Offer implementation of the Stateless OpenPGP Command-Line Interface ("SOP") #440
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I just pushed another change, based on the |
It works in the basic mode, but we still need to handle the args for encrypt/decrypt.
- add enums for the flags passed into the sop interface
- make member functions of StatelessOpenPGP well-typed
- adjust docstrings so that help(sop) provides useful guidance
- handle sessionkey and timestamp parsing in sop.py
- handle all indirect access directly in sop.py
- complete strict typing ("mypy --strict sop.py" passes)
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
By making all arguments to the functions keyword arguments, we can use **kwargs to receive any extended options. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This reflects the changes to the subcommand names and additional arguments from draft-dkg-openpgp-stateless-cli-01
This implements simple signatures inside encryption for sopgpy
This should enable tests of signature verification concurrent with decryption. We do this by refactoring out the signature verification and relying on PGPY to know how to verify an "inline" message.
there have been a bunch of changes (including implementations of previously-missing options) This just acknowledges those changes.
… locked secret key
sigsubj objects have an "issues" bitfield, which follows the "Anna Karenina principle" instead of "verified" boolean.
as of 0.6.0, from_blob() methods will return non-functioning objects rather than raising an error directly.
a PGPMessage object can contain more than one signature. Detached signatures should also be able to handle having more than one signature. https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-09.html#name-detached-signatures says: > These detached signatures are simply one or more Signature packets > stored separately from the data for which they are a signature. A PGPSignatures object makes the most sense to represent such a thing. Closes: SecurityInnovation#197
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This series takes the history of
sopgpy(which has been in use by the OpenPGP interoperability test suite for a while now) and merges it into the PGPy repository itself.This way, people who install PGPy will also get a command-line tool to do simple keygen/encrypt/decrypt/sign/verify operations. It also makes it easier for the interop test suite to pull in new features and bugfixes from PGPy, if they're available.