adding initial support for ECDSA (19) to netpgp. tested using p256/sha256, p384/sha384, and p521/sha512

centralize the conversion functions and make this work with both
openssl-1.0 and 1.1

Take the internal functions and definitions back out of the implementation
namespace:

:g/\<__ops/s//pgp/g
:g/\<__OPS/s//__PGP/g
:g/\<OPS/s//PGP/g

No functional change, regression tests complete

Take the internal functions and definitions back out of the implementation
namespace:

:g/\<__ops/s//pgp/g
:g/\<__OPS/s//__PGP/g
:g/\<OPS/s//PGP/g

No functional change, regression tests complete successfully.

show more ...

Add Elgamal decryption to netpgp. Inspired by (BSD-licensed) the
Elgamal decryption code from Postgresql by Marko Kreen.

% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% netpgp

Add Elgamal decryption to netpgp. Inspired by (BSD-licensed) the
Elgamal decryption code from Postgresql by Marko Kreen.

% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% netpgp -d < f.gpg > f.netpgp
netpgp: default key set to "d4a643c5"
signature 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
encryption 2048/Elgamal (Encrypt-Only) a97a7db6d727bc1e 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% ls -al f*
-rw-r--r-- 1 agc agc 5730 Nov 6 23:53 f
-rw------- 1 agc agc 1727 Nov 6 23:53 f.gpg
-rw-r--r-- 1 agc agc 5730 Nov 6 23:54 f.netpgp
% diff f f.netpgp
%

This makes DSA keys into first class citizens, since encryption and
decryption using DSA/Elgamal is now supported.

show more ...

Add the ability to perform Elgamal encryption to netpgp. Some of this
code is inspired by the (BSD-licensed) Elgamal crypto code in
Postgresql by Marko Kreen, but netpgp uses BIGNUM numbers instead

Add the ability to perform Elgamal encryption to netpgp. Some of this
code is inspired by the (BSD-licensed) Elgamal crypto code in
Postgresql by Marko Kreen, but netpgp uses BIGNUM numbers instead of
MPIs, and its keys have a completely different structure, so much has
changed.

% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% gpg -d f.gpg > f2

You need a passphrase to unlock the secret key for
user: "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
2048-bit ELG-E key, ID D727BC1E, created 2010-05-19 (main key ID D4A643C5)

gpg: encrypted with 2048-bit ELG-E key, ID D727BC1E, created 2010-05-19
"Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
% diff f f2
% ls -al f*
-rw-r--r-- 1 agc agc 5730 Nov 6 05:40 f
-rw------- 1 agc agc 1727 Nov 6 05:40 f.gpg
-rw-r--r-- 1 agc agc 5730 Nov 6 05:41 f2
%

show more ...

Update to version 3.99.13:

+ add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm)
as specified in RFC 5581
+ add the camellia cipher implementation from openssl

Changes to 3.99.12/20100907

+ add a pretty print function mj_pretty(3) to libmj
+ added netpgp_write_sshkey(3) to libnetpgp
+ added pgp2ssh(1)
+ added preliminary support for ElGamal decryption, nee

Changes to 3.99.12/20100907

+ add a pretty print function mj_pretty(3) to libmj
+ added netpgp_write_sshkey(3) to libnetpgp
+ added pgp2ssh(1)
+ added preliminary support for ElGamal decryption, needed for DSA keys
as yet untested, unworking, and a WIP
+ add support for using all ssh keys, even those protected by a passphrase,
for decryption and signing. This rounds off ssh key file support in netpgp.
+ add a single character alias [-S file] for [--sshkeyfile file] to
netpgpkeys(1) and netpgp(1)

As far as ssh key file support goes, see the following example:

