-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
implement crypto-refresh-10 #455
base: master
Are you sure you want to change the base?
Commits on Jun 16, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 112f8f5 - Browse repository at this point
Copy the full SHA 112f8f5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 40aa017 - Browse repository at this point
Copy the full SHA 40aa017View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6da28fc - Browse repository at this point
Copy the full SHA 6da28fcView commit details -
Configuration menu - View commit details
-
Copy full SHA for a727188 - Browse repository at this point
Copy the full SHA a727188View commit details -
sopgpy: create wrapper that permits a closure to do operations with a…
… locked secret key
Configuration menu - View commit details
-
Copy full SHA for 28fc92f - Browse repository at this point
Copy the full SHA 28fc92fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6678af8 - Browse repository at this point
Copy the full SHA 6678af8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6210476 - Browse repository at this point
Copy the full SHA 6210476View commit details -
Configuration menu - View commit details
-
Copy full SHA for faf8f4e - Browse repository at this point
Copy the full SHA faf8f4eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 14d94b7 - Browse repository at this point
Copy the full SHA 14d94b7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 323b48f - Browse repository at this point
Copy the full SHA 323b48fView commit details -
Configuration menu - View commit details
-
Copy full SHA for b7c3192 - Browse repository at this point
Copy the full SHA b7c3192View commit details -
sopgpy generate-key: improve key password
See discussion at https://gitlab.com/sequoia-pgp/sequoia-sop/-/issues/17
Configuration menu - View commit details
-
Copy full SHA for 114321b - Browse repository at this point
Copy the full SHA 114321bView commit details -
sopgpy: move to PGPy 0.6.0 (sigsubj changes)
sigsubj objects have an "issues" bitfield, which follows the "Anna Karenina principle" instead of "verified" boolean.
Configuration menu - View commit details
-
Copy full SHA for 8272870 - Browse repository at this point
Copy the full SHA 8272870View commit details -
sopgpy: move to PGPy 0.6.0 (from_blob() behavior changes)
as of 0.6.0, from_blob() methods will return non-functioning objects rather than raising an error directly.
Configuration menu - View commit details
-
Copy full SHA for 34a35b8 - Browse repository at this point
Copy the full SHA 34a35b8View commit details -
Configuration menu - View commit details
-
Copy full SHA for be04b27 - Browse repository at this point
Copy the full SHA be04b27View commit details -
Configuration menu - View commit details
-
Copy full SHA for 70601fc - Browse repository at this point
Copy the full SHA 70601fcView commit details -
Configuration menu - View commit details
-
Copy full SHA for a2a0621 - Browse repository at this point
Copy the full SHA a2a0621View commit details -
Configuration menu - View commit details
-
Copy full SHA for 02bd731 - Browse repository at this point
Copy the full SHA 02bd731View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4127e47 - Browse repository at this point
Copy the full SHA 4127e47View commit details -
Configuration menu - View commit details
-
Copy full SHA for c3090f9 - Browse repository at this point
Copy the full SHA c3090f9View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8d071c8 - Browse repository at this point
Copy the full SHA 8d071c8View commit details -
Configuration menu - View commit details
-
Copy full SHA for d21c5de - Browse repository at this point
Copy the full SHA d21c5deView commit details -
OPSv3: get the "nested" flag right
"nested" semantically probably is meant to mean "another OPS packet follows". But the byte on the wire is defined as 0 means another OPS packet follows. Furthermore, the flags are set in the wrong way: before this commit, the code produced a series of OPS packets where the first packet had a different value for the flag than all subsequent ones. What we want is where all the flags *except* the last OPS packet (corresponding to the *first* Sig packet) are 0. See https://gitlab.com/sequoia-pgp/openpgp-interoperability-test-suite/-/issues/84
Configuration menu - View commit details
-
Copy full SHA for 773f39b - Browse repository at this point
Copy the full SHA 773f39bView commit details -
Add PGPSignatures object, representing bundled detached signatures
a PGPMessage object can contain more than one signature. Detached signatures should also be able to handle having more than one signature. https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-09.html#name-detached-signatures says: > These detached signatures are simply one or more Signature packets > stored separately from the data for which they are a signature. A PGPSignatures object makes the most sense to represent such a thing. Closes: SecurityInnovation#197
Configuration menu - View commit details
-
Copy full SHA for e0c2ba8 - Browse repository at this point
Copy the full SHA e0c2ba8View commit details -
Configuration menu - View commit details
-
Copy full SHA for f087339 - Browse repository at this point
Copy the full SHA f087339View commit details -
Configuration menu - View commit details
-
Copy full SHA for 37a741b - Browse repository at this point
Copy the full SHA 37a741bView commit details -
Configuration menu - View commit details
-
Copy full SHA for cbe16c5 - Browse repository at this point
Copy the full SHA cbe16c5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0aa4d68 - Browse repository at this point
Copy the full SHA 0aa4d68View commit details -
Configuration menu - View commit details
-
Copy full SHA for a01c66c - Browse repository at this point
Copy the full SHA a01c66cView commit details -
Configuration menu - View commit details
-
Copy full SHA for d38c069 - Browse repository at this point
Copy the full SHA d38c069View commit details
Commits on Jun 28, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 0e298a9 - Browse repository at this point
Copy the full SHA 0e298a9View commit details -
Add PGPSignatures object, representing bundled detached signatures
a PGPMessage object can contain more than one signature. Detached signatures should also be able to handle having more than one signature. https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-09.html#name-detached-signatures says: > These detached signatures are simply one or more Signature packets > stored separately from the data for which they are a signature. A PGPSignatures object makes the most sense to represent such a thing. Closes: SecurityInnovation#197
Configuration menu - View commit details
-
Copy full SHA for 692eafd - Browse repository at this point
Copy the full SHA 692eafdView commit details -
Configuration menu - View commit details
-
Copy full SHA for d9e1941 - Browse repository at this point
Copy the full SHA d9e1941View commit details -
Configuration menu - View commit details
-
Copy full SHA for eb9310a - Browse repository at this point
Copy the full SHA eb9310aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9d26b2e - Browse repository at this point
Copy the full SHA 9d26b2eView commit details -
Configuration menu - View commit details
-
Copy full SHA for cdb6347 - Browse repository at this point
Copy the full SHA cdb6347View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6d78d1b - Browse repository at this point
Copy the full SHA 6d78d1bView commit details -
Drop the use of pyasn1 for DSA/ECDSA signature translation
The cryptography module supports encoding and decoding these signatures directly, so no need for pyasn1 or the custom ASN1 decoder to translate between the OpenPGP format and the RFC 3279 format.
