Skip to content

Commit

Permalink
Tweak the README
Browse files Browse the repository at this point in the history
  • Loading branch information
Maurice Nonnekes committed Dec 23, 2018
1 parent 309841d commit cc70de6
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Expand Up @@ -11,9 +11,9 @@ Things to know
--------------
There are a couple things *off* about this Go package, namely:

* You can use PKCS1v15 and PSS for signing when your private keys are stored on disk, but when it's stored on a smart card you can only use PKCS1v15. The reason for this is, is that we can leverage the `PKDECRYPT` functionality for both decryption and signing when the keys are stored on disk, but most smart cards won't allow a _decrypt_ operation on a signing key. Therefore, this package needs to leverage the `PKSIGN` gpg-agent command, which only output PKCS1v15.
* You can use PKCS1v15 and PSS for signing when your private keys are stored on disk, but when it's stored on a smart card you can only use PKCS1v15. The reason for this is that we can leverage the `PKDECRYPT` functionality for both decryption and signing when the keys are stored on disk, but most smart cards won't allow a _decrypt_ operation on a signing key. Therefore, this package needs to leverage the `PKSIGN` gpg-agent command, which only returns a signature in the PKCS1v15 format.
* There is no way to know what *type* of key the GPG agent returns (signing, encryption or authentication), so in the case of subkeys the user has to make this distinction manually.
* It borrows code from `crypto/rsa`, because the interface of the `rsa` package expects a private key to be provided, which is not possible when the private key is stored on a smart card. Therefore, the relevant code from `crypto/rsa` was copied to an internal package in this repository where the `PrivateKey{}` was changed to add a `DecryptFunc` field that gets called instead of the unexported `decrypt()` function in the rsa package.
* It borrows code from `crypto/rsa`, because the interface of the `rsa` package expects a private key to be provided, which is not possible when the private key is stored on a smart card. Therefore, the relevant code from `crypto/rsa` was copied to an internal package in this repository where the `PrivateKey{}` was changed to add a `DecryptFunc` field that gets called instead of the unexported `decrypt()` function in the rsa package itself.

TODO
----
Expand Down

0 comments on commit cc70de6

Please sign in to comment.