ronaldtse
commented
7 years ago @catap this issue is for the extraction of the key storage interface.
Preferably it should be FFI-friendly/accessible (#64).
Open ronaldtse opened 7 years ago
ronaldtse
commented
7 years ago @catap this issue is for the extraction of the key storage interface.
Preferably it should be FFI-friendly/accessible (#64).
ni4
commented
5 years ago @ronaldtse @dewyatt I think we abstracted out keyring saving/loading functionality enough?
GnuPG 2.1 now uses the
.kbxformat for key storage instead of the previous.gpgkeyring.In any case, the
.gpgkeyring format is not defined in RFC 4880, but is a GnuPG-proprietary format that uses an OpenPGP message to store keys together with "Trust Packet"s. Normal OpenPGP messages do not have the "Trust Packet" (Tag 12), and the "Trust Packet"s are not exported. The contents of the "Trust Packet" is also implementation-specific as defined in RFC 4880.Given that GnuPG now uses a different
.kbxformat, it would be beneficial to have a general interface to manipulate stored keys.We should abstract out keyring manipulation code into generic primitives such as:
keystore_save_key(keystore, key)keystore_load_key_by_fprkeystore_load_key_by_key_idkeystore_load_key_by_user_idkeystore_trust_keyetc.
And bridge them to the specific "GnuPG keyring" or "GnuPG kbx" implementations.