Trouble Understanding Key Rings and Key Ring Collections

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Trouble Understanding Key Rings and Key Ring Collections

alexander lambrou
Hello,

I am attempting to create an application that stores public and private PGP keys. I am using Java as the programming language. 
My question is, what appears to be called a "Key Ring" is actually a Key, and a "Key Ring Collection" is the equivalent of a Key Ring in PGP, is that correct?
I am sorry if I have this all wrong. It appears that the following example code is used to create a key pair, though it is using a keyring as the Key, and KeyRingCollection to read the Keyring file.


Is this because, a "key" is to be considered just the output of an algorithm, whereas a PGP Private Key, for example, contains multiple keys inside of it?

Thank you for your time.

Reply | Threaded
Open this post in threaded view
|

Re: Trouble Understanding Key Rings and Key Ring Collections

David Hook-3

Okay, this is a bit of an odd one. The thing is the RFC, and a lot of other PGP related documentation, uses the word Ring for public/private keys with their associated sub-keys, in other contexts Key is also used to describe a Ring as from a PGP point of view you would rarely have a single key pair in a KeyRing, and to make life more interesting, Ring is also used to describe collections of public/private keys with their associated master keys.

While this use of terminology kind of works in a "natural" language like English, naming conventions like that do not translate well to an API... In our case we tried to maintain Key, as in what a Key is in Java (a single private or public key), and then KeyRing became a set of keys, where one key pair in the ring represented the master keys, and the rest  were subkeys. A KeyRingCollection then became a set of KeyRing objects, partly because we couldn't use the word KeyRing again, and partly because, being Java programmers, we just figured that banging the word Collection onto the the end would somehow make everything better. Maybe it didn't... but it does work, once you get your head around the convention.

I hope this helps.

Regards,

David

On 10/08/18 11:56, alexander lambrou wrote:
Hello,

I am attempting to create an application that stores public and private PGP keys. I am using Java as the programming language. 
My question is, what appears to be called a "Key Ring" is actually a Key, and a "Key Ring Collection" is the equivalent of a Key Ring in PGP, is that correct?
I am sorry if I have this all wrong. It appears that the following example code is used to create a key pair, though it is using a keyring as the Key, and KeyRingCollection to read the Keyring file.


Is this because, a "key" is to be considered just the output of an algorithm, whereas a PGP Private Key, for example, contains multiple keys inside of it?

Thank you for your time.