Mailing List Archive

libgcrypt, pk api, sample code
Howdy.. I see that this list has not been used for a while now, but I'm
hoping that someone is still reading it ;-) We're developing some software
that needs to do public-key encryption, and since our software will be
GPL'd, using GnuPG seems the right way to go.. but I've got a few
questions.

I'm using the latest CVS snapshot of the gnupg codebase and I'm
trying to use the gcrypt library to do public key encyrption from
a server. (Server has its own keypair and clients can send encrypted
data to it or receieve data encrypted with the clients' own key.)
The first problem that I'm running into is that binaries that are
linked to the shared libgcrypt fail in random ways, but not all the time.
(i.e. gcry_pk_encrypt succeeds, but gcry_pk_decrypt fails.) A
statically-linked version works. I've sort of traced this down to a
problem in building libgcrypt -- the .so is only 400k big, while the .a is
about 1.3MB -- something is clearly wrong. For one, the .sym file that
contained the publicly-exported functions was very limited; it didn't suck
in the gcry_* functions from the mpi and cipher directories. But even
fixing that didn't fix the bug. Any thoughts?

Also, is there any sample code for -anything-? (Esp. the pk encryption.)
I've gotten as far as generating a keypair and encrypting and decrypting
simple data. The problems I run into is that I'm using gcry_mpi_scan to
convert arbitrary data into an MPI; at what block sizes should I do this
for large data? Also, by doing this for simple data using ElGemal, the
encrypted data comes out to be about 20x as big as the cleartext, which
seems to be wrong (I thought ElGemal ended up as 2x..) Some sample code to
encrypt a file to a simple format and decrypt it would be much
appreciated. (The gpg code itself helps, but since it uses iobufs and
slings a lot of structs containing state around, it's rather difficult to
glean the important bits -- plus that it doesn't fully use the gcrypt API
itself ;-)

Also, is any development on libgcrypt being done still? If not, is there
any interest at all in continuing it? What are the legalities of someone
in the US contributing to libgcrypt? (I'll be out of the country for most
of July & August, so that wouldn't be as much of an issue then.) Is there
a list of things that needs doing?

Thanks,
- Vladimir
- vladimir@helixcode.com
Re: libgcrypt, pk api, sample code [ In reply to ]
Hi,

On Mon, 12 Jun 2000, Vladimir Vukicevic wrote:

> I'm using the latest CVS snapshot of the gnupg codebase and I'm
> trying to use the gcrypt library to do public key encyrption from

I have not done much work on libgcrypt in the last months, due to time
constraints and the fact that enhacing gpg 1.0 is more importtant. I
will we large task to megre both versions again :-(

> (i.e. gcry_pk_encrypt succeeds, but gcry_pk_decrypt fails.) A
> statically-linked version works. I've sort of traced this down to a
> problem in building libgcrypt -- the .so is only 400k big, while the .a is
> about 1.3MB -- something is clearly wrong. For one, the .sym file that
> contained the publicly-exported functions was very limited; it didn't suck

The gcry_pk_* functions are not very well tested; they are currently
only used for gpg. Needs more work.

> Also, is there any sample code for -anything-? (Esp. the pk encryption.)

Not for pk except gpg. Other stuff is in GSTI which I have only local
under PRCS control - I see whether I can build a version for you.

> for large data? Also, by doing this for simple data using ElGemal, the
> encrypted data comes out to be about 20x as big as the cleartext, which
> seems to be wrong (I thought ElGemal ended up as 2x..) Some sample code to

There is a minimum size for an ElGamal message.

> appreciated. (The gpg code itself helps, but since it uses iobufs and
> slings a lot of structs containing state around, it's rather difficult to
> glean the important bits -- plus that it doesn't fully use the gcrypt API

I see what I can do.

> Also, is any development on libgcrypt being done still? If not, is there
> any interest at all in continuing it? What are the legalities of someone

Yes, but slowly ;-)

> in the US contributing to libgcrypt? (I'll be out of the country for most
> of July & August, so that wouldn't be as much of an issue then.) Is there
> a list of things that needs doing?

If you are an U.S. citizen, it doesn't matter where you stay, export
rules will always travel with you. The good news is, that there is no
problem with free software wanymore. Eben Moglen (FSF lawyer)
checked, that it is okay to do GNU crypto stuff in the U.S.

Werner

--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@OpenIT.de
D-40233 Duesseldorf http://www.OpenIT.de
Re: libgcrypt, pk api, sample code [ In reply to ]
Werner Koch <wk@gnupg.org> writes:

> > appreciated. (The gpg code itself helps, but since it uses iobufs and
> > slings a lot of structs containing state around, it's rather difficult to
> > glean the important bits -- plus that it doesn't fully use the gcrypt API
>
> I see what I can do.

Is it possible with libgcrypt to read an OpenPGP message (my main
interest is key material)? Or do I have to code my own OpenPGP
parser? (I can't use GnuPG directly because my application is quite
special and doesn't fit to the common GnuPG usage patterns.)

> > in the US contributing to libgcrypt? (I'll be out of the country for most
> > of July & August, so that wouldn't be as much of an issue then.) Is there
> > a list of things that needs doing?
>
> If you are an U.S. citizen, it doesn't matter where you stay, export
> rules will always travel with you. The good news is, that there is no
> problem with free software wanymore. Eben Moglen (FSF lawyer)
> checked, that it is okay to do GNU crypto stuff in the U.S.

Wow, that's great news.

--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5
Re: libgcrypt, pk api, sample code [ In reply to ]
On Mon, 12 Jun 2000, Florian Weimer wrote:

> Is it possible with libgcrypt to read an OpenPGP message (my main
> interest is key material)? Or do I have to code my own OpenPGP
> parser? (I can't use GnuPG directly because my application is quite

Not yet. It makes sense to add message format handling but it has not
yet been done.

Werner

--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@OpenIT.de
D-40233 Duesseldorf http://www.OpenIT.de