Configuration menu - View commit details
-
Copy full SHA for feb4506 - Browse repository at this point
Copy the full SHA feb4506View commit details -
Overhaul EllipticCurveOID (reduce dependencies)
OpenSSL 1.0.2 is ancient at this point -- Brainpool is part of the standard distribution. At any rate, we need 1.1.0 for X25519 and 1.1.1 for Ed25519. And python's cryptography module has supported Brainpool since version 2.2 (also ancient). Registering subclasses with the cryptography module is complicated across versions (see pyca/cryptography#7234 which removed register_interface), but we don't need any of that functionality as long as we depend on non-ancient modules. At the same time, we don't need pyasn1 any longer if we just treat the OID as a bytestring label. As this also drops all the shenanigans around cryptography.utils.register_interface, we can also say it Closes: SecurityInnovation#402
Configuration menu - View commit details
-
Copy full SHA for 23ea160 - Browse repository at this point
Copy the full SHA 23ea160View commit details -
Configuration menu - View commit details
-
Copy full SHA for a1b1947 - Browse repository at this point
Copy the full SHA a1b1947View commit details -
Configuration menu - View commit details
-
Copy full SHA for 522df3c - Browse repository at this point
Copy the full SHA 522df3cView commit details -
Configuration menu - View commit details
-
Copy full SHA for cee0467 - Browse repository at this point
Copy the full SHA cee0467View commit details -
Avoid spurious CryptographyDeprecationWarning
If someone actually wants to use IDEA, CAST5, or Blowfish, we want to see the CryptographyDeprecationWarning objects emitted by cryptography.hazmat.primitives.ciphers. But if we're just looking up a non-deprecated cipher we should just return it directly. This avoids the following kinds of warnings: pgpy/pgpy/constants.py:191: CryptographyDeprecationWarning: IDEA has been deprecated bs = {SymmetricKeyAlgorithm.IDEA: algorithms.IDEA, pgpy/pgpy/constants.py:193: CryptographyDeprecationWarning: CAST5 has been deprecated SymmetricKeyAlgorithm.CAST5: algorithms.CAST5, pgpy/pgpy/constants.py:194: CryptographyDeprecationWarning: Blowfish has been deprecated SymmetricKeyAlgorithm.Blowfish: algorithms.Blowfish,
Configuration menu - View commit details
-
Copy full SHA for ba04c11 - Browse repository at this point
Copy the full SHA ba04c11View commit details -
Fix test: ensure that deprecation warnings don't interfere with test …
…suite Once CAST5 is deprecated, a deprecation warning might arise in addition to the warnings about already-protected secret keys might not be the first warning. Instead, we have the test look through the warnings and validate the content of any matching warning.
Configuration menu - View commit details
-
Copy full SHA for fb885e6 - Browse repository at this point
Copy the full SHA fb885e6View commit details -
imghdr is deprecated and will be removed in python 3.13 (see https://peps.python.org/pep-0594/#imghdr) The relevant code in imghdr is just: ``` def test_jpeg(h, f): """JPEG data with JFIF or Exif markers; and raw JPEG""" if h[6:10] in (b'JFIF', b'Exif'): return 'jpeg' elif h[:4] == b'\xff\xd8\xff\xdb': return 'jpeg' ``` So we transplant it directly
Configuration menu - View commit details
-
Copy full SHA for 221a1f1 - Browse repository at this point
Copy the full SHA 221a1f1View commit details -
Merge branches 'dont-encrypt-plaintext', 'avoid-naive-datetime', 'cry…
…ptography-deprecations', 'drop-unused-test', 'drop-imghdr', 'cleanup-registrations', 'fix-aliased-function', 'drop-mistaken-sbs' and 'fix-ops-nested-flag', remote-tracking branches 'ktdreyer/rm-six', 'KOLANICH/modernize' and 'janmojzis/master' into dkg/overhaul
Configuration menu - View commit details
-
Copy full SHA for 3227a57 - Browse repository at this point
Copy the full SHA 3227a57View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3150ef4 - Browse repository at this point
Copy the full SHA 3150ef4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 98b69c2 - Browse repository at this point
Copy the full SHA 98b69c2View commit details
Commits on Jul 11, 2023
-
PGPKey.from_file,from_blob: Drop failed filtering of keyid mapping
This appears to have been introduced in 38a4f9f nearly 9 years ago, but it doesn't look like it ever worked. It's not clear to me why this index of keys by key ID is returned at all in these functions, but since September 2014 (v0.3.0) the index has always returned the key ID of the primary key anyway. There are a few things broken in this particular line: - the use of `~` if `fingerprint.keyid` doesn't work for some reason: that won't match anything. - and, None gets passed as the second object in the tuple, but the second object should be either True or False. Rather than try to salvage something that i don't understand in the first place, i figure it's better to drop it and acknowledge the status quo.
Configuration menu - View commit details
-
Copy full SHA for efa2fed - Browse repository at this point
Copy the full SHA efa2fedView commit details
Commits on Jul 13, 2023
-
Configuration menu - View commit details
-
Copy full SHA for d2dda7d - Browse repository at this point
Copy the full SHA d2dda7dView commit details -
Configuration menu - View commit details
-
Copy full SHA for fd128d6 - Browse repository at this point
Copy the full SHA fd128d6View commit details -
drop __nonzero__ -- 3.x uses __bool__
(see https://stackoverflow.com/questions/8205558/defining-boolness-of-a-class-in-python for discussion)
Configuration menu - View commit details
-
Copy full SHA for 55c2ad4 - Browse repository at this point
Copy the full SHA 55c2ad4View commit details -
drop double export of fingerprint
This was introduced (accidentally, i think) in 9ce9ad14ad553304b0f064a8b9e6a929b7527931
Configuration menu - View commit details
-
Copy full SHA for 0863a7b - Browse repository at this point
Copy the full SHA 0863a7bView commit details -
use functools.singledispatch instead of singledispatch
functools.singledispatch was made available in Python 3.4
Configuration menu - View commit details
-
Copy full SHA for 604772d - Browse repository at this point
Copy the full SHA 604772dView commit details -
Configuration menu - View commit details
-
Copy full SHA for bdcf97e - Browse repository at this point
Copy the full SHA bdcf97eView commit details -
Rename _encrypt and _decrypt to _cfb_encrypt and _cfb_decrypt
This sets the stage to distinguish CFB from AEAD
Configuration menu - View commit details
-
Copy full SHA for 0fc8fd0 - Browse repository at this point
Copy the full SHA 0fc8fd0View commit details -
PGPKey.encrypt: enumerate optional arguments and type signatures
using a keyword hash that only pulls out one particular keyword is a recipe for API abuse. better to declare the function arguments explicitly.
