-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve forward compatibility #442
Open
dkg
wants to merge
16
commits into
SecurityInnovation:master
Choose a base branch
from
dkg:compat-tests
base: master
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Commits on Jun 13, 2023
-
Tests: Check on forward-compatibility failures
These tests are pulled from the OpenPGP Interoperability Test Suite, in particular from those tests tagged "forward-compat": https://tests.sequoia-pgp.org/?q=forward-compat These failures make it difficult to use PGPy in an OpenPGP ecosystem that can evolve, because PGPy will complain about OpenPGP objects that contain something it doesn't understand, even though the rest of the message is otherwise comprehensible and usable. See Justus Winter's message to openpgp@ietf.org describing his concerns: https://mailarchive.ietf.org/arch/msg/openpgp/QUiEKx3PQeJOXnkcvvnuHpv739M I've selected specific examples that PGPy is known to currently fail with.
Configuration menu - View commit details
-
Copy full SHA for a3941e0 - Browse repository at this point
Copy the full SHA a3941e0View commit details
Commits on Jun 16, 2023
-
Configuration menu - View commit details
-
Copy full SHA for edd7e4f - Browse repository at this point
Copy the full SHA edd7e4fView commit details -
Configuration menu - View commit details
-
Copy full SHA for a01c66c - Browse repository at this point
Copy the full SHA a01c66cView commit details -
Configuration menu - View commit details
-
Copy full SHA for d38c069 - Browse repository at this point
Copy the full SHA d38c069View commit details
Commits on Jun 28, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 0e298a9 - Browse repository at this point
Copy the full SHA 0e298a9View commit details -
Add PGPSignatures object, representing bundled detached signatures
a PGPMessage object can contain more than one signature. Detached signatures should also be able to handle having more than one signature. https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-09.html#name-detached-signatures says: > These detached signatures are simply one or more Signature packets > stored separately from the data for which they are a signature. A PGPSignatures object makes the most sense to represent such a thing. Closes: SecurityInnovation#197
Configuration menu - View commit details
-
Copy full SHA for 692eafd - Browse repository at this point
Copy the full SHA 692eafdView commit details -
Configuration menu - View commit details
-
Copy full SHA for d9e1941 - Browse repository at this point
Copy the full SHA d9e1941View commit details -
Configuration menu - View commit details
-
Copy full SHA for eb9310a - Browse repository at this point
Copy the full SHA eb9310aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9d26b2e - Browse repository at this point
Copy the full SHA 9d26b2eView commit details -
Configuration menu - View commit details
-
Copy full SHA for cdb6347 - Browse repository at this point
Copy the full SHA cdb6347View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6d78d1b - Browse repository at this point
Copy the full SHA 6d78d1bView commit details -
Drop the use of pyasn1 for DSA/ECDSA signature translation
The cryptography module supports encoding and decoding these signatures directly, so no need for pyasn1 or the custom ASN1 decoder to translate between the OpenPGP format and the RFC 3279 format.
Configuration menu - View commit details
-
Copy full SHA for feb4506 - Browse repository at this point
Copy the full SHA feb4506View commit details -
Overhaul EllipticCurveOID (reduce dependencies)
OpenSSL 1.0.2 is ancient at this point -- Brainpool is part of the standard distribution. At any rate, we need 1.1.0 for X25519 and 1.1.1 for Ed25519. And python's cryptography module has supported Brainpool since version 2.2 (also ancient). Registering subclasses with the cryptography module is complicated across versions (see pyca/cryptography#7234 which removed register_interface), but we don't need any of that functionality as long as we depend on non-ancient modules. At the same time, we don't need pyasn1 any longer if we just treat the OID as a bytestring label. As this also drops all the shenanigans around cryptography.utils.register_interface, we can also say it Closes: SecurityInnovation#402
Configuration menu - View commit details
-
Copy full SHA for 23ea160 - Browse repository at this point
Copy the full SHA 23ea160View commit details -
Configuration menu - View commit details
-
Copy full SHA for a1b1947 - Browse repository at this point
Copy the full SHA a1b1947View commit details -
Configuration menu - View commit details
-
Copy full SHA for 522df3c - Browse repository at this point
Copy the full SHA 522df3cView commit details -
Configuration menu - View commit details
-
Copy full SHA for cee0467 - Browse repository at this point
Copy the full SHA cee0467View commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.