ebfedea0ce
- crypto/external/bsd/heimdal - crypto/external/bsd/libsaslc - crypto/external/bsd/netpgp - crypto/external/bsd/openssl Change-Id: I91dbf05f33e637edf5b9bb408d5baddd7ba8cf75
123 lines
2.1 KiB
Plaintext
123 lines
2.1 KiB
Plaintext
An open source library and command-line tools, licensed under the BSD
|
|
licence, written in C, using the OpenSSL library and providing
|
|
approximately the functionality specified below.
|
|
|
|
The libraries and tools will compile and run on the following
|
|
operating systems:
|
|
|
|
FreeBSD
|
|
Linux (Debian and Red Hat)
|
|
Solaris
|
|
|
|
but will be written such that porting to other operating systems
|
|
supported by OpenSSL will be possible.
|
|
|
|
As is usual with software, there will be no guarantee of 100% correct
|
|
functionality, but the software will be written to professional
|
|
standards. This specification does not constitute a commitment to
|
|
fixing bugs or adding enhancements once the initial version is
|
|
complete.
|
|
|
|
The library will comply with the IETF specification currently known as
|
|
RFC2440bis.
|
|
|
|
API
|
|
---
|
|
|
|
* Load keyring
|
|
|
|
* Save keyring
|
|
|
|
* Generate key
|
|
|
|
* Add key to keyring
|
|
|
|
* Find key in loaded keyring (by key ID, by UID)
|
|
|
|
* Generate subkey
|
|
|
|
* Revoke subkey
|
|
|
|
* Delete subkey
|
|
|
|
* Update subkey
|
|
|
|
* Delete key from keyring
|
|
|
|
* Add/remove UID
|
|
|
|
* Certify UID
|
|
|
|
* Revoke certification
|
|
|
|
* Sign message
|
|
|
|
* Verify, using any key in the keyring
|
|
|
|
* Verify, using specified key
|
|
|
|
* Encrypt, using a key
|
|
|
|
* Decrypt, using a key
|
|
|
|
* Import any object to GPG/PGP (key, keyring)
|
|
|
|
* Export any object
|
|
|
|
* (?)Query keyservers for keys
|
|
|
|
* (?)Export keys to keyservers
|
|
|
|
Keyserver stuff will be done if time/budget permits, otherwise will be
|
|
a to-do item, since we can always use GPG externally to do it.
|
|
|
|
Also, "save/load/find/add/import/export keyring" will be pluggable, so
|
|
we can use databases instead of flat files and in-memory keyrings.
|
|
|
|
We will support verification of signatures using v3 keys, and
|
|
decryption of messages encrypted to v3 keys, but not signing or
|
|
encryption.
|
|
|
|
Command-line
|
|
------------
|
|
|
|
* List keys
|
|
|
|
* Find key
|
|
|
|
* Export key/keyring
|
|
|
|
* Import key/keyring
|
|
|
|
* Generate key
|
|
|
|
* Delete key
|
|
|
|
* Generate subkey
|
|
|
|
* Revoke subkey
|
|
|
|
* Delete subkey
|
|
|
|
* Update subkey
|
|
|
|
* Add UID
|
|
|
|
* Remove UID
|
|
|
|
* Certify UID
|
|
|
|
* Revoke certification
|
|
|
|
* Encrypt
|
|
|
|
* Decrypt
|
|
|
|
* Sign
|
|
|
|
* Verify
|
|
|
|
Note that at least the first phase is not aiming at super-smooth
|
|
command-line utilities - these will be good enough for testing, rather
|
|
than for general use.
|