| Age | Commit message (Collapse) | Author |
|---|
|
|
|
- See #480.
|
|
- Returning rich errors from this function may compromise secret key
material due to Bleichenbacher-style attacks. Change the API to
prevent this.
- Hat tip to Hanno Böck.
- Fixes #507.
|
|
- Returning rich errors from this function may compromise secret key
material due to Bleichenbacher-style attacks. Change the API to
prevent this.
- Hat tip to Hanno Böck.
- See #507.
|
|
- See #498.
|
|
- See #498.
|
|
This reverts commit 2e1eec5fe4157a391a13554ff7df3075cfe043cc.
|
|
- Fixes #484.
|
|
- This avoids the partial implementation imitating
std::option::Option, replacing it with std::result::Result.
- As a benefit, std::result::Result is in the prelude, simplifying a
lot of parsing loops.
|
|
|
|
- `decrypted` implies that the packet was previously encrypted.
However, If we parse a signed-only message, the literal packet was
never encrypted. Provide the inverse predicate instead, which is
less misleading.
|
|
|
|
|
|
- If looking up a binding signature fails, don't merely return None,
but an Err(_) that explains the lookup failure. For example, a
binding signature may be present, but it may not meet the policy.
- Fixes #460.
|
|
- Use the anyhow crate instead of failure to implement the dynamic
side of our error handling. anyhow::Error derefs to dyn
std::error::Error, allowing better interoperability with other
stdlib-based error handling libraries.
- Fixes #444.
|
|
- We use marker traits to track with the type system if a Key has
secret key material attached. Previously, it was possible to
subvert that by taking the secret key material using
Key4::set_secret, creating a Key4<SecretParts, ..> without any
secrets.
- Related, the accessor functions returned an
Option<SecretKeyMaterial> even for Key4<SecretParts, ..>.
- Replace set_secret by add_secret and take_secret that also change
the Key's type accordingly. Make the accessors infallible if we
know we have a secret key, rename Key4<P, R>::secret to
Key4<P, R>::optional_secret to make the distinction clear.
- Fixes #435.
|
|
|
|
|
|
- Fixes #427.
|
|
- Change all functions that need to evaluate the validity of a
signature (either directly or indirectly to take a policy object.
- Use the policy object to allow the user to place additional
constraints on a signature's validity.
- This addresses the first half of #274 (it introduces the policy
object, but does not yet implement any policy).
|
|
|
|
- Fixes #414.
|
|
|
|
- Instead of passing MessageStructure to VerificationHelper::check
by reference, pass it by value.
- After calling VerificationHelper::check, it is dropped. Passing
it by value allows the caller to avoid some cloning.
|
|
- They can still be used as a convenience, but the documentation
will refer to them as their expanded counterparts.
- This makes the structure of they Key<_, _> type more visible.
|
|
- This allows us to get rid of another dependency that uses winapi
0.2, the last being mio 0.6 (0.7 is not yet released). In terms
of linkage we still should only link to what we use - no new
Windows API usage introduced here.
|
|
|
|
- These are low-level cryptographic traits that are not concerned
with the role of a key.
- Fixes #382.
|
|
- Fixes #359.
|
|
|
|
- Fixes #387.
|
|
- To that end, make VerificationHelper::get_public_keys take
KeyHandles for all the issuers.
|
|
- Remove Fingerprint::to_keyid, use From instead.
|
|
- Fixes #381.
|
|
Newer Rust compilers requre `dyn` marking trait objects.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
|
|
- The primary key is not a binding; it is a single component.
Thus, returning a ComponentBinding is misleading.
- Add methods to the TPK structure to return the direct signatures,
certifications, self revocations, and other revocations.
|
|
- Fixes #88.
|
|
- Change `TPK::primary_key_signature` and
`TPK::primary_key_signature_full` to take an additional parameter,
a time.
- Return the primary key signature at that time rather than the
newest primary key signature.
|
|
- Change ComponentBinding::binding_signature to take an optional
timestamp and return the self signature that is active at that
time.
|
|
|
|
- Decrypt encrypted keys in-place, so that we will never prompt
twice for the same key. Rework for clarity.
|
|
- In addition to providing some added protection, this allows us to
implement 'From<Key<_, _>> for Packet'.
|
|
|
|
- Also rename the `subkey` method to `key`.
|
|
- When the `SecretKey` type only refers to the secret key material
and not a TPK-like thing, call it `SecretKeyMaterial`.
|
|
- This is the result of running `cargo fix --edition`, with some
manual adjustments.
- The vast majority of changes merely qualify module paths with
'crate::'.
- Two instances of adding an anonymous pattern to a trait's
function.
- `async` is a keyword in Rust 2018, and hence it needs to be
escaped (e.g. in the case of the net::r#async module).
- The manual adjustments were needed due to various shortcomings of
the analysis employed by `cargo fix`, e.g. unexpanded macros,
procedural macros, lalrpop grammars.
|
|
- Try to decrypt all PKESKs, not just the first one.
|
|
|
|
- Fixes #100.
|
|
|