Configuration menu - View commit details
-
Copy full SHA for 98718cd - Browse repository at this point
Copy the full SHA 98718cdView commit details -
Configuration menu - View commit details
-
Copy full SHA for cb2e080 - Browse repository at this point
Copy the full SHA cb2e080View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1f158e8 - Browse repository at this point
Copy the full SHA 1f158e8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 34ee5d0 - Browse repository at this point
Copy the full SHA 34ee5d0View commit details -
PKESK: make dynamic arguments lists instead of tuples
This keeps the types consistent for typechecking. Otherwise, we see errors complaining that decargs and encargs have different types depending on which codepath is followed.
Configuration menu - View commit details
-
Copy full SHA for b1c0e6e - Browse repository at this point
Copy the full SHA b1c0e6eView commit details -
Configuration menu - View commit details
-
Copy full SHA for ef038aa - Browse repository at this point
Copy the full SHA ef038aaView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6565828 - Browse repository at this point
Copy the full SHA 6565828View commit details -
Configuration menu - View commit details
-
Copy full SHA for 996c00e - Browse repository at this point
Copy the full SHA 996c00eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 2b906eb - Browse repository at this point
Copy the full SHA 2b906ebView commit details -
declare FlagList and ByteFlag types as None or some type
it might be nicer to specify the allowed category of __flags__ in more details, but i do not know how to do that
Configuration menu - View commit details
-
Copy full SHA for 6c372b3 - Browse repository at this point
Copy the full SHA 6c372b3View commit details -
Tell the typechecker that MPIs, PrivKey, and PubKey can all use varia…
…ble-length Tuples
Configuration menu - View commit details
-
Copy full SHA for 0d1339d - Browse repository at this point
Copy the full SHA 0d1339dView commit details -
Use the standard name for a namedtuple to satisfy the typechecker
Without this, mypy complains: error: First argument to namedtuple() should be "_reason_for_revocation", not "ReasonForRevocation" [name-match]
Configuration menu - View commit details
-
Copy full SHA for de8b582 - Browse repository at this point
Copy the full SHA de8b582View commit details -
Configuration menu - View commit details
-
Copy full SHA for ef04603 - Browse repository at this point
Copy the full SHA ef04603View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2df15a0 - Browse repository at this point
Copy the full SHA 2df15a0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 77c89ea - Browse repository at this point
Copy the full SHA 77c89eaView commit details -
Configuration menu - View commit details
-
Copy full SHA for ef0cb79 - Browse repository at this point
Copy the full SHA ef0cb79View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7c63a6c - Browse repository at this point
Copy the full SHA 7c63a6cView commit details -
Configuration menu - View commit details
-
Copy full SHA for bbac9e8 - Browse repository at this point
Copy the full SHA bbac9e8View commit details -
Armorable.ascii_unarmor: clean up type signatures
The return object from this function is a bit fuzzy, and might be better created as an explicit object, rather than a dict. But for now, at least keep the type definitions reasonable.
Configuration menu - View commit details
-
Copy full SHA for 56a3dbb - Browse repository at this point
Copy the full SHA 56a3dbbView commit details -
Packet() constructor is safe due to MetaDispatchable, despite Packet …
…itself being abstrct
Configuration menu - View commit details
-
Copy full SHA for b93a2b7 - Browse repository at this point
Copy the full SHA b93a2b7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9002f31 - Browse repository at this point
Copy the full SHA 9002f31View commit details -
Configuration menu - View commit details
-
Copy full SHA for ea28e87 - Browse repository at this point
Copy the full SHA ea28e87View commit details -
Configuration menu - View commit details
-
Copy full SHA for cb6a764 - Browse repository at this point
Copy the full SHA cb6a764View commit details -
Configuration menu - View commit details
-
Copy full SHA for b72e316 - Browse repository at this point
Copy the full SHA b72e316View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2f06397 - Browse repository at this point
Copy the full SHA 2f06397View commit details -
clarify when a key must have a UID
(the earlier arrangement of the comment was unclear, logic has not changed)
Configuration menu - View commit details
-
Copy full SHA for 62eee3e - Browse repository at this point
Copy the full SHA 62eee3eView commit details -
drop Backend enum and corresponding default_backend() calls
Python's cryptography module is just going to use the default backend. There was never really any affordance in the PGPy API to select a different backend anyway, so we can just drop it as a simplification.
Configuration menu - View commit details
-
Copy full SHA for 0d6ec16 - Browse repository at this point
Copy the full SHA 0d6ec16View commit details -
Configuration menu - View commit details
-
Copy full SHA for b4e87f3 - Browse repository at this point
Copy the full SHA b4e87f3View commit details -
Add named S2KUsage enum, in alignment with the new registry in crypto…
…-refresh There should be no substantive change here, just making the text easier to read
Configuration menu - View commit details
-
Copy full SHA for d7acaeb - Browse repository at this point
Copy the full SHA d7acaebView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8b326f2 - Browse repository at this point
Copy the full SHA 8b326f2View commit details -
Fingerprint: learn its version explicitly
This means we also adjust the IssuerFingerprint and IntendedRecipients subpackets to just expose a fingerprint.
Configuration menu - View commit details
-
Copy full SHA for 88784cb - Browse repository at this point
Copy the full SHA 88784cbView commit details -
We leave one use of hashlib in the tests, but all cryptographic digests in the running code get pulled from the cryptography module.
Configuration menu - View commit details
-
Copy full SHA for cdc4799 - Browse repository at this point
Copy the full SHA cdc4799View commit details -
Move make_onepass to Signature packets
we keep PGPSignature.make_onepass to avoid an API change, but the logic of how to generate an OPS belongs in the Signature packet itself anyway.
