| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
4.1.2.1 OpenPGP certificate structure
In GnuTLS the OpenPGP certificate structures
[RFC2440] are handled using the gnutls_openpgp_crt_t type.
A typical certificate contains the user ID, which is an RFC 2822
mail and name address, a public key, possibly a number of additional
public keys (called subkeys), and a number of signatures. The various
fields are shown in Table 4.4.
The additional subkeys may provide key for various different purposes, e.g. one key to encrypt mail, and another to sign a TLS key exchange. Each subkey is identified by a unique key ID. The keys that are to be used in a TLS key exchange that requires signatures are called authentication keys in the OpenPGP jargon. The mapping of TLS key exchange methods to public keys is shown in Table 4.5.
| Key exchange | Public key requirements |
|---|---|
| RSA | An RSA public key that allows encryption. |
| DHE_RSA | An RSA public key that is marked for authentication. |
| ECDHE_RSA | An RSA public key that is marked for authentication. |
| DHE_DSS | A DSA public key that is marked for authentication. |
Table 4.5: The types of (sub)keys required for the various TLS key exchange methods.
The corresponding private keys are stored in the
gnutls_openpgp_privkey_t type. All the prototypes for the key
handling functions can be found in ‘gnutls/openpgp.h’.
| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on February 9, 2014 using texi2html 5.0.