Age | Commit message (Collapse) | Author |
|
|
|
|
|
- Make IntendedRecipient and IssuerFingerprint roundtrippable.
- When parsing an Intended Recipient or Issuer Fingerprint subpacket,
the version field is only preserved ifs value is 4.
The subpacket is stored as a Fingerprint, which has V4 and
Invalid variants, but Invalid does not store an associated
version.
- Fix by adding a new Fingerprint::Unknown{version, fingerprint}
variant, that replaces Fingerprint::Invalid.
- Quickcheck found a case that demonstrates the issue, use that as a test.
- Fixes #820.
|
|
- Fingerprint::Invalid does not store the fingerprint's version if
sequoia does not support that version.
- Add Fingerprint::Unknown{version, fp} that replaces
Fingerprint::Invalid.
- By symmetry, that requires adding KeyID::Unknown, too.
|
|
- The custom Debug implementation of Fingerprint and KeyID hides the
enum variant, which is inconvenient for debugging.
- Fix by deriving Debug.
|
|
- We cannot make that kind of assumption in a test.
|
|
The new scenario is more explicit in how the verification is done
rather than just checking the output is a public key block.
Also, fix a tiny markup error in another scenario (missing _ to end
italic section).
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
|
|
Fixes #811
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
|
|
The exact architecture is armv7-unknown-linux-gnueabihf.
|
|
- This is the most problematic part of the test, actually.
- Fixes #777. Again.
|
|
- Previously, the test asserted that we can create at least
SIG_BACKDATE_BY signatures, and at most 2 * SIG_BACKDATE_BY
signatures.
- The former may fail, presumably due to a corner case involving
losing the sub-second precision of SystemTime. The latter may
fail depending on CPU resources and scheduling.
- Tame the test by demonstrating that we can override a couple of
signatures. Drop the test for the maximum number of overrides.
- Fixes #777.
|
|
|
|
|
|
- `get_keys` only returned a key for the first certificate. It should
return a key for each certificate.
- Fixes #750.
|
|
|
|
|
|
- If a key is inappropriate, include an explanation in the error
message to simplify debugging.
|
|
|
|
|
|
- Better distinguish multiple certifications. Previously just the
issuers of the certification were shown and there can be more than
one issuer subpacket per certification.
- Also, when set, display the signature's creation time, its
expiration time, and the trust depth & trust amount.
|
|
- Allow the user to explicitly set the key's creation time.
- This is useful for:
- obscuring the actual creation time.
- testing.
|
|
- Previously, during parsing and serialization, OpenPGP's unsigned
32-bit timestamps were converted to Rust's SystemTime, which uses
time_t. On platforms where that is a signed 32-bit value, the time
was truncated. See #668.
- One way to fix that is to make Rust's SystemTime independent of
time_t. See https://github.com/rust-lang/rust/issues/44394.
- The other way is not to convert to SystemTime at the API
boundary. See
https://gitlab.com/sequoia-pgp/sequoia/-/issues/806.
- This fixes handling during parsing and serialization, but doesn't
address the API issue.
- Fixes #802.
|
|
- Previously, we used the cipher algorithm returned by
SKESK5::decrypt, which always returns
SymmetricAlgorithm::Unencrypted.
|
|
- Now that the chunk size is capped, just initialize the scratch
vector.
|
|
|
|
- `str::starts_with` already checks that the string is not empty.
Don't first check that the string is not empty.
|
|
- There may be a valid key, but not at the specified time. When no
key is found and a time stamp is given, add a diagnostic that
this might be the problem.
|
|
- Generalize the existing code to handle revoking both certificates
and User IDs.
|
|
|
|
- Generate `cert_stub` to optionally take a User ID. If a User ID
is specified emit that instead of the primary User ID.
|
|
|
|
Also, tidy up some older stuff a bit.
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
|
|
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
Closes #799
|
|
|
|
|
|
|
|
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
|
|
- Show the revocation certificate's human-readable revocation
message, if any.
- If the revocation certificate is a third-party revocation, then
also show the first issuer.
|
|
- Use `get_certification_keys` to get the certification key. This
also unlocks the key, if needed.
Fixes #776.
- Add `--private-key-store` as an option to also work with keys
stored on a PKS.
|