Configuration menu - View commit details
-
Copy full SHA for 1cd7a38 - Browse repository at this point
Copy the full SHA 1cd7a38View commit details -
Configuration menu - View commit details
-
Copy full SHA for 878bc48 - Browse repository at this point
Copy the full SHA 878bc48View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6e225cd - Browse repository at this point
Copy the full SHA 6e225cdView commit details -
Overhaul dispatch mechanism to use Enums instead of ints
This gives clearer semantics to any reader, and puts the mappings of magic numbers all in pgpy/constants.py instead of scattered throughout the codebase. It also improves type annotation coverage.
Configuration menu - View commit details
-
Copy full SHA for 0bd8c1a - Browse repository at this point
Copy the full SHA 0bd8c1aView commit details -
Drop check for __typeid__.__abstractmethod__
this was introduced in 12d085a and it's not clear why it needs to be there. __typeid__ is typically an Optional[int] (or Optional[IntEnum]), so i can't tell what this check would prevent
Configuration menu - View commit details
-
Copy full SHA for 86aa055 - Browse repository at this point
Copy the full SHA 86aa055View commit details -
Consolidate fingerprint-bearing subpackets
IntendedRecipient and IssuerFingerprint subpackets have the same wire formats, just different semantics. Consolidate the codebase here. Note that a freshly-created subpacket like this will emit an all-zeros fingerprint if you ask it for one, but will refuse to render itself into a wireformat.
Configuration menu - View commit details
-
Copy full SHA for 64630b4 - Browse repository at this point
Copy the full SHA 64630b4View commit details -
place KeyFlags ("usage") subpacket in order with other subpackets
placing subpackets in ascending order of subpacket id makes PGPy-generated certificates and signatures less distinguishable from other implementations.
Configuration menu - View commit details
-
Copy full SHA for e3691ae - Browse repository at this point
Copy the full SHA e3691aeView commit details -
Allow the user to explicitly set
features
flagsThis permits generation of packets that advertise support that PGPy can't provide so it's dangerous to use.
Configuration menu - View commit details
-
Copy full SHA for 72b77fe - Browse repository at this point
Copy the full SHA 72b77feView commit details -
Configuration menu - View commit details
-
Copy full SHA for 1fe2a14 - Browse repository at this point
Copy the full SHA 1fe2a14View commit details -
When adding a subpacket to the hashed region, remove it from unhashed
If we're signing specific subpacket content, there's no reason to include the same subpacket in the unhashed area; and if the content disagrees, there's no reason why any implementation should prefer the unhashed data over the hashed data.
Configuration menu - View commit details
-
Copy full SHA for a2c1317 - Browse repository at this point
Copy the full SHA a2c1317View commit details -
Configuration menu - View commit details
-
Copy full SHA for ff345c1 - Browse repository at this point
Copy the full SHA ff345c1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3efde16 - Browse repository at this point
Copy the full SHA 3efde16View commit details -
Configuration menu - View commit details
-
Copy full SHA for 717d240 - Browse repository at this point
Copy the full SHA 717d240View commit details -
Configuration menu - View commit details
-
Copy full SHA for fb318ab - Browse repository at this point
Copy the full SHA fb318abView commit details -
when algorithm IDs don't need MPIs, enable a different way to emit them.
This sets the stage for newer pubkey algorithms that don't use the MPI wire format construct.
Configuration menu - View commit details
-
Copy full SHA for bb17b59 - Browse repository at this point
Copy the full SHA bb17b59View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7b83b7e - Browse repository at this point
Copy the full SHA 7b83b7eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5755e6d - Browse repository at this point
Copy the full SHA 5755e6dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 43db15b - Browse repository at this point
Copy the full SHA 43db15bView commit details -
Short IDs are only 32-bits long. They are cheap to brute force, while still being unintelligible and difficult to transcribe correctly for humans.
Configuration menu - View commit details
-
Copy full SHA for 5ed3fc4 - Browse repository at this point
Copy the full SHA 5ed3fc4View commit details -
Configuration menu - View commit details
-
Copy full SHA for dad51bb - Browse repository at this point
Copy the full SHA dad51bbView commit details -
https://datatracker.ietf.org/doc/html/rfc4880#section-3.7.2.1 says: > These are followed by an Initial Vector of the same length as the > block size of the cipher for the decryption of the secret values, if > they are encrypted, and then the secret-key values themselves. But the test used a uniform IV of length 8 -- this corrects the test.
Configuration menu - View commit details
-
Copy full SHA for 7204a64 - Browse repository at this point
Copy the full SHA 7204a64View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4c364ab - Browse repository at this point
Copy the full SHA 4c364abView commit details -
Configuration menu - View commit details
-
Copy full SHA for 3c2d0af - Browse repository at this point
Copy the full SHA 3c2d0afView commit details -
Configuration menu - View commit details
-
Copy full SHA for a1b918a - Browse repository at this point
Copy the full SHA a1b918aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 1b9dc5e - Browse repository at this point
Copy the full SHA 1b9dc5eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 066454f - Browse repository at this point
Copy the full SHA 066454fView commit details -
Configuration menu - View commit details
-
Copy full SHA for ad533fd - Browse repository at this point
Copy the full SHA ad533fdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 109ecf1 - Browse repository at this point
Copy the full SHA 109ecf1View commit details -
Configuration menu - View commit details
-
Copy full SHA for a3b9526 - Browse repository at this point
Copy the full SHA a3b9526View commit details -
Configuration menu - View commit details
-
Copy full SHA for 00d26e4 - Browse repository at this point
Copy the full SHA 00d26e4View commit details -
FingerprintDict: add an OrderedDict that is indexed by fingerprint, b…
…ut whose values can also be reached by KeyID
Configuration menu - View commit details
-
Copy full SHA for 2110404 - Browse repository at this point
Copy the full SHA 2110404View commit details -
Configuration menu - View commit details
-
Copy full SHA for 026c7b9 - Browse repository at this point
Copy the full SHA 026c7b9View commit details -
PGPKey.subkeys now returns a FingerprintDict (API change)
This allows subkey selection by Fingerprint as well as Key ID We use the FingerprintDict more efficiently, and we also define issuer_matches and signing_subkey for simplicity. PGPKey.decrypt now also can find the correct key/subkey even if the PKESK is identified by fingerprint.
Configuration menu - View commit details
-
Copy full SHA for af3436e - Browse repository at this point
Copy the full SHA af3436eView commit details -
PGPSignature API change: keyserver,policy_uri return None if no subpa…
…cket present This is a change in the API to more accurately reflect what is happening in a signature. It's possible to have a subpacket that contains the empty string, and this allows a consumer to distinguish between the two cases.
