craftin/PGPy-3_13_patch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d80ec776da04aa70901d9e96590b4bd5c090f227
PGPy-3_13_patch/docs/source/progress.rst
Michael Greene df926e19e4 documentation 
[skip ci]
2017-03-20 10:13:58 -07:00

294 lines
13 KiB
ReStructuredText
Raw Blame History

*******************************
OpenPGP Implementation Progress
*******************************
OpenPGP RFCs
============
PGPy is focused on eventually reaching complete OpenPGP implementation, adhering to the base OpenPGP message format specification, and its extension RFCs.
.. progress:: RFC 4880
:text: PGPy is currently focused on achieving :rfc:`4880` compliance for OpenPGP, which is the latest complete OpenPGP Message Format specification. It supersedes RFC 1991 and RFC 2440.
:Versioned Packets, v1:
- Tag 18, True, Symetrically Encrypted and Integrity Protected Data Packet
:Versioned Packets, v3:
- Tag 1, True, Public-Key Encrypted Session Key Packets
- Tag 2, False, Signature Packet
- Tag 4, True, One-Pass Signature Packet
- Tag 5, False, Secret-Key Packet
- Tag 6, False, Public-Key Packet
- Tag 7, False, Secret-Subkey Packet
- Tag 14, False, Public-SubKey Packet
:Versioned Packets, v4:
- Tag 2, True, Signature Packet
- Tag 3, True, Symmetric-Key Encrypted Session Key Packet
- Tag 5, True, Secret-Key Packet
- Tag 6, True, Public-Key Packet
- Tag 7, True, Secret-Subkey Packet
- Tag 14, True, Public-SubKey Packet
:Unversioned Packets:
- Tag 8, True, Compressed Data Packet
- Tag 9, True, Symetrically Encrypted Data Packet
- Tag 10, True, Marker Packet
- Tag 11, True, Literal Data Packet
- Tag 12, True, Trust Packet
- Tag 13, True, User ID Packet
- Tag 17, True, User Attribute Packet
- Tag 19, True, Modification Detection Code Packet
:Signature Subpackets:
- 0x02, True, Signature Creation Time
- 0x03, True, Signature Expiration Time
- 0x04, True, Exportable Certification
- 0x05, True, Trust Signature
- 0x06, True, Regular Expression
- 0x07, True, Revocable
- 0x09, True, Key Expiration Time
- 0x0B, True, Preferred Symmetric Algorithms
- 0x0C, True, Revocation Key
- 0x10, True, Issuer
- 0x14, True, Notation Data
- 0x15, True, Preferred Hash Algorithms
- 0x16, True, Preferred Compression Algorithms
- 0x17, True, Key Server Preferences
- 0x18, True, Preferred Key Server
- 0x19, True, Primary User ID
- 0x1A, True, Policy URI
- 0x1B, True, Key Flags
- 0x1C, True, Signer's User ID
- 0x1D, True, Reason For Revocation
- 0x1E, True, Features
- 0x1F, False, Signature Target
- 0x20, True, Embedded Signature
:User Attribute Subpackets:
- 0x01, True, Image
:Storage Formats:
- ASCII, True, ASCII armored PGP blocks
- binary, True, binary PGP packets
- GPG, True, GPG <= 2.0.x keyrings
- KBX, False, GPG >= 2.1.x keyboxes
:Other Sources:
- Retrieve, False, Retrieve from HKP key servers
- Upload, False, Submit to HKP key servers
:Key Types:
- RSA, True, RSA
- DSA, True, DSA
- ElGamal, True, ElGamal
:Key Actions:
- Protect, True, Protect private keys encryped with CAST5
- Protect, True, Protect private keys encryped with Blowfish
- Protect, True, Protect private keys encryped with AES
- Protect, False, Protect private keys encryped with Twofish
- Unprotect, True, Unprotect private keys encrypted with IDEA*
- Unprotect, True, Unprotect private keys encrypted with Triple-DES
- Unprotect, True, Unprotect private keys encrypted with CAST5
- Unprotect, True, Unprotect private keys encrypted with Blowfish
- Unprotect, True, Unprotect private keys encrypted with AES
- Unprotect, False, Unprotect private keys encrypted with Twofish
