Hello everyone :)
I'd like to inform you about the recent progress on your favorite OpenPGP implementation. We've been quite busy in the last three weeks, and among various cleanups and bug fixes, we implemented the following features:
Our frontend gained a new subcommand, sq split, that recursively splits an OpenPGP message into packets that can easily be recombined with cat.
Sequoia now supports all ciphers specified in OpenPGP (RFC 4880 and RFC 4880bis) that are supported by our crypto library Nettle, namely TripleDES, Blowfish, AES128, AES192, AES256, Twofish, Camellia128, Camellia192, and Camellia256.
Our handling of multi-precision integers changed substantially. Previously, we used plain vectors of MPIs, now we have a sum type that is aware of the kind of data we expect, e.g. whether we have an RSA public key with two MPIs, e and n, or an ECDSA public key with a Curve OID and an MPI q containing the encoded point on the curve.
Sequoia now supports verification of DSA signatures, ECDSA signatures using the NIST curves specified in RFC 6637, and EdDSA using Ed25519.
Sequoia gained a new type for an OpenPGP message as defined in RFC 4880, section 11.3. The previous message type, which was just a sequence of OpenPGP packets, was renamed to PacketPile to better reflect its unstructured nature.
Sequoia now supports encrypting and decrypting of PKESKs using RSA and ECDH/Cv25519. Support for other curves needs a bit more support from our crypto library.
The openpgp crate can now be built without compression support, reducing the trusted computing base in case compression is not needed, and making fuzzing of the openpgp crate easier, as the fuzzer can no longer generate compression bombs.
Casual fuzzing of the parser revealed all the places where we cut corners, as well a real bug (index out of bounds) when parsing an MPI of length 0.
Cheers, Justus
You're my heros ;-)
Neal delivered a short lecture about Sequoia yesterday in our dev meeting. You're just doing a great job!
Yours, VB.