[jdev] JEP-0027 (OpenPGP) implementation question

Michal Vaner (Vorner) michal.vaner at kdemail.net
Sat Mar 4 16:19:21 CST 2006


Hello,
the point with PGP is that user checks and signs the key (if he trusts it). 
Therefore, key exchange can not happen automatically, since it would break 
one of the main idea of PGP, that user knows who he is encrypting to.

Dne sobota 04 březen 2006 21:25 Juan Antonio Gómez Moriano napsal(a):
> Hello to all.
>
> I'm making a Jabber client whose main "important" thing is that it
> implements the JEP-0027 (Current usage of OpenPGP in Jabber), i already
> know properly the protocol, and i have read the JEP-0027
> (http://www.jabber.org/jeps/jep-0027.html) .
>
> The question is that the document does not specify very clear (IMHO) how
> to perform the key exchange it says : "All keys are exchanged using
> OpenPGP key servers, and usually are retrieved when a signed <presence/>
> stanza is received (key retrieval does not happen in-band)." The thing
> is : how do i know in which server is the key of the person i am
> chatting with??
>
> Also it would be great also if someone can give me an opinion about
> using GnuPG for doing this: I am doing all the development in JAVA and i
> will prefer to avoid using an "external program" (as GnuPG).
>
> Apart from that, I have been doing some testing with encryption over
> jabber by using the own Jabber server to exchange the keys (just to
> check that i did the encryption part properly, and it worked, using RSA
> keys...)
>
> Any idea/suggestion/hint??
>
> THANKS in advance.

-- 

Ostatně soudím, že uzavřené protokoly a formáty by měly být zničeny, stejně 
jako Kartágo.

Michal Vaner (Vorner)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060304/986b1ec1/attachment-0002.pgp>


More information about the JDev mailing list