[jdev] Re: JEP-0027 (OpenPGP) implementation question
Juan Antonio Gómez Moriano
moriano.jabber at gmail.com
Sun Mar 5 05:05:08 CST 2006
Thanks to all for the answer/suggestions... What i have think now is to
automatize the process of exchanging keys using OpenPGP key servers,
after all they are suppossed to be synchronized, aren't they? Also i
will develop something to create the OpenPGP keypair (just in case the
user has not used PGP before...)
Apart from that i have been thinking on reporting a comment to the
jabber people about this... I have developed a simple solution which
basically stores the public in the jabber server in a place accessible
for everyone but that only the user can write, i've been testing it and
looks nice, should i make a more formal document and report it to
jabber.org?
Finally and considering that i will use OpenPGP to handle the
encryption, should i use GnuPG? I have been looking at the BouncyCastle
cryptography extension (a set of librearies to perform cryptographic
functions), by using that i may avoid using GnuPG, what do you think?
Thanks again :-)
Moriano
El dom, 05-03-2006 a las 08:56 +0100, Remko Troncon escribió:
> On 04 Mar 2006, at 23:19, Michal Vaner (Vorner) wrote:
>
> > the point with PGP is that user checks and signs the key (if he
> > trusts it).
> > Therefore, key exchange can not happen automatically, since it
> > would break
> > one of the main idea of PGP, that user knows who he is encrypting to.
>
> Key exchange and key signing are still different things. Before you
> can start thinking about trust and signing, you still need to
> exchange your keys, which might be automated by your jabber client
> for more comfort. Of course, when using the key, your Jabber client
> should tell you that your key has not been signed and/or isn't
> trusted yet.
>
> cheers,
> Remko
More information about the JDev
mailing list