Re: gnome-keyring Secrets dbus api
- From: Yaron Sheffer <yaronf gmx com>
- To: gnome-keyring-list gnome org
- Subject: Re: gnome-keyring Secrets dbus api
- Date: Thu, 25 Nov 2010 14:17:00 +0200
Hi Stef,
strictly speaking, simple truncation of the shared DH secret to generate
a key is not the right thing to do. See for example the intro to RFC
5869, http://tools.ietf.org/html/rfc5869. The key derivation proposed in
the RFC is more secure, and not terribly complex to implement either.
Thanks,
Yaron
On 11/25/2010 02:00 PM, gnome-keyring-list-request gnome org wrote:
Send gnome-keyring-list mailing list submissions to
gnome-keyring-list gnome org
To subscribe or unsubscribe via the World Wide Web, visit
http://mail.gnome.org/mailman/listinfo/gnome-keyring-list
or, via email, send a message with subject or body 'help' to
gnome-keyring-list-request gnome org
You can reach the person managing the list at
gnome-keyring-list-owner gnome org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of gnome-keyring-list digest..."
Today's Topics:
1. Re: Secrets dbus api (Stef Walter)
----------------------------------------------------------------------
Message: 1
Date: Wed, 24 Nov 2010 23:31:47 -0600
From: Stef Walter<stefw gnome org>
To: feitel indeedgeek de
Cc: gnome-keyring-list gnome org
Subject: Re: gnome-keyring Secrets dbus api
Message-ID:<4CEDF4C3 1080308 gnome org>
Content-Type: text/plain; charset=ISO-8859-1
I was trying [1] and waiting to get this stuff hosted on freedesktop.org
so I'd have something to link you to when I answered... But sadly, no
such luck yet :(
On 2010-11-20 19:34, Florian Eitel wrote:
I'am trying to write some ruby code to access secrets in gnome-keyring
via dbus.
That's very cool!
But now I have a 1024 bit
secret and doesn't know how to generate my 128 Bit AES key. I tried to
read your code but I doesn't understand the whole pkcs thing. With the
128 bit key and the IV in each message it should be possible to encrypt
the transferred secret. I'am hoping for some hint.
I believe in the case of DH we truncate the resulting key to the
appropriate length. This is what we do in gnome-keyring. I'd like to
double check that this is the correct thing to do.
Apart from this problem I had some problems with dbus discovery. The
freedesktop.org spec[1] writes e.g. org.freedesktop.Secret.Collection as
interface name but you used Secrets with tailing 's' in the
introspection files. Is this a bug? The API works correct with Secret.
Yes, it's a bug. I believe the code is correct, but the compiled version
there is wrong. I want to update the spec, and get hosting on
freedesktop.org to put it. Hence my frustration :(
And why isn't the service introspectable with some tools as d-feed[2]?
This would make the development a little bit easier.
Yes, we need to work on that. Haven't had time.
At last I want to say a big thank you for this great project. Even
apart from gnome I played very much with gnome-keyring. It's amazing
to manage ssh/gpg/X.509 certs/passwords with one nice tool.
I'm glad that you like it, and even happier that you're playing with it
and getting involved. There's still a lot to do [1], but I hope we can
make steady progress and get a real solid foundation for this stuff on
the linux Desktop.
Cheers,
Stef
[1] https://bugs.freedesktop.org/show_bug.cgi?id=22793
[2] http://live.gnome.org/GnomeKeyring/Goals
------------------------------
_______________________________________________
gnome-keyring-list mailing list
gnome-keyring-list gnome org
http://mail.gnome.org/mailman/listinfo/gnome-keyring-list
End of gnome-keyring-list Digest, Vol 26, Issue 5
*************************************************
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]