+++ /dev/null
-[[!meta title="Modified GnuTLS 2.4.x available"]]
-
------
-
-**2008-10-25 UPDATE:** [GnuTLS 2.6 has been released, and it contains the
-functionality we needed](/news/gnutls-2.6-enables-monkeysphere).
-Please upgrade to GnuTLS 2.6 if you need Monkeysphere to deal with
-passphrase-protected authentication subkeys. The information on this
-page is now of historical interest only.
-
------
-
-The MonkeySphere project is now making available a patched version of
-[GnuTLS](http://gnutls.org/) version 2.4.x, which enhances the utility
-of the `monkeysphere` package by enabling it to read authentication
-subkeys emitted by [GnuPG](http://gnupg.org/) under certain
-circumstances.
-
-You can track this package in debian lenny by adding the following
-lines to `/etc/apt/sources.list`:
-
- deb http://archive.monkeysphere.info/debian experimental gnutls
- deb-src http://archive.monkeysphere.info/debian experimental gnutls
-
-Or you can patch and build the packages yourself with the patches and
-scripts provided in [the MonkeySphere git repo](/download).
-
-The only modification needed simply enables the library to parse a GNU
-extension to the String-to-key (S2K) mechanism as laid out in [RFC
-4880](http://tools.ietf.org/html/rfc4880#section-3.7).
-
-The specific S2K extension supported is known as gnu-dummy, and it
-simply allows a "secret" key block to be written *without* storing any
-of the secret key material. This is used by GnuPG on the primary key
-when the `--export-secret-subkeys` argument is given.
-
-GnuPG's [DETAILS
-file](http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG)
-describes this extension this way:
-
- GNU extensions to the S2K algorithm
- ===================================
- S2K mode 101 is used to identify these extensions.
- After the hash algorithm the 3 bytes "GNU" are used to make
- clear that these are extensions for GNU, the next bytes gives the
- GNU protection mode - 1000. Defined modes are:
- 1001 - do not store the secret part at all
- 1002 - a stub to access smartcards (not used in 1.2.x)
-
-And [`gpg(1)`](http://linux.die.net/man/1/gpg) says of `--export-secret-subkeys`:
-
-
- [This] command has the special property to render the secret
- part of the primary key useless; this is a GNU extension to
- OpenPGP and other implementations can not be expected to
- successfully import such a key.
-
-A version of this patch was first proposed [on
-`gnutls-dev`](http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html),
-and looks like it will be adopted upstream in the GnuTLS 2.6.x series,
-at which point these packages will be unnecessary.
-
-Until that time, these packages are provided to tide over users of
-`monkeysphere` on debian lenny (or compatible systems) who want to be
-able to hand off the authentication-capable OpenPGP subkeys in their
-GnuPG keyring to their SSH agent.
projects / monkeysphere.git / blobdiff