Hi everyone
I'm following the discussion of using Sequoia PGP for rpm.
Recently, I submitted a patch set for the kernel to support new keys and signature formats transparently. Parsing those formats is offloaded to user space. The kernel gets from user space only minimal information: the public key or signature, the algorithm, the key fingerprint, etc.
This is the link of the patch set:
https://lore.kernel.org/bpf/20230425173557.724688-1-roberto.sassu@huaweiclou...
I was wondering if Sequoia PGP can be used on user space side. It gets the key or signature blob, parses them, and replies to the kernel with the information the latter needs.
I had a brief look at the documentation of the openpgp crate, and maybe it could be done, but I don't have a precise idea.
Just wanted to ask your opinion on this, as the part of Sequoia PGP I would need is very minimal (the parsing part). Also the binary itself should be statically linked (I aim to execute it early in the boot to load the GPG keys of the Linux distribution to the kernel).
Another point would be to avoid external dependencies, like a crypto library, and to use the kernel Crypto API instead (through socket(AF_ALG) in user space). Not the highest priority (as it would require to rewrite some parts of your library), but nice to have.
What do you think? Thanks
Roberto