Hi everyone
I'm following the discussion of using Sequoia PGP for rpm.
Recently, I submitted a patch set for the kernel to support new keys
and signature formats transparently. Parsing those formats is offloaded
to user space. The kernel gets from user space only minimal
information: the public key or signature, the algorithm, the key
fingerprint, etc.
This is the link of the patch set:
https://lore.kernel.org/bpf/20230425173557.724688-1-roberto.sassu@huaweiclo…
I was wondering if Sequoia PGP can be used on user space side. It gets
the key or signature blob, parses them, and replies to the kernel with
the information the latter needs.
I had a brief look at the documentation of the openpgp crate, and maybe
it could be done, but I don't have a precise idea.
Just wanted to ask your opinion on this, as the part of Sequoia PGP I
would need is very minimal (the parsing part). Also the binary itself
should be statically linked (I aim to execute it early in the boot to
load the GPG keys of the Linux distribution to the kernel).
Another point would be to avoid external dependencies, like a crypto
library, and to use the kernel Crypto API instead (through
socket(AF_ALG) in user space). Not the highest priority (as it would
require to rewrite some parts of your library), but nice to have.
What do you think?
Thanks
Roberto
