Qt Cryptographic Architecture

George Staikos staikos at kde.org
Tue Jan 6 17:34:56 GMT 2004

On Tuesday 06 January 2004 04:09, Justin Karneges wrote:
> I was reading on dot.kde.org about some recent changes to KDE CVS regarding
> an SSLIODevice.  Are you guys doing some restructuring to kssl?  If so, I
> wonder if you would be interested in working with QCA.

   There is no restructuring to KSSL planned.  It works fine as is and is just 
about complete for our purposes.  It would be a big waste of resources to 
rewrite it now.  It's not perfect, but it's almost entirely hidden by 
TCPSlaveBase in most cases.

> QCA stands for Qt Cryptographic Architecture.  It works much like Java's
> similarly-named JCA, in which there is a crypto API abstracted from the
> actual implementations.  QCA loads implementations as plugins, which I have
> piggybacked on Qt's own plugin system (so they are found in
> $QTDIR/plugins/crypto, for instance).  Plugins are loaded on demand during
> runtime.
> The API supports SSL(TLS) and SASL, both for clients _and_ servers, as well
> as X509, RSA, symmetric ciphers, hashers...

   I've wanted something like this in KDE for a while, but for the ciphers and 
hashes, not for replacing SSL/PGP/etc.

> For SSL, you would use QCA::TLS, which has very similar behavior to my
> older QSSLFilter (and also Trolltech's recent QtSSLFilter, which they based
> on my original concept).

   This won't mesh with KIO very well.

> I have written two provider plugins.  One is based on Cyrus SASL2 and
> supplies SASL, the other is based on OpenSSL and supplies everything else. 
> The actual QCA library itself has no dependency on these sub-libraries. 
> For instance, one could easily write a TLS provider based on gnutls (I
> figure this aspect might interest you the most).

   We already have a SASL implementation too.  Is it conceivable to reduce it 
to a more lightweight implementation of just the algorithms?  OpenSSL is very 
expensive to load just to get access to, say, MD5.

George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/

More information about the kde-core-devel mailing list