Age | Commit message (Collapse) | Author |
|
- We implement `Parse` for `Cert`. Do the same for `RawCert` and
check that they have the same semantics.
|
|
- We use this in our API, and re-exporting it here makes it easy to
use the correct version of the crate in downstream code without
having to explicitly depend on it.
|
|
|
|
|
|
- When parsing secrets using the BufferedReader protocol, they may
leak into buffers of the readers in the BufferedReader stack.
This is is most problematic when parsing SecretKeyMaterial.
- Deprecate SecretKeyMaterial::parse* in favor of variants that
operate on bytes. Then, we can use the memory-backed
BufferedReader which does not introduce additional buffering (and
neither does the Dub reader used in the PackedHeaderParser).
|
|
|
|
- One of the brainpool curves was not included in our enum Curve,
because at the time we implemented ECC support, it wasn't part of
the RFC4880bis document.
- Unfortunately, we failed to mark enum Curve as non-exhaustive, so
we cannot add a variant without breaking the API.
- We can, however, support the curve by matching on its OID.
|
|
- Add `RawCertParser`, which splits keyrings into individual
certificates, similar to `CertParser`, but without invoking the
heavy machinery of the `CertParser`.
- `RawCertParser` uses the OpenPGP framing information to identify
the packets, and it makes sure that the packets form a valid TPK or
TSK as per Sections 11.1 and 11.2 of RFC 4880, respectively.
|
|
|
|
|
|
- For some packets we'd like to have different policies depending on
the version. This in particular applies to Signatures: by default
we want to reject v3 signatures, but accept v4 signatures.
- By default, reject v3 signatures as of 2007.
- Fixes: #945
|
|
- To use a good list, we need to reject all options by default and
then only enable those on the good list.
- Add a mechanism to reject all options in a particular
category (hash algorithms, critical subpackets, asymmetric
algorithms, symmetric algorithms, AEAD algorithms, and packet
tags).
- See #941.
|
|
- It is sometimes useful to iterate over all variants of a
given enum.
- Add the `variants` method to AsymmetricAlgorithm
`PublicKeyAlgorithm`, `SymmetricAlgorithm`, `AEADAlgorithm`,
`CompressionAlgorithm`, `HashAlgorithm`, `SignatureType`,
`ReasonForRevocation`, `DataFormat`, `packet::Tag`, and
`SubpacketTag` to do this.
|
|
- RFC 4880 explicitly allows the use of v3 signatures, but adds:
> Implementations SHOULD accept V3 signatures. Implementations
> SHOULD generate V4 signatures.
- In practice, rpm-based distributions are generating v3 signatures,
and it will be awhile before we can actually stop supporting them.
https://bugzilla.redhat.com/show_bug.cgi?id=2141686#c20
- Add support for parsing, verifying, and serializing v3
signatures (but not v3 certificates, and not generating v3
signatures!).
|
|
- `HashAlgorithm`, `SubpacketTag`, `SymmetricAlgorithm`,
`AEADAlgorithm`, and `packet::Tag` implement `PartialEq`, `Eq`, and
`Copy`. Change `AsymmetricAlgorithm` to also implement those
traits.
- In addition to the aesthetic motivation, having the same interface
simplifies using all of these types with the same macro.
|
|
- Expose `oid()` function for all cryptographic backends.
- Fix the description to accurately describe the bytes that are being
returned.
- Add the reference and note to the common use of this function.
- Add practical example of computing the entire `DigestInfo`
structure.
- Add mention of the change to the NEWS file.
- Add test case to check if the values match what Nettle is using.
- Fixes #919.
|
|
- This is the AES Key Wrap algorithm described in RFC 3394. It is
used in OpenPGP's ECDH, but has uses besides that (for example,
the gpg-agent uses it to wrap keys in transit).
|
|
- Add `KeyBuilder` and `SubkeyBuilder` for creating a key, and
attaching a subkey to a certificate.
- See #483.
|
|
- Cert::insert_packets2 is a variant of Cert::insert_packets that
returns whether the certificate actually changed. Fixes #528.
- Cert::insert_packets_merge is a variant of Cert::insert_packets2
that allows one to control how duplicate packets are handled.
Fixes #494.
|
|
- Long names are still supported using the alternate format specifier.
- Update NEWS file.
- Fixes #803.
|
|
- Convert `encrypted` to `processed`.
- Since `set_encrypted` is internal API it was directly renamed without
forwarder stub.
- `encrypted()` is public API thus the old function is converted to a
forwarder of the negation of `processed()`.
- `unprocessed()` marked as deprecated.
- Update docs and NEWS file.
- Fixes #845.
|
|
- Deprecate the enum variant in preparation for v2 removal to let API
clients adjust their code as early as possible.
- Update NEWS.
- See #863.
|
|
- In contrast to UnsupportedCert, this variant carries all the
packets that we failed to parse into a cert. Notably, this
includes primary keys that we don't understand. Keeping the
packets with the errors allows us to at least roundtrip the
packets.
|
|
|
|
|
|
|
|
- See #812.
|
|
- Rename `iv_size` to `nonce_size`.
- Introduce `iv_size` that forwards to `nonce_size` for compatibility
reasons.
- Change all calls to `iv_size` to `nonce_size`.
|
|
- This returns a short, human-readable description of the
cryptographic backend for use in version strings to improve bug
reports.
- Fixes #818.
|
|
- Fixes #794.
|
|
|
|
- Do this using a deprecation so that anyone using it will get a
compiler warning.
- Revert this change once message::Token is private.
- See #836.
|
|
|
|
|
|
- Add `SignatureBuilder::effective_signature_creation_time` to
return the signature creation time that would be used were a
signature generated now.
|
|
- When using a `SignatureBuilder`, sometimes the default time should
not be now, but some specific reference time.
- Expose `SignatureBuilder::set_reference_time`, an interface to set
a `SignatureBuilder`'s reference time.
|
|
|
|
- Supporting v5 fingerprints is important so that we can process
signature subpackets containing them, even if we don't yet support
any v5 formats. Consider being part of a group of recipients
where one of the recipients has a v5 key: then, the intended
recipient fingerprint subpacket contains a v5 fingerprint for that
v5 recipient. See also #820.
|
|
- Add missing NEWS entry, drop documentation comments from trait
implementation.
- Fixes de8fab8d1b74fa87d3c20d7a2b9e49aea929e6ea.
|
|
- Rust 1.56.0 is affected by CVE-2021-42574, which is addressed in
1.56.1.
|
|
- Fixes #570.
|
|
|
|
|
|
- Closes #476.
|
|
|
|
- This adds a cryptographic backend based on the RustCrypto crates.
The backend is marked as experimental, as the RustCrypto crates'
authors state that they have not been audited and may not perform
computations in constant time. Nevertheless, it may be useful in
certain environments, e.g. WebAssembly.
- The backend implements RSA, EdDSA and ECDH over Curve25519, IDEA,
3DES, CAST5, Blowfish, AES, Twofish, EAX, MD5, SHA1, RipeMD160, and
the SHA2 family.
- Notably missing are DSA, ElGamal, and ECDSA and ECDH over the NIST
curves.
- See #333.
|
|
- Cryptographic values are often expected to have a certain size.
Handling this is repetitive and error prone.
- This is especially problematic because MPI-encoding strips leading
zero bytes. Introduce two methods for that purpose.
- Fixes #759.
|
|
|
|
- Make sure that chunk sizes are between 64B and 4MiB.
- Fixes a DoS resulting from unconstrained, attacker-controlled heap
allocations.
- Fixes #738.
|
|
|