[pycrypto] Help parsing OpenPGP packets and pubkey "normalization"
jcea at jcea.es
Thu May 20 12:06:39 CST 2010
-----BEGIN PGP SIGNED MESSAGE-----
I am designing (very preliminary yet) a new PGP keyserver to replace the
SKS (http://minskyprimus.net/sks/), written in python. The
syncronization algorithm will be merkle/hash trees
(http://en.wikipedia.org/wiki/Hash_tree). I am developing the merge tree
library just now, that I will release as a standalone library thru Pypi
in a couple of weeks or so. This lib has a lot of value by itself.
The issue that bugs me now is pubkey normalization.
That is, a pubkey in the keyserver network can be updated in two
different servers with two new signatures:
Server 1: pubkey+sign1
Server 2: pubkey+sign2
After the sync is done, all the network MUST have the very exact key,
Server 1: pubkey+sign1+sign2
Server 2: pubkey+sign1+sign2
For server 1, new sign is an (easy) append, but server 2 needs to
reorder the openpgp packets inside the pubkey.
This is not trivial. You can parse the pubkey bundle, extract the packet
and sort them in lexicographic order, for instance, paying attention to
I need to "normalize" the key to ensure that "HASH(pubkey bundle)" is
the same everywhere, because that is what is feeded to the hasntree to
How does SKS solve this issue?.
Is there any "good" OpenPGP management library for Python?.
PS: I could store the pubkey subpackets as individual objects in the
database, skipping the normalization, but performance would suffer (more
IOPs to disk) and I must parse the OpenPGP pubkey anyway.
Jesus Cea Avion _/_/ _/_/_/ _/_/_/
jcea at jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/_/_/_/
. _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the pycrypto