Devel

devel@lists.sequoia-pgp.org

72 discussions

Playing with the Python bindings
by Justus Winter 16 Mar '18

16 Mar '18

Hello :) I have been working on the foreign function interface, aka our C API. Instead of writing tests for that, I decided to write bindings for Python and testing that. This also gives me a feel for how complete and usable the C API is. And while there is no documentation yet, I have integrated it in our new build system and I invite you to try it out. Even if you are not into Python, it is a nice way to interactively play with Sequoia. To get it, either checkout the 'justus/python-3' branch or clone it using: % git clone -b justus/python-3 https://gitlab.com/sequoia-pgp/sequoia.git In addition to the build dependencies mentioned in 'README.md', you need python3-dev, python3-cffi (poke me if I missed any additional dependencies) and ipython3 (only for the nice interactive shell). Then do 'make', followed by: % make -Cffi/lang/python shell [... stuff...] IPython 5.5.0 -- An enhanced Interactive Python. ? -> Introduction and overview of IPython's features. %quickref -> Quick reference. help -> Python's own help system. object? -> Details about 'object', use 'object??' for extra details. In [1]: Wow, an interactive Python shell with all of Sequoias functionality already imported for you and a Context 'ctx' already created for your convenience is at your fingertips. Let's have some fun: In [1]: fp = Fingerprint.from_hex("D2F2C5D45BE9FDE6A4EE0AAF31855247603831FD") In [2]: keyid = fp.keyid() In [3]: tpk = KeyServer.sks_pool(ctx).get(keyid) In [4]: assert fp == tpk.fingerprint() In [5]: st = Store.open(ctx, "my awesome store") In [6]: st.import_("Justus' signing key", tpk) Out[6]: <sequoia.openpgp.TPK at 0x7fc5c0142780> In [7]: binding = st.lookup("Justus' signing key") In [8]: list(map(str, binding.log())) Out[8]: ["2018-03-16 13:10:10+00:00: org.sequoia-pgp.tests.interactive:my awesome store: New binding Justus' signing key -> 3185 5247 6038 31FD"] For more ideas you can look into ffi/lang/python/tests. Cheers, Justus

1 0

Symmetric decryption
by Neal H. Walfield 28 Feb '18

28 Feb '18

Hi, I'm pleased to report that I've just added support for decrypting SEIP packets as well as verifying MDC packets to Sequoia. See: https://gitlab.com/sequoia-pgp/sequoia/commit/e304deb0fc7a92801cf3ba58aafeb… Currently, there is only a low-level interface. The basic usage is more or less shown in the decryption unit test: https://gitlab.com/sequoia-pgp/sequoia/blob/e304deb0fc7a92801cf3ba58aafeb14… Basically, we create a packet parser as usual: let mut pp = PacketParserBuilder::from_file(&path).unwrap() .buffer_unread_content() .finalize() .expect(&format!("Error reading {}", filename)[..]) .expect("Empty message"); Then, we iterate over the message, and when we encounter a SEIP packet, we decrypt it: if let Packet::SEIP(_) = pp.packet { pp.decrypt(algo, &key[..]).unwrap(); } Now, if we recurse on the SEIP packet (pp.recurse() instead of pp.next()), we will iterate over the decrypted packets (otherwise the decrypted data will be stored in packet.body). When we encounter the MDC packet, we can check the hash as follows: if let Packet::MDC(mdc) = pp.packet { assert_eq!(mdc.computed_hash, mdc.hash); } Right now, it is up to the implementation to gather the SK-ESK and PK-ESK packets and extract the symmetric encryption algorithm and session key. When using a Message to parse a message all a once, it is currently not possible to decrypt the SEIP packets. Another current limitation has to do with the packet parser and not symmetric decryption per se: when a packet in the SEIP packet has an indefinite length (which is how GnuPG encodes the length of compressed data packets), Sequoia assumes that the remaining data belongs to packet with the indefinite length; if some data is unread, Sequoia just drops the data instead of looking for more packets. If someone is looking for a small project, consider adding a decrypt command to sq. :) Neal

1 0

2024

2023

2022

2021

2020

2019

2018

Devel