Configuration menu - View commit details
-
Copy full SHA for 82f1bdb - Browse repository at this point
Copy the full SHA 82f1bdbView commit details -
API change: Drop FlagEnum, use enum.IntFlag
For features, keyserverprefs, and key_flags, we also now return a simple IntFlags object (not a set), and None when no corresponding subpacket is present.
Configuration menu - View commit details
-
Copy full SHA for 4840a2a - Browse repository at this point
Copy the full SHA 4840a2aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 87afd8e - Browse repository at this point
Copy the full SHA 87afd8eView commit details -
String2Key: break out S2KSpecifier as an independent subfield
This is useful because the S2KSpecifier will be reused in several different places during implementation of the crypto refresh, witho ut the usage octet, the IV, or the encryption algorithm identifier. This also paves the way for a simpler addition of other S2K types (including Argon2)
Configuration menu - View commit details
-
Copy full SHA for 42b5b26 - Browse repository at this point
Copy the full SHA 42b5b26View commit details -
PGPKey.protect: do not require explicit algorithm specification
users shouldn't need to choose an algorithm, there should just be sane choices. We allow the user to provide arguments to avoid an API change.
Configuration menu - View commit details
-
Copy full SHA for 1950a97 - Browse repository at this point
Copy the full SHA 1950a97View commit details -
Configuration menu - View commit details
-
Copy full SHA for 349f6b6 - Browse repository at this point
Copy the full SHA 349f6b6View commit details -
Allow passing through a full S2K when protecting a secret key
This gives the user more control if they want to control how the encrypted blob works, while deferring to the S2KSpecifier interface. We copy the S2K Specifier upon reciept, so that if the s2k specifier changes later, it doesn't sneakily get changed here too.
Configuration menu - View commit details
-
Copy full SHA for b47fe1c - Browse repository at this point
Copy the full SHA b47fe1cView commit details -
PGPKey.protect: allow user to pass in list of IVs
enables creation of reproducible results, not for standard use.
Configuration menu - View commit details
-
Copy full SHA for dacb09b - Browse repository at this point
Copy the full SHA dacb09bView commit details -
Normalize searching for preferences (API change)
- a selfsig *without* a preferences subpacket (no preference stated) is different from a selfsig with an empty preferences subpacket (a stated preference for the MTI algorithm) - given the complications around deciding between multiple selfsigs with different preferences, we might want to skip a selfsig with no preference stated, but terminate on a selfsig with a stated preference, even if it is empty - use a generator to walk the list of selfsigs that might have legitimately-stated preferences This includes a subtle API change (preferences properties can now return None as distinct from an empty list), but i think it's necessary to do the right thing here. Tests are adjusted to match the new behavior as well.
Configuration menu - View commit details
-
Copy full SHA for 596eb3e - Browse repository at this point
Copy the full SHA 596eb3eView commit details -
Configuration menu - View commit details
-
Copy full SHA for c771653 - Browse repository at this point
Copy the full SHA c771653View commit details -
Enable explicitly setting the IV when encrypting SEIPDv1
This makes it easier to generate deterministic test vectors from PGPy, but *SHOULD NOT* be used in regular operations.
Configuration menu - View commit details
-
Copy full SHA for b9b1c1f - Browse repository at this point
Copy the full SHA b9b1c1fView commit details -
Allow user to set salts explicitly for each S2K when protecting a key
without this, the first use of the S2K will internally generate a salt and then subsequent uses of it will reuse the salt, probably not a desired outcome.
Configuration menu - View commit details
-
Copy full SHA for 6c0ed22 - Browse repository at this point
Copy the full SHA 6c0ed22View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6dc82a9 - Browse repository at this point
Copy the full SHA 6dc82a9View commit details -
Configuration menu - View commit details
-
Copy full SHA for e7a313d - Browse repository at this point
Copy the full SHA e7a313dView commit details -
Configuration menu - View commit details
-
Copy full SHA for df78503 - Browse repository at this point
Copy the full SHA df78503View commit details -
SignatureV4: handle signer being None.
This means cleaning up how we handle OnePassSignature generation as well. And, PGPUID.signers now returns Fingerprints instead of KeyIDs, so we fix up the tests too.
Configuration menu - View commit details
-
Copy full SHA for 372097c - Browse repository at this point
Copy the full SHA 372097cView commit details -
Configuration menu - View commit details
-
Copy full SHA for f6887f6 - Browse repository at this point
Copy the full SHA f6887f6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3daa0db - Browse repository at this point
Copy the full SHA 3daa0dbView commit details -
Configuration menu - View commit details
-
Copy full SHA for 748bb59 - Browse repository at this point
Copy the full SHA 748bb59View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1cfaf3d - Browse repository at this point
Copy the full SHA 1cfaf3dView commit details -
Configuration menu - View commit details
-
Copy full SHA for ba1ec45 - Browse repository at this point
Copy the full SHA ba1ec45View commit details -
Consolidate methods into PrivKey and PubKey from PrivKeyv4 and PubKeyV4
This moves code shared by v6 keys and v4 keys into common base classes We also adjust the inheritance tree for PrivSubKey: this should cause no functional change, but it makes the expanded API surface for PubSubKey more visible directly in PrivSubKey, which in turn will make type annotations clearer when subkeys are invoked.
Configuration menu - View commit details
-
Copy full SHA for 6c54fb9 - Browse repository at this point
Copy the full SHA 6c54fb9View commit details -
Configuration menu - View commit details
-
Copy full SHA for 428986a - Browse repository at this point
Copy the full SHA 428986aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9fa615a - Browse repository at this point
Copy the full SHA 9fa615aView commit details -
PGPMessage: add type signatures, make some keyword arguments explicit
If the session key in encrypt_sk is an int, we need to convert it manually to a bytes object.
Configuration menu - View commit details
-
Copy full SHA for 5cf4ca2 - Browse repository at this point
Copy the full SHA 5cf4ca2View commit details -
Configuration menu - View commit details
-
Copy full SHA for e05f026 - Browse repository at this point
Copy the full SHA e05f026View commit details -
PGPObject: add type signatures
Note that bytes_to_text and text_to_bytes no longer accept None as input. When they would accept None as input, that meant that their output could also be None which in turn made it harder to vet the type of the output when the input was clearly not None.
Configuration menu - View commit details
-
Copy full SHA for 247c10f - Browse repository at this point
Copy the full SHA 247c10fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8497be3 - Browse repository at this point
Copy the full SHA 8497be3View commit details -
PKESK: encrypt_sk and decrypt_sk need a proper corresponding PubKey o…
…r PrivKey packet In addition to the extra type safety, this also corrects an erroneous comment about them.
