[Sugar-devel] Create new owner keys as RSA keys instead of DSA

Sascha Silbe silbe at activitycentral.com
Tue Nov 15 07:35:32 EST 2011

Previous message: [Sugar-devel] [FEATURE] Transfer to many
Next message: [Sugar-devel] [PATCH 2/2 sugar] Create new owner keys as RSA keys instead of DSA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The following patch set changes the type of keys created by the intro
screen from DSA to RSA. As no part of the Sugar platform actually uses
them as keys yet (only hash sums are used), now is a good time to do
this change.

There are a couple of reasons to prefer RSA over DSA, one of which is
better compatibility with other parts of the software stack, making it
easier to implement the Bitfrost identity service (P_IDENT [1]).

By changing the default key type now, we reduce the number of systems
that would need to recreate keys (and thus changing their identity) once
P_IDENT (or anything else that needs RSA keys) gets implemented. So even
(or rather: especially) if nobody works on the identity service in the
near future, we should merge this patch to make future upgrades as
seamless as possible.

I've checked the key related code in sugar, sugar-presence-service and
sugar-toolkit. Besides one unimportant occurence in
sugar-presence-service (see below), only the functions for reading the
key from disk (in sugar-toolkit) don't treat the key as just an opaque
string. The first patch fixes these to accept RSA keys in addition to
DSA keys.

In addition to the code audit and checking the protocol specs (that
don't say anything useful about the key), I've tested Collaboration
between two systems running latest sugar-jhbuild on Debian Squeeze
resp. Wheezy, with the Squeeze one having a DSA key (and no patches)
and the Wheezy one sporting the two patches and an RSA key. As expected,
no regression occured.

src/pstest.py in sugar-presence-service also contains code to create and
parse DSA keys. Since sugar-presence-service is deprecated and pstest.py
isn't used during normal operation, I've not bothered to make it use RSA
keys instead.

Sascha Silbe (2):
  [sugar-toolkit] Accept RSA key as owner key
  [sugar] Create new owner keys as RSA keys instead of DSA

 src/sugar/profile.py |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

 src/jarabe/intro/window.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


[1] http://wiki.laptop.org/go/OLPC_Bitfrost#P_IDENT:_identity_service
--
1.7.7.1

Previous message: [Sugar-devel] [FEATURE] Transfer to many
Next message: [Sugar-devel] [PATCH 2/2 sugar] Create new owner keys as RSA keys instead of DSA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Sugar-devel mailing list