% cp configure a
% netpgp -S ~/.ssh/id_rsa.pub -e a
% netpgp -S ~/.ssh/id_rsa.pub -d a.gpg
Enter PEM pass phrase:
% ls -al a a.gpg
-rwxr-xr-x 1 agc agc 758398 Sep 7 05:38 a
-rw------- 1 agc agc 156886 Sep 7 05:38 a.gpg
%

show more ...

clarification comment as to why two of the bignums are reversed

+ rationalise birthtime/expiration timestamps into a single function

+ clean up some 64-bit (amd64) lint

Changes to 3.99.9/20100809

+ add single character options to netpgp(1) and netpgpkeys(1)
+ add -o long-option(=value)? options to netpgp(1) and netpgpkeys(1)
+ add some small preparations for using

Changes to 3.99.9/20100809

+ add single character options to netpgp(1) and netpgpkeys(1)
+ add -o long-option(=value)? options to netpgp(1) and netpgpkeys(1)
+ add some small preparations for using the first subkey for encryption
(much more to follow)

show more ...

Changes to 3.99.7/20100701

+ recognise ascii-armoured encrypted messages properly, in memory and
in files
+ print error message and exit for now when trying to encrypt with a DSA key
+ fix bug rep

Changes to 3.99.7/20100701

+ recognise ascii-armoured encrypted messages properly, in memory and
in files
+ print error message and exit for now when trying to encrypt with a DSA key
+ fix bug reported by dyoung when trying to print out the encryption key
fingerprint

show more ...

Changes to 3.99.5

+ make ssh fingerprints (md5) match netpgp listing
+ use the more functional hexdump function from ssh2pgp in place of the
older hexdump function from openpgpsdk
+ pass hash type

Changes to 3.99.5

+ make ssh fingerprints (md5) match netpgp listing
+ use the more functional hexdump function from ssh2pgp in place of the
older hexdump function from openpgpsdk
+ pass hash type down from command line where needed
+ add test for netpgp/ssh key fingerprint matching
+ make netpgpkeys(1) take a --hash= option

With these changes, netpgp can be made to generate the same fingerprint as
openssh (by default, ssh-keygen(1) uses an md5 digest)

% /usr/bin/netpgpkeys --ssh-keys --sshkeyfile=/etc/ssh/ssh_host_rsa_key.pub --list-keys --hash=md5
1 key
pub 1024/RSA (Encrypt or Sign) fcdd1c608bef4c4b 2008-08-11
Key fingerprint: e935 902d ebf1 76ba fcdd 1c60 8bef 4c4b
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>

% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
1024 e9:35:90:2d:eb:f1:76:ba:fc:dd:1c:60:8b:ef:4c:4b /etc/ssh/ssh_host_rsa_key.pub (RSA)
%

show more ...

Simplify and shorten the internals of packet processing by getting rid of
the intermediate pseudo-abstraction layer, which detracted from understanding
and had no benefit whatsoever. Rename some enum

Simplify and shorten the internals of packet processing by getting rid of
the intermediate pseudo-abstraction layer, which detracted from understanding
and had no benefit whatsoever. Rename some enums and some definitions.

show more ...

use hexdump() where possible.

get rid of all traces of dmalloc - it's not used anymore. we can now g/c
initialisation functions which do not do anything.

also get rid of the pkeyid() functions, whi

use hexdump() where possible.

get rid of all traces of dmalloc - it's not used anymore. we can now g/c
initialisation functions which do not do anything.

also get rid of the pkeyid() functions, which just prints a
hexadecimal string

show more ...

Fixes to make key generation work properly - duplicate the public key RSA
BIGNUM fields - part of long-standing bug inherited from openpgpsdk.

Part of the fix for PR 42435 from Jukka Ruohonen.

Also

Fixes to make key generation work properly - duplicate the public key RSA
BIGNUM fields - part of long-standing bug inherited from openpgpsdk.

Part of the fix for PR 42435 from Jukka Ruohonen.

Also pass the desired hash algorithm down, so that SHA1 is no longer
hardcoded.

show more ...

