using gpg keys with tls

Joel N. Weber II devnull at gnu.org
Thu Apr 3 07:08:01 CEST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It appears to be the case that the correct way to implement support
for OpenPGP keys in a TLS implmentation is as follows, ignoring for
the moment the possibility of client certificates:

1) The server does gpg --export on the key it wants to use, and sends
   that data as the certificate in the TLS protocol.

2) The client and server do some extra handshaking to acknowlege the
   possibility of using OpenPGP keys.

3) The server does some magic to get the actual bits of the RSA or DSA
   private key, and feeds them into the TLS implementation, which then
   does the same thing it would have done if it had gotten the private
   key that corresponds to an X.509 certificate.

What's not obvious to me is the correct way to get the bits from the
GPG for step 3.  Can someone tell me?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (NetBSD)

iD8DBQE+i7PDNIJPyVx4GhgRAqjqAJ9MTs72cp1xXGcXGYhc15Ju0QJtMwCgyIBm
zEscgHHxy9R/EQgS5hSwTUs=
=nEvh
-----END PGP SIGNATURE-----




More information about the Gnupg-devel mailing list