X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=website%2Fnews%2Fmodified-gnutls-2.4.x-available.mdwn;h=36cfbfc51c949dbbef14777c02644262e40baa94;hb=961306e8cb0a730a788a90cfa9c1a7d9bd89b909;hp=d933675a18b7ab7b9548c48b2bd010ca8abb43d9;hpb=48067bbda5a53150ae4810544ead38c06f23c0a3;p=monkeysphere.git diff --git a/website/news/modified-gnutls-2.4.x-available.mdwn b/website/news/modified-gnutls-2.4.x-available.mdwn index d933675..36cfbfc 100644 --- a/website/news/modified-gnutls-2.4.x-available.mdwn +++ b/website/news/modified-gnutls-2.4.x-available.mdwn @@ -1,5 +1,15 @@ [[meta title="Modified GnuTLS 2.4.x available"]] +----- + +**2008-10-25 UPDATE:** [GnuTLS 2.6 has been released, and it contains the +functionality we needed](/news/gnutls-2.6-enables-monkeysphere). +Please upgrade to GnuTLS 2.6 if you need Monkeysphere to deal with +passphrase-protected authentication subkeys. The information on this +page is now of historical interest only. + +----- + The MonkeySphere project is now making available a patched version of [GnuTLS](http://gnutls.org/) version 2.4.x, which enhances the utility of the `monkeysphere` package by enabling it to read authentication @@ -9,8 +19,8 @@ circumstances. You can track this package in debian lenny by adding the following lines to `/etc/apt/sources.list`: - deb http://monkeysphere.info/debian experimental gnutls - deb-src http://monkeysphere.info/debian experimental gnutls + deb http://archive.monkeysphere.info/debian experimental gnutls + deb-src http://archive.monkeysphere.info/debian experimental gnutls Or you can patch and build the packages yourself with the patches and scripts provided in [the MonkeySphere git repo](/download). @@ -24,12 +34,27 @@ simply allows a "secret" key block to be written *without* storing any of the secret key material. This is used by GnuPG on the primary key when the `--export-secret-subkeys` argument is given. -You can read notes about the GNU S2K extensions in DETAILS from GnuPG, -which you can fetch this way: +GnuPG's [DETAILS +file](http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG) +describes this extension this way: + + GNU extensions to the S2K algorithm + =================================== + S2K mode 101 is used to identify these extensions. + After the hash algorithm the 3 bytes "GNU" are used to make + clear that these are extensions for GNU, the next bytes gives the + GNU protection mode - 1000. Defined modes are: + 1001 - do not store the secret part at all + 1002 - a stub to access smartcards (not used in 1.2.x) + +And [`gpg(1)`](http://linux.die.net/man/1/gpg) says of `--export-secret-subkeys`: - svn co svn://cvs.gnupg.org/gnupg/trunk/doc - less doc/DETAILS + [This] command has the special property to render the secret + part of the primary key useless; this is a GNU extension to + OpenPGP and other implementations can not be expected to + successfully import such a key. + A version of this patch was first proposed [on `gnutls-dev`](http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html), and looks like it will be adopted upstream in the GnuTLS 2.6.x series,