[gnutls-dev] Another openpgp question...

Charles 'Buck' Krasic krasic at cs.ubc.ca
Wed Nov 26 02:43:11 CET 2003


Hi Nikos,

Thanks for your replies.  They have been very helpful.

I've been able to get GnuTLS basically working in my video streaming
system.   At first, I got it working with AES128 + SHA1.   I noticed
that the CPU load was quite high (not a big suprise) so I started to try
and measure some other combinations.   This is where I ran into a lot of
trouble.   I'm not an expert in OpenPGP or gnupg, so it's not obvious to
me what kinds of keys are required for the different ciphers supported
in GnuTLS.   I made some progress by enabling GnuTLS's logging, but I
still don't understand what is required to get certain ciphers to work.

For example,  I can get the ARCFOUR_SHA cipher, but not ARCFOUR_MD5 (128
or 40).  

I am basically content for now that I have some encryption working, but
it would be nice to have some clarification on issues above.   

Are there many other users of GnuTLS's OpenPGP support?

-- Buck

On Tue, 2003-11-25 at 13:31, Nikos Mavroyanopoulos wrote:
> On Tue, Nov 25, 2003 at 12:57:48PM -0800, Charles 'Buck' Krasic wrote:
> 
> > Hi,
> > I another question regarding OpenPGP and TLS.  I would like the server
> > side of the TLS session to be able to query what key the client used
> > after the handshake has completed.   
> > As far as I can tell, the closest thing to this right now is the
> > gnutls_openpgp_set_recv_key_function(), but this is only used if the
> > client sends a fingerprint instead of their public key.   But, for the
> > case where the client just sends their key, the API doesn't provide any
> > way to find out what key the client used.
> > Would it be hard to add such a query to the API?  I.e. something like:
> >   gnutls_openpgp_get_peer_key()
> Hello Charles,
>  You could use gnutls_certificate_get_peers(). The openpgp key authentication
> is part of the certificate authentication, so all the gnutls_certificate_*
> functions apply. 
> 
> > -- Buck





More information about the Gnutls-devel mailing list