diff options
Diffstat (limited to 'website/news/modified-gnutls-2.4.x-available.mdwn')
| -rw-r--r-- | website/news/modified-gnutls-2.4.x-available.mdwn | 66 |
1 files changed, 0 insertions, 66 deletions
diff --git a/website/news/modified-gnutls-2.4.x-available.mdwn b/website/news/modified-gnutls-2.4.x-available.mdwn deleted file mode 100644 index 4d481d7..0000000 --- a/website/news/modified-gnutls-2.4.x-available.mdwn +++ /dev/null @@ -1,66 +0,0 @@ -[[!meta title="Modified GnuTLS 2.4.x available"]] - ------ - -**2008-10-25 UPDATE:** [GnuTLS 2.6 has been released, and it contains the -functionality we needed](/news/gnutls-2.6-enables-monkeysphere). -Please upgrade to GnuTLS 2.6 if you need Monkeysphere to deal with -passphrase-protected authentication subkeys. The information on this -page is now of historical interest only. - ------ - -The MonkeySphere project is now making available a patched version of -[GnuTLS](http://gnutls.org/) version 2.4.x, which enhances the utility -of the `monkeysphere` package by enabling it to read authentication -subkeys emitted by [GnuPG](http://gnupg.org/) under certain -circumstances. - -You can track this package in debian lenny by adding the following -lines to `/etc/apt/sources.list`: - - deb http://archive.monkeysphere.info/debian experimental gnutls - deb-src http://archive.monkeysphere.info/debian experimental gnutls - -Or you can patch and build the packages yourself with the patches and -scripts provided in [the MonkeySphere git repo](/download). - -The only modification needed simply enables the library to parse a GNU -extension to the String-to-key (S2K) mechanism as laid out in [RFC -4880](http://tools.ietf.org/html/rfc4880#section-3.7). - -The specific S2K extension supported is known as gnu-dummy, and it -simply allows a "secret" key block to be written *without* storing any -of the secret key material. This is used by GnuPG on the primary key -when the `--export-secret-subkeys` argument is given. - -GnuPG's [DETAILS -file](http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG) -describes this extension this way: - - GNU extensions to the S2K algorithm - =================================== - S2K mode 101 is used to identify these extensions. - After the hash algorithm the 3 bytes "GNU" are used to make - clear that these are extensions for GNU, the next bytes gives the - GNU protection mode - 1000. Defined modes are: - 1001 - do not store the secret part at all - 1002 - a stub to access smartcards (not used in 1.2.x) - -And [`gpg(1)`](http://linux.die.net/man/1/gpg) says of `--export-secret-subkeys`: - - - [This] command has the special property to render the secret - part of the primary key useless; this is a GNU extension to - OpenPGP and other implementations can not be expected to - successfully import such a key. - -A version of this patch was first proposed [on -`gnutls-dev`](http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html), -and looks like it will be adopted upstream in the GnuTLS 2.6.x series, -at which point these packages will be unnecessary. - -Until that time, these packages are provided to tide over users of -`monkeysphere` on debian lenny (or compatible systems) who want to be -able to hand off the authentication-capable OpenPGP subkeys in their -GnuPG keyring to their SSH agent. |