecke at gnupg
Jan 7, 2019, 1:57 AM
Post #2 of 2 (247 views)
Permalink
Hi

On Thursday 3 January 2019 02:04:38 CET Rainer Perske wrote:
> I use gpgsm and gpg2 concurrently. I can quickly and easily see whether
> there are private keys in gnupghome/private-keys-v1.d/. But I cannot
> easily see whether these keys belong to X.509 key pairs or to OpenPGP
> key pairs.
>
> For my application, I need to know:
>
> a) What is the fastest way to detect whether I have a private X.509
> key? I need a simple boolean answer: yes or no.
> ....

My idea to make it faster then letting the agent do it is to do a keylisting
with the keygrip:

gpg(sm) --with-colons -k --with-keygrip
(the grp line contains the keygrip)

And then check if the private-keys.v1.d contains such a key file.This would be
quicker of course if you only needed to check for the private key of a specific
pubkey for which you knew the keyrgrip in advance.

You should leave it to the agent though (maybe you could somehow prestart the
agent to make it faster)? So that it is more robust if the key format changes
in the future.

Regards,
Andre

--
GnuPG e.V., Rochusstr. 44, D-40479 D?sseldorf. VR 11482 D?sseldorf
Vorstand: W.Koch, M.Gollowitzer, A.Heinecke. Mail: board@gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779. Tel: +49-2104-4938799

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal