IETF Logo Mail Archive

Re: Split Implementations of PGP

David Shaw <dshaw@jabberwocky.com> Fri, 11 March 2005 18:59 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA25806 for <openpgp-archive@lists.ietf.org>; Fri, 11 Mar 2005 13:59:05 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j2BIX76H016282; Fri, 11 Mar 2005 10:33:07 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j2BIX7qU016281; Fri, 11 Mar 2005 10:33:07 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j2BIX6wE016271 for <ietf-openpgp@imc.org>; Fri, 11 Mar 2005 10:33:06 -0800 (PST) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.ne.client2.attbi.com ([24.60.132.70]) by comcast.net (rwcrmhc11) with ESMTP id <2005031118325901300okov5e>; Fri, 11 Mar 2005 18:32:59 +0000
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id j2BIWxsh003314; Fri, 11 Mar 2005 13:32:59 -0500
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j2BIWupK024508; Fri, 11 Mar 2005 13:32:56 -0500
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j2BIWurh024507; Fri, 11 Mar 2005 13:32:56 -0500
Date: Fri, 11 Mar 2005 13:32:56 -0500
From: David Shaw <dshaw@jabberwocky.com>
To: Eric Burger <eburger@brooktrout.com>
Cc: ietf-openpgp@imc.org, "Glenn Parsons (E-mail)" <gparsons@nortelnetworks.com>
Subject: Re: Split Implementations of PGP
Message-ID: <20050311183256.GB24254@jabberwocky.com>
Mail-Followup-To: Eric Burger <eburger@brooktrout.com>, ietf-openpgp@imc.org, "Glenn Parsons (E-mail)" <gparsons@nortelnetworks.com>
References: <EDD694D47377D7119C8400D0B77FD33101125D39@nhmail2.brooktrout.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <EDD694D47377D7119C8400D0B77FD33101125D39@nhmail2.brooktrout.com>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.8i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Fri, Mar 11, 2005 at 12:04:59PM -0500, Eric Burger wrote:
> 
> Background:
> I am a co-chair of the lemonade work group in the IETF
> <http://www.ietf.org/html.charters/lemonade-charter.html>.
> 
> One thing we would like to do is enable a remote client to fetch the
> encrypted session key from an IMAP server, decrypt the key using the
> client's key, and then handing back the clear session key to the IMAP server
> to decrypt or verify a message or body part.
> 
> So, the question is, are there implementations of PGP where one can:
> 1. Extract the encrypted session key from the PGP-encrypted object
> 2. An API for handing over the encrypted session key and the client key,
> returning the clear session key (this would run on the remote client).
> 3. An API that takes the clear session key and the PGP-encrypted object and
> returns the cleartext object.
> 
> Note that this is different from the normal case of an API that takes the
> client's key and the PGP-encrypted object and simply returns the cleartext
> object.

GnuPG can do this.  The feature was originally intended as a
workaround for places that have laws about compelled production of
keys, but it can be used for what you discuss.

David

v2.23.0 | Report a Bug | By Email