tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/crypto/external/bsd/netpgp/dist



Hi Arnaud, everyone,

On Thu, May 21, 2009 at 10:59:04PM -0400, Arnaud Lacombe wrote:
> I've been seeing a lot of commit and activity in netpgp. Do you mind
> sending me a small paragraph [for the next CVS activity report] about
> what you're doing in it and what is already possible and what
> direction does it take ?
 
Yeah, there's no secret about what I'm doing with it, but just to clarify:

netpgp is a high-level layer which sits on top of a heavily-modified
openpgpsdk, and provides a library interface defined in
/usr/include/netpgp.h - the main functions are:

int netpgp_encrypt_file(netpgp_t *, char *, char *, char *, int);
int netpgp_decrypt_file(netpgp_t *, char *, char *, int);
int netpgp_sign_file(netpgp_t *, char *, char *, char *, int, int, int);
int netpgp_verify_file(netpgp_t *, char *, const char *, int);

There are also some key management functions which will be moving from
netpgp(1) to a separate key management program RSN.  All the
openpgpsdk functions have been hidden from userspace, and the only
structure and entry points are the libnetpgp(3) ones. There's now
one header file, rather than a number.

Netpgp(1) itself provides signing, verification, encryption and
decryption of RSA, DSA and Elgamal keys.  It can be used as a dropin
replacement for gpg in that respect - however, please be reassured
that the interface is completely different. There's one separate
command that I didn't find with gpg, which was the ability to verify
a file, and, if it was correct, to write the signed contents to a file
(which defaults to stdout). That's invoked as "netpgp --cat file.gpg"

Netpgp is built on top of openpgpsdk from Ben Laurie and Rachel Willmer,
with a few bugs fixed, like the ability to verify files > 8192 bytes,
to decrypt files > 8192 bytes.  It has also been updated to generate
keys with a default size of 2048 bits (even then, I'm thinking of
raising this to 4096) - key size can of course be specified via the
command line - and to use a default hash algorithm when signing of
SHA256 (instead of SHA1).  Netpgp also displays keys before prompting
for passphrases, displays the default key (as derived from the
.gnupg/gpg.conf file), and works with detached signatures (both
signing and verification).  The split from openpgpsdk wasn't just a
desire for NIH - the code is unusual in its structure in a lot of
respects, and I found I needed to run it through indent for my poor
little braincells to be able to cope with it, and I also found that I
don't like developing with vim in 120 column windows - so I did a lot
of gratuitous name changes - some of the names are huge, with > 50
chars in them - to the openpgpsdk such that Ben and Rachel would not
recognise it, and I suspect would disown it even if they did.  Their
copyright is still in all the files. openpgpsdk's goals are different
from mine, since they encourage the use of 3rd party verification
software written to their interface - my goals for netpgp are much
more mundane, in that I want a BSD-licensed library and userland
program which is efficient, and compatible/contemptible with GPG.

What can people do with it right now? It can be used as an embedded
library, such that files can be signed/verified, encrypted and decrypted.
This is completely compatible with gpg:

[8:32:53] agcrooks@electricrace ~ 145 % netpgp --sign a
netpgp: default key set to "c0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 
uid              Alistair Crooks <agc%netbsd.org@localhost>
uid              Alistair Crooks <agc%pkgsrc.org@localhost>
uid              Alistair Crooks <agc%alistaircrooks.com@localhost>
uid              Alistair Crooks <alistair%hockley-crooks.com@localhost>
netpgp passphrase: 
[8:33:21] agcrooks@electricrace ~ 146 % gpg --verify a.gpg 
gpg: Signature made Mon 25 May 08:33:20 2009 PDT using RSA key ID C0596823
gpg: Good signature from "Alistair Crooks <agc%pkgsrc.org@localhost>"
gpg:                 aka "Alistair Crooks 
<alistair%hockley-crooks.com@localhost>"
gpg:                 aka "Alistair Crooks <agc%netbsd.org@localhost>"
gpg:                 aka "Alistair Crooks <agc%alistaircrooks.com@localhost>"
[8:33:30] agcrooks@electricrace ~ 147 % netpgp --verify a.gpg
netpgp: default key set to "c0596823"
Good signature for a.gpg made Mon May 25 08:33:20 2009
using RSA (Encrypt or Sign) key 1b68dcfcc0596823
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 
uid              Alistair Crooks <alistair%hockley-crooks.com@localhost>
uid              Alistair Crooks <agc%pkgsrc.org@localhost>
uid              Alistair Crooks <agc%netbsd.org@localhost>
uid              Alistair Crooks <agc%alistaircrooks.com@localhost>
[8:33:39] agcrooks@electricrace ~ 148 %

It is similar on the encryption/decryption side:

[8:34:26] agcrooks@electricrace ~ 149 % netpgp --encrypt a
netpgp: default key set to "c0596823"
[8:34:35] agcrooks@electricrace ~ 150 % netpgp --decrypt a.gpg
netpgp: default key set to "c0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid              Alistair Crooks <agc%netbsd.org@localhost>
uid              Alistair Crooks <agc%pkgsrc.org@localhost>
uid              Alistair Crooks <agc%alistaircrooks.com@localhost>
uid              Alistair Crooks <alistair%hockley-crooks.com@localhost>
netpgp passphrase:
[8:35:15] agcrooks@electricrace ~ 151 % gpg --decrypt a.gpg

You need a passphrase to unlock the secret key for
user: "Alistair Crooks <agc%pkgsrc.org@localhost>"
2048-bit RSA key, ID C0596823, created 2004-01-12

gpg: encrypted with 2048-bit RSA key, ID C0596823, created 2004-01-12
      "Alistair Crooks <agc%pkgsrc.org@localhost>"

...

In general, libnetpgp(3) is a BSD-licensed library which can be
embedded in software, with a driver netpgp(1) program.  In a lot of
instances, it can be used as a drop-in replacement for gpg.  Netpgp is
distributed as a package in pkgsrc, and runs on a number of operating
systems - the only pre-reqs are openssl, libz and libbz2.

I've got a lot of things still to do with it - as I said, I'll be
decoupling the key management portions from netpgp(1) RSN, and I'll
be doing a lot of other slimming down in some other areas - drop me
a line if you're interested in these, and we can have a chat, because
I may already have preliminary code to do what you're wanting.

I've submitted an abstract for a paper on netpgp to EuroBSDcon (the
September 2009 one in Cambridge, UK), but I haven't heard yet if it's
been accepted.

If anyone wants to chat about netpgp, please drop me a line.

Best wishes,
Alistair


Home | Main Index | Thread Index | Old Index