[darcs-users] Re: openssl keys

David Roundy droundy at abridgegame.org
Sat Mar 13 12:41:31 UTC 2004

On Thu, Mar 11, 2004 at 08:09:57PM -0800, Adam Megacz wrote:
> > if someone wants to push patches to the darcs repository, email is the way
> > it is done.
> PGP is a major barrier to this becoming the "preferred method".
> *Especially* the fact that there is no tool to convert RSA keys in
> standard formats (X.509, OpenSSH, PEM, etc) to PGP RSA keys -- even
> though at the mathematical level they are certainly equivalent (and
> X.509/OpenSSH/PEM are all mutually convertible using freely available
> tools).
> I dunno, I was really psyched when I first read that darcs supported
> this, but not being able to use our existing trust infrastructure is a
> big letdown.  One possibility would be to provide an option to use
> openssl to sign using ssh keys -- this would make darcs a lot more
> attractive to people who already use them.  Openssh's ~/.ssh/id_rsa is
> just a DER-encoded RSA private key (ie 'openssl rsa' can read it); in
> fact you could probably do this with just a few lines of code to invoke
> the openssl binary rather than having to link against any libraries.

I didn't know that openssl could do this.  That's pretty neat.  If you are
willing to figure out the commands needed for signing and verifying using
openssl, that would be great.  If you are willing to actually implement it
in darcs, it should be pretty easy.  If openssl is willing to work with
standard input and standard output (and return a nonzero exit code in case
of verification failure) all it will take is changing the flags and command
name in verifyPS and signString, in External.hs.  If you do this, I'll
happily to add a command flag to allow users to choose whether to use gpg
or openssl.  It would also be great to add a section to the manual telling
people how to do this.

(If you have less time or inclination, I'd be happy just to not have to try
to read the man pages and learn to use a program I've never used before,
and then to try to use it automatically.)
David Roundy

More information about the darcs-users mailing list