Configuration menu - View commit details
-
Copy full SHA for dfdae47 - Browse repository at this point
Copy the full SHA dfdae47View commit details -
Note that we change types.Header._lenfmt from an int to a bool, and rename it _openpgp_format. this is in keeping with the crypto-refresh, which explicitly names the two headr formats "OpenPGP format" and "Legacy Format".
Configuration menu - View commit details
-
Copy full SHA for dc9314b - Browse repository at this point
Copy the full SHA dc9314bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 24d71d5 - Browse repository at this point
Copy the full SHA 24d71d5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 17e5e75 - Browse repository at this point
Copy the full SHA 17e5e75View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0c816b7 - Browse repository at this point
Copy the full SHA 0c816b7View commit details -
Note that you used to be able to use the or operator to append UserID and UserAttribute packets indefinitely, but only the first packet would take effect. all the other ones would be silently ignored. the current code is simpler, but instead ignores all the previous packets, and uses the last one.
Configuration menu - View commit details
-
Copy full SHA for 8aeb86f - Browse repository at this point
Copy the full SHA 8aeb86fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 96c422a - Browse repository at this point
Copy the full SHA 96c422aView commit details -
Configuration menu - View commit details
-
Copy full SHA for d46439d - Browse repository at this point
Copy the full SHA d46439dView commit details -
PGPUID: improve string parsing, return None when fields are missing
This also avoids parsing and then re-assembling the user ID during __format__ operations, which in the worst case can actually modify the string returned.
Configuration menu - View commit details
-
Copy full SHA for 94c3f7c - Browse repository at this point
Copy the full SHA 94c3f7cView commit details -
Configuration menu - View commit details
-
Copy full SHA for e10e64f - Browse repository at this point
Copy the full SHA e10e64fView commit details -
Prepare SubPackets object to have different length binary representat…
…ions in v6 keys, the wire format for the subpacket sections contains 4-octet length fields instead of 2. Make the rest of the code flexible enough to prepare for that (without changing it)
Configuration menu - View commit details
-
Copy full SHA for d9bd771 - Browse repository at this point
Copy the full SHA d9bd771View commit details -
Configuration menu - View commit details
-
Copy full SHA for 27fbae9 - Browse repository at this point
Copy the full SHA 27fbae9View commit details -
Configuration menu - View commit details
-
Copy full SHA for b5e6635 - Browse repository at this point
Copy the full SHA b5e6635View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1c7dd79 - Browse repository at this point
Copy the full SHA 1c7dd79View commit details -
Configuration menu - View commit details
-
Copy full SHA for ca370d3 - Browse repository at this point
Copy the full SHA ca370d3View commit details -
Configuration menu - View commit details
-
Copy full SHA for f325c66 - Browse repository at this point
Copy the full SHA f325c66View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5f470ca - Browse repository at this point
Copy the full SHA 5f470caView commit details -
Configuration menu - View commit details
-
Copy full SHA for 15481fb - Browse repository at this point
Copy the full SHA 15481fbView commit details -
Type checker gets confused by __copy__ overloading with multiple inhe…
…ritance This shouldn't be a problem because __copy__ will actually work correctly thanks to the multiple inheritance itself. There could be a better way to annotate this that i don't know about, but this should do.
Configuration menu - View commit details
-
Copy full SHA for b4f0fed - Browse repository at this point
Copy the full SHA b4f0fedView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6e98320 - Browse repository at this point
Copy the full SHA 6e98320View commit details -
Rename PacketTag to PacketType
While the term "Tag" is present in the spec, it's ambiguous and confusing, and the identifier is also referred to as the type of packet. See discussion over on https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/319
Configuration menu - View commit details
-
Copy full SHA for 30d6c2b - Browse repository at this point
Copy the full SHA 30d6c2bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8ff5062 - Browse repository at this point
Copy the full SHA 8ff5062View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4bf03a5 - Browse repository at this point
Copy the full SHA 4bf03a5View commit details -
SKESK: use S2KSpecifier instead of String2Key
This means that we can also simplify parsing the String2Key (no need to pass along whether we need to parse out an iv).
Configuration menu - View commit details
-
Copy full SHA for f3e0ced - Browse repository at this point
Copy the full SHA f3e0cedView commit details -
fields.PrivKey: learn about the version of the key
This will become useful as newer versions of secret key packets have different wire formats for the key material.
Configuration menu - View commit details
-
Copy full SHA for 2ad0f33 - Browse repository at this point
Copy the full SHA 2ad0f33View commit details -
String2Key: make key_version explicit
This will become useful because when String2Key is placed on the wire in a Secret Key packet, it may be represented differently depending on the version of the secret key packet.
Configuration menu - View commit details
-
Copy full SHA for 6a288eb - Browse repository at this point
Copy the full SHA 6a288ebView commit details -
Configuration menu - View commit details
-
Copy full SHA for 7d08485 - Browse repository at this point
Copy the full SHA 7d08485View commit details -
PrivKeyV4.pubkey: move most of implementation to base class
This prepares us for a simplified switch for v6 keys. Improve the type signatures for the superclass here, since pubkey() is a method, not a property.
Configuration menu - View commit details
-
Copy full SHA for 6f19590 - Browse repository at this point
Copy the full SHA 6f19590View commit details -
Configuration menu - View commit details
-
Copy full SHA for 43ca39c - Browse repository at this point
Copy the full SHA 43ca39cView commit details -
Configuration menu - View commit details
-
Copy full SHA for cdc784f - Browse repository at this point
Copy the full SHA cdc784fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0908d94 - Browse repository at this point
Copy the full SHA 0908d94View commit details -
Configuration menu - View commit details
-
Copy full SHA for fd89df7 - Browse repository at this point
Copy the full SHA fd89df7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3068a0c - Browse repository at this point
Copy the full SHA 3068a0cView commit details -
from __future__ import annotations
This lets us use forward-declared type annotations without manually noting them as strings.
Configuration menu - View commit details
-
Copy full SHA for 0c2cfd1 - Browse repository at this point
Copy the full SHA 0c2cfd1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7ed5edf - Browse repository at this point
Copy the full SHA 7ed5edfView commit details -
explicitly document the ability to sign encrypted messages
I'm deeply skeptical about the sense or utility of this, but it is at least documenting the current behavior more adequately. The resulting messages (when signed) form this packet sequence: SIG PKESK SEIPD This is technically valid in the formal OpenPGP message grammar but it's unclear what it is supposed to mean.