Update netpgp to version 1.99.20/20100304 - portability improvements, and bug fixes:

Changes to 1.99.20/20100304

+ move args to some functions around to be consistent
+ use uint*_t where appropr

Update netpgp to version 1.99.20/20100304 - portability improvements, and bug fixes:

Changes to 1.99.20/20100304

+ move args to some functions around to be consistent
+ use uint*_t where appropriate
+ fix bug in verify memory
+ add documentation to manual pages to show how to do combined
signing/encryption and decryption/verification
+ make verification of ascii-armoured memory work the same as binary
+ eliminate use of strdup(3), strcasecmp(3), and strptime(3). NetBSD/pkgsrc
PR 42922 applies - need to define _XOPEN_SOURCE and _BSD_SOURCE for
newer linux platforms with glibc 2.10.1. solved a bit differently, by
implementing strdup(3) and strcasecmp(3) independently, and using regexps
to avoid calling strptime(3).

show more ...

Changes to 1.99.16/20100205

+ minor simplifications to netpgp(1) internally
+ fix a bug in netpgp_verify_file where a non-existent file while listing
packets would cause a SIGSEGV
+ add duration a

Changes to 1.99.16/20100205

+ minor simplifications to netpgp(1) internally
+ fix a bug in netpgp_verify_file where a non-existent file while listing
packets would cause a SIGSEGV
+ add duration arg to netpgp(1), and check for validity when verifying
signatures
+ add birthtime arg to netpgp(1), and check for validity when verifying
signatures
+ add netpgp commands to print pubkey, if desired
+ allow the passphrase for the signature to be taken from --pass-fd
+ get rid of static indent value when printing packet contents
+ print signature validity times when verifying a file's signature

show more ...

Add the ability to use ssh host keys (on the fly) to provide RSA keys.

These keys can be used in the same way as normal PGP keys - to sign, verify,
encrypt and decrypt files and data.

% cp configu

Add the ability to use ssh host keys (on the fly) to provide RSA keys.

These keys can be used in the same way as normal PGP keys - to sign, verify,
encrypt and decrypt files and data.

% cp configure a
% sudo netpgp --ssh-keys --sign --userid 1e00404a a
Password:
pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11
Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a
% sudo chmod 644 a.gpg
% netpgp --ssh-keys --verify a.gpg
netpgp: default key set to "C0596823"
can't open '/etc/ssh/ssh_host_rsa_key'
Good signature for a.gpg made Fri Dec 4 23:04:36 2009
using RSA (Encrypt or Sign) key 040180871e00404a
pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11
Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>
% uname -a
NetBSD osx-vm1.crowthorne.alistaircrooks.co.uk 5.99.20 NetBSD 5.99.20 (ISCSI) #0: Wed Oct 7 17:16:33 PDT 2009 agc@osx-vm1.crowthorne.alistaircrooks.co.uk:/usr/obj/i386/usr/src/sys/arch/i386/compile/ISCSI i386
%

The ssh host keys do not need to be manipulated in any way - the information
is read from existing files.

show more ...

More checking of allocation return values where not already done.

Revamp hash initialisation to return a success/failure error code.

Document places where we prefer to continue with a NULL buffer,

More checking of allocation return values where not already done.

Revamp hash initialisation to return a success/failure error code.

Document places where we prefer to continue with a NULL buffer,
rather than silently continue with possibly erroneous results.

show more ...

More Flexelint cleanup from phk - many thanks! - low-hanging fruit for
just now.

CHANGES 1.99.10 -> 1.99.11

+ address keys array from 0 with unsigned indices
+ print results to io->res stream - default to stderr, and set using
netpgp_setvar(..., "results", filename)
+ __ops_key

CHANGES 1.99.10 -> 1.99.11

+ address keys array from 0 with unsigned indices
+ print results to io->res stream - default to stderr, and set using
netpgp_setvar(..., "results", filename)
+ __ops_keyid()'s third arg was always the size of the keyid array - no need
to pass it
+ get rid of the excessive type-checking in packet-show-cast.h, which wasn't
necessary, and fold all the show routines into packet-show.c
+ introduce a generic __ops_new() and use it for some structure allocation

show more ...

CHANGES 1.99.8 -> 1.99.9

+ make more use of __ops_io_t structure
+ addition of standalone, stripped-down netpgpverify utility
+ addition of test for --list-packets on an empty file
+ bring forward s

CHANGES 1.99.8 -> 1.99.9

+ make more use of __ops_io_t structure
+ addition of standalone, stripped-down netpgpverify utility
+ addition of test for --list-packets on an empty file
+ bring forward some simplifications from netpgpverify
+ some name changes
+ get rid of the increment and then decrement keycount around
accumulated data ("it's to do with counting")
+ then use unsigned integers for the size and counts for the
dynamic array of keys, and use the common dynamic array macros
for keys in a keyring
+ if it's a union, let's use it as a union, not a struct
+ modified documentation to correct the --list-packets command (sorry, ver)
+ add a new directory structure for both the distribution and the
reachover Makefiles. The autotest framework has been partially overhauled
but more TLC is needed here.
+ add a --pass-fd=n option so that external programs can provide the
passphrase on a file descriptor without going through the callback,
requested by joerg

show more ...

CHANGES 1.99.4 -> 1.99.5

+ Luke Mewburn completely overhauled the auto tools infrastructure
+ changed signature (hah!) of some netpgp file management prototypes to
use const char * for file names

CHANGES 1.99.4 -> 1.99.5

+ Luke Mewburn completely overhauled the auto tools infrastructure
+ changed signature (hah!) of some netpgp file management prototypes to
use const char * for file names and user ids, not char * - suggested by
christos
+ change some of the openpgpsdk display functions to return integer values,
and send those values back from the netpgp functions - suggested by
christos
+ rather than passing a shedload of variables to netpgp_init(), get rid
of them, and set variables using the netpgp_[gs]etvar() interface
+ replace some magic constants with descriptive names
+ use a netpgp variable to skip userid checks if necessary
+ add ability to allow coredumps via --coredumps if (a) you have taken
leave of your sanity, and (b) you have some magical persistent
storage which doesn't spare sectors, and (c) you know how to remove
a file securely
+ bumped library version on NetBSD to 1.0 for interface changes

show more ...

CHANGES 1.99.3 -> 1.99.4

+ get rid of some magic constants
+ revamped regression test script to count number of tests passed
+ made checkhash array in ops_seckey_t dynamic, rather than statically

CHANGES 1.99.3 -> 1.99.4

+ get rid of some magic constants
+ revamped regression test script to count number of tests passed
+ made checkhash array in ops_seckey_t dynamic, rather than statically
allocated
+ made mdc array dynamic, and added a length field to mdc for future use
+ revamped usage message to match reality
+ made portable version again for the autoconfed package sources
+ add separate netpgpdigest.h file so that separate digest sizes can be
used without having to include "packet.h" in everything

show more ...

CHANGES 1.0.0 -> 1.99.1

+ released and tagged version 1.0.0; development version now 1.99.1
+ get rid of some fields which are no longer needed
+ minor name changes
+ add mmapped field to ops_data_t

CHANGES 1.0.0 -> 1.99.1

+ released and tagged version 1.0.0; development version now 1.99.1
+ get rid of some fields which are no longer needed
+ minor name changes
+ add mmapped field to ops_data_t struct to denote that the array needs an
munmap(2) and not a free(3)
+ add an __ops_mem_readfile() function, and use it for reading files.
The function does mmap(2), and then falls back to read(2) if that fails.
Retire unused __ops_fileread() which had an unusual interface
+ drop sign_detached() from netpgp.c down into signature.c as
__ops_sign_detached()

show more ...