gosop
gosop copied to clipboard
ProtonMail
please implement a newer version of sop
the sop spec has been improved. at least these three significant changes as of draft -04:
- three new subcommands related to inline-signed (but not encrypted) documents (including the cleartext signing framework)
versiontakes--backendand--extendedoptions- handling password-locked key material
it would be great for gosop to support these changes.
f2dd39284cc736de958c20252b43ad472d8622a4 implements gosop version --backend/--extended, the others are to be done still :)
If you're trying to prioritize the new subcommands, i recommend prioritizing inline-verify as it will enable using gosop to run the tie-breaker script used in the recent keys.openpgp.org board election.
if you implement inline-sign and inline-verify then that would enable the use of gosop in upcoming versions of dpkg
Thanks for the suggestion! Would it already be useful if we start with only implementing signing and verifying clearsigned messages? That would be easiest :)
Sure, that'd be a great start. Just make sure that you produce an error if the user invokes inline-sign without --as=clearsigned, if that's the only form it knows how to produce ☺ The default for inline-signed --as= should be binary even if it's not implemented.
Hey :wave: Signing and verifying clearsigned messages is actually implemented now :) Support for regular inline signed messages is in progress, as well.
Thanks for working on this! I locally added gosop support into the SOP backend in dpkg, but it is still failing due to at least the Armor Headers issue I filed, the 8-bit handling and the missing non-clearsigned support.
WIP see: https://github.com/ProtonMail/gosop/issues/19#issuecomment-1619912468.
I'm closing this ticket as it's pretty broad (the sop spec continues to evolve), and more targeted tickets are probably more useful for specific commentary.