Heiko Schaefer
Heiko Schaefer
For the low level cryptographic operations, I see one (multifaceted) concern that needs to be addressed somehow: Authorization on the device. In some cases, a password needs to be provided...
Based on the changes done a few months back, hardware security devices are now usable with rPGP: For example, there is now https://codeberg.org/openpgp-card/rpgp, which offers [openpgp-card](https://crates.io/crates/openpgp-card) support for use with...
As the issue starter, I think closing is appropriate. My goal was to be able to implement https://crates.io/crates/openpgp-card-rpgp, and that's now done. If we feel the urge to do more...
Let's walk through this step by step # Making an example key First, we'll make an example OpenPGP "private key" using the [rsop](https://crates.io/crates/rsop) tool (it doesn't matter where the private...
OpenPGP signature hashes consist not only of the hashed payload of the signed data. The hash digests also include PGP framing data. See https://www.rfc-editor.org/rfc/rfc4880#section-5.2.3: > "The concatenation of the data...
Cleartext signatures are a mechanism that applies to text files (see https://openpgp.dev/book/signing_data.html#cleartext-signatures for some details). I don't think they can be used with a pdf? Maybe a detached signature is...
An update: p521 is now available for use with ecdsa via #304. The current 0.6 versions of bp256 and bp384 seem tricky/not ready to use in rpgp. Seems to me...
nist p curves for ecdh are added in https://github.com/rpgp/rpgp/pull/351.
There are implementations of all three mechanisms in RustCrypto by now: https://crates.io/crates/sm2/ https://crates.io/crates/sm3/ https://crates.io/crates/sm4/ However, it seems that the RustCrypto implementation of sm2 is still missing support for the SM2...
Expiration time (and other metadata