As per RFC 4880 13.2, "Since TripleDES is the MUST-implement algorithm,
if it is not explicitly in the list, it is tacitly at the end."
Some keys in the wild do not have it explicitly in the list, so put it
there as a default.
According to RFC 4880, 'an implementation MAY dash-escape any line,
SHOULD dash-escape lines commencing "From" followed by a space [...]'.
Therefore it is necessary to unescape all lines starting with dash-space
sequences, and not just these that have a dash following this sequence.
Fixes#341
Signed-off-by: Michał Górny <mgorny@gentoo.org>
There were issues in trying to do CPU tuning (see #279 and #157 for
examples).
The simpler approach, given the capacity of modern hardware and the
antiquity of OpenPGP's S2K parameters, is just to always use the
maximum S2K settings. This also saves us some CPU from running
calibration steps.
This commit also drops the test for #157 entirely, because that test
embeds assumptions about the way that calibration is done that are no
longer true.
If this is merged, we should close#279 without merging it.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
When the Signature Creation Time was supplied to the signing function,
we were ignoring the fact that it might have a different timezone than
UTC. But the stored timestamp is supposed to always be in UTC, so it
should roundtrip correctly.
This includes a test to ensure that we don't end up with a regression.
Closes: #291
Some older versions of the python bindings for GPGME produce python
objects that reference the underlying gpg.Context objects.
When a gpg.Context is used in a "with" clause, it is disposed of at
the end, and any resulting objects that reference that context object
are dangling.
This doesn't seem to be a problem with gpgme 1.13.1 (the current
version), but i was seeing segfaults in the PGPy test suite when used
with gpgme 1.12.0 :(
These fixes should make PGPy's test suite more robust against this
kind of failure.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- first pass super basic integration test separation
- BCPG decryption tests now pass so removed XFAIL marker
- remove unused imports
- added some warning filtering to reduce noise
This increases the versioned dependency on the cryptography module to
2.6, since that is the version that provides the necessary ed25519
functionality.
We also add a "pure" 25519 OpenPGP certificate for testing purposes.
Closes#221, #222, #247
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This increases the minimum versioned dependency on the cryptography
module to 2.5, where the necessary features are exposed.
We also add a mixed RSA + ECDH OepnPGP certificate for testing
purposes.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
version 1.5 (released nearly 3 years ago, on 2016-08-26) introduced
sign() and verify() for all asymmetric algorithms.
Without this change, with modern versions of python-cryptography, we
see warnings like:
/usr/lib/python3/dist-packages/pgpy/packet/fields.py:1177: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
The version of python-cryptography in debian stretch (oldstable) is
1.7.1, for point of reference.
Python strings don't use \ to escape either * or !. So the
declarations here were adding to the list of warnings during the run
of the test suite.
Declaring them as raw (unescaped) strings keeps the warnings more quiet.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- added missed call to _compute.chksum in ECDSAPriv
- replaced all gpg wrapper fixtures in the unit test suite with gpg package
- moved test suite gnupghome location to tests/gnupghome
- test verifying a signature with the wrong key
- test verifying an invalid signature (wrong or modified subject) - closes#44
- cleaned up test_reg_bug_56
incremental update to test_reg_bug_56 to begin transitioning into using PGPKey and PGPSignature instead of directly using the packets and TempExportableSig
added stub property __key__ to PGPKey
[skip ci]
- store key parts as integers #94
- private MPI classes now also store the public key fields - #92
- do the work to set up the Cryptography public/private key objects. Private key field objects can also return public key objects, so this is part of what is needed for #92
- updated unit tests to work with the refactored code
