Age | Commit message (Collapse) | Author |
|
- See #525.
|
|
- Wrap functions to create a password-protected
certificate (`pgp_cert_builder_set_password`), and to work with
keys that are password
protected (`pgp_key_has_unencrypted_secret`,
`pgp_key_decrypt_secret`).
|
|
- Returning rich errors from this function may compromise secret key
material due to Bleichenbacher-style attacks. Change the API to
prevent this.
- Hat tip to Hanno Böck.
- See #507.
|
|
- Fixes #510.
|
|
- Change `mark_parts_public` to `parts_into_public`,
- Change `mark_parts_public_ref` to `parts_as_public`,
- Change `mark_parts_secret` to `parts_into_secret`,
- Change `mark_parts_secret_ref` to `parts_as_secret`,
- Change `mark_parts_unspecified` to `parts_into_unspecified`,
- Change `mark_parts_unspecified_ref` to `parts_as_unspecified`,
- Fixes #452.
|
|
- Add the `UserID`, `UserIDAmalgamation` and
`ValidUserIDAmalgamation` types, and some associated methods.
- Replace the use of `UserIDBundle` with `UserIDAmalgamation` and
`ValidUserIDAmalgamation`.
|
|
- Use the anyhow crate instead of failure to implement the dynamic
side of our error handling. anyhow::Error derefs to dyn
std::error::Error, allowing better interoperability with other
stdlib-based error handling libraries.
- Fixes #444.
|
|
- Add two new traits: `Marshal` and `MarshalInto`.
- Implement them instead of `Serialize` and `SerializeInto`.
- Only implement `Serialize` and `SerializeInto` for data structures
that are normally exported.
- This should prevent users from accidentally serializing a bare
signature (`Signature`) when they meant to serialize a signature
packet (`Packet`), for instance.
- Fixes #368.
|
|
|
|
- This signals the absence of a subpacket.
- Likewise for features(), key_server_preferences().
|
|
|
|
- They can still be used as a convenience, but the documentation
will refer to them as their expanded counterparts.
- This makes the structure of they Key<_, _> type more visible.
|
|
- Fixes #371.
|
|
- See #371.
|
|
- See #371.
|
|
- See #371.
|
|
- These are low-level cryptographic traits that are not concerned
with the role of a key.
- Fixes #382.
|
|
- Fixes #359.
|
|
I'm not even sure if we even need to use "de facto" when we're also
saying "convention", but i'm just doing a targeted fix here.
The fact that this one string was copied around in a dozen places
makes me a bit sad. If there are other changes to make in this
boilerplate text, they'll also have to be made in a dozen places.
I don't know enough about how sequoia is designed to be able to
suggest a plausible boilerplate reduction strategy though.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
- Fixes #380.
|
|
- Restore the functionality removed in 8693a005 when replacing the
RFC 2822 mailbox parser.
|
|
- In sq and sqv, use chrono to interface with the user.
- Fixes #341.
|
|
- Consider the following scenario: computer A's clock says 9:00.00
and signs and sends a message to computer B. Computer B's clock
says 8:59.59, it receives the message and tries to verify it.
From Computer B's perspective, the signature is not valid, because
it was generated in the future.
- This situation occured, because the two clocks were not completely
synchronized. Unfortunately, a few seconds of clock skew are not
unusual, particularly when dealing with VMs.
- Since it is almost always better to consider such messages as
valid, be tolerant when deciding whether a signature is alive.
|
|
- RFC 4880 says that "by convention, [a User ID Packet] includes an
RFC 2822 [RFC2822] mail name-addr." This is not the actual
convention, and attempting to parse User IDs using an RFC 2822
parser means that many common User IDs cannot be parsed.
- Disparities between the actual convention and the stated
convention include:
- Neither users nor the software they use to create keys
correctly quotes User IDs:
- 'Nachname, Vorname <name@example.org>' is not valid, because
it contains an unquoted comma. It should be 'Nachname\,
Vorname <name@example.org>' or '"Nachname, Vorname"
<name@example.org>'. (The same goes for dots, single
quotes, etc.)
