Functions to export and import keys in various formats. More...
Functions | |
Buffer * | pcp_export_rfc_pub (pcp_key_t *sk) |
RFC4880 alike public key export with some modifications. More... | |
Buffer * | pcp_export_pbp_pub (pcp_key_t *sk) |
Export a public key in PBP format. More... | |
Buffer * | pcp_export_yaml_pub (pcp_key_t *sk) |
Export a public key in yaml format. More... | |
Buffer * | pcp_export_perl_pub (pcp_key_t *sk) |
Export a public key in perl code format. More... | |
Buffer * | pcp_export_c_pub (pcp_key_t *sk) |
Export a public key in C code format. More... | |
Buffer * | pcp_export_secret (PCPCTX *ptx, pcp_key_t *sk, char *passphrase) |
Export secret key. More... | |
Functions to export and import keys in various formats.
Export a public key in C code format.
Export a public key in C code format.
sk | a secret key structure of type pcp_key_t. The secret keys in there have to be already decrypted. |
Export a public key in PBP format.
Export a public key in the format described at https://github.com/stef/pbp/blob/master/doc/fileformats.txt
sk | a secret key structure of type pcp_key_t. The secret keys in there have to be already decrypted. |
Export a public key in perl code format.
Export a public key in perl code format.
sk | a secret key structure of type pcp_key_t. The secret keys in there have to be already decrypted. |
RFC4880 alike public key export with some modifications.
RFC4880 alike public key export with the following modifications:
2 = Signature Creation Time (8 byte) 3 = Signature Expiration Time (8 byte) 9 = Key Expiration Time (8 bytes) 20 = Notation Data (4 byte flags, N bytes name+value) 27 = Key Flags (1 byte, use 0x02, 0x08 and 0x80
So, a full pubkey export looks like this
version ctime cipher 3 x raw keys \ sigheader > calc hash from this sigsubs (header+data) / hash signature
We use big-endian always.
Unlike RC4880 public key exports, we're using Z85 encoding if armoring have been requested by the user. Armored output has a header and a footer line, however they are ignored by the parser and are therefore optional. Newlines, if present, are optional as well.
http://tools.ietf.org/html/rfc4880#section-5.2.3
The key sig blob will be saved in the Vault if we import a public key unaltered, so we can verify the signature at will anytime. When exporting a foreign public key, we will just put out that key sig blob to the export untouched.
Currently PCP only support self-signed public key exports.
We only support one key signature per key. However, it would be easily possible to support foreign keysigs as well in the future.
sk | a secret key structure of type pcp_key_t. The secret keys in there have to be already decrypted. |
Export secret key.
Export a secret key.
Secret key are exported in proprietary format.
The exported binary blob is symmetrically encrypted using the NACL function crypto_secret(). The passphrase will be used to derive an encryption key using the STAR function scrypt().
The binary data before encryption consists of:
The encrypted cipher will be prepended with the random nonce used to encrypt the data and looks after encryption as such:
Nonce | Cipher
[in] | ptx | context. |
sk | a secret key structure of type pcp_key_t. The secret keys in there have to be already decrypted. | |
passphrase | the passphrase to be used to encrypt the export, a null terminated char array. |
Export a public key in yaml format.
Export a public key in yaml format.
sk | a secret key structure of type pcp_key_t. The secret keys in there have to be already decrypted. |