Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Experimental: Symmetric Keys and Forwarding #141

Draft
wants to merge 19 commits into
base: main
Choose a base branch
from
Draft

Experimental: Symmetric Keys and Forwarding #141

wants to merge 19 commits into from

Commits on Jul 18, 2024

  1. Update GitHub workflow branches

    @twiss @lubux
    twiss authored and lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    4d8199d View commit details
    Browse the repository at this point in the history

  2. Add support for automatic forwarding (#54)

    @larabr @lubux
    larabr authored and lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    ae15360 View commit details
    Browse the repository at this point in the history

  3. openpgp: Add support for symmetric subkeys (#74) 

    It is sometimes useful to encrypt data under some symmetric key.
While this was possible to do using passphrase-derived keys, there was
no support for long-term storage of the keys that was used to encrypt
the key packets.

To solve this, a new type of key is introduced. This key will hold a
symmetric key, and will be used for both encryption and decryption of
data. Specifically, as with asymmetric keys, the actual data will be
encrypted using a session key, generated ad-hoc for these data.
Then, instead of using a public key to encrypt the session key, the
persistent symmetric key will be used instead, to produce a, so to say,
Key Encrypted Key Packet.

Conversly, instead of using a private key to decrypt the session key,
the same symmetric key will be used. Then, the decrypted session key
can be used to decrypt the data packet, as usual.

As with the case of AEAD keys, it is sometimes useful to "sign"
data with a persistent, symmetric key.

This key holds a symmetric key, which can be used for both signing and
verifying the integrity of data. While not strictly needed, the
signature process will first generate a digest of the data-to-be-signed,
and then the key will be used to sign the digest, using an HMAC
construction.

For technical reasons, related to this implenetation of the openpgp
protocol, the secret key material is also stored in the newly defined
public key types. Future contributors must take note of this, and not
export or serialize that key in a way that it will be publicly availabe.

Since symmetric keys do not have a public and private part, there is no
point serializing the internal "public key" structures. Thus, symmetric
keys are skipped when serialing the public part of a keyring.
    @Mandragorian @lubux
    Mandragorian authored and lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    b1cb1d2 View commit details
    Browse the repository at this point in the history

  4. Fix HMAC hash algorithm ID parsing and serializing

    @twiss @lubux
    twiss authored and lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    04e69d6 View commit details
    Browse the repository at this point in the history

  5. Rename branch to Proton

    @wussler @lubux
    wussler authored and lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    cd1df39 View commit details
    Browse the repository at this point in the history

  6. Add full forwarding support

    @wussler @lubux
    wussler authored and lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    2e2d56a View commit details
    Browse the repository at this point in the history

  7. Use forwardee idenitity in forwarding key generation

    @wussler @lubux
    wussler authored and lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    c759ef2 View commit details
    Browse the repository at this point in the history

  8. Convert all valid subkeys when issuing a forwarding key

    @wussler @lubux
    wussler authored and lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    8186276 View commit details
    Browse the repository at this point in the history

  9. Resign keys and relax flag requirements

    @wussler @lubux
    wussler authored and lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    b77643d View commit details
    Browse the repository at this point in the history

  10. Create a copy of the encrypted key when forwarding

    @wussler @lubux
    wussler authored and lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    c38aca0 View commit details
    Browse the repository at this point in the history

  11. Use fingerprints instead of KeyIDs

    @wussler @lubux
    wussler authored and lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    7c4521c View commit details
    Browse the repository at this point in the history

  12. fix: Address rebase on version 2 issues

    @lubux
    lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    aaf4fba View commit details
    Browse the repository at this point in the history

  13. feat: Add forwarding to v2 api

    @lubux
    lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    0c84782 View commit details
    Browse the repository at this point in the history

  14. fix: Address warnings

    @lubux
    lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    736343d View commit details
    Browse the repository at this point in the history

  15. feat: Add symmetric keys to v2

    @lubux
    lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    6c1edd7 View commit details
    Browse the repository at this point in the history

  16. fix(v2): Do not allow encrpytion with a forwarding key

    @lubux
    lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    635733f View commit details
    Browse the repository at this point in the history

  17. fix(v2): Adapt NewForwardingEntity to refactored NewEntity

    @lubux
    lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    08bd3f7 View commit details
    Browse the repository at this point in the history

  18. Replace ioutil.ReadAll with io.ReadAll

    @lubux
    lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    5c6f2b4 View commit details
    Browse the repository at this point in the history

  19. Fix HMAC generation (#204) 

    Generate an AEAD subkey when requesting an HMAC primary key.
    @wussler @lubux
    wussler authored and lubux committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    5cc763e View commit details
    Browse the repository at this point in the history