There have been lot of smaller and larger changes since the previous
release half a year ago, so I've decided to package up the current
code as a release. There's also one new section in the manual,
describing DSA.
NEWS for the 1.7 release
Implemented DSA.
Renamed RSA functions for consistency. Now it's
rsa_public_key_init, not rsa_init_public_key, etc.
Both RSA and DSA now have sign/verify functions that take the
hash digest as argument.
A rewritten and much more powerful sexp-conv program.
Other changes to the sexp code, in particular updating it to
the latest SPKI draft.
Building nettle as a shared library (ELF only) seems to work.
The version number is increased, so the library "soname" for
this release is "libnettle.so.1".
Bugfixes. Fixes for build and portability problems.
Available at
http://www.lysator.liu.se/~nisse/archive/nettle-1.7.tar.gz
ftp://ftp.lysator.liu.se/pub/security/lsh/nettle-1.7.tar.gz
Regards,
/Niels
This is the first informal announcement of libspki. SPKI, the Simple
Public Key Infrastructure, is a sane way of using certificates. The
original design is by Carl Ellison and Ron Rivest. The emphasis, at
least from my point of view, is on association of authorization to
keys (in contrast to X.509, which tries to bind X.500 names to keys),
and on delegation of some or all of one's authorization. For some
background, read RFC 2693.
I think the primary applications where SPKI would be useful is in
authentication (like public key ssh login, as well as host
authentication), access control for various network servers, perhaps
also peer-to-peer servers, etc.
I've been working on an SPKI library from time to time since November
last year. As the name promises, it *is* pretty simple. I have the
most important features in place and it's still less than 7000 lines.
For an example of what the objects look like, see the delegation
testcase, <URL:
http://cvs.lysator.liu.se/viewcvs/viewcvs.cgi/lsh/src/spki/testsuite/delega…>
The purpose if this announcement is to find out if there are any other
people in the community who are interested in SPKI. I'm not in a
desperate need for coding help, but I could really use feedback on the
code and functionality: If the interfaces are reasonable or need
generalization, which of the missing features are important, how to
organize the directory of SPKI-related information, which parts are in
the most need of documentation, etc.
To me, SPKI seems like the obvious way to go whenever one needs public
keys, and has the luxury of not having to be backwards compatible
with X.509. (Actually, SPKI is designed so that it *can* interoperate
with alien PKI stuff, such as X.509, but I'm not going to write that
code any time soon).
There's no polished distribution, so the easiest way to try out
libspki is to pull the latest lsh from cvs.
For further pointers and instructions, see <URL:
http://www.lysator.liu.se/~nisse/libspki>.
Please let me know what you think about it.
Happy hacking,
/Niels