:RSA Key Actions:
- Load, True, Load Keys
- Generate, True, Generate Keys
- Generate, True, Generate Subkeys
- Sign, True, Generate detached signatures of binary documents
- Sign, True, Generate inline signatures of canonical documents
- Sign, True, Sign messages
- Sign, True, Sign keys
- Sign, True, Certify User IDs
- Sign, True, Certify User Attributes
- Sign, True, Generate key binding signatures
- Sign, True, Revoke certifications
- Sign, True, Revoke keys
- Sign, True, Revoke subkeys
- Sign, True, Generate timestamp signatures
- Sign, True, Generate standalone signatures
- Sign, False, Generate third party confirmation signatures
- Verify, True, Verify detached signatures
- Verify, True, Verify inline signatures of canonical documents
- Verify, True, Verify messages
- Verify, True, Verify key signatures
- Verify, True, Verify User ID certification signatures
- Verify, True, Verify User Attribute certification signatures
- Verify, True, Verify key binding signatures
- Verify, True, Verify key revocation signatures
- Verify, True, Verify subkey revocation signatures
- Verify, True, Verify certification revocation signatures
- Verify, True, Verify timestamp signatures
- Verify, True, Verify standalone signatures
- Verify, False, Verify third party confirmation signatures
- Revocation, True, Designate Revocation Key
- Revocation, True, Revoke (Sub)Key with Self Signature
- Revocation, False, Revoke (Sub)Key using Designated Revocation Key
- Encryption, True, Encrypt data/messages
- Decryption, True, Decrypt data/messages
:DSA Key Actions:
- Load, True, Load Keys
- Generate, True, Generate Keys
- Generate, True, Generate Subkeys
- Sign, True, Generate detached signatures of binary documents
- Sign, True, Generate inline signatures of canonical documents
- Sign, True, One-Pass Sign messages
- Sign, True, Sign messages
- Sign, True, Sign keys
- Sign, True, Certify User IDs
- Sign, True, Certify User Attributes
- Sign, True, Generate key binding signatures
- Sign, True, Revoke certifications
- Sign, True, Revoke keys
- Sign, True, Revoke subkeys
- Sign, True, Generate timestamp signatures
- Sign, True, Generate standalone signatures
- Sign, False, Generate third party confirmation signatures
- Verify, True, Verify detached signatures
- Verify, True, Verify inline signatures of canonical documents
- Verify, True, Verify messages
- Verify, True, Verify key signatures
- Verify, True, Verify User ID certification signatures
- Verify, True, Verify User Attribute certification signatures
- Verify, True, Verify key binding signatures
- Verify, True, Verify key revocation signatures
- Verify, True, Verify subkey revocation signatures
- Verify, True, Verify certification revocation signatures
- Verify, True, Verify timestamp signatures
- Verify, True, Verify standalone signatures
- Verify, False, Verify third party confirmation signatures
- Revocation, True, Designate Revocation Key
- Revocation, True, Revoke (Sub)Key with Self Signature
- Revocation, False, Revoke (Sub)Key using Designated Revocation Key
:ElGamal Key Actions:
- Load, True, Load Keys
- Generate, False, Generate Keys
- Generate, False, Generate Subkeys
- Encryption, False, Encrypt data/messages
- Decryption, False, Decrypt data/messages
:Other Actions:
- Encryption, True, Encrypt data/messages using symmetric ciphers with passphrases
- Decryption, True, Decrypt data/messages using symmetric ciphers with passphrases
.. progress:: RFC 4398
:text: :rfc:`4398` covers publishing and retrieving PGP public keys via DNS CERT records.
