gpgme - raw RSA operation using GPG public/private keys?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

gpgme - raw RSA operation using GPG public/private keys?

gnupg-user
Hello everybody!

I am looking for a "simple" way to use a GPG public/private RSA key to do "raw" RSA operations. I have the impression, that gpgme only deals with "real" OpenPGP data structures, but this does not fit my use case. This is for an application that is currently based on openssl crypto.

I do have a "plan-b" if there is no simpler way, but given the gpgme, libgcrypt ecosystem (which I have not really used before) I hope that I will not have to use this:
  • use gpgme to access gnupg keyrings
  • "export" a key using as an OpenPGP key into an in-memory buffer
  • parse this key from the buffer - extracting RSA numbers
  • put the RSA values into an openssl RSA key structure
  • do the crypto using openssl

This does work - I tested this up to the fourth bullet... but there surely must be a better way.... however, looking at the gpgme docs I can find no obvious candidates for RSA operations - gpgme_op_encrypt does not what I need, as it constructs a PGP message, where I assume it uses a session key and encrypts that using RSA...


peter


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpgme - raw RSA operation using GPG public/private keys?

Daniel Kahn Gillmor-7
On Fri 2017-07-07 18:01:03 +0200, [hidden email] wrote:

> I am looking for a "simple" way to use a GPG public/private RSA key to
> do "raw" RSA operations. I have the impression, that gpgme only deals
> with "real" OpenPGP data structures, but this does not fit my use case.
> This is for an application that is currently based on openssl crypto.

you're right -- gpgm is only for higher-level protocol operations,
whether they're OpenPGP or CMS (cryptographic message syntax).  it
doesn't offer low-level crypto primitives.

if you want low-level crypto primitives that are GPL-compatible, you can
use libhogweed (from the nettle project) or libgcrypt.

Modern GnuPG uses libgcrypt for its crypto primitives, fwiw.

       --dkg

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (847 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpgme - raw RSA operation using GPG public/private keys?

gnupg-user
Am 12.07.2017 um 01:55 schrieb Daniel Kahn Gillmor:

> On Fri 2017-07-07 18:01:03 +0200, [hidden email] wrote:
>> I am looking for a "simple" way to use a GPG public/private RSA key to
>> do "raw" RSA operations. I have the impression, that gpgme only deals
>> with "real" OpenPGP data structures, but this does not fit my use case.
>> This is for an application that is currently based on openssl crypto.
> you're right -- gpgm is only for higher-level protocol operations,
> whether they're OpenPGP or CMS (cryptographic message syntax).  it
> doesn't offer low-level crypto primitives.
>
> if you want low-level crypto primitives that are GPL-compatible, you can
> use libhogweed (from the nettle project) or libgcrypt.
Thanks a lot for the answer. So the next question is: How? That is: I
could not find any libgcrypt functions taking a gpg key obtainable
through gpgme.

But that is the key problem (haha): I *could* (by hand) parse a secret
key exported using gpg (or, if possible, through gpgme) and use the RSA
parameters to build up the key structure required for either libgcrypt
(or openssl). But that would make it impossible to deal with e.g. gpg
agents.

So to rephrase the question: How would I proceed to do raw RSA
operations using libcrypt for gpg keys stored in a standard key ring? Or
is this functionality not exposed directly in any library? Would it be
best to look at how gpg itself does this? Any pointers (source files,
docs, examples, etc.?)

> Modern GnuPG uses libgcrypt for its crypto primitives, fwiw.
I want to be modern as well... :-)
>        --dkg

peter


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpgme - raw RSA operation using GPG public/private keys?

gnupg-user
Hello List!

One more question for this topic: Am I right that secret key export is
not really implemented, even though there is the
GPGME_EXPORT_MODE_SECRET flag to gpgme_op_export_keys()?

