[jdev] Re: JEP-0027 (OpenPGP) implementation question

Juan Antonio Gómez Moriano moriano.jabber at gmail.com
Sun Mar 5 05:05:08 CST 2006

Thanks to all for the answer/suggestions... What i have think now is to
automatize the process of exchanging keys using OpenPGP key servers,
after all they are suppossed to be synchronized, aren't they? Also i
will develop something to create the OpenPGP keypair (just in case the
user has not used PGP before...) 

Apart from that i have been thinking on reporting a comment to the
jabber people about this... I have developed a simple solution which
basically stores the public in the jabber server in a place accessible
for everyone but that only the user can write, i've been testing it and
looks nice, should i make a more formal document and report it to

Finally and considering that i will use OpenPGP to handle the
encryption, should i use GnuPG? I have been looking at the BouncyCastle
cryptography extension (a set of librearies to perform cryptographic
functions), by using that i may avoid using GnuPG, what do you think?

Thanks again :-) 

El dom, 05-03-2006 a las 08:56 +0100, Remko Troncon escribió:
> On 04 Mar 2006, at 23:19, Michal Vaner (Vorner) wrote:
> > the point with PGP is that user checks and signs the key (if he  
> > trusts it).
> > Therefore, key exchange can not happen automatically, since it  
> > would break
> > one of the main idea of PGP, that user knows who he is encrypting to.
> Key exchange and key signing are still different things. Before you  
> can start thinking about trust and signing, you still need to  
> exchange your keys, which might be automated by your jabber client  
> for more comfort. Of course, when using the key, your Jabber client  
> should tell you that your key has not been signed and/or isn't  
> trusted yet.
> cheers,
> Remko

More information about the JDev mailing list