some opencdk history (was: lib/opencdk/read-packet.c: read_s2k() implementation)

Nikos Mavrogiannopoulos nmav at
Sat Jul 5 10:21:56 CEST 2008

Daniel Kahn Gillmor wrote:
> After wrapping my head around the relevant section of RFC 4880 and
> bits of opencdk, i've fleshed out the previously unimplemented opencdk
> internal function intended to interpret OpenPGP String-To-Key
> transformations, read_s2k() in read-packet.c.
> Attached, please find the patch for this function.  Inspection with a
> debugger shows that the values being stored are congruent with what is
> expected in other uses of the cdk_s2k_t construct.
> After my first draft of this patch, i noticed that similar code
> already existed in the read_symkey_enc() function (also in
> lib/opencdk/read-packet.c).  So instead of publishing my first draft,
> i've collapsed the code for these two so that there's a canonical
> implementation of reading s2k values present in the opencdk codebase.
> The attached patch reflects this approach.
> This change should not affect the API or ABI at all, and it allows
> GnuTLS to recognize encrypted secret keys (though it cannot yet use
> them, afaict).

Hello Daniel,

 I've finally found some time to check your patch and I have some
remarks. The first is about patches in opencdk. The opencdk library
included in gnutls is a crippled version of the "full" opencdk library
by Timo Schulz. This crippling was done for mainly two reasons. The full
opencdk library contained GPL code that forced us to include the openpgp
support only in libextra, and the second is that we only wanted to
include the parts of opencdk we used.

Thus if you or anyone wants to add anything to gnutls' opencdk it might
be appropriate to check the older opencdk library if it contains the
code and is under LGPL. This still will require some porting (since now
the included opencdk uses gnutls' internal api) but that wouldn't be
that difficult.

About the specific patch, it is quite useful, but since it does not
affect the gnutls' API or add anything to it, I'll keep from applying it
until it is complete.



More information about the Gnutls-devel mailing list