On 26 November 2015 at 15:49, Hannes Mehnert <[email protected]> wrote: > On 11/25/2015 17:22, Thomas Leonard wrote: >> On 23 November 2015 at 12:35, Anil Madhavapeddy <[email protected]> wrote: >>> Also, I just ran across this nicely privilege separated TLS daemon: >>> https://www.opsmate.com/titus/ > > Maybe a tlstunnel using Mirage would be sensible here? (And maybe > support both client and server side). > >> Qubes are also interested in GnuPG. Since 2.1, all private key >> operations are handled by gpg-agent, so we'd probably only have to >> implement that. Anyone know how hard that would be? > > The OpenPGP message format is documented in RFC4880, including a custom > run-length encoding of numbers, and various versions etc. I'm not sure > (and couldn't easily find) whether it makes sense to support old > versions (I think signature versions 3 and 4 are sensible, but maybe 3 > could be dropped as well). > > It is lengthy, the upside is that (nearly) no ASN.1 is involved. And > most of the crypto primitives are supported in ocaml-nocrypto. Would be > a fun project. I'd expect it to take 2 months full-time for me. > > Certainly, adding gpg agents "protocol" would take some more time as well.
What about doing only the agent protocol (mainly PKDECRYPT and PKSIGN)? https://www.gnupg.org/documentation/manuals/gnupg/Agent-Protocol.html > If someone has energy and resources for OpenPGP: I'm happy to help out, -- Dr Thomas Leonard http://roscidus.com/blog/ GPG: DA98 25AE CAD0 8975 7CDA BD8E 0713 3F96 CA74 D8BA _______________________________________________ MirageOS-devel mailing list [email protected] http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