Configuration menu - View commit details
-
Copy full SHA for e6fa7ef - Browse repository at this point
Copy the full SHA e6fa7efView commit details -
Declare SignatureVerifications.SigSubj with NamedTuple
(instead of sigsubj (with namedtuple)) This makes it easier to see type-annotations. Since the name of the type was never fully exported anyway, and it keeps all of its standard members, this isn't really an API change.
Configuration menu - View commit details
-
Copy full SHA for 8460756 - Browse repository at this point
Copy the full SHA 8460756View commit details
Commits on Aug 11, 2023
-
Configuration menu - View commit details
-
Copy full SHA for c39c873 - Browse repository at this point
Copy the full SHA c39c873View commit details -
Configuration menu - View commit details
-
Copy full SHA for ffb540a - Browse repository at this point
Copy the full SHA ffb540aView commit details -
Configuration menu - View commit details
-
Copy full SHA for d5dad20 - Browse repository at this point
Copy the full SHA d5dad20View commit details -
Configuration menu - View commit details
-
Copy full SHA for 217c84e - Browse repository at this point
Copy the full SHA 217c84eView commit details -
sopgpy: correct handling for inline-signed messages
This had been broken with the introduction of PGPSignatures, but it should now work again.
Configuration menu - View commit details
-
Copy full SHA for 36a1390 - Browse repository at this point
Copy the full SHA 36a1390View commit details -
clean up regex for cleartext signing framework
newlines near the top of a CSF message can be handled more delicately. - if the Hash: header is missing, we want the trailing newline to appear - there's no need to have a non-capturing grouping places where the group is not used.
Configuration menu - View commit details
-
Copy full SHA for ca2b4ac - Browse repository at this point
Copy the full SHA ca2b4acView commit details -
ImageEncoding: use Unknown the same way as PacketType and PubKeyAlgor…
…ithm I don't expect new image encoding types to be defined. Indeed, the version itself could just go away and we could probably retcon UserAttribute 1 as JPEG (see https://gitlab.com/openpgp-wg/rfc4880bis/-/issues/162) with a weird 16-octet header. But it's better to have the code normalized here.
Configuration menu - View commit details
-
Copy full SHA for b9b64b5 - Browse repository at this point
Copy the full SHA b9b64b5View commit details -
Configuration menu - View commit details
-
Copy full SHA for dcfe210 - Browse repository at this point
Copy the full SHA dcfe210View commit details -
Configuration menu - View commit details
-
Copy full SHA for 98b62a7 - Browse repository at this point
Copy the full SHA 98b62a7View commit details -
ASCII armoring should not require the CRC line
See the rationale from the upcoming standard: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#name-optional-checksum
Configuration menu - View commit details
-
Copy full SHA for e467d8e - Browse repository at this point
Copy the full SHA e467d8eView commit details -
Configuration menu - View commit details
-
Copy full SHA for cc34a73 - Browse repository at this point
Copy the full SHA cc34a73View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2d53b9a - Browse repository at this point
Copy the full SHA 2d53b9aView commit details -
PGPKey.new() no longer requires a key_size option.
The implementation will select a reasonable option for the indicated pubkey algorithm if you don't supply it.
Configuration menu - View commit details
-
Copy full SHA for ee92d8d - Browse repository at this point
Copy the full SHA ee92d8dView commit details -
sopgpy: add a Direct Key Signature to the default key creation
This could be done only during the --profile draft-ietf-openpgp-crypto-refresh-10, but there's nothing in the earlier specifications that would indicate a problem or incompatibility to include such a signature.
Configuration menu - View commit details
-
Copy full SHA for f799d4b - Browse repository at this point
Copy the full SHA f799d4bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6fb08f2 - Browse repository at this point
Copy the full SHA 6fb08f2View commit details -
Configuration menu - View commit details
-
Copy full SHA for 11d641c - Browse repository at this point
Copy the full SHA 11d641cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 08dd35c - Browse repository at this point
Copy the full SHA 08dd35cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 35b00e8 - Browse repository at this point
Copy the full SHA 35b00e8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 18a557c - Browse repository at this point
Copy the full SHA 18a557cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4ab37e4 - Browse repository at this point
Copy the full SHA 4ab37e4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 49c6083 - Browse repository at this point
Copy the full SHA 49c6083View commit details -
Move encrypt into fields.PubKey, and decrypt into fields.PrivKey. This is a simplifying change, and also prepares the codebase for the crypto-refresh, which has different subtle changes in the encoded pkesk, for different versions and different algorithms. The underlying cryptographic code gets pushed into fields.py (out of sight from higher-level functions) and lets us make more straightforward and explicit type definitions.
Configuration menu - View commit details
-
Copy full SHA for 77c05bb - Browse repository at this point
Copy the full SHA 77c05bbView commit details -
Clean up NotImplemented/NotImplementedError
- if something is not implemented, just raise NotImplementedError directly, rather than trying to sometimes return a NotImplemented object. Returning a NotImplemented object complicates the type signature without providing much of an advantage in terms of workflow. - PGPSignature.target_signature is a property that was never implemented or used. We can just drop this property entirely, implementing it only when it can actually be implemented.
Configuration menu - View commit details
-
Copy full SHA for a9d7a11 - Browse repository at this point
Copy the full SHA a9d7a11View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7dee6b0 - Browse repository at this point
Copy the full SHA 7dee6b0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2e883d7 - Browse repository at this point
Copy the full SHA 2e883d7View commit details -
sopgpy: search for cipher preferences more cleanly
use search_pref_sigs() instead of walking each user ID
Configuration menu - View commit details
-
Copy full SHA for a57714c - Browse repository at this point
Copy the full SHA a57714cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 51cefc7 - Browse repository at this point
Copy the full SHA 51cefc7View commit details
Commits on Aug 18, 2023
-
Have tox take the baseline requirements from requirements.txt
This leaves only one place to list the requirements
Configuration menu - View commit details
-
Copy full SHA for d713701 - Browse repository at this point
Copy the full SHA d713701View commit details
Commits on Aug 19, 2023
-
Configuration menu - View commit details
-
Copy full SHA for f6cf609 - Browse repository at this point
Copy the full SHA f6cf609View commit details
Commits on Aug 23, 2023
-
Parse embedded signature without assuming version
This will be important if a non-v4 signature gets embedded. It might end up being an opaque signature, if PGPy can't read the version, but it shouldn't try to force a SignatureV4 if it is not actually version 4. This change also isolates the parsing of the embedded signature so that it can only consume bytes within the enclosing subpacket.
