Re: gnome-keyring Secrets dbus api

[Yaron Sheffer <yaronf gmx com>]

Hi Stef,

strictly speaking, simple truncation of the shared DH secret to generate 
a key is not the right thing to do. See for example the intro to RFC 
5869, http://tools.ietf.org/html/rfc5869. The key derivation proposed in 
the RFC is more secure, and not terribly complex to implement either.

Thanks,
Yaron

On 11/25/2010 02:00 PM, gnome-keyring-list-request gnome org wrote:
> Send gnome-keyring-list mailing list submissions to
> 	gnome-keyring-list gnome org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://mail.gnome.org/mailman/listinfo/gnome-keyring-list
> or, via email, send a message with subject or body 'help' to
> 	gnome-keyring-list-request gnome org
>
> You can reach the person managing the list at
> 	gnome-keyring-list-owner gnome org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of gnome-keyring-list digest..."
>
>
> Today's Topics:
>
>     1. Re:  Secrets dbus api (Stef Walter)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 24 Nov 2010 23:31:47 -0600
> From: Stef Walter<stefw gnome org>
> To: feitel indeedgeek de
> Cc: gnome-keyring-list gnome org
> Subject: Re: gnome-keyring Secrets dbus api
> Message-ID:<4CEDF4C3 1080308 gnome org>
> Content-Type: text/plain; charset=ISO-8859-1
>
> I was trying [1] and waiting to get this stuff hosted on freedesktop.org
> so I'd have  something to link you to when I answered... But sadly, no
> such luck yet :(
>
> On 2010-11-20 19:34, Florian Eitel wrote:
> > I'am trying to write some ruby code to access secrets in gnome-keyring
> > via dbus.
> That's very cool!
>
> > But now I have a 1024 bit
> > secret and doesn't know how to generate my 128 Bit AES key. I tried to
> > read your code but I doesn't understand the whole pkcs thing. With the
> > 128 bit key and the IV in each message it should be possible to encrypt
> > the transferred secret. I'am hoping for some hint.
> I believe in the case of DH we truncate the resulting key to the
> appropriate length. This is what we do in gnome-keyring. I'd like to
> double check that this is the correct thing to do.
>
> > Apart from this problem I had some problems with dbus discovery. The
> > freedesktop.org spec[1] writes e.g. org.freedesktop.Secret.Collection as
> > interface name but you used Secrets with tailing 's' in the
> > introspection files. Is this a bug? The API works correct with Secret.
> Yes, it's a bug. I believe the code is correct, but the compiled version
> there is wrong. I want to update the spec, and get hosting on
> freedesktop.org to put it. Hence my frustration :(
>
> > And why isn't the service introspectable with some tools as d-feed[2]?
> > This would make the development a little bit easier.
> Yes, we need to work on that. Haven't had time.
>
> > At last I want to say a big thank you for this great project. Even
> > apart from gnome I played very much with gnome-keyring. It's amazing
> > to manage ssh/gpg/X.509 certs/passwords with one nice tool.
> I'm glad that you like it, and even happier that you're playing with it
> and getting involved. There's still a lot to do [1], but I hope we can
> make steady progress and get a real solid foundation for this stuff on
> the linux Desktop.
>
> Cheers,
>
> Stef
>
> [1] https://bugs.freedesktop.org/show_bug.cgi?id=22793
>
> [2] http://live.gnome.org/GnomeKeyring/Goals
>
>
> ------------------------------
>
> _______________________________________________
> gnome-keyring-list mailing list
> gnome-keyring-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnome-keyring-list
>
>
> End of gnome-keyring-list Digest, Vol 26, Issue 5
> *************************************************