Mailing List Archive: Can Libcrypt work with ASCII Armored Keys?

Can Libcrypt work with ASCII Armored Keys?

Dec 3, 2007, 5:27 PM

Post #1 of 3 (2403 views)

Hi All,
I need to create a light-weight app in the EFI env that just verifies
signing of files and decrypts them. I came across Libgcrypt lib and have
studied the reference manual. I also looked into the sample
applications.
I found that this library has api's to do what I required, but once I
have the public Key in the s-exp format. There is no document that
explains how to convert an ascii armored public-key to it's equivalent
s-exp. Although, I can construct a s-exp using the armored data with
quotes around it (gcry_sexp_sscan), I get back zero when I check if the
s-exp contains the token "public-key" (gcry_sexp_find_token). I
understand that the key needs to be converted to a format understood by
gcrypt before I can use it.
Are there documents that describes how to convert the armored input to a
format understood by gcrypt? Any help with this would be appriciated.

With Regards,

Presanna Raman.

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Re: Can Libcrypt work with ASCII Armored Keys? [ In reply to ]

wk at gnupg

Dec 4, 2007, 3:26 AM

Post #2 of 3 (2285 views)

Permalink

On Tue, 4 Dec 2007 02:27, presannar@ami.com said:

> I need to create a light-weight app in the EFI env that just verifies
> signing of files and decrypts them. I came across Libgcrypt lib and have
> studied the reference manual. I also looked into the sample

Libgcrypt is a low-level libarray and protocol neutal. Armoring a file
is part of a protocol and you need to select what protocol to use and
implement that protocol.

What protocol do you want? For instance CMS (X.509) and OpenPGP are
widely used signing protocols.

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Re: Can Libcrypt work with ASCII Armored Keys? [ In reply to ]

wk at gnupg

Dec 4, 2007, 11:38 PM

Post #3 of 3 (2275 views)

Permalink

On Wed, 5 Dec 2007 01:12, presannar@ami.com said:

> Thanx Werner for your reply. The file to be verified and decrypted
> will be signed using gpg in Windows environment. I need to decrypt the
> same in the EFI environment. I searched online and RFC 2440 specifies
> that the ASCII Armor refers to the Radix-64 encoding.

I understand.

> Am I right to assume that once I dearmor the key, I should be able to
> use the gcry_sexp_sscan api to use the key for decryption?

Definitely not. After stripping the armor you get to a binary OpenPGP
message which is quite a complex protocol.

I assume that you have full control over the creation of the data and
don't need to accept arbitrary OpenPGP message. Under such conditions
it is easier to write a useful parser, decryptor and verifier. I did
this once for signature verification [1] and have a "Tiny GPG" version
in the works which can eventually be embedded into other applications.

Shalom-Salam,

Werner

[1] http://g10code.com/p-sfsv.html

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel