#
0294a66b |
| 26-Aug-2022 |
jhigh <jhigh@NetBSD.org> |
adding initial support for ECDSA (19) to netpgp. tested using p256/sha256, p384/sha384, and p521/sha512
|
#
05e6b0bb |
| 15-Nov-2010 |
agc <agc@NetBSD.org> |
Changes to help with netpgp key generation and interoperability:
+ use plain SHA1 for session key s2k negotiation + don't warn on some conditions when inflating (reading a compressed file) since t
Changes to help with netpgp key generation and interoperability:
+ use plain SHA1 for session key s2k negotiation + don't warn on some conditions when inflating (reading a compressed file) since the conditions don't hold for partial block lengths + prompt for a passphrase when generating a new key - used in the upcoming secret-sharing functionality for netpgp
show more ...
|
#
fc1f8641 |
| 07-Nov-2010 |
agc <agc@NetBSD.org> |
Take the internal functions and definitions back out of the implementation namespace:
:g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g
No functional change, regression tests complete
Take the internal functions and definitions back out of the implementation namespace:
:g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g
No functional change, regression tests complete successfully.
show more ...
|
#
37d8b79b |
| 07-Nov-2010 |
agc <agc@NetBSD.org> |
Add the ability to perform Elgamal encryption to netpgp. Some of this code is inspired by the (BSD-licensed) Elgamal crypto code in Postgresql by Marko Kreen, but netpgp uses BIGNUM numbers instead
Add the ability to perform Elgamal encryption to netpgp. Some of this code is inspired by the (BSD-licensed) Elgamal crypto code in Postgresql by Marko Kreen, but netpgp uses BIGNUM numbers instead of MPIs, and its keys have a completely different structure, so much has changed.
% cp config.h f % netpgp -e f netpgp: default key set to "d4a643c5" % gpg -d f.gpg > f2
You need a passphrase to unlock the secret key for user: "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>" 2048-bit ELG-E key, ID D727BC1E, created 2010-05-19 (main key ID D4A643C5)
gpg: encrypted with 2048-bit ELG-E key, ID D727BC1E, created 2010-05-19 "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>" % diff f f2 % ls -al f* -rw-r--r-- 1 agc agc 5730 Nov 6 05:40 f -rw------- 1 agc agc 1727 Nov 6 05:40 f.gpg -rw-r--r-- 1 agc agc 5730 Nov 6 05:41 f2 %
show more ...
|
#
f7745f84 |
| 04-Nov-2010 |
agc <agc@NetBSD.org> |
allow user-specification of cipher to be used when encrypting packets.
preserve the CAST5 default for now.
at the user level, this is specified using the --cipher=<ciphername> option.
|
#
44647216 |
| 01-Sep-2010 |
agc <agc@NetBSD.org> |
Various minor changes to netpgp:
+ be smarter when checking for a null id + add test for rubbish being returned when listing specific keys in netpgpkeys(1) + take the public key from the pubring, no
Various minor changes to netpgp:
+ be smarter when checking for a null id + add test for rubbish being returned when listing specific keys in netpgpkeys(1) + take the public key from the pubring, not the secring when exporting keys + allow hkpd to serve ssh keys in pgp format + test on whether a seckey is needed, not on a userid needed, for ssh keys
show more ...
|
#
69d4f30f |
| 15-Aug-2010 |
agc <agc@NetBSD.org> |
+ rationalise birthtime/expiration timestamps into a single function
+ clean up some 64-bit (amd64) lint
|
#
9b987001 |
| 13-Aug-2010 |
agc <agc@NetBSD.org> |
Changes to 3.99.9/20100809
+ add single character options to netpgp(1) and netpgpkeys(1) + add -o long-option(=value)? options to netpgp(1) and netpgpkeys(1) + add some small preparations for using
Changes to 3.99.9/20100809
+ add single character options to netpgp(1) and netpgpkeys(1) + add -o long-option(=value)? options to netpgp(1) and netpgpkeys(1) + add some small preparations for using the first subkey for encryption (much more to follow)
show more ...
|
#
520c968f |
| 09-Jul-2010 |
agc <agc@NetBSD.org> |
Changes to 3.99.7/20100701
+ recognise ascii-armoured encrypted messages properly, in memory and in files + print error message and exit for now when trying to encrypt with a DSA key + fix bug rep
Changes to 3.99.7/20100701
+ recognise ascii-armoured encrypted messages properly, in memory and in files + print error message and exit for now when trying to encrypt with a DSA key + fix bug reported by dyoung when trying to print out the encryption key fingerprint
show more ...
