An open source library and command-line tools, licensed under the BSD
licence, written in C, using the OpenSSL library and providing
approximately the functionality specified below.
The libraries and tools will compile and run on the following
operating systems:
FreeBSD
Linux (Debian and Red Hat)
Solaris
but will be written such that porting to other operating systems
supported by OpenSSL will be possible.
As is usual with software, there will be no guarantee of 100% correct
functionality, but the software will be written to professional
standards. This specification does not constitute a commitment to
fixing bugs or adding enhancements once the initial version is
complete.
The library will comply with the IETF specification currently known as
RFC2440bis.
API
---
* Load keyring
* Save keyring
* Generate key
* Add key to keyring
* Find key in loaded keyring (by key ID, by UID)
* Generate subkey
* Revoke subkey
* Delete subkey
* Update subkey
* Delete key from keyring
* Add/remove UID
* Certify UID
* Revoke certification
* Sign message
* Verify, using any key in the keyring
* Verify, using specified key
* Encrypt, using a key
* Decrypt, using a key
* Import any object to GPG/PGP (key, keyring)
* Export any object
* (?)Query keyservers for keys
* (?)Export keys to keyservers
Keyserver stuff will be done if time/budget permits, otherwise will be
a to-do item, since we can always use GPG externally to do it.
Also, "save/load/find/add/import/export keyring" will be pluggable, so
we can use databases instead of flat files and in-memory keyrings.
We will support verification of signatures using v3 keys, and
decryption of messages encrypted to v3 keys, but not signing or
encryption.
Command-line
------------
* List keys
* Find key
* Export key/keyring
* Import key/keyring
* Generate key
* Delete key
* Generate subkey
* Revoke subkey
* Delete subkey
* Update subkey
* Add UID
* Remove UID
* Certify UID
* Revoke certification
* Encrypt
* Decrypt
* Sign
* Verify
Note that at least the first phase is not aiming at super-smooth
command-line utilities - these will be good enough for testing, rather
than for general use.