:Key Sources:
- DNS CERT, False, Look up and retrieve keys stored in Content-based DNS CERT records
- DNS CERT, False, Look up and retrieve keys stored in Purpose-based DNS CERT records
.. progress:: RFC 5581
:text: :rfc:`5581` extends RFC 4880 to officially add support for the Camellia cipher
:Actions:
- Encryption, True, Camellia*
- Decryption, True, Camellia*
.. progress:: RFC 6637
:text: :rfc:`6637` extends OpenPGP to officially add support for elliptic curve cryptography
:Key Types:
- ECDH, True, Elliptic Curve Diffie-Hellman
- ECDSA, True, Elliptic Curve Digital Signature Algorithm
:Curves:
- Curve, True, NIST P-256
- Curve, True, NIST P-386
- Curve, True, NIST P-521
:ECDH Key Actions:
- Load, True, Load Keys
- Generate, True, Generate Keys
- Generate, True, Generate Subkeys
- KDF, True, Encode KDF data for encryption
- KDF, True, Decode KDF data for decryption
:ECDSA Key Actions:
- Load, True, Load Keys
- Generate, True, Generate Keys
- Generate, True, Generate Subkeys
- Sign, True, Generate detached signatures of binary documents
- Sign, True, Generate inline signatures of canonical documents
- Sign, True, One-Pass Sign messages
- Sign, True, Sign messages
- Sign, True, Sign keys
- Sign, True, Certify User IDs
- Sign, True, Certify User Attributes
- Sign, True, Generate key binding signatures
- Sign, True, Revoke certifications
- Sign, True, Revoke keys
- Sign, True, Revoke subkeys
- Sign, True, Generate timestamp signatures
- Sign, True, Generate standalone signatures
- Sign, False, Generate third party confirmation signatures
- Verify, True, Verify detached signatures
- Verify, True, Verify inline signatures of canonical documents
- Verify, True, Verify messages
- Verify, True, Verify key signatures
- Verify, True, Verify Use r ID certification signatures
- Verify, True, Verify User Attribute certification signatures
- Verify, True, Verify key binding signatures
- Verify, True, Verify key revocation signatures
- Verify, True, Verify subkey revocation signatures
- Verify, True, Verify certification revocation signatures
- Verify, True, Verify timestamp signatures
- Verify, True, Verify standalone signatures
- Verify, False, Verify third party confirmation signatures
- Revocation, True, Designate Revocation Key
- Revocation, True, Revoke (Sub)Key with Self Signature
- Revocation, False, Revoke (Sub)Key using Designated Revocation Key
Non-RFC Extensions
==================
This section covers things that are considered extensions to PGP, but are not codified in the form of an RFC.
.. progress:: DNS PKA
:text: Publishing OpenPGP keys in DNS
:Other Sources:
- DNS PKA, False, Look up and retrieve keys stored in DNS PKA records.
.. progress:: OpenPGP HTTP Keyserver Protocol (HKP)
:text: The protocol is specified in `Marc Horowitz's thesis paper`_, and an expired RFC draft by David Shaw, `draft-shaw-openpgp-hkp-00`_.
:HKP:
- HKP, False, Look up and retrieve keys from key server
- HKP, False, Send keys to key server
.. progress:: EdDSA for OpenPGP
:text: Use of Ed25519 with ECDSA and ECDH in OpenPGP is currently specified in an in-progress RFC draft by Werner Koch, `draft-koch-eddsa-for-openpgp`_.
:Curves:
- Curve, False, Ed25519
.. progress:: Additional Curves for OpenPGP
:text: Some additional curves that can be used with ECDSA/ECDH that are not explicitly called out in :rfc:`6637`, but have standardized OIDs and are implemented in other software.
:Curves:
- Curve, True, Brainpool P-256
- Curve, True, Brainpool P-384
- Curve, True, Brainpool P-512
- Curve, False, Curve25519
- Curve, True, SECP256K1
.. note:: Use of Brainpool curves with ECDSA/ECDH
Although these curves are not explicitly mentioned in an RFC for OpenPGP at this point, GnuPG 2.1.x+ does support using them, so I have included them here as well.
\* Cipher availability depends on the currently installed OpenSSL being compiled with support for it
.. _`Marc Horowitz's thesis paper`: http://www.mit.edu/afs/net.mit.edu/project/pks/thesis/paper/thesis.html
.. _`draft-shaw-openpgp-hkp-00`: https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
.. _`draft-koch-eddsa-for-openpgp`: https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04
Reference in New Issue View Git Blame Copy Permalink