Project Ägypten: Technology
GpgSMThis module is responsible for encryption and key-management. It has been designed and implemented according to GnuPG and offers among other features a database for certificates. The format of this database can also be used by GnuPG, so all public keys can be saved in a single file.
Private keys are not handled by GpgSM; it delegates the operations of signing and decryption to the GpgAgent. When decrypting, this delegation only concerns the decryption of the Session-Key; the symmetric decryption however is done here. The module is capable of encrypting data streams of arbitrary length. It offers a command line interface widely corresponding to the interface of GnuPG.
GpgSM is also responsible for the generation of keys and related messages. The key generation itself will be delegated as usual to the GpgAgent, enabling it to save the private key directly in it's PSE.
Apart from the mandatory algorithms, AES will be also implemented. Because it is not yet mentioned in the specification, it's use will be made available by a certain option in the configuration.
GpgAgentThis module takes over multiple tasks:
The design of this modules interface enables the module to be completely implemented on a seperate hardware module.
DirMngrThis module controls all directory accesses and performs search operations. To accomplish this, it also uses OpenLDAP directly. Certificate Revocation Lists (CRLs) are kept in a local cache by this module and their validity is directly checked here. It is linked against the hereby required libraries.
PIN EntryThis is a very simple module, it only opens a modal dialog and asks for the PIN. Using a special protocol, it cooperates directly with the GpgAgent. This functionality is not built into the GpgAgent directly to avoid linking against the complex GUI code. Furthermore, the module can be adopted to existing graphical user interfaces easily.
Within the project the PIN Entry will be implemented as a qt-, gtk- and text-version. Possibly an even simpler version using the basic grapical user interface (X11) will be added in the future This would simplify code-validation.
Bundesamt für Sicherheit in der Informationstechnik
ContactYou can reach the project team on several mailing lists:
gpa-dev (technical coordination)
gnupg-devel (GnuPG development)
Page last modified: $Date: 2004-04-06 18:26:43 $
(C) Intevation, Verbatim copying and distribution of this entire page is permitted in any medium, provided this notice is preserved.