From: Ted Zlatanov <tzz@lifelogs.com>
To: emacs-devel@gnu.org
Subject: Emacs crypto use cases (was: GNU Emacs-libnettle-libhogweed integration patch v1)
Date: Mon, 07 Oct 2013 19:43:14 -0400 [thread overview]
Message-ID: <87d2ngzlyl.fsf_-_@flea.lifelogs.com> (raw)
In-Reply-To: jwvr4bw667d.fsf-monnier+emacs@gnu.org
On Mon, 07 Oct 2013 18:58:00 -0400 Stefan Monnier <monnier@iro.umontreal.ca> wrote:
>> If I changed my proposal to use the GnuTLS interface functions, so no
>> new library dependencies are added, would it be acceptable?
SM> It'd be a bit less bad, but basically the main problems remain:
SM> - no clear and concrete use-case.
SM> - I want these things to go through an FFI.
SM> - I don't want to have an OpenPGP implementation to maintain.
I can't help the FFI problem, but you already depend on libgnutls so I
don't see what difference it makes here.
I don't have to put the OpenPGP implementation in the Emacs core, if it
can be put in a package. Actually GnuTLS has some work in that
direction (as of 3.1) so it may turn out to be fairly trivial on our
side, but then without FFI it would have to be supported in the core. I
don't really care that much about the delivery method as long as it
works.
Regarding the use cases, you could look at the algorithms in
http://gnutls.org/manual/html_node/Using-GnuTLS-as-a-cryptographic-library.html#Using-GnuTLS-as-a-cryptographic-library
and see for yourself that they form a general toolbox that will serve
the Emacs core well. I will make an effort here to list some use cases,
but I am positive there will be more as time goes on. I would
appreciate it if anyone else interested in this work added their use
cases or vote of support.
- symmetric encryption without the burden or risk of shelling out
(http://gnutls.org/manual/html_node/Encryption-algorithms-used-in-the-record-layer.html#tab_003aciphers).
I would love to use this instead of the painfully heavy GnuPG
integration for the symmetric case.
- HMAC keyed hashing (http://www.ietf.org/rfc/rfc2104.txt) allowing
message authentication with a shared key. For instance, that would
allow the Emacs client and server to authenticate the data they share
without a full PPK infrastructure, or check that some shared memory
hasn't been corrupted... it's a general authentication mechanism for
content.
- asymmetric (public-private key) operations: encrypt and verify data.
This is obiously the foundation of package signing in an OpenPGP
implementation, but is useful on its own. My use case is storing
secret data in Emacs in an encrypted format, so it can't be decoded
trivially. The private key can be protected from a memory dump in
many ways depending on the platform (e.g. the Secrets API). A full
OpenPGP protocol for this would be overkill.
- OpenPGP support: allow package.el signing verification without GnuPG
on the platform and much more.
I hope this is helpful.
Ted
next prev parent reply other threads:[~2013-10-07 23:43 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-06 9:15 GNU Emacs-libnettle-libhogweed integration patch v1 Ted Zlatanov
2013-10-06 9:58 ` bignum support in Emacs with libgmp (was: GNU Emacs-libnettle-libhogweed integration patch v1) Ted Zlatanov
2013-10-06 16:09 ` GNU Emacs-libnettle-libhogweed integration patch v1 Eli Zaretskii
2013-10-06 21:07 ` Ted Zlatanov
2013-10-06 16:51 ` Stefan Monnier
2013-10-06 16:58 ` Eli Zaretskii
2013-10-06 21:19 ` Ted Zlatanov
2013-10-07 4:02 ` Stefan Monnier
2013-10-07 11:41 ` Ted Zlatanov
2013-10-07 22:03 ` Ted Zlatanov
2013-10-07 22:58 ` Stefan Monnier
2013-10-07 23:43 ` Ted Zlatanov [this message]
2013-10-08 3:02 ` Emacs crypto use cases Stefan Monnier
2013-10-08 10:33 ` Ted Zlatanov
2013-10-08 13:17 ` Stephen J. Turnbull
2013-10-08 16:35 ` DSO-style FFI (was: Emacs crypto use cases) Stefan Monnier
2013-10-08 17:32 ` DSO-style FFI Tom Tromey
2013-10-08 19:42 ` Ted Zlatanov
2013-10-08 20:43 ` Tom Tromey
2013-10-09 23:21 ` Ted Zlatanov
2013-10-10 8:09 ` Andreas Schwab
2013-10-08 20:47 ` Davis Herring
2013-10-09 22:26 ` Ted Zlatanov
2013-10-09 23:52 ` Davis Herring
2013-10-10 1:25 ` Ted Zlatanov
2013-10-10 4:36 ` DSO-style DSOs (this is NOT an FFI!) Stephen J. Turnbull
2013-10-09 1:48 ` DSO-style FFI Stephen J. Turnbull
2013-10-09 2:40 ` Stefan Monnier
2013-10-12 15:34 ` Michael Welsh Duggan
2013-10-12 18:55 ` Stefan Monnier
2013-10-18 13:31 ` Ted Zlatanov
2013-10-19 14:41 ` Stefan Monnier
2013-10-19 15:08 ` Stefan Monnier
2013-10-19 17:33 ` Andy Moreton
2013-10-19 19:44 ` Ted Zlatanov
2013-10-12 23:36 ` Stephen J. Turnbull
2013-10-08 19:50 ` Ted Zlatanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d2ngzlyl.fsf_-_@flea.lifelogs.com \
--to=tzz@lifelogs.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).