gpgme - raw RSA operation using GPG public/private keys?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

gpgme - raw RSA operation using GPG public/private keys?

gnupg-user
Hello everybody!

I am looking for a "simple" way to use a GPG public/private RSA key to do "raw" RSA operations. I have the impression, that gpgme only deals with "real" OpenPGP data structures, but this does not fit my use case. This is for an application that is currently based on openssl crypto.

I do have a "plan-b" if there is no simpler way, but given the gpgme, libgcrypt ecosystem (which I have not really used before) I hope that I will not have to use this:
  • use gpgme to access gnupg keyrings
  • "export" a key using as an OpenPGP key into an in-memory buffer
  • parse this key from the buffer - extracting RSA numbers
  • put the RSA values into an openssl RSA key structure
  • do the crypto using openssl

This does work - I tested this up to the fourth bullet... but there surely must be a better way.... however, looking at the gpgme docs I can find no obvious candidates for RSA operations - gpgme_op_encrypt does not what I need, as it constructs a PGP message, where I assume it uses a session key and encrypts that using RSA...


peter


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpgme - raw RSA operation using GPG public/private keys?

Daniel Kahn Gillmor-7
On Fri 2017-07-07 18:01:03 +0200, [hidden email] wrote:

> I am looking for a "simple" way to use a GPG public/private RSA key to
> do "raw" RSA operations. I have the impression, that gpgme only deals
> with "real" OpenPGP data structures, but this does not fit my use case.
> This is for an application that is currently based on openssl crypto.

you're right -- gpgm is only for higher-level protocol operations,
whether they're OpenPGP or CMS (cryptographic message syntax).  it
doesn't offer low-level crypto primitives.

if you want low-level crypto primitives that are GPL-compatible, you can
use libhogweed (from the nettle project) or libgcrypt.

Modern GnuPG uses libgcrypt for its crypto primitives, fwiw.

       --dkg

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (847 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpgme - raw RSA operation using GPG public/private keys?

gnupg-user
Am 12.07.2017 um 01:55 schrieb Daniel Kahn Gillmor:

> On Fri 2017-07-07 18:01:03 +0200, [hidden email] wrote:
>> I am looking for a "simple" way to use a GPG public/private RSA key to
>> do "raw" RSA operations. I have the impression, that gpgme only deals
>> with "real" OpenPGP data structures, but this does not fit my use case.
>> This is for an application that is currently based on openssl crypto.
> you're right -- gpgm is only for higher-level protocol operations,
> whether they're OpenPGP or CMS (cryptographic message syntax).  it
> doesn't offer low-level crypto primitives.
>
> if you want low-level crypto primitives that are GPL-compatible, you can
> use libhogweed (from the nettle project) or libgcrypt.
Thanks a lot for the answer. So the next question is: How? That is: I
could not find any libgcrypt functions taking a gpg key obtainable
through gpgme.

But that is the key problem (haha): I *could* (by hand) parse a secret
key exported using gpg (or, if possible, through gpgme) and use the RSA
parameters to build up the key structure required for either libgcrypt
(or openssl). But that would make it impossible to deal with e.g. gpg
agents.

So to rephrase the question: How would I proceed to do raw RSA
operations using libcrypt for gpg keys stored in a standard key ring? Or
is this functionality not exposed directly in any library? Would it be
best to look at how gpg itself does this? Any pointers (source files,
docs, examples, etc.?)

> Modern GnuPG uses libgcrypt for its crypto primitives, fwiw.
I want to be modern as well... :-)
>        --dkg

peter


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Loading...