Configuration menu - View commit details
-
Copy full SHA for 639b72b - Browse repository at this point
Copy the full SHA 639b72bView commit details -
Don't pass fingerprint version to FingerprintSubpacket
This hasn't been necessary since fingerprints knew their own version, it was just a no-op.
Configuration menu - View commit details
-
Copy full SHA for e810446 - Browse repository at this point
Copy the full SHA e810446View commit details -
SubPackets.addnew: warn when trying to set a non-existent attribute
This is what caught the problem of passing _version to addnew
Configuration menu - View commit details
-
Copy full SHA for 46d9995 - Browse repository at this point
Copy the full SHA 46d9995View commit details -
We rely on argon_cffi for the underlying implementation since python cryptography appears unlikely to grow support for argon2 any time soon: pyca/cryptography#2643
Configuration menu - View commit details
-
Copy full SHA for 89dee6a - Browse repository at this point
Copy the full SHA 89dee6aView commit details -
Configuration menu - View commit details
-
Copy full SHA for d0a2a04 - Browse repository at this point
Copy the full SHA d0a2a04View commit details -
Configuration menu - View commit details
-
Copy full SHA for 726b4ec - Browse repository at this point
Copy the full SHA 726b4ecView commit details -
Configuration menu - View commit details
-
Copy full SHA for e27940d - Browse repository at this point
Copy the full SHA e27940dView commit details -
Configuration menu - View commit details
-
Copy full SHA for c372523 - Browse repository at this point
Copy the full SHA c372523View commit details -
Configuration menu - View commit details
-
Copy full SHA for e781a6d - Browse repository at this point
Copy the full SHA e781a6dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 231b2ea - Browse repository at this point
Copy the full SHA 231b2eaView commit details -
Configuration menu - View commit details
-
Copy full SHA for 05fd07f - Browse repository at this point
Copy the full SHA 05fd07fView commit details -
Configuration menu - View commit details
-
Copy full SHA for c2aca31 - Browse repository at this point
Copy the full SHA c2aca31View commit details -
Configuration menu - View commit details
-
Copy full SHA for 19901a5 - Browse repository at this point
Copy the full SHA 19901a5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 747e0cb - Browse repository at this point
Copy the full SHA 747e0cbView commit details -
Configuration menu - View commit details
-
Copy full SHA for a4dcb9f - Browse repository at this point
Copy the full SHA a4dcb9fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 1a49ef6 - Browse repository at this point
Copy the full SHA 1a49ef6View commit details -
Configuration menu - View commit details
-
Copy full SHA for e96068d - Browse repository at this point
Copy the full SHA e96068dView commit details -
Configuration menu - View commit details
-
Copy full SHA for a11a537 - Browse repository at this point
Copy the full SHA a11a537View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8191571 - Browse repository at this point
Copy the full SHA 8191571View commit details -
- serializing v6 keys is subtly different than v4 keys - v6 certs (or later) don't need a UID any longer - v6 signature salt length varies by hash algorithm
Configuration menu - View commit details
-
Copy full SHA for 400ede1 - Browse repository at this point
Copy the full SHA 400ede1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9462547 - Browse repository at this point
Copy the full SHA 9462547View commit details -
Note that for PKESKv3, they store their symmetric key in the clear, outside of the ciphertext. this allows us to avoid padding shenanigans on the cleartext.
Configuration menu - View commit details
-
Copy full SHA for b8e72f8 - Browse repository at this point
Copy the full SHA b8e72f8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5d35c41 - Browse repository at this point
Copy the full SHA 5d35c41View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0316e15 - Browse repository at this point
Copy the full SHA 0316e15View commit details -
Avoid emitting CRC during ASCII armor of new elements
See also the "Optional checksum" part of draft-ietf-openpgp-crypto-refresh-10)
Configuration menu - View commit details
-
Copy full SHA for bb71ac1 - Browse repository at this point
Copy the full SHA bb71ac1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7deb51c - Browse repository at this point
Copy the full SHA 7deb51cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4493171 - Browse repository at this point
Copy the full SHA 4493171View commit details -
PGPMessage.encrypt: passing aead_mode parameter will use SEIPDv2 with…
… Argon2 (we also allow passing an explicit salt, which normally should not be used but is useful for generating deterministic test vectors)
Configuration menu - View commit details
-
Copy full SHA for 03f315a - Browse repository at this point
Copy the full SHA 03f315aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 93fcc25 - Browse repository at this point
Copy the full SHA 93fcc25View commit details -
Add encrypt/decrypt and sign/verify roundtrips
This uses cached key generation, and ensures that we cover versions 4 and 6 of keys, as well as all the pubkey algorithms, and different possible feature sets (SEIPDv1 and SEIPDv2).
Configuration menu - View commit details
-
Copy full SHA for 070de1f - Browse repository at this point
Copy the full SHA 070de1fView commit details -
sopgpy: ensure alignment between {P,S}KESK and SEIPD packets
make this work even in the face of multiple passwords and keys
Configuration menu - View commit details
-
Copy full SHA for b55fdd2 - Browse repository at this point
Copy the full SHA b55fdd2View commit details -
Configuration menu - View commit details
-
Copy full SHA for d2813ae - Browse repository at this point
Copy the full SHA d2813aeView commit details -
Avoid copy on raw pubkey objects
These pubkey objects are immutable, as noted in pyca/cryptography#9403, so it should be safe to just assign.
Configuration menu - View commit details
-
Copy full SHA for 50efe13 - Browse repository at this point
Copy the full SHA 50efe13View commit details
Commits on Aug 24, 2023
-
Configuration menu - View commit details
-
Copy full SHA for c030e7a - Browse repository at this point
Copy the full SHA c030e7aView commit details -
Allow creation and use of v4 keys without a User ID (with warning)
draft-ietf-openpgp-crypto-refresh-10 makes it clear that even v4 OpenPGP certificates MAY not have a user ID. Keep a warning in place though, to encourage interoperability with legacy v4 implementations.
Configuration menu - View commit details
-
Copy full SHA for eb631c1 - Browse repository at this point
Copy the full SHA eb631c1View commit details