[pycrypto] Help parsing OpenPGP packets and pubkey "normalization"

Jesus Cea jcea at jcea.es
Thu May 20 12:06:39 CST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, everybody.

I am designing (very preliminary yet) a new PGP keyserver to replace the
SKS (http://minskyprimus.net/sks/), written in python. The
syncronization algorithm will be merkle/hash trees
(http://en.wikipedia.org/wiki/Hash_tree). I am developing the merge tree
library just now, that I will release as a standalone library thru Pypi
in a couple of weeks or so. This lib has a lot of value by itself.

The issue that bugs me now is pubkey normalization.

That is, a pubkey in the keyserver network can be updated in two
different servers with two new signatures:

Server 1: pubkey+sign1

Server 2: pubkey+sign2

After the sync is done, all the network MUST have the very exact key,
let say:

Server 1: pubkey+sign1+sign2

Server 2: pubkey+sign1+sign2

For server 1, new sign is an (easy) append, but server 2 needs to
reorder the openpgp packets inside the pubkey.

This is not trivial. You can parse the pubkey bundle, extract the packet
and sort them in lexicographic order, for instance, paying attention to
hierachical considerations.

I need to "normalize" the key to ensure that "HASH(pubkey bundle)" is
the same everywhere, because that is what is feeded to the hasntree to
syncronize.

How does SKS solve this issue?.

Is there any "good" OpenPGP management library for Python?.

PS: I could store the pubkey subpackets as individual objects in the
database, skipping the normalization, but performance would suffer (more
IOPs to disk) and I must parse the OpenPGP pubkey anyway.

- -- 
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
jcea at jcea.es - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
jabber / xmpp:jcea at jabber.org         _/_/    _/_/          _/_/_/_/_/
.                              _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQCVAwUBS/V6Lplgi5GaxT1NAQLcWwP+NkTt14tmg3QSyqcD+ojHa0GO005tyGbf
emlq1ruitbNjUzDM5qNqi1Qg+LjQKXuz4R1a0MtffoLK7MIDg2GV05+FD9Dh9UKr
LQhrwpmVLRnToeCdZP00P1+EqBL/fmyWnObyBqBagvqbh7aYGJY4IpfikN8rtcPR
bfMv5JmJYFg=
=o+Ah
-----END PGP SIGNATURE-----

More information about the pycrypto mailing list