Hello :)
I have been working on the foreign function interface, aka our C API.
Instead of writing tests for that, I decided to write bindings for
Python and testing that. This also gives me a feel for how complete and
usable the C API is.
And while there is no documentation yet, I have integrated it in our new
build system and I invite you to try it out. Even if you are not into
Python, it is a nice way to interactively play with Sequoia.
To get it, either checkout the 'justus/python-3' branch or clone it
using:
% git clone -b justus/python-3 https://gitlab.com/sequoia-pgp/sequoia.git
In addition to the build dependencies mentioned in 'README.md', you need
python3-dev, python3-cffi (poke me if I missed any additional
dependencies) and ipython3 (only for the nice interactive shell).
Then do 'make', followed by:
% make -Cffi/lang/python shell
[... stuff...]
IPython 5.5.0 -- An enhanced Interactive Python.
? -> Introduction and overview of IPython's features.
%quickref -> Quick reference.
help -> Python's own help system.
object? -> Details about 'object', use 'object??' for extra details.
In [1]:
Wow, an interactive Python shell with all of Sequoias functionality
already imported for you and a Context 'ctx' already created for your
convenience is at your fingertips. Let's have some fun:
In [1]: fp = Fingerprint.from_hex("D2F2C5D45BE9FDE6A4EE0AAF31855247603831FD")
In [2]: keyid = fp.keyid()
In [3]: tpk = KeyServer.sks_pool(ctx).get(keyid)
In [4]: assert fp == tpk.fingerprint()
In [5]: st = Store.open(ctx, "my awesome store")
In [6]: st.import_("Justus' signing key", tpk)
Out[6]: <sequoia.openpgp.TPK at 0x7fc5c0142780>
In [7]: binding = st.lookup("Justus' signing key")
In [8]: list(map(str, binding.log()))
Out[8]: ["2018-03-16 13:10:10+00:00: org.sequoia-pgp.tests.interactive:my awesome store: New binding Justus' signing key -> 3185 5247 6038 31FD"]
For more ideas you can look into ffi/lang/python/tests.
Cheers,
Justus
Hi,
I'm pleased to report that I've just added support for decrypting SEIP
packets as well as verifying MDC packets to Sequoia. See:
https://gitlab.com/sequoia-pgp/sequoia/commit/e304deb0fc7a92801cf3ba58aafeb…
Currently, there is only a low-level interface. The basic usage is
more or less shown in the decryption unit test:
https://gitlab.com/sequoia-pgp/sequoia/blob/e304deb0fc7a92801cf3ba58aafeb14…
Basically, we create a packet parser as usual:
let mut pp = PacketParserBuilder::from_file(&path).unwrap()
.buffer_unread_content()
.finalize()
.expect(&format!("Error reading {}", filename)[..])
.expect("Empty message");
Then, we iterate over the message, and when we encounter a SEIP
packet, we decrypt it:
if let Packet::SEIP(_) = pp.packet {
pp.decrypt(algo, &key[..]).unwrap();
}
Now, if we recurse on the SEIP packet (pp.recurse() instead of
pp.next()), we will iterate over the decrypted packets (otherwise the
decrypted data will be stored in packet.body).
When we encounter the MDC packet, we can check the hash as follows:
if let Packet::MDC(mdc) = pp.packet {
assert_eq!(mdc.computed_hash, mdc.hash);
}
Right now, it is up to the implementation to gather the SK-ESK and
PK-ESK packets and extract the symmetric encryption algorithm and
session key.
When using a Message to parse a message all a once, it is currently
not possible to decrypt the SEIP packets.
Another current limitation has to do with the packet parser and not
symmetric decryption per se: when a packet in the SEIP packet has an
indefinite length (which is how GnuPG encodes the length of compressed
data packets), Sequoia assumes that the remaining data belongs to
packet with the indefinite length; if some data is unread, Sequoia
just drops the data instead of looking for more packets.
If someone is looking for a small project, consider adding a decrypt
command to sq.
:) Neal