EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Narrowing down the list of OpenPGP keys to use with key filters

BizCrypto OpenPGP components allow the user to supply their public and secret keys through the use of Public Keyring and Secret Keyring properties. In the default configuration, the component will use all the keys loaded from those files to perform the requested cryptographic operations. For example, if the file referenced in the Public Keyring property contains, say, two public keys, both of them will be used for encrypting the data.

A straightforward solution of restricting the set of keys to use is exporting the needed public and/or secret keys from the “main” keyring to separate files and referencing those files from the Public Keyring and Secret Keyring properties. This solution, however, might be inconvenient if an application needs to assign keys dynamically basing on a particular criteria, such as Key IDs or e-mail addresses. Key filters is an easy-to-use mechanism offered by BizCrypto that allows the user to specify particular keys in a “big” keyring without exporting them to files.

Key filter is a semicolon-separated criteria identifying particular keys in the keyring. The following criteria are currently supported by BizCrypto:

Criterion

Description

Example

userid

UserID (name or e-mail) bound to a particular key

userid=john@doe.com

fp (fingerprint)

Key fingerprint

fp=0123456789abcdef0123456789abcdef01234567


fingerprint=0123456789abcdef0123456789abcdef01234567

keyid

OpenPGP Key Identifier (Key ID), either in long (8 bytes) or short (4 bytes) form

keyid=0a1b2c3d4e5f6a7b


keyid=4e5f6a7b

Example 1. The userid=john@doe.com filter will limit the set of keys to the keys belonging to john@doe.com (there can be more than one such key).

Example 2. The userid=john@doe.com;userid=jane@doe.com filter will limit the set of keys to the keys belonging either to john@doe.com or jane@doe.com.

Example 3. The keyid=a0329cf3 filter will limit the set of keys to the key with the specified ID. Note, that all primary keys and subkeys to use should be specified explicitly (inclusion of a primary key to the final set does not imply that of its subkeys and vice versa).

Example 4. The keyid=a0329cf3;userid=john@doe.com filter will limit the set to the key with the specified ID and all keys belonging to john@doe.com.

Note. You can omit the “criterion=” part from the filter; in such cases a provided string will be tested against all the User ID, Key FP and Key ID properties of the keys. This way, the following filter is also correct: a0329cf3;john@doe.com.

Specifying different criteria for public and secret keys

In some cases there is a need to choose public and private keys according to different criteria. With BizCrypto you can provide separate filters for public and secret keys by separating them with a '|' character.

Example 5. The userid=john@doe.com|userid=jane@doe.com filter will limit the public key set with the keys belonging to john@doe.com and the secret key set with the keys belonging to jane@doe.com. Therefore, the outbound documents will be encrypted with john@doe.com's public keys and signed by jane@doe.com's secret keys.

Example 6. The keyid=a0329cf3;userid=john@doe.com|userid=jane@doe.com filter will limit the public key set with the key with the specified ID and the keys belonging to john@doe.com, and the secret key set with the keys belonging to jane@doe.com.

Return to the list

|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!