[Feature Request] Integration with gnupg for callsign verification

[Supermagnum]

Contact Details

No response

Feature for this project

Hi, If acceptable I can add support for signing with Brainpool P-256r1. That is supported in Gnupg, it is also used in German ID cards.

I suggest creating a API or similar so the software can communicate with already existing software and related functions.
Linux and variants have these built in.

Overhead needed:
Signature: 64 bytes (512 bits)
Callsign: ~10 bytes (80 bits)
Total: ~592 bits per signature

How Signing Works:

Signing: You sign messages with your private key, creating a unique cryptographic signature
Verification: Others use your public key to verify the signature, which proves:
    Authentication: The message came from you (not an imposter)

Prevents callsign spoofing - cryptographic proof that the transmission came from the legitimate callsign holder.

One could also do:
Signatures stored in ADIF log with custom fields.

Log upload (users already do this):

Upload ADIF to QRZ, LoTW, ClubLog, etc.
Includes signature fields in ADIF.
Services store callsign + signature + timestamp.

Verification (offline or online):

Import other stations' ADIF logs.
Software verifies signatures against public keys.
Shows verified/disputed contacts in log.

Because I have a neurological condition, I use AI assisted coding. I test my code with proper methods, a example is my gr-linux-crypto project. https://github.com/Supermagnum/gr-linux-crypto?tab=readme-ov-file#security--testing

The complete readme for that project, with source code is located at https://github.com/Supermagnum/gr-linux-crypto
The readme explains concepts very well.

73

VHF/UHF

No

Deprecated features

No

Non-standard compiler

No

Legal worldwide

Yes

Implementation assistance

I can implement this.

Support assistance

Documentation will be provided.

[tmiw]

I haven't heard of this before. Do you know how common this is with other ham apps?

Also, when you get a chance, please update this with the minimum of three users who want this feature. This is necessary for the feature to be considered by the project team.

[Supermagnum]

I haven't heard of this before. Do you know how common this is with other ham apps?

Also, when you get a chance, please update this with the minimum of three users who want this feature. This is necessary for the feature to be considered by the project team.

No, using it like that is to my knowledge brand new.
But the software itself is 26 years old. Its used in openssl among other things, so its very trustable.
Seahorse,KGPG,Cleopatra is among the GUI's that exist for Gnupg. Its also compatible with OpenPGP card, Nitrokey etc..

Its so universal that one could use it to control physical access too, among a lot of other neat things.

So, one could have as a example a green checkmark appear after a callsign to show the user that its authentic. Its pretty normal that all public keys for users are available on keyservers, so one could do automatic lookup and download. They do not consume a lot of bandwidth or diskspace.

To my knowledge, there is not a lot of radio amateurs that has entered their callsign in the comment field or in the name when one generates a key. That is everything needed so the software can locate it, without involving email adresses, qrz.com etc..
At least its pretty easy to find ones way around one of the mentioned GUI's and generate a new key. Those servers are of course free to use.

[Supermagnum]

PS:
Required Libraries
GPGME (GnuPG Made Easy)

Main library for GPG operations in C/C++
Debian/Ubuntu: libgpgme-dev
Fedora: gpgme-devel

Key Functions/Operations Needed

1. Search Keyservers by Callsign
   gpgme_op_keylist_ext_start() // Search keyservers
   gpgme_op_keylist_next() // Iterate results

You'll search the UID field (name/comment) for the callsign pattern.
2. Import Keys from Keyserver
gpgme_op_import_keys() // Import specific keys
gpgme_op_receive_keys() // Receive by key ID/fingerprint

Verify:
gpgme_op_verify() // Verify signed data
gpgme_op_verify_result() // Get verification results

Popular keyservers:

keys.openpgp.org
keyserver.ubuntu.com
pgp.mit.edu

Set keyserver
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
NULL,
"/path/to/gnupg/home");

Or configure in `~/.gnupg/gpg.conf`:

keyserver hkps://keys.openpgp.org

C++ example
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_key_t key;

// Initialize
gpgme_new(&ctx);
gpgme_set_protocol(ctx, GPGME_PROTOCOL_OpenPGP);

// Search for callsign
gpgme_op_keylist_start(ctx, "W1ABC", 0);
while (!(err = gpgme_op_keylist_next(ctx, &key))) {
// Process found keys
// Check UID for callsign match
gpgme_key_unref(key);
}
gpgme_op_keylist_end(ctx);

Documentation Resources

GPGME Manual: https://www.gnupg.org/documentation/manuals/gpgme/
GPGME C API: /usr/share/doc/libgpgme-dev/ (on Debian systems)
Header file: /usr/include/gpgme.h