Age | Commit message (Collapse) | Author |
|
- Nettle, OpenSSL, Botan, and RustCrypto implement this natively,
for CNG we use the RustCrypto implementation.
|
|
|
|
|
|
|
|
|
|
- CNG doesn't currently implement this on commonly deployed
installations. As this is not a high priority algorithm,
we don't implement it using RustCrypto when the CNG backend is
selected, but simply signal no support.
|
|
- See https://openpgp-wg.gitlab.io/rfc4880bis/#name-argon2
|
|
- v4 and v6 key IDs are both 8 octets in length, hence we cannot
distinguish them.
- Rename KeyID::V4 to KeyID::Long to reflect this. Handle aliasing
with v6 fingerprints.
|
|
|
|
|
|
- In this branch, we will collect our work implementing the next
revision of OpenPGP, RFC9580.
- The ongoing work will happen in feature branches starting from
this commit. A feature branch may also branch off from a commit
further down in the crypto-refresh branch.
- Small and complete changes may be collected into this branch,
especially changes introducing fundamental types required by most
feature brances, such as v6 fingerprints.
- We may occasionally rebase this branch on top of the current main
development branch, and use the opportunity to linearize it.
|
|
|
|
|
|
- See https://gitlab.com/sequoia-pgp/sequoia/-/jobs/7135603555
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- The `pks` module provided a method to communicate with remote
servers providing decryption and signing services. However, there
are several problems with this:
- The protocol design does not fit into our vision of how a secret
key store should work, and with the advent of the Sequoia
Keystore (which does fit that vision) has become obsolete.
- There is no downstream consumer of this API in the Sequoia
project.
- There are no integration tests, so the code is difficult to
maintain.
- The code requires porting to newer crates, and without
integration tests and users this is difficult to do reliably.
- The name unfortunately collides with the OpenPGP Key Server and
associated protocol pks, an ancestor of hkp.
- Arguably, this module should have gone into the sequoia-ipc
crate and not into the sequoia-net crate in the first place.
- Remove it.
|
|
|
|
|
|
|
|
|
|
- This way when the signature fits into two components, the computed
hash is correctly set for every copy of the signature.
|
|
- They are the same in the end, but let's be more hygienic.
|
|
- When looking for the relevant binding signature, search on the
unverified signatures and verify them on demand.
- When looking for revocation signatures, use the iterator.
|
|
- In the original implementation of `Cert::canonicalize`, all
self-signatures were verified. This has turned out to be very
expensive. Instead, we should only verify the signatures we are
actually interested in.
- To preserve the semantics, every self signature we hand out from
the `Cert` API must have been verified first. However, we can do
that lazily. And, when we reason over the cert (i.e. we are
looking for the right self-signature), we can search the
signatures without triggering the verification, and only verify
the one we are really interested in.
|
|
- Previously, when the third-party key is not
available (i.e. always), we only hashed the signature and did not
check whether the signature has the right type. This has the
potential (1 in 2^16 chance) of not recognizing that a signature
is misplaced (also happens when using Cert::insert_packets).
- Fix this by also checking the signature type when using the hash
heuristic.
- See also #1107.
|
|
- Previously, attestation key signatures were put into the
self_signatures bin. Then, in canonicalize they would fail to
verify as binding signature, and be put into the bad bin. Later,
when re-trying the bad signatures, we'd find the correct place for
it again.
- Instead, sort them into the attestations bin, and correctly verify
the attestations on the first try in Cert::canonicalize.
|
|
- Previously, all signature verification methods took a mutable self
reference in order to persist authentication results. Now that we
use interior mutability for that, signature verification doesn't
have to take a mutable reference any longer, enabling more
optimizations down the road.
|
|
|
|
|
|
- Notably, Signature4::set_computed_digest now takes an immutable
self. Use OnceLock to make this safe and ergonomic.
|
|
- The Rust Crypto crates are *very* slow when compiled without any
optimizations. Turn on some optimizations when using the dev
profile.
- Fixes 3dd92f2237f1989340392ac9451f842db31e92d5, which put the
profile into openpgp/Cargo.toml by mistake.
|
|
- Previously, there was a chance that we generated keys with p > q.
Add a test.
|
|
|
|
- Because we derive `Clone` for `Key` and `Key4`, `P` and `R` have
to implement `Clone`.
- This is not strictly necessary and we can drop this requirement by
implementing clone manually. Note: we already do this for
`KeyAmalgamation` for this exact reason.
|
|
- Add `CipherSuite::variants`, which returns an iterator over all
cipher suite variants.
|
|
|
|
|
|
- Remove the `gnupg` and `assuan` modules and associated code, and
move them to `sequoia-gpg-agent`.
|
|
- `gpg-agent`'s `EXPORT_KEY` command exports secret keys as
s-expressions.
- Add support for decoding them.
- See #928.
|
|
- The link to the Sexp specification is no longer valid.
- Replace it with a link to the document in the IETF data tracker.
|
|
|
|
- The Rust Crypto crates are *very* slow when compiled without any
optimizations. Turn on some optimizations when using the dev
profile.
|
|
- `Keygrip::of` is missing support for brainpoolP384r1 curves.
- Add it.
|
|
|
|
- Currently, the reference time is not set, hence evaluated to the
current time on demand. If `now` is at the end of a whole
second (OpenPGP's time resolution), it may be that we are off by
one second. Explicitly set the reference time to avoid this.
- See #998.
|