On 17 mar, 15:20, Robert Relyea <[email protected]> wrote:
> On 03/16/2011 01:54 PM, Superpacko wrote:> Hi, im working on a software that
> uses GPG as a Key Manager but leaves
> > the encryption operations to NSS. I'm having a hard time trying to
> > figure out how to import GPG's public and private keys in NSS.
> > GPG stores the keys in "PKT_public_key" and "PKT_private_key"
> > structures, both have a "MPI pkey[PUBKEY_MAX_NPKEY];" which is what i
> > need to import in NSS if im not wrong.
>
> > does anyone know how to do this? i woudl really apreciate the help.
>
> > thanks a lot!
>
> What does the full struct look like, and what is the length of
> PUBKEY_MAX_NPKEY.
>
> RSA public keys have 2 components: Public exponent (typically a small
> integer value with 2 one bits. 65537 is the most common value, followed
> by 3 and 257). and a modulus (a large integer usually in lengths of 128
> bytes, 256 bytes, and 512 bytes, rarely 64 byte are larger then 512
> bytes). If there isn't two fields in the structure, then the values are
> somehow squashed together in some manner.
>
> Does GPG support non-RSA keys? Those have yet other characteristics.
>
> bob
#define PUBKEY_MAX_NPKEY 4
#define PUBKEY_MAX_NSKEY 6
#define PUBKEY_MAX_NSIG 2
#define PUBKEY_MAX_NENC 2
typedef struct {
u32 timestamp; /* key made */
u32 expiredate; /* expires at this date or 0 if not at all
*/
u32 max_expiredate; /* must not expire past this date */
struct revoke_info revoked;
byte hdrbytes; /* number of header bytes */
byte version;
byte selfsigversion; /* highest version of all of the self-sigs
*/
byte pubkey_algo; /* algorithm used for public key scheme */
byte pubkey_usage; /* for now only used to pass it to
getkey() */
byte req_usage; /* hack to pass a request to getkey() */
byte req_algo; /* Ditto */
u32 has_expired; /* set to the expiration date if expired
*/
int is_revoked; /* key has been revoked, 1 if by the
owner, 2 if by a designated revoker */
int maybe_revoked; /* a designated revocation is present, but
without the key to check it */
int is_valid; /* key (especially subkey) is valid */
int dont_cache; /* do not cache this */
byte backsig; /* 0=none, 1=bad, 2=good */
u32 main_keyid[2]; /* keyid of the primary key */
u32 keyid[2]; /* calculated by keyid_from_pk() */
byte is_primary;
byte is_disabled; /* 0 for unset, 1 for enabled, 2 for
disabled. */
prefitem_t *prefs; /* list of preferences (may be NULL) */
int mdc_feature; /* mdc feature set */
PKT_user_id *user_id; /* if != NULL: found by that uid */
struct revocation_key *revkey;
int numrevkeys;
u32 trust_timestamp;
byte trust_depth;
byte trust_value;
const byte *trust_regexp;
MPI pkey[PUBKEY_MAX_NPKEY];
} PKT_public_key;
This is the struct. GPG stores the data in the MPI structures that are
used in Lybcrypt. I found out that NSS has these functions:
SECKEYPublicKey* SECKEY_ImportDERPublicKey(SECItem *derKey,
CK_KEY_TYPE type); //with CKK_RSA
SECStatus PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot, SECItem
*derPKI, SECItem *nickname, SECItem *publicValue, PRBool isPerm,
PRBool isPrivate, unsigned int usage, void *wincx);
SECStatus PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
SECItem *derPKI, SECItem *nickname, SECItem *publicValue, PRBool
isPerm, PRBool isPrivate,
unsigned int usage, SECKEYPrivateKey** privk, void *wincx);
Im assuming that i can pass this MPIs data as char* and store it in a
SECItem like:
SECItem derKey;
derKey.type = siBuffer;
derKey.data = (unsigned char*)key;
and then pass it to the import function. What do u think about this?
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
