OpenPGP key support

[mdellweg]

This adds a repository type as a keyring and content types to handle keys, keyids and key signatures.

fixes #3024

[dralley]

So, this appears to be a de-novo implementation of PGP packet parsing that we'd be on the hook to maintain. Is that 100% necessary? And if so, why?

Is it at all possible to use an existing maintained library such as sequoia-pgp (via pysequoia)?

[mdellweg]

I think i looked for such things and none really ticked all the boxes (It's been a while though).

About pysequoia (from their pypi representation):
Note: This is a work in progress. The API is not stable!
Note that since pysequoia is implemented largely in Rust, a [Rust toolchain](https://rustup.rs/) is necessary for the installation to succeed.

[dralley]

Note that since pysequoia is implemented largely in Rust, a Rust toolchain is necessary for the installation to succeed.

This part at least would be nothing new for us, several of our deps already check this box. (py)cryptography and json-stream-rs-tokenizer (transitive dep via json-stream) for instance. I think there were maybe one or two others.

Note: This is a work in progress. The API is not stable!

True, but this note is also a few years old, and the API doesn't seem to be particularly unstable. In a tradeoff between occasionally needing to tweak a few lines vs. maintaining a parser implementation for cryptography... my personal preference would be the former.

rpm uses sequoia-pgp (though not via Python) so the quality of the underlying implementation is already trusted so far as Red Hat is concerned. One of the primary authors is the maintainer of the crypto subsystem of the linux kernel.

[mdellweg]

What i still don't see (from looking at their README) is a way to disassemble the bytestream into openpgp packets which we want to store individually. But i should take a closer look.