(no subject)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

(no subject)

Rob Withers
Hey Hans,

I just read the OpenPGP spec and browsed your code.  You are close to  
processing packets!  Are you still developing this package?  Let's  
revive it.

I recently finished implementing SMIME, although it has yet to be  
integrated with Celeste.  I think it's possible to have both SMIME  
and OpenPGP support in Celeste, when we get around to it.

What do you think?

cheers,
Robert
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re:

Hans-Martin Mosner
Hi Rob,

Robert Withers schrieb:
> Hey Hans,
>
> I just read the OpenPGP spec and browsed your code.  You are close to
> processing packets!  Are you still developing this package?  Let's
> revive it.
Well I haven't been doing anything on it for quite some time. I think
the code is mostly able to read public and private key files. I never
decided on a good abstraction for reading and writing encrypted files,
though, so that part would need some design work.
>
> I recently finished implementing SMIME, although it has yet to be
> integrated with Celeste.  I think it's possible to have both SMIME and
> OpenPGP support in Celeste, when we get around to it.
>
> What do you think?
>
That would be a very good idea. My main motivation for OpenPGP was that
it could be used in code signing (back when I tinkered with my
distributed code repository stuff) but its use in a mail client is
definitely a good goal.

Do you happen to have an idea for a good abstraction for
encrypted/signed files and streams?

Cheers,
Hans-Martin
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: OpenPGP

Rob Withers

On May 5, 2007, at 1:26 PM, Hans-Martin Mosner wrote:

> Hi Rob,
>
> Robert Withers schrieb:
>> Hey Hans,
>>
>> I just read the OpenPGP spec and browsed your code.  You are close to
>> processing packets!  Are you still developing this package?  Let's
>> revive it.
> Well I haven't been doing anything on it for quite some time. I think
> the code is mostly able to read public and private key files. I never
> decided on a good abstraction for reading and writing encrypted files,
> though, so that part would need some design work.

Ok, I see where you are reading in the public and private keys.  I  
would need to be able to generate them as well, since I don't have an  
OpenPGP/GPG installation.  then we could come up with a default  
location fo these files in the squeak default directory.  For SMIME,  
I keep all of the certificates and private key in a CertificateStore  
object, which is serialized to disk as 'certificates/cert.store'.  
Perhaps we need a 'security/pgpkeys.private' and 'security/
pgpkeys.public'.  I could move 'certificates' under 'security'.

>>
>> I recently finished implementing SMIME, although it has yet to be
>> integrated with Celeste.  I think it's possible to have both SMIME  
>> and
>> OpenPGP support in Celeste, when we get around to it.
>>
>> What do you think?
>>
> That would be a very good idea. My main motivation for OpenPGP was  
> that
> it could be used in code signing (back when I tinkered with my
> distributed code repository stuff) but its use in a mail client is
> definitely a good goal.

Ah, yes I recall you were working on that.  Lots of choices now with  
Monticello, Universes, packages, none with code signing.  Perhaps the  
mail client would be a good entry point for broader use.

>
> Do you happen to have an idea for a good abstraction for
> encrypted/signed files and streams?

Not really.  It seems to me that there is an input stream (chunk),  
with ancillary input state (public/private/session keys), which would  
decode to an output stream (chunk).

Decryption failure is an exception as is signature verification  
failure.  We could then use a chain of responsibility of decoders.  
I.e. the first attempt to verify the signature may fail/throw an  
exception, shifting to a second decoder which would extract the  
message without verifying the signature.  A higher level would be  
responsible for reporting the outcome, based on which decoder was  
successful.  A decoder (encoder) could be  composite, so we could  
handle/generate encrypted, signed packets.

I suspect all of this is above the layer you are talking about, which  
is the internals of processing a single packet.  For that I think of  
the ASN.1 framework I implemented with help from VW.  There is a  
ASN1Stream holding BER encoded bytes, and you use a Type class to  
control how to read or write those bytes.   So there is an  
OpenPGPStream holding encoded bytes, and you use a Type (Packet) to  
control how to read or write those bytes.  This is what you have, is  
it not?

What kinds of abstractions were you thinking over?

cheers,
Robert




_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: Re:

hernanmd
In reply to this post by Hans-Martin Mosner
> Hi Rob,

> Robert Withers schrieb:
>> Hey Hans,
>>
>> I just read the OpenPGP spec and browsed your code.  You are close to
>> processing packets!  Are you still developing this package?  Let's
>> revive it.
> Well I haven't been doing anything on it for quite some time. I think
> the code is mostly able to read public and private key files. I never
> decided on a good abstraction for reading and writing encrypted files,
> though, so that part would need some design work.
>>
>> I recently finished implementing SMIME, although it has yet to be
>> integrated with Celeste.  I think it's possible to have both SMIME and
>> OpenPGP support in Celeste, when we get around to it.
>>
>> What do you think?
>>
> That would be a very good idea. My main motivation for OpenPGP was that
> it could be used in code signing (back when I tinkered with my
> distributed code repository stuff) but its use in a mail client is
> definitely a good goal.

> Do you happen to have an idea for a good abstraction for
> encrypted/signed files and streams?

Möglicherweise möchten Sie etwas sehr utopisch Klassen überprüfen, die
ich getan habe (mit etwas Hilfe) in der Vergangenheit.
(CipherStream) http://www.smalltalking.net/Goodies/VisualSmalltalk/index.htm

Hernán

> Cheers,
> Hans-Martin
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography