Age | Commit message (Collapse) | Author |
|
|
|
- Previously, we transformed data and detached signatures into
signed messages on the fly, then used the streaming Verifier to
verify the message. However, this introduces a nontrivial
overhead, even if unnecessary copies are carefully avoided.
- Instead, specialize the streaming Decryptor to handle detached
signatures. use crypto::hash_buffered_reader to compute the
hashes over the data, then attach the computed signatures to the
signature packets, and use Decryptor's verification machinery.
- While this is arguably less elegant, it is much simpler, and a lot
faster. Notably, if we operate on files and can mmap them into
memory, we can compute the hash in one call to the compression
function. Verification of detached signatures is an important use
case, so this speedup outweighs the loss of elegance.
- Fixes #457.
|
|
- Replace all usages of `to_hex` with formatting string with :X
specifier.
- Fixes #456.
|
|
- Use the anyhow crate instead of failure to implement the dynamic
side of our error handling. anyhow::Error derefs to dyn
std::error::Error, allowing better interoperability with other
stdlib-based error handling libraries.
- Fixes #444.
|
|
|
|
- In caa8e0df, we relaxed the dependency on colored as a way to more
flexibly constrain the MSRV. But colored was a transitive
dependency in the first place, and we wouldn't have required any
specific version of it if it wasn't present. We can let the
intermediate dependencies be responsible for the preferred minimum
version, rather than explicitly declaring it ourselves.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
- Add `openpgp/src/cert/prelude.rs` to import most types and traits
related to certificates.
- Use it instead of using the types and traits individually.
|
|
- Split the ValidAmalgamation trait into two traits, Amalgamation
and ValidAmalgamation, so that the functionality made available by
the Amalgamation trait can be provided by a ComponentAmalgamation,
which doesn't have a policy.
|
|
- In eaaaf33dc15df65a7d34b9f436080e49f30f9715, colored was fixed to
1.9.1 "to keep our MSRV stable" presumably because 1.9.2 bumped
the version of rustc required. However, older versions of colored
still work to build. This was tested on debian, which today has
1.6.1. It's possible that even earlier versions of colored work
as well, but this is all I've tested.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
- Split VerificationResult into Result<GoodChecksum,
VerificationError>.
- Fixes #416.
|
|
|
|
|
|
- All the trace messages are gone except for the summary.
|
|
- This improves usability, e.g. when copy&pasting.
- Fixes #422.
|
|
- Change all functions that need to evaluate the validity of a
signature (either directly or indirectly to take a policy object.
- Use the policy object to allow the user to place additional
constraints on a signature's validity.
- This addresses the first half of #274 (it introduces the policy
object, but does not yet implement any policy).
|
|
|
|
- sqv implements the same functionality as streaming verifier. Use
that instead of reimplementing it.
|
|
- Add the option `--time` to the `sign` and `encrypt` subcommands to
allow the user to set the signature's creation time.
- Use the value of this option to select the signing keys.
|
|
- Don't match on "predates" in stderr. If the signing key is
selected using the signature's creation time, the key selection
will fail, possibly producing a different error message.
|
|
|
|
- The current PartialOrd and PartialEq implementations for
KeyHandles considers KeyIDs and Fingerprints to not be equal.
Since most users of this interface expect key identifiers to be
interchangeable, this means that they have to pull KeyHandles
apart when comparing them, like this:
match (a, b) {
(KeyHandle::Fingerprint(a),
KeyHandle::Fingerprint(b)) => a == b,
(KeyHandle::Fingerprint(a),
KeyHandle::KeyID(b)) => a.keyid() == b,
...
}
This is unergonomic, and easy to forget to do.
- The obvious fix would be to change the PartialOrd and PartialEq
implementations to do this for the user. Unfortunately, this is
not possible, because they must be transitive and two
fingerprints (a and b) maybe different but have the same keyid.
That is, the following is possible:
a == keyid, b == keyid, but a != b
That makes this comparison function non-transitive and
inappropriate for the PartialOrd and PartialEq traits.
- Nevertheless, we can implement PartialOrd and PartialEq and return
None when a keyid and a fingerprint match. (A consequence of this
is that KeyHandle can no longer implement Eq or Ord.) This
prevents users of this interface from naively comparing
KeyHandles.
- Using this interface, we provide the desired, non-transitive,
comparison function via a method (KeyHandle::aliases).
- This change means that a `KeyHandle` can no longer be used as a
Key in a HashMap. In these cases, we instead use a vector.
- Fixes #412.
|
|
- Including the reference time in the KeyAmalgamation structure
rather than having the user supply it to the individual
methods (like `KeyAmalgamation::alive`) helps ensure that the key
is used consistent. For instance, this makes it harder to
mistakenly query key's liveness at time t, but then use the
current time to determine the key's capabilities.
|
|
- KeyIter::revoked and KeyIter::key_flags (and its variants) didn't
take a time stamp so they could only be used for filtering keys
based on their current state, not their state at some time in the
past. Adding a time stamp to each of the filters would have fixed
the problem, but it would have made the interface ugly: callers
always want the same time stamp for all filters.
- Split KeyIter into two structures: a KeyIter and a ValidKeyIter.
- Add KeyIter::policy. It takes a time stamp, which is then used
for filters like `alive` and `revoked`, and it returns a
ValidKeyIter, which exposes filters that require a time stamp.
|
|
|
|
- The context knows the algorithm now.
|
|
|
|
- Cert::keys_valid() is just a short-cut for
Cert::keys_all().alive().revoked(false).
- Remove Cert::keys_valid() and rename Cert::keys_all() to
Cert::keys().
|
|
- A tuple is just an unnamed, inflexible struct. Use a struct
instead.
- Fixes #400.
|
|
- The subpacket areas now have a vector of subpackets. Change some
accessors here and there to accommodate this.
- This requires bit-perfect roundtripping of subpackets so that
signatures are not invalidated.
- First step towards fixing #200.
|
|
- ISO 9801 is "Opthalmic instruments -- Trial case lenses", not
"Representation of dates and times"
- The commit log of 4b7457928f2d57bdb881a70c762db7d4359d541f
references ISO 6801, which is "Rubber or plastics hoses —
Determination of volumetric expansion", which is also supposed to
be 8601.
|
|
- Fixes #403.
|
|
- What the code called a "primary key binding" is actually a direct
key signature. Primary key bindings are signatures by
signing-capable subkeys over primary and subkey.
- See #402.
|
|
- Test all kinds of revocations, test signature that predates the
primary key. Same with a subkey.
|
|
- Fixes #44.
|
|
|
|
- The signature knows the hash algorithm.
|
|
- Backdate key creation time.
- Remove superfluous features subpacket from signatures.
- Check for "revoked" in stderr.
- Fix the code that created the artifacts, use common prefix for
filenames.
|
|
- Put all relevant certificates into a hash table indexed by all
keyhandles. Merge certificates once.
|
|
|
|
|
|
- Until sqv grows the ability to cerify JWS or CMS or other kinds of
signatures, we should be clear what it actually offers.
- This description is also ported to the debian packaging
information, so it shows up in apt listings, etc. Being more
descriptive will make the tool findable.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
- Fixes #359.
|
|
- See #359.
|
|
- Fixes #387.
|
|
- Remove Fingerprint::to_keyid, use From instead.
|
|
|
|
- Fixes #381.
|
|
- In sq and sqv, use chrono to interface with the user.
- Fixes #341.
|