Mailing List Archive

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> 1. How can I influence the key generation with the last argument of
> gcry_ac_key_pair_generate? I did not find any hint in the docs.

True, I did not document this in the manual yet; I'll work on this
today.

> 2. How can I convert the generated keys from gcry_ac_key_t to anything else
> that can be stored in a database? Which data type should I use for that (SAP
> DB)?

Well, libgcrypt contains functions for printing and scanning MPI
values, which could be used for storing and reading the key material.
Maybe it makes sense to to have high level functions for storing and
reading data sets in the ac interface.

> 3. If I understood the example in ac.c correctly, an unsigned int value is
> encrypted. How can I pass a string to gcry_ac_data_encrypt for
> encryting it?

The data must be encoded in a MPI value. I think it makes sense to
have a function for this purpose in the ac interface. Until that is
implemented you could have a look at how GnuPG does it (I think it's
in g10/encode.c; it is used for converting `session keys' into MPI
values).

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Mittwoch, 16. Juli 2003 10:00 schrieb Moritz Schulte:
> > 2. How can I convert the generated keys from gcry_ac_key_t to anything
> > else that can be stored in a database? Which data type should I use for
> > that (SAP DB)?
>
> Well, libgcrypt contains functions for printing and scanning MPI
> values, which could be used for storing and reading the key material.
> Maybe it makes sense to to have high level functions for storing and
> reading data sets in the ac interface.

What is the best way to store keys in a database? base64 encoded in a VARCHAR
field?

> > 3. If I understood the example in ac.c correctly, an unsigned int value
> > is encrypted. How can I pass a string to gcry_ac_data_encrypt for
> > encryting it?
>
> The data must be encoded in a MPI value. I think it makes sense to
> have a function for this purpose in the ac interface. Until that is

I tried the following sequence for storing a string in a MPI value, but I get
a segmentation fault with the gcry_mpi_print call:

char text[1024] = "This is a test string.";
char buf[1024];
size_t textlen = strlen(text);
size_t buflen = 1024;

gcry_mpi_scan (&x, GCRYMPI_FMT_HEX, text, &textlen);
gcry_mpi_print (GCRYMPI_FMT_HEX, buf, &buflen, x);
printf (buf);

What I expected is that the original string is printed in the last line. What
is the problem with the above code? I looked into encode.c, but could not
identify a place where a string is encoded to a MPI value. Can you give me a
hint how the encoding can be done?

Thanks in advance,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/FUFB7YyyfykA0YkRAvwaAJ9jSYdraQRtWNQc/Z0ADfUXceBCVQCeLfHw
4QcihdILS1wB405yDFIyZFU=
=D5xZ
-----END PGP SIGNATURE-----

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> What is the best way to store keys in a database? base64 encoded in
> a VARCHAR field?

I am not sure, but this sounds reasonable in my opinion.

> I tried the following sequence for storing a string in a MPI value, but I get
> a segmentation fault with the gcry_mpi_print call:
>
> char text[1024] = "This is a test string.";
[...]
> gcry_mpi_scan (&x, GCRYMPI_FMT_HEX, text, &textlen);

Well, since "This is a test string." is not a valid number in Hex
format, this does not work.

> I looked into encode.c, but could not identify a place where a
> string is encoded to a MPI value.

I just noticed that GnuPG does it different - well, but basically it's
quite similar. ;-) I have not used the functions before, but the
descriptions of gcry_mpi_{set,get}_opaque look exactly like what you
need.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Mittwoch, 16. Juli 2003 15:20 schrieb Moritz Schulte:
> I just noticed that GnuPG does it different - well, but basically it's
> quite similar. ;-) I have not used the functions before, but the
> descriptions of gcry_mpi_{set,get}_opaque look exactly like what you
> need.

OK, my example works with gcry_mpi_{set,get}_opaque. I then tried to encrypt
and decrypt the string with this sequence:

char text[] = "Dies ist ein Test-String.";

x = gcry_mpi_new (0);
gcry_mpi_set_opaque (x, text, strlen(text));

if (gcry_ac_data_encrypt (hd, GCRY_AC_FLAG_DATA_NO_BLINDING, pubKey, x,
&data))
{
...
}

if (gcry_ac_data_decrypt (hd, GCRY_AC_FLAG_DATA_NO_BLINDING, privKey, &x2,
data))
{
...
}

char buf[1024];
size_t buflen = 1024;

strcpy (buf, (const char *)gcry_mpi_get_opaque (x, &buflen));
printf (buf);

This is very similar to the sequence in tests/ac.c, but I get a strange error
when encrypting the data:

Ohhhh jeeee: ... this is a bug (sexp.c:1046:sexp_sscan)

Any ideas?

Best regards,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/FV/Y7YyyfykA0YkRAiMCAJ97y4G7CtZuDfb8vnubAQW7GI8PLQCgjXsW
udP8EJdziYs5TNTHUNC4NyM=
=X/Bl
-----END PGP SIGNATURE-----

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> Ohhhh jeeee: ... this is a bug (sexp.c:1046:sexp_sscan)

Uh, thanks for triggering this. It seems that the S-Expression is not
able to print opaque MPIs. Hrrm, I will look into this.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))