Mailing List Archive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Dienstag, 22. Juli 2003 23:17 schrieb Moritz Schulte:
> Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:
> > gcry_ac_key_test returns an error.
>
> Please be a bit more precise; what error?

Strange: the error code is 536870916. I did not find this value in
gpg-error.h.

I tried to call gpg_strerror() but the linker says:
g++ -o testit obj/main.o obj/mac.o obj/qmdcodec.o
- -Wl,-rpath,/usr/local/qt/lib -L/usr/local/qt/lib -L/usr/X11R6/lib -L/usr/lib
- -lgcrypt -lgpg-error -lqt-mt -lXext -lX11 -lm -lpthread
obj/main.o: In function `main':
/home/ralf/bims/tools/test/main.cpp:206: undefined reference to
`gpg_strerror(unsigned)'

Why is there an undefined reference when I link against libgpg-error as shown
above?

> >> in case you did not know that you can dump a MPI value with an
> >> internal function for debugging purposes: _gcry_log_mpidump().
> >
> > How can I use it?
>
> Well, as I said, it is an internal function and not a public
> interface. You can simply use it from within gdb, e.g.:
>
> gdb> p _gcry_log_mpidump ("", mpi_value)

OK, I'll try this.

At the moment, I tried this to check the MPI values of the original and the
restored key are equal:

for (i = 0; i < gcry_ac_data_length(privKey->data); i++)
{
gcry_ac_data_get_index (privKey->data, i, (const char **)&pname, &mpi);
gcry_ac_data_get_index (restPrivKey->data, i, (const char **)&pname,
&mpi2);
if (gcry_mpi_cmp (mpi, mpi2) != 0)
printf ("MPI %d are not equal", i);
}

But it seems that all MPI values are equal, the text is not output.

Best regards,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/Ha8O7YyyfykA0YkRAjHIAJ91FrI+kVoKLl/tBTKem2WuT2Z/EgCgjm62
63SFY65ShOHDV61wsUhhgKg=
=O3XU
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Dienstag, 22. Juli 2003 23:39 schrieb Ralf Schneider:
> Am Dienstag, 22. Juli 2003 23:17 schrieb Moritz Schulte:
> > Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:
> > > gcry_ac_key_test returns an error.
> >
> > Please be a bit more precise; what error?
>
> Strange: the error code is 536870916. I did not find this value in
> gpg-error.h.

Oh, I better should use gcry_strerror :-) This works fine. It returns:
Invalid public key algorithm

But why? I use the same handle as before when creating the keys.

Best regards,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/HbDu7YyyfykA0YkRAvtvAJ0f3AEfU+yaUjNrhyIjIYb8OqIIFACfTVdC
SSuCvWrKr0/zpzDBxKYubWc=
=bqNA
-----END PGP SIGNATURE-----

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> Oh, I better should use gcry_strerror :-)

Yeah. The error values are bitwise combinations of two values, see
the manual for more information.

> This works fine. It returns: Invalid public key algorithm

Thanks for triggering this, it is fixed in CVS.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Mittwoch, 23. Juli 2003 14:18 schrieb Moritz Schulte:
> > This works fine. It returns: Invalid public key algorithm
>
> Thanks for triggering this, it is fixed in CVS.

Thank YOU for fixing that so fast!!! It works now. Thanks a lot for your help.

Best regards,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/HtGi7YyyfykA0YkRAiM3AJ9m1MOqVt2v9KfGAcUCyrXzC3MSvACfQXBr
ho4SniC8ic1x803p0nl4Hhc=
=lKFG
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

one little problem again. As written before I managed to restore a key from my
own string format. But this only worked for the private key of a key pair.

When I try to recover a public key and check the key at the end with
gcry_ac_key_test I get the error message "Invalid object". This is what I do:

gcry_ac_data_t keyData;
gcry_ac_key_t key;

if (!setKeyData (keyData, parts)) // write the MPIs to keyData
return false;

rc = gcry_ac_key_init (&key, mHandle, GCRY_AC_KEY_PUBLIC, keyData);
if (rc)
return false;

rc = gcry_ac_key_test (key);
if (rc)
return false;

When I debug my code I see that there are 2 MPI values (n and e) that are
written to the data set. They have the same data as the first two MPI values
of the corresponding private key. Is that correct?

Do I have to do anything else when restoring a public key?

Best regards,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/H+f/7YyyfykA0YkRArb6AJ4kPBu3iLzgs+nVtVa12qCw7AURYwCgleSN
0UKSFEHNCDC/aVIfu3c8Z1g=
=GYBr
-----END PGP SIGNATURE-----

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> When I try to recover a public key and check the key at the end with
> gcry_ac_key_test I get the error message "Invalid object".

Ah, I should add this to the documentation; Since gcry_ac_key_test
simply calls gcry_pk_testkey and that function is only able to test
private keys at the moment, you see that error.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

On Fri, 25 Jul 2003 00:14:09 +0200, Moritz Schulte said:

> Ah, I should add this to the documentation; Since gcry_ac_key_test
> simply calls gcry_pk_testkey and that function is only able to test
> private keys at the moment, you see that error.

It also does not make much sense to test a public key. One could only
do some very basic tests, like whether e is odd.

--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Freitag, 25. Juli 2003 09:59 schrieb Werner Koch:
> On Fri, 25 Jul 2003 00:14:09 +0200, Moritz Schulte said:
> > Ah, I should add this to the documentation; Since gcry_ac_key_test
> > simply calls gcry_pk_testkey and that function is only able to test
> > private keys at the moment, you see that error.
>
> It also does not make much sense to test a public key. One could only
> do some very basic tests, like whether e is odd.

Then a hint in the docs would be very helpful :-)

Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/IOmD7YyyfykA0YkRAuDOAJ0YzoLKJLpQS2qJ1QEOd2yOZrw04QCgiAFM
OhPyBPMwHP8Fgi3TNb1z9/I=
=v1R0
-----END PGP SIGNATURE-----

On Fri, 25 Jul 2003 10:25:29 +0200, Ralf Schneider said:

> Then a hint in the docs would be very helpful :-)

We expect that users of libgcrypt do have a sound understanding of
cryptoplumbing issues and thus we can't repeat basic knowledge in the
manual. Actually it would be dangerous to do so because it will make
users believe that they can easily write secure software without
appropriate experience.


Salam-Shalom,

Werner

--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org

Werner Koch <wk@gnupg.org> writes:

> It also does not make much sense to test a public key. One could
> only do some very basic tests, like whether e is odd.

I think it is worth implementing such tests and then changing the
documentation to mention the fact that there is only minimal checking
for public keys.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))