This increases the versioned dependency on the cryptography module to
2.6, since that is the version that provides the necessary ed25519
functionality.
We also add a "pure" 25519 OpenPGP certificate for testing purposes.
Closes#221, #222, #247
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This increases the minimum versioned dependency on the cryptography
module to 2.5, where the necessary features are exposed.
We also add a mixed RSA + ECDH OepnPGP certificate for testing
purposes.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
All modern OpenPGP clients support SHA256, and it is still believed to
be cryptographically strong.
In the event that PGPy encounters a situation where it cannot
determine the correct hash algorithm to use, it was previously
throwing surprising exceptions.
With these changes, it should fall back instead to SHA-256.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Handling Elliptic Curve points in OpenPGP is weird enough that we
should try to encapsulate it.
Much of this code was borrowed from work done by rot42
<rot42@protonmail.com>
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
version 1.5 (released nearly 3 years ago, on 2016-08-26) introduced
sign() and verify() for all asymmetric algorithms.
Without this change, with modern versions of python-cryptography, we
see warnings like:
/usr/lib/python3/dist-packages/pgpy/packet/fields.py:1177: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
The version of python-cryptography in debian stretch (oldstable) is
1.7.1, for point of reference.
Python strings don't use \ to escape either * or !. So the
declarations here were adding to the list of warnings during the run
of the test suite.
Declaring them as raw (unescaped) strings keeps the warnings more quiet.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This makes it easier to use PGPy to work with OpenPGP certificates
where we don't have the secret part corresponding to some of the
public keys (e.g. stripped subkeys, subkeys on smartcards, etc).
Closes#255
- Add a `is_supported` property to symmetric ciphers and hash algorithms
in pgpy.constants.
At the moment, a hash algorithm is always supported.
A cipher algorithm is supported iff its .cipher is callable.
- When picking a preferred cipher from a preference list,
pick the first _supported_ one, instead of the first one.
- Check for `alg.is_supported` instead of `callable(alg.cipher)`
in pgpy.symenc._encrypt
It may not be obvious for users of the API that we can get the list of
revoker keys for a given key from the (private) _signature list, so
add a convenient accessor.
This is not really useful right now because it will raise a
NotImplementedError if any such signature is found, but will become
actually quite useful once #198 lands.
This is part of the process to make revocation checks easier in #225.
- added missed call to _compute.chksum in ECDSAPriv
- replaced all gpg wrapper fixtures in the unit test suite with gpg package
- moved test suite gnupghome location to tests/gnupghome
- Exposes the revocation signatures of the key(primary or sub).
> OpenPGP users may transfer public keys. The essential elements of a
> transferable public key are as follows:
>
> - One Public-Key packet
>
> - Zero or more revocation signatures