|
#
708e54de |
| 30-Jun-2010 |
agc <agc@NetBSD.org> |
also calculate the length of DSA keys as well as RSA ones
|
#
47561e26 |
| 25-Jun-2010 |
agc <agc@NetBSD.org> |
Changes to 3.99.5
+ make ssh fingerprints (md5) match netpgp listing + use the more functional hexdump function from ssh2pgp in place of the older hexdump function from openpgpsdk + pass hash type
Changes to 3.99.5
+ make ssh fingerprints (md5) match netpgp listing + use the more functional hexdump function from ssh2pgp in place of the older hexdump function from openpgpsdk + pass hash type down from command line where needed + add test for netpgp/ssh key fingerprint matching + make netpgpkeys(1) take a --hash= option
With these changes, netpgp can be made to generate the same fingerprint as openssh (by default, ssh-keygen(1) uses an md5 digest)
% /usr/bin/netpgpkeys --ssh-keys --sshkeyfile=/etc/ssh/ssh_host_rsa_key.pub --list-keys --hash=md5 1 key pub 1024/RSA (Encrypt or Sign) fcdd1c608bef4c4b 2008-08-11 Key fingerprint: e935 902d ebf1 76ba fcdd 1c60 8bef 4c4b uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>
% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub 1024 e9:35:90:2d:eb:f1:76:ba:fc:dd:1c:60:8b:ef:4c:4b /etc/ssh/ssh_host_rsa_key.pub (RSA) %
show more ...
|
#
d427c17d |
| 25-May-2010 |
agc <agc@NetBSD.org> |
Simplify and shorten the internals of packet processing by getting rid of the intermediate pseudo-abstraction layer, which detracted from understanding and had no benefit whatsoever. Rename some enum
Simplify and shorten the internals of packet processing by getting rid of the intermediate pseudo-abstraction layer, which detracted from understanding and had no benefit whatsoever. Rename some enums and some definitions.
show more ...
|
#
a6115c8c |
| 08-May-2010 |
agc <agc@NetBSD.org> |
more uses of hexdump() rather than open-coded equivalents
|
#
651dd288 |
| 08-May-2010 |
agc <agc@NetBSD.org> |
use hexdump() where possible.
get rid of all traces of dmalloc - it's not used anymore. we can now g/c initialisation functions which do not do anything.
also get rid of the pkeyid() functions, whi
use hexdump() where possible.
get rid of all traces of dmalloc - it's not used anymore. we can now g/c initialisation functions which do not do anything.
also get rid of the pkeyid() functions, which just prints a hexadecimal string
show more ...
|
#
38beab94 |
| 14-Apr-2010 |
agc <agc@NetBSD.org> |
get rid of a hardcoded test for the hash agorithm being SHA1, which was just plain wrong these days.
don't duplicate functionality needlessly.
|
#
5aae2c74 |
| 13-Mar-2010 |
agc <agc@NetBSD.org> |
Changes to 2.99.1/20100313
+ add functionality to parse basic signature subkeys + in doing so, add expiration of keys + at the same time, add revocation of keys + recognise the primary user id, and
Changes to 2.99.1/20100313
+ add functionality to parse basic signature subkeys + in doing so, add expiration of keys + at the same time, add revocation of keys + recognise the primary user id, and use it when displaying user ids + recognise self signed keys and subkeys + rework the indentation of output + add the --list-sigs [userid] option to netpgpkeys(1) + use memcmp(3) rather than strcmp(3) when checking binary user ids to be exported + add expiration display to subkey signature output + update libnetpgp library version major number to 3
show more ...
|
#
b15ec256 |
| 05-Mar-2010 |
agc <agc@NetBSD.org> |
Update netpgp to version 1.99.20/20100304 - portability improvements, and bug fixes:
Changes to 1.99.20/20100304
+ move args to some functions around to be consistent + use uint*_t where appropr
Update netpgp to version 1.99.20/20100304 - portability improvements, and bug fixes:
Changes to 1.99.20/20100304
+ move args to some functions around to be consistent + use uint*_t where appropriate + fix bug in verify memory + add documentation to manual pages to show how to do combined signing/encryption and decryption/verification + make verification of ascii-armoured memory work the same as binary + eliminate use of strdup(3), strcasecmp(3), and strptime(3). NetBSD/pkgsrc PR 42922 applies - need to define _XOPEN_SOURCE and _BSD_SOURCE for newer linux platforms with glibc 2.10.1. solved a bit differently, by implementing strdup(3) and strcasecmp(3) independently, and using regexps to avoid calling strptime(3).
show more ...
|
#
0aa60872 |
| 12-Feb-2010 |
agc <agc@NetBSD.org> |
Changes to 1.99.19/20100212
+ plug some memory leaks, from cppcheck via Thomas Klausner (thanks!) + make the singular of time units read correctly + print decryption key info properly when prompting
Changes to 1.99.19/20100212
+ plug some memory leaks, from cppcheck via Thomas Klausner (thanks!) + make the singular of time units read correctly + print decryption key info properly when prompting for passphrase
show more ...
|
#
7affbaca |
| 07-Oct-2009 |
agc <agc@NetBSD.org> |
More checking of allocation return values where not already done.
