manpagez: man pages & more
info bigloo
Home | html | info | man
[ << ] [ < ] [ Up ] [ > ] [ >> ]         [Top] [Contents] [Index] [ ? ]

15.3.1.3 Encryption

OpenPGP allows messages to be encrypted with passwords (in this context “passkey”) or public keys. It is also possible to encrypt a message for more than one recipient. In such a case the data will be encrypted by a session-key which in turn is encrypted separately for each recipient. Since the session-key is not very big (compared to the data) the size overhead is usually insignificant.

Let’s start by encrypting a message with a simple passkey. 

(let* ((secret-data "My secret data\n")
       (composition (pgp-encrypt secret-data '() '("My secret passkey"))))
  (pgp-write-file "secret.pgp" composition))

As usual the pgp message is compatible with gpg: 

$ gpg secret.pgp
gpg: CAST5 encrypted data
Enter passphrase: <My secret passkey>
gpg: encrypted with 1 passphrase
$ cat secret
My secret data

As expected, Bigloo can decrypt password protected files that have been generated by gpg: 

$ echo "A secret message encrypted with gpg." | \
  gpg -o encrypted.pgp –symmetric \
      –passphrase "secret key"

The Bigloo code to decrypt the message is very simple: 

(print (pgp-decrypt (pgp-read-file "encrypted.pgp")
                    :passkey-provider (lambda () "secret key"))))

In a similar vein it is possible to use public key encryption. The following example tests the encryption and decryption part of Bigloo. 

(let* ((my-key (car (pgp-read-file "A2DA694E_Bigloo_Example.skey")))
       (db (pgp-make-key-db))
       (secret-data "My secret message")
       (encrypted (pgp-encrypt secret-data `(,my-key) '())))
   (pgp-add-key-to-db db my-key)
   (let* ((key-manager (lambda (id) (pgp-resolve-key db id)))
          (password-provider (lambda (key) <Bigloo Example Password>))
          (decrypted (pgp-decrypt encrypted
                                 :key-manager key-manager
                                 :password-provider password-provider)))
     (if (not (string=? decrypted secret-data))
         (error "decrypt-test"
                "Something went horribly wrong"
                decrypted))))

Note that a secret secret key has a part that is encrypted by a password. During decryption Bigloo needs access to this encrypted data and therefore invokes the password-provider so it can decrypt it. In many cases this will trigger an interactive callback with the user. Here, in this toy example, we know that the password that is needed is for the Bigloo Example key. In a more general case the password-provider will have to print the key to give more information to the user.

In the following example we show how to encrypt data for 3 passwords and one key. 

(let* ((my-key (car (pgp-read-file "A2DA694E_Bigloo_Example.skey")))
       (db (pgp-make-key-db))
       (secret-data "My secret message")
       (encrypted (pgp-encrypt secret-data `(,my-key)
                                           '("pass1" "pass2" "pass3"))))
   (pgp-write-file "multi_receiver.pgp" encrypted))

We believe that gpg has a bug and does not know how to handle such messages correctly. Bigloo, however, decrypts the message with any of the possible options.

[ << ] [ < ] [ Up ] [ > ] [ >> ]         [Top] [Contents] [Index] [ ? ]

This document was generated on March 31, 2014 using texi2html 5.0. 

© manpagez.com 2000-2024
Individual documents may contain additional copyright information.