[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/06: squash! Add (guix openpgp).
|
From: |
guix-commits |
|
Subject: |
01/06: squash! Add (guix openpgp). |
|
Date: |
Sat, 2 May 2020 17:56:40 -0400 (EDT) |
civodul pushed a commit to branch wip-openpgp
in repository guix.
commit 9d23acf988e46ae9d8da2a8656f6ff56ce9802c0
Author: Ludovic Courtès <address@hidden>
AuthorDate: Sat May 2 22:28:42 2020 +0200
squash! Add (guix openpgp).
---
guix/openpgp.scm | 38 +++++++++++++-------------------------
1 file changed, 13 insertions(+), 25 deletions(-)
diff --git a/guix/openpgp.scm b/guix/openpgp.scm
index 1887504..dbf2e89 100644
--- a/guix/openpgp.scm
+++ b/guix/openpgp.scm
@@ -78,34 +78,22 @@
;;; Commentary:
;;;
-;;; Procedures for dealing with OpenPGP messages.
+;;; This module contains code to read OpenPGP messages as described in
+;;; <https://tools.ietf.org/html/rfc4880>, with extensions from
+;;; <https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-06> (notably
+;;; EdDSA support and extra signature sub-packets).
;;;
-;;; XXX: Currently only does enough to verify detached signatures of
-;;; binary data. Sanity checks on self-signatures, subkey binding
-;;; signatures, etc is left as an exercise for the program that manages
-;;; the keyring.
-;;;
-;;; 4880 OpenPGP Message Format. J. Callas, L. Donnerhacke, H. Finney, D.
-;;; Shaw, R. Thayer. November 2007. (Format: TXT=203706 bytes) (Obsoletes
-;;; RFC1991, RFC2440) (Updated by RFC5581) (Status: PROPOSED STANDARD)
-;;;
-;;; Each User ID on a public key has a self-signature made by the key.
-;;; Each subkey also has a self-signature that binds it to the primary
-;;; key, and a self-signature that binds the primary key to the subkey.
-;;;
-;;; See also <https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-06>
-;;; for extensions to RFC4880.
+;;; Currently this module does enough to verify detached signatures of binary
+;;; data. It does _not_ perform sanity checks on self-signatures, subkey
+;;; binding signatures, etc., among others. Use only in a context where this
+;;; limitations are acceptable!
;;;
;;; Code:
(define-syntax print
(syntax-rules ()
- #;
- ((_ . args) ; ;
- (begin ; ;
- (for-each display (list . args)) ; ;
- (newline)))
- ((_ . args) (values))))
+ ;; ((_ args ...) (pk 'openpgp args))
+ ((_ args ...) (values))))
(define-syntax-rule (define-alias new old)
(define-syntax new (identifier-syntax old)))
@@ -241,6 +229,8 @@ writes to PORT the value 42 as an 8-bit integer and the
value #x7777 as a
((null? names) (reverse bits))))
(define (openpgp-format-fingerprint bv)
+ "Return a string representing BV, a bytevector, in the conventional OpenPGP
+hexadecimal format for fingerprints."
(define (h i)
(string-pad (string-upcase
(number->string
@@ -582,9 +572,7 @@ the issuer's OpenPGP public key extracted from KEYRING."
(lookup-key-by-id keyring id))))
;; Find the primary key or subkey that made the signature.
(if key
- (begin
- (print "Signature made with key: " key)
- (check key sig))
+ (check key sig)
(values 'missing-key (or fingerprint id))))
(values 'unsupported-signature sig)))
- branch wip-openpgp updated (8916c2f -> c35ba4a), guix-commits, 2020/05/02
- 03/06: squash! git-authenticate: Load the list of authorized keys from the tree., guix-commits, 2020/05/02
- 05/06: doc: Document committer authorization., guix-commits, 2020/05/02
- 06/06: doc: Recommend against SHA1 OpenPGP signatures., guix-commits, 2020/05/02
- 04/06: openpgp: Raise error conditions instead of calling 'error'., guix-commits, 2020/05/02
- 02/06: squash! openpgp: 'lookup-key-by-{id, fingerprint}' return the key first., guix-commits, 2020/05/02
- 01/06: squash! Add (guix openpgp).,
guix-commits <=