Revamp hash initialisation to return a success/failure error code.
Document places where we prefer to continue with a NULL buffer,
More checking of allocation return values where not already done.
Revamp hash initialisation to return a success/failure error code.
Document places where we prefer to continue with a NULL buffer, rather than silently continue with possibly erroneous results.
show more ...
|
#
5a83dba0 |
| 06-Oct-2009 |
agc <agc@NetBSD.org> |
More Flexelint fixes from phk - just low-hanging fruit for just now - many thanks!
|
#
f72138f8 |
| 13-Jun-2009 |
agc <agc@NetBSD.org> |
Don't complain if $HOME/.gnupg does not exist (and using --homedir).
Don't require a userid to be set in the gpg.conf file - it can be set on the command line when it's needed (for signing and encry
Don't complain if $HOME/.gnupg does not exist (and using --homedir).
Don't require a userid to be set in the gpg.conf file - it can be set on the command line when it's needed (for signing and encryption, the other operations in netpgp(1) will take the userid from the signed/encrypted file).
Add tests for the lack of a default userid in the config file.
show more ...
|
#
9b753456 |
| 11-Jun-2009 |
agc <agc@NetBSD.org> |
CHANGES 1.99.10 -> 1.99.11
+ address keys array from 0 with unsigned indices + print results to io->res stream - default to stderr, and set using netpgp_setvar(..., "results", filename) + __ops_key
CHANGES 1.99.10 -> 1.99.11
+ address keys array from 0 with unsigned indices + print results to io->res stream - default to stderr, and set using netpgp_setvar(..., "results", filename) + __ops_keyid()'s third arg was always the size of the keyid array - no need to pass it + get rid of the excessive type-checking in packet-show-cast.h, which wasn't necessary, and fold all the show routines into packet-show.c + introduce a generic __ops_new() and use it for some structure allocation
show more ...
|
#
41335e2d |
| 09-Jun-2009 |
agc <agc@NetBSD.org> |
CHANGES 1.99.8 -> 1.99.9
+ make more use of __ops_io_t structure + addition of standalone, stripped-down netpgpverify utility + addition of test for --list-packets on an empty file + bring forward s
CHANGES 1.99.8 -> 1.99.9
+ make more use of __ops_io_t structure + addition of standalone, stripped-down netpgpverify utility + addition of test for --list-packets on an empty file + bring forward some simplifications from netpgpverify + some name changes + get rid of the increment and then decrement keycount around accumulated data ("it's to do with counting") + then use unsigned integers for the size and counts for the dynamic array of keys, and use the common dynamic array macros for keys in a keyring + if it's a union, let's use it as a union, not a struct + modified documentation to correct the --list-packets command (sorry, ver) + add a new directory structure for both the distribution and the reachover Makefiles. The autotest framework has been partially overhauled but more TLC is needed here. + add a --pass-fd=n option so that external programs can provide the passphrase on a file descriptor without going through the callback, requested by joerg
show more ...
|
#
d21b929e |
| 31-May-2009 |
agc <agc@NetBSD.org> |
CHANGES 1.99.7 -> 1.99.8
+ get rid of __ops_malloc_passphrase() - strdup() works just as well + generalise __ops_seckey_forget() to become __ops_forget(), give it a size parameter, and make it wor
CHANGES 1.99.7 -> 1.99.8
+ get rid of __ops_malloc_passphrase() - strdup() works just as well + generalise __ops_seckey_forget() to become __ops_forget(), give it a size parameter, and make it work on things other than secret keys (passphrases for instance) + minor struct field enum renaming + minor function call renaming + add ops_io_t struct to hold pointers to IO streams, and pass it down where necessary
show more ...
|
#
c64158a1 |
| 27-May-2009 |
agc <agc@NetBSD.org> |
CHANGES 1.99.4 -> 1.99.5
+ Luke Mewburn completely overhauled the auto tools infrastructure + changed signature (hah!) of some netpgp file management prototypes to use const char * for file names
CHANGES 1.99.4 -> 1.99.5
+ Luke Mewburn completely overhauled the auto tools infrastructure + changed signature (hah!) of some netpgp file management prototypes to use const char * for file names and user ids, not char * - suggested by christos + change some of the openpgpsdk display functions to return integer values, and send those values back from the netpgp functions - suggested by christos + rather than passing a shedload of variables to netpgp_init(), get rid of them, and set variables using the netpgp_[gs]etvar() interface + replace some magic constants with descriptive names + use a netpgp variable to skip userid checks if necessary + add ability to allow coredumps via --coredumps if (a) you have taken leave of your sanity, and (b) you have some magical persistent storage which doesn't spare sectors, and (c) you know how to remove a file securely + bumped library version on NetBSD to 1.0 for interface changes
show more ...
|