| Age | Commit message (Collapse) | Author |
|---|
|
- Only the amalgamation allows proper checking of a key's
properties, the binding signature alone isn't sufficient.
- Fixes #408.
|
|
- This was missed due to improper tracking of the header files as
build inputs.
|
|
- KeyIter::revoked and KeyIter::key_flags (and its variants) didn't
take a time stamp so they could only be used for filtering keys
based on their current state, not their state at some time in the
past. Adding a time stamp to each of the filters would have fixed
the problem, but it would have made the interface ugly: callers
always want the same time stamp for all filters.
- Split KeyIter into two structures: a KeyIter and a ValidKeyIter.
- Add KeyIter::policy. It takes a time stamp, which is then used
for filters like `alive` and `revoked`, and it returns a
ValidKeyIter, which exposes filters that require a time stamp.
|
|
- See #405.
|
|
|
|
- Cert::keys_valid() is just a short-cut for
Cert::keys_all().alive().revoked(false).
- Remove Cert::keys_valid() and rename Cert::keys_all() to
Cert::keys().
|
|
- A tuple is just an unnamed, inflexible struct. Use a struct
instead.
- Fixes #400.
|
|
- They can still be used as a convenience, but the documentation
will refer to them as their expanded counterparts.
- This makes the structure of they Key<_, _> type more visible.
|
|
- std::mem::zeroed can be used to momentarily replace the KeyIter.
|
|
- Fixes #371.
|
|
- See #371.
|
|
- See #371.
|
|
- See #371.
|
|
- See #371.
|
|
|
|
- These are low-level cryptographic traits that are not concerned
with the role of a key.
- Fixes #382.
|
|
|
|
- Fixes #359.
|
|
- See #359.
|
|
- Fixes #387.
|
|
- To that end, make VerificationHelper::get_public_keys take
KeyHandles for all the issuers.
|
|
|
|
- Remove Fingerprint::to_keyid, use From instead.
|
|
I'm not even sure if we even need to use "de facto" when we're also
saying "convention", but i'm just doing a targeted fix here.
The fact that this one string was copied around in a dozen places
makes me a bit sad. If there are other changes to make in this
boilerplate text, they'll also have to be made in a dozen places.
I don't know enough about how sequoia is designed to be able to
suggest a plausible boilerplate reduction strategy though.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
- Once KeyIter::secret or KeyIter::unencrypted_secret is called,
change the iterator type to iterate over &Key<SecretParts, _>.
- Fixes #384.
|
|
- Fixes #381.
|
|
- Fixes #380.
|
|
- Restore the functionality removed in 8693a005 when replacing the
RFC 2822 mailbox parser.
|
|
- In sq and sqv, use chrono to interface with the user.
- Fixes #341.
|
|
- Fixes #375.
|
|
- See #375.
|
|
- See #375.
|
|
- Consider the following scenario: computer A's clock says 9:00.00
and signs and sends a message to computer B. Computer B's clock
says 8:59.59, it receives the message and tries to verify it.
From Computer B's perspective, the signature is not valid, because
it was generated in the future.
- This situation occured, because the two clocks were not completely
synchronized. Unfortunately, a few seconds of clock skew are not
unusual, particularly when dealing with VMs.
- Since it is almost always better to consider such messages as
valid, be tolerant when deciding whether a signature is alive.
|
|
|
|
- Return a different `VerificationResult` for signatures that are
not alive (BadSignature) from signatures that are actually
bad (BadCheck).
|
|
- RFC 4880 says that "by convention, [a User ID Packet] includes an
RFC 2822 [RFC2822] mail name-addr." This is not the actual
convention, and attempting to parse User IDs using an RFC 2822
parser means that many common User IDs cannot be parsed.
- Disparities between the actual convention and the stated
convention include:
- Neither users nor the software they use to create keys
correctly quotes User IDs:
- 'Nachname, Vorname <name@example.org>' is not valid, because
it contains an unquoted comma. It should be 'Nachname\,
Vorname <name@example.org>' or '"Nachname, Vorname"
<name@example.org>'. (The same goes for dots, single
quotes, etc.)
- 'user@example.org <user@example.org>' is not valid, because
it contains an unquoted at symbol.
- 'Bj=?utf-8?q?=C3=B6?=rn <bjoern@example.net>' is encoded
using RFC 2047, which is what RFC 2822 mandates when using
non-ASCII characters, but no OpenPGP software would decode
this User ID. In practice, everyone just uses UTF-8 (in
this case: 'Björn <bjoern@example.net>').
- There are many examples of User IDs containing raw email
addresses ('user@example.org'). But, these are not
"name-addr"s. At best, they are RFC 2822 "mailbox"es.
- Some User IDs only contain a name (e.g, "Frank PGP").
- RFC 2822 also includes a lot of complexity that no one uses or
needs. For instance, CFWS (comments and folding whitespace) can
be placed everywhere, and the rules for parsing them are
complex.
- Instead of continuing to bend the RFC 2822 parser to our will, we
instead accept reality.
- This patch replaces the RFC 2822 parser with a significantly
simpler parser, which is based on actual convention (i.e., User
IDs in the wild).
- This parser is based on dkg's mail to the OpenPGP working group
mailing list.
Message-ID: <87woe7zx7o.fsf@fifthhorseman.net>
https://mailarchive.ietf.org/arch/msg/openpgp/wNo27-0STfGR9JZSlC7s6OYOJkI
- This initial version has one notable regression with respect to
the RFC 2822 parser: it doesn't handle User IDs holding URIs.
|
|
- Force pgp_tag_t to have a defined size, and return integers of
that size from the ffi glue.
- This problem did only manifest itself when compiling with
opt-level=1.
|
|
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
Newer Rust compilers requre `dyn` marking trait objects.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
|
|
- TPK::revoke is now redundant. Remove it.
|
|
- The primary key is not a binding; it is a single component.
Thus, returning a ComponentBinding is misleading.
- Add methods to the TPK structure to return the direct signatures,
certifications, self revocations, and other revocations.
|
|
- Combine Signature4::signature_alive and
Signature4::signature_alive_at.
- Use an Into<Option<time::Tm>> to distinguish the two previous
cases: the current time (None), and a specific time (a time::Tm).
|
|
- Combine Signature4::signature_expired and
Signature4::signature_expired_at.
- Use an Into<Option<time::Tm>> to distinguish the two previous
cases: the current time (None), and a specific time (a time::Tm).
|
|
- Combine TPK::alive and TPK::alive_at.
- Use an Into<Option<time::Tm>> to distinguish the two previous
cases: the current time (None), and a specific time (a time::Tm).
|
|
- Combine Signature4::key_alive and Signature4::key_alive_at.
- Use an Into<Option<time::Tm>> to distinguish the two previous
cases: the current time (None), and a specific time (a time::Tm).
|
|
- Combine TPK::expired and TPK::expired_at.
- Use an Into<Option<time::Tm>> to distinguish the two previous
cases: the current time (None), and a specific time (a time::Tm).
|
|
- Combine Signature4::key_expired and Signature4::key_expired_at.
- Use an Into<Option<time::Tm>> to distinguish the two previous
cases: the current time (None), and a specific time (a time::Tm).
|
|
- Combine TPK::revocation_status and TPK::revocation_status_at; only
keep the version with the optional time parameter.
- Rename TPK::revocation_status to TPK::revoked to match
KeyBinding::revoked, UserIDBinding::revoked, and
UserAttributeBinding::revoked.
- Do the same for the C API.
|
|
- Change ComponentBinding::binding_signature to take an optional
timestamp and return the self signature that is active at that
time.
|
|
|
