| Age | Commit message (Collapse) | Author |
|---|
|
|
|
- *S-Expressions* as described in the internet draft
[S-Expressions], are a way to communicate cryptographic primitives
like keys, signatures, and ciphertexts between agents or
implementations.
[S-Expressions]: https://people.csail.mit.edu/rivest/Sexp.txt
|
|
|
|
- With a1e226f8f1418de43e577fdaa1d087b68bbb09ae in place, we have a
more general way to add components to a TPK. Retire the current
`TSK` type and replace it with a thin shim that only allows
serialization of secret keys.
- Fixes #107.
|
|
|
|
|
|
- Fixes #243.
|
|
|
|
- For every file in openpgp/tests/data, parse it, and roundtrip each
packet.
- Fixes 243.
|
|
- Previously, the framing information was off by four bytes.
|
|
|
|
|
|
- The bingings support basic manipulation of OpenPGP data, but are
quite incomplete. Furthermore, the Python API is not very
pythonic in some places, so expect it to break in the future.
|
|
|
|
Revocation signatures only revoke earlier self-sigs, not signatures made
after the rev-sig.
|
|
- This adds a new packet type, and enough infrastructure to decrypt
messages encrypted using AEAD.
|
|
- When parsing a compression packet using an old-style indeterminate
length encoding, the parser is supposed to read until it
encounters a "natural" EOF (i.e., the end of the compressed data),
but the decompressor blindly buffers data, so it usually swallows
the MDC packet.
- Since we know the size of the MDC packet apriori, we can use a
BufferedReaderReserve to prevent it from being consumed by the
decompressor.
|
|
- Add the new files referenced in last commit (f260618), but not
committed.
|
|
- When we find signatures that are bad or unused, keep them around,
they might be useful when merging the TPK later on. This may
happen if we see a partial TPK. For instance, if we have a key
server that doesn't return user id packets, it should still return
any self-signatures on those user id packets to allow propagation
of revocation certificates, etc.
- Fixes #34.
|
|
- This behavior can be changed using a switch.
- Fixes #18.
|
|
|
|
- See #18.
|
|
- Outer signatures are over any inner signatures and the intervening
content. Since outer signatures are notarizations, they should
treat literal data packets the same way normal signatures (i.e.,
inner most signatures) do and ignore the filename, date,
etc. fields when hashing the content.
- Add a test vector for this, and an example that creates these
kinds of notarizations.
- Fixes #29.
|
|
|
|
- Fixes #43.
|
|
- ASCII Armor, designed to protect OpenPGP data in transit, has been
a source of problems if the armor structure is damaged. For
example, copying data manually from one program to another might
introduce or drop newlines.
- This change introduces a heuristic that simply tries to detect the
base64-encoded OpenPGP data. This way, if the framing is in any
way damaged, or even stripped, we can still recover the message.
- Fixes #40.
|
|
- Forgot to add test data in 2808fa2c.
|
|
- Fixes 67f8f4adb.
|
|
- When requesting more data, we need to add what we want to what we
got, not what we previously requested. Note that
`BufferedReader::data(n)` may return more than n bytes, so
requesting n+2 bytes may not return more than when requesting n
bytes.
|
|
|
|
Implements PKESK::decrypt(). Supports onlt RSA for now.
|
|
Adds a SecretKey type for holding (optionally encrypted) secret keys.
For now, secret keys are handled as TPKs.
|
|
|
|
- This implements verification of ECDSA signatures using the NIST
curves as specified in RFC6637.
|
|
|
|
- Add support for verifying primary key bindings, subkey bindings,
user id bindings, and user attribute bindings.
- When canonicalizing a TPK, check all self-signatures.
- If a self-signature does not verify, check whether it is out of
order. See https://dev.gnupg.org/T2236 for the motivation.
Guilhem reports: "Of the 100 keys with lowest MSD
http://pgp.cs.uu.nl/doc/top_1000.html, 27 have badly ordered
packets."
- Drop invalid self-signatures.
- Drop user ids / user attributes / subkeys without a valid
self-siganture.
|
|
|
|
|
|
|
|
- Handling OnePassSig packets in an unbuffered manner introduces a
layering violation: when we encounter a OnePassSig packet, we want
to push a HashedReader on the BufferedReader stack, but that is
popped when the readers associated with the OnePassSig are popped!
Thus, we need to introduce a bit of ugliness (OnePassSig::parse
needs to pop its readers and then push the HashedReader at the
high level). This is unfortunate, but it appears to be necessary.
- Hashing literal data packets is ugly! Only the content of a
literal data packet is hashed; neither the packet's headers, the
packet's meta-data nor the length information is included in the
hash. This, in particular, adds some ugliness to the
BufferedReaderPartialBodyFilter implementation: it needs to
disable hashing when decoding a literal data packet.
- This implementation has several limitations:
- We only handle a single level of Signature nesting. That is, we
don't support things like having two OnePassSig packets, both of
which have their 'last' bit set (meaning that the outer
signature is over the inner Signature and the content, not just
the content). If the parser encounters such a message, it
silently ignores the nesting. In practice, this functionality
is rarely used: GnuPG neither produces such messages nor does it
correctly handle them.
- Each OnePassSig packet pushes another HashedReader on the
BufferedReader stack. This can cause a stack overflow if there
are too many OnePassSig packets. Instead, there should only be
a single HashedReader per level of nesting, and the amount of
nesting must be limited.
- If there are multiple OnePassSig packets at a nesting level
using the same hash algorithm, we don't reuse hashes, because
Nettle doesn't currently support cloning hashes.
|
|
- Note: due to the way that we handle indeterminate length packets,
if the SEIP packet has an indeterminate length, then only the
first packet in the SEIP container will be parsed.
|
|
|
|
- This also adds s2k support.
|
|
- Switch to using nettle for low-level hash functionality.
- Add functionality for hasing UserID, UserAttribute, Key and
Signature packets.
- Add functionliaty to compute the hashes for primary key bindings,
subkey bindings, user id bindings and user attribute bindings.
|
|
- Improve the internal subpacket parsing mechanism.
- Add support for the remaining subpackets defined in RFC 4880.
- Improve documentation.
- Add much more thorough unit tests.
|
|
- We don't support version 3 packets (or any other version but
version 4). If we encounter a non-v4 key or non-v4 signature,
return an Unknown packet instead.
- Use Unknown::parse to return unknown packets.
|
|
- The store stores transferable public keys in a SQLite database.
It runs either in an external process, or is co-located in the
current process.
- The store provides any number of stores for each application,
identified by domain and name. Each store maps labels to TPKs.
- The store uses a unified pool of TPKs. In the future, this pool
is automatically kept up-to-date.
|
|
- This is trival now that the canonicalization routine does dedups.
- Add a few tests.
|
|
|
|
- Improve test documentation while we're at it.
|
