Age | Commit message (Collapse) | Author |
|
- Since `set_features` requires ownership of `Features`, it should take
ownership rather than borrowing and cloning them.
See https://rust-lang.github.io/api-guidelines/flexibility.html#caller-decides-where-to-copy-and-place-data-c-caller-control .
- See #616.
|
|
- Make `generate_key` polymorphic over `AsRef<KeyFlags>`.
- Since `set_key_flags` requires ownership of the key flags, it should
take ownership rather than borrowing and cloning the them.
See https://rust-lang.github.io/api-guidelines/flexibility.html#caller-decides-where-to-copy-and-place-data-c-caller-control .
- See #616.
|
|
`key` parameter.
- Make sign_direct_key take Key of key::PublicParts.
- Simplify calling sign_direct_key by using Into.
- Allow passing None to sign_subkey_binding.
- Allow passing None to sign_userid_binding.
- Allow using None as key parameter.
- Improve docs mentioning new default for `pk`.
- `pk` set to `Option::None` will now default to signer's public key.
- Fixes #565.
|
|
- Secret key material is not authenticated by OpenPGP, so care must
be taken when merging certificates.
- Rename Cert::merge to Cert::merge_public_and_secret.
- Add new function Cert::merge_public. This function can be used to
merge certificates from untrusted sources as it ignores secret key
material that cannot be authenticated by OpenPGP.
- Fixes #584.
|
|
|
|
Closes #581.
|
|
|
|
|
|
- See #480.
|
|
|
|
|
|
Cargo features are inherently additive, which means that if:
- package A walts to build package C with features ABC,
- package B walts to build package C with features BCD,
the package C will be built with *both* ABC and BCD enabled.
There is currently no way to specify mutually exclusive features
and these have to be implemented using existing, additive, ones.
That's problematic for us, because currently the cryptographic
backend in sequoia-openpgp is selected globally at build-time and
thus at most one can be selected for the compilation to succeed.
It's worth noting that we can't use Cargo build scripts to emit
the `--cfg`-passing [directive] because it does *not* affect
Cargo's dependency resolution and that's needed in order to skip
unbuildable backends on certain OSes (e.g. nettle when using Windows MSVC ABI).
To allow for other local crates, most notably sequoia-openpgp-ffi, to
build with different backends, we expose and forward any features that
may be used by the crates they transitively depend on.
At the time of writing, these different features seem to be implemented:
- buffered-reader: compression support
- openpgp: compression support and cryptographic backend
- store: background-services feature
[directive](https://doc.rust-lang.org/cargo/reference/build-scripts.html#cargorustc-cfgkeyvalue)
|
|
|
|
|
|
- See #525.
|
|
|
|
- This also drops the implementation of PartialOrd since we did not
use it in the key selection after all.
- Fixes #525.
|
|
- Make dates more plausible, add userid to make certificates more
compatible.
|
|
- To support third-party direct key signatures (e.g., revocations),
change `SignatureBuilder::sign_direct_key` to take the key that is
being signed, and not assume that it is `signer::public`.
|
|
- When using the `SignatureBuilder`, the signature creation time and
issuer subpackets will be correctly set by default.
- Don't do it explicitly.
|
|
- Add explicit build-release and install targets.
- Explicitly build the crates.
- Move installation to the crate's Makefile.
- This allows building of Sequoia's individual parts, e.g. by using
'make -Copenpgp-ffi install'.
|
|
|
|
- See #498.
|
|
- Convert Cert::try_from(PacketPile::from(packets)) into
Cert::try_from(packets).
- Fixes #496.
|
|
- Drop `Cert::from_packet_pile`.
- Fixes #462.
|
|
- Rename all calls to `Builder` with `SignatureBuilder`.
- Fixes #481.
|
|
|
|
|
|
|
|
|
|
|
|
- Previously, we transformed data and detached signatures into
signed messages on the fly, then used the streaming Verifier to
verify the message. However, this introduces a nontrivial
overhead, even if unnecessary copies are carefully avoided.
- Instead, specialize the streaming Decryptor to handle detached
signatures. use crypto::hash_buffered_reader to compute the
hashes over the data, then attach the computed signatures to the
signature packets, and use Decryptor's verification machinery.
- While this is arguably less elegant, it is much simpler, and a lot
faster. Notably, if we operate on files and can mmap them into
memory, we can compute the hash in one call to the compression
function. Verification of detached signatures is an important use
case, so this speedup outweighs the loss of elegance.
- Fixes #457.
|
|
- Replace all usages of `to_hex` with formatting string with :X
specifier.
- Fixes #456.
|
|
- Use the anyhow crate instead of failure to implement the dynamic
side of our error handling. anyhow::Error derefs to dyn
std::error::Error, allowing better interoperability with other
stdlib-based error handling libraries.
- Fixes #444.
|
|
|
|
- In caa8e0df, we relaxed the dependency on colored as a way to more
flexibly constrain the MSRV. But colored was a transitive
dependency in the first place, and we wouldn't have required any
specific version of it if it wasn't present. We can let the
intermediate dependencies be responsible for the preferred minimum
version, rather than explicitly declaring it ourselves.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
- Add `openpgp/src/cert/prelude.rs` to import most types and traits
related to certificates.
- Use it instead of using the types and traits individually.
|
|
- Split the ValidAmalgamation trait into two traits, Amalgamation
and ValidAmalgamation, so that the functionality made available by
the Amalgamation trait can be provided by a ComponentAmalgamation,
which doesn't have a policy.
|
|
- In eaaaf33dc15df65a7d34b9f436080e49f30f9715, colored was fixed to
1.9.1 "to keep our MSRV stable" presumably because 1.9.2 bumped
the version of rustc required. However, older versions of colored
still work to build. This was tested on debian, which today has
1.6.1. It's possible that even earlier versions of colored work
as well, but this is all I've tested.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
- Split VerificationResult into Result<GoodChecksum,
VerificationError>.
- Fixes #416.
|
|
|
|
|
|
- All the trace messages are gone except for the summary.
|
|
- This improves usability, e.g. when copy&pasting.
- Fixes #422.
|
|
- Change all functions that need to evaluate the validity of a
signature (either directly or indirectly to take a policy object.
- Use the policy object to allow the user to place additional
constraints on a signature's validity.
- This addresses the first half of #274 (it introduces the policy
object, but does not yet implement any policy).
|
|
|
|
- sqv implements the same functionality as streaming verifier. Use
that instead of reimplementing it.
|
|
- Add the option `--time` to the `sign` and `encrypt` subcommands to
allow the user to set the signature's creation time.
- Use the value of this option to select the signing keys.
|
|
- Don't match on "predates" in stderr. If the signing key is
selected using the signature's creation time, the key selection
will fail, possibly producing a different error message.
|