- 'user@example.org <user@example.org>' is not valid, because
it contains an unquoted at symbol.
- 'Bj=?utf-8?q?=C3=B6?=rn <bjoern@example.net>' is encoded
using RFC 2047, which is what RFC 2822 mandates when using
non-ASCII characters, but no OpenPGP software would decode
this User ID. In practice, everyone just uses UTF-8 (in
this case: 'Björn <bjoern@example.net>').
- There are many examples of User IDs containing raw email
addresses ('user@example.org'). But, these are not
"name-addr"s. At best, they are RFC 2822 "mailbox"es.
- Some User IDs only contain a name (e.g, "Frank PGP").
- RFC 2822 also includes a lot of complexity that no one uses or
needs. For instance, CFWS (comments and folding whitespace) can
be placed everywhere, and the rules for parsing them are
complex.
- Instead of continuing to bend the RFC 2822 parser to our will, we
instead accept reality.
- This patch replaces the RFC 2822 parser with a significantly
simpler parser, which is based on actual convention (i.e., User
IDs in the wild).
- This parser is based on dkg's mail to the OpenPGP working group
mailing list.
Message-ID: <87woe7zx7o.fsf@fifthhorseman.net>
https://mailarchive.ietf.org/arch/msg/openpgp/wNo27-0STfGR9JZSlC7s6OYOJkI
- This initial version has one notable regression with respect to
the RFC 2822 parser: it doesn't handle User IDs holding URIs.
|
|
- Force pgp_tag_t to have a defined size, and return integers of
that size from the ffi glue.
- This problem did only manifest itself when compiling with
opt-level=1.
|
|
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
- Combine Signature4::signature_alive and
Signature4::signature_alive_at.
- Use an Into<Option<time::Tm>> to distinguish the two previous
cases: the current time (None), and a specific time (a time::Tm).
|
|
- Combine Signature4::signature_expired and
Signature4::signature_expired_at.
- Use an Into<Option<time::Tm>> to distinguish the two previous
cases: the current time (None), and a specific time (a time::Tm).
|
|
- Combine Signature4::key_alive and Signature4::key_alive_at.
- Use an Into<Option<time::Tm>> to distinguish the two previous
cases: the current time (None), and a specific time (a time::Tm).
|
|
- Combine Signature4::key_expired and Signature4::key_expired_at.
- Use an Into<Option<time::Tm>> to distinguish the two previous
cases: the current time (None), and a specific time (a time::Tm).
|
|
- In addition to providing some added protection, this allows us to
implement 'From<Key<_, _>> for Packet'.
|
|
- This is the result of running `cargo fix --edition`, with some
manual adjustments.
- The vast majority of changes merely qualify module paths with
'crate::'.
- Two instances of adding an anonymous pattern to a trait's
function.
- `async` is a keyword in Rust 2018, and hence it needs to be
escaped (e.g. in the case of the net::r#async module).
- The manual adjustments were needed due to various shortcomings of
the analysis employed by `cargo fix`, e.g. unexpanded macros,
procedural macros, lalrpop grammars.
|
|
- See #154.
|
|
|
|
- Add bindings for the new User ID constructors,
UserID::from_address and UserID::from_unchecked_address.
|
|
|
|
- Providing bindings for UserID::other and
UserID::address_or_other.
- Improve related documentation to reflect the changes to the
parser.
|
|
|
|
|
|
- pgp_tpk_merge_packets was still using old-style unwrapping for the
array of Packets although Packets now use new-style wrapping.
- Likewise pgp_signature_into_packet.
|
|
|
|
|
|
- Add pgp_user_id_new to instantiate from a c string.
- Add pgp_user_id_from_raw to instantiate from a not-NUL-terminated
buffer.
|
|
- Use `extern "C"` instead of `extern "system"`. The latter selects
stdcall, which is only appropriate for talking to the Windows API.
|
|
- Add pgp_user_id_name, pgp_user_id_comment, pgp_user_id_address,
and pgp_user_id_address_normalized.
|
|
- See #156.
|
|
|
|
- Fixes #224.
|
|
- See #224.
|
|
|