If this is correct: Why is there such a flag?

sincerely

peter


Am 17/07/17 um 13:25 schrieb [hidden email]:

> Am 12.07.2017 um 01:55 schrieb Daniel Kahn Gillmor:
>> On Fri 2017-07-07 18:01:03 +0200, [hidden email] wrote:
>>> I am looking for a "simple" way to use a GPG public/private RSA key to
>>> do "raw" RSA operations. I have the impression, that gpgme only deals
>>> with "real" OpenPGP data structures, but this does not fit my use case.
>>> This is for an application that is currently based on openssl crypto.
>> you're right -- gpgm is only for higher-level protocol operations,
>> whether they're OpenPGP or CMS (cryptographic message syntax).  it
>> doesn't offer low-level crypto primitives.
>>
>> if you want low-level crypto primitives that are GPL-compatible, you can
>> use libhogweed (from the nettle project) or libgcrypt.
> Thanks a lot for the answer. So the next question is: How? That is: I
> could not find any libgcrypt functions taking a gpg key obtainable
> through gpgme.
>
> But that is the key problem (haha): I *could* (by hand) parse a secret
> key exported using gpg (or, if possible, through gpgme) and use the RSA
> parameters to build up the key structure required for either libgcrypt
> (or openssl). But that would make it impossible to deal with e.g. gpg
> agents.
>
> So to rephrase the question: How would I proceed to do raw RSA
> operations using libcrypt for gpg keys stored in a standard key ring? Or
> is this functionality not exposed directly in any library? Would it be
> best to look at how gpg itself does this? Any pointers (source files,
> docs, examples, etc.?)
>
>> Modern GnuPG uses libgcrypt for its crypto primitives, fwiw.
> I want to be modern as well... :-)
>>        --dkg
> peter
>
>



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpgme - raw RSA operation using GPG public/private keys?

Werner Koch
On Wed, 26 Jul 2017 02:21, [hidden email] said:

> One more question for this topic: Am I right that secret key export is
> not really implemented, even though there is the
> GPGME_EXPORT_MODE_SECRET flag to gpgme_op_export_keys()?

No, it is implemented.  You may use the run-export test program from
the gpgme build directory to test it:

  $ ./run-export --openpgp --secret [hidden email]
  keyid: 139563682A020D0A  (fpr: B21DEAB4F875FB3DA42F1D1D139563682A020D0A)
  exporting secret keys!
  Begin Result:
  -----BEGIN PGP PRIVATE KEY BLOCK-----
 
  lIYEV2o9XRYJKwYBBAHaRw8BAQdAZ8zkuQDL9x7rcvvoo6s3iEF1j88Dknd9nZhL
  nTEoBRn+BwMCg63ihXzAmZ3h0IU0FKiAxZOSy5VAKrU1M1f9/euePQpNXK1X50ef
  WWb2zuE37junfzr5TITbl/3EC4YgbH/FmhvztZJxjoqcg6CNhTUtzLQbcGF0cmlj
  ZS5sdW11bWJhQGV4YW1wbGUubmV0iHkEExYIACEFAldqPV0CGwMFCwkIBwIGFQgJ
  CgsCBBYCAwECHgECF4AACgkQE5VjaCoCDQqZDQEAxQ3MCVM7Mbu2iVIj3aWF4+Ll
  Wq612pMRBPJhhaLVoSwA/Rh+K6iw2CBNzShFNLPjpLeLRCMCWlfB9TTTzzzIit4N
  nIsEV2o9jRIKKwYBBAGXVQEFAQEHQBZ55mXPfU7ipOYgqvcJmGVFRdkXFzdgrKgJ
  fIhkEFFrAwEIB/4HAwK7JqxPETtQvuFYDuRCIj/saGn4B+5WgpRdDlW78NkfNIi/
  c9wS2u6zvhIM8LboJgH6hxQR1wcNR1OTdGYaNCqbBroYu0RvNL8ad476PLiQiGEE
  GBYIAAkFAldqPY0CGwwACgkQE5VjaCoCDQrLhQD/QaZVpfNd6Yu+/VfDjLERrP8p
  8ooZzhEn7fx/KpTPDw0BAKiFD6SLcjl/zgRctkSJSIuydW06fUc3G80P+BZOIVkE
  =SgH0
  -----END PGP PRIVATE KEY BLOCK-----
  End Result.


Salam-Shalom,

   Werner


--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

attachment0 (233 bytes) Download Attachment
Loading...