Help parsing OpenPGP packets and pubkey "normalization"

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Help parsing OpenPGP packets and pubkey "normalization"

Jesus Cea-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, everybody.

I am designing (very preliminary yet) a new PGP keyserver to replace the
SKS (http://minskyprimus.net/sks/), written in python. The
syncronization algorithm will be merkle/hash trees
(http://en.wikipedia.org/wiki/Hash_tree). I am developing the merge tree
library just now, that I will release as a standalone library thru Pypi
in a couple of weeks or so. This lib has a lot of value by itself.

The issue that bugs me now is pubkey normalization.

That is, a pubkey in the keyserver network can be updated in two
different servers with two new signatures:

Server 1: pubkey+sign1

Server 2: pubkey+sign2

After the sync is done, all the network MUST have the very exact key,
let say:

Server 1: pubkey+sign1+sign2

Server 2: pubkey+sign1+sign2

For server 1, new sign is an (easy) append, but server 2 needs to
reorder the openpgp packets inside the pubkey.

This is not trivial. You can parse the pubkey bundle, extract the packet
and sort them in lexicographic order, for instance, paying attention to
hierachical considerations.

I need to "normalize" the key to ensure that "HASH(pubkey bundle)" is
the same everywhere, because that is what is feeded to the hasntree to
syncronize.

How does SKS solve this issue?.

Is there any "good" OpenPGP management library for Python?.

PS: I could store the pubkey subpackets as individual objects in the
database, skipping the normalization, but performance would suffer (more
IOPs to disk) and I must parse the OpenPGP pubkey anyway.

- --
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
[hidden email] - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
jabber / xmpp:[hidden email]         _/_/    _/_/          _/_/_/_/_/
.                              _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQCVAwUBS/V6Lplgi5GaxT1NAQLcWwP+NkTt14tmg3QSyqcD+ojHa0GO005tyGbf
emlq1ruitbNjUzDM5qNqi1Qg+LjQKXuz4R1a0MtffoLK7MIDg2GV05+FD9Dh9UKr
LQhrwpmVLRnToeCdZP00P1+EqBL/fmyWnObyBqBagvqbh7aYGJY4IpfikN8rtcPR
bfMv5JmJYFg=
=o+Ah
-----END PGP SIGNATURE-----

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Help parsing OpenPGP packets and pubkey "normalization"

Jeff Johnson-12

On May 20, 2010, at 2:06 PM, Jesus Cea wrote:
>
> Is there any "good" OpenPGP management library for Python?.
>

The best (mho only) python+openpgp is in the rPath installer.

Disclaimer:
        I know all the participants personally.

73 de Jeff

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Help parsing OpenPGP packets and pubkey "normalization"

Jesus Cea-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/05/10 20:38, Jeff Johnson wrote:
>
> On May 20, 2010, at 2:06 PM, Jesus Cea wrote:
>>
>> Is there any "good" OpenPGP management library for Python?.
>>
>
> The best (mho only) python+openpgp is in the rPath installer.

Any link I can study?. http://www.rpath.com/ seems to be marketing only.
No source code I can look at :-?.

- --
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
[hidden email] - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
jabber / xmpp:[hidden email]         _/_/    _/_/          _/_/_/_/_/
.                              _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQCVAwUBS/WH85lgi5GaxT1NAQJlUgP+N+uX1ijGsAC7gqVUf3Ge9r8UD/URmRbP
FJlV6nE9y/Ffgsb0A5PHxzbbuqNsXoOpXy5Su3ztUSMrD/CiW0eEunVK4VxBIXUV
3Oo2R3YB/05qyY9DAK8iWN1vt3Ejdk8mrhYwpkVrTFKrOJBGzJkIMy7VKgRE+SAb
f9mnjToF7ZM=
=DcdN
-----END PGP SIGNATURE-----

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Help parsing OpenPGP packets and pubkey "normalization"

Kim Minh Kaplan
In reply to this post by Jesus Cea-2
Jesus Cea writes:

> You can parse the pubkey bundle, extract the packet
> and sort them in lexicographic order, for instance, paying attention to
> hierachical considerations.
>
> I need to "normalize" the key to ensure that "HASH(pubkey bundle)" is
> the same everywhere, because that is what is feeded to the hasntree to
> syncronize.
>
> How does SKS solve this issue?.

If my reading is correct, SKS the kind of canonicalization you describe.
Keys are first parsed with parse_keystr then merged with merge_pkeys.
See the function merge at
http://code.google.com/p/sks-keyserver/source/browse/keyMerge.ml#223

--
Kim Minh

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel