[gnutls-dev] Fixing OpenPGP keyring import

[Simon Josefsson]

ludo at chbouib.org (Ludovic Courtès) writes:

> Hi,
>
> The patch below attempts to fix import of OpenPGP keyrings.  This
> currently doesn't work at all AFAICT (in fact, I wonder how the current
> code relates to the intent ;-)).

I'm not surprised. :)

> The patch is kludgey: since `cdk_keydb_new ()' only supports the raw
> format, it changes `gnutls_openpgp_keyring_import ()' so that it returns
> an error when asked for a base64 import.

If the current code never worked, your patch is an improvement,
though.

> Fixing this would require one of the following:
>
>   1. fixing `cdk_keydb_new ()' so that one can pass an additional
>      argument indicating the format.
>
>   2. providing a new function, say `cdk_keydb_from_stream ()', where one
>      can pass an arbitrary stream as the keyring source.
>
> Solution (2) seems more flexible and cleaner.  One could pass
> `cdk_keydb_from_stream ()' a stream with or without the armor flag set,
> thereby fixing our problem.  It would also have the advantage of not
> breaking OpenCDK's ABI.  `cdk_keydb_new ()' could then be rewritten in
> terms of it.

Yeah, I'd go with 2) or

3) Create cdk_keydb_new_base64 that works like cdk_keydb_new but takes
a text keydb.

> I'm not familiar with OpenCDK so I may well have missed something.
> Any thoughts?

I think you know more than I do... however, Timo (the original author)
has been busy the last few days to rewrite a lot of OpenCDK.  I have
not had a chance to look at the code, but it is possible that he
solves this problem in some other way.

Timo's recent work break the API/ABI though, so I'm not sure how soon
GnuTLS will start to use the new OpenCDK APIs, or how the migration
will happen.  We'll probably should discuss that here.

> Just in case: is copyright assignment needed for OpenCDK?

No, for now let's consider OpenCDK a part of GnuTLS, so it falls under
your GnuTLS assignment.

/Simon