Consider implementation of own key storage format.

rnpgp / rnp

RNP: high performance C++ OpenPGP library used by Mozilla Thunderbird

https://www.rnpgp.org

Other

192 stars 54 forks source link

Consider implementation of own key storage format. #918

Open ni4 opened 4 years ago

ni4 commented 4 years ago

Description

Probably we should implement some own key storage format for RNP CLI. While we could run perfectly with GnuPG key storage, we should be also able to run on our own and not be ruined by running gpg on our homedir. This could be simply done by using some non-GnuPG key storage file names.

See discussion at https://github.com/rnpgp/rnp/issues/915#issuecomment-535983390

kaie commented 4 years ago

Maybe the scope of this issue could be extended to also cover "support an application defined keystore directory".

rnp_ffi_create allows to specify the desired format, but doesn't accept a path. It would be nice to have a function that will open a keystore in an application defined path, with the given keystore format, and init it, if it doesn't exist yet.

Currently rnp_ffi_create calls rnp_key_store_new with an empty path parameter.

Would it make sense to have a new API like this:

/* Set filename parameters to NULL to use default filenames. */
rnp_result_t
rnp_ffi_create_ex(rnp_ffi_t *ffi, const char *path, 
  const char *pub_format  const char *sec_format, 
  const char *pub_filename, const char *sec_filename
)

kaie commented 4 years ago

Note that I might not yet have fully understood the intended use of the library API. I see that the rnpkeys utility allows accessing any home directory, but it uses private APIs to do so. rnp_cfg_setstr isn't exported, and variable CFG_HOMEDIR appears to be used only be the command line utilities.

Is the following approach a supported scenario for using the RNP library?

app uses a function to open a keystore at an application defined location
app keeps a handle to that keystore for the entire session
app uses keys from the keystore as needed, over time. Listing keys inside the store, using keys inside the store to decrypt, importing, generating, exporting, encrypting etc.

kaie commented 4 years ago

I should have read the examples in more detail prior to commenting. I see you're using rnp_input_from_path to load a keyring. Looks like I can use this API to specify both a full path and the filename.

kaie commented 4 years ago

The generate.c example answers a lot of my questions. No answers necessary for now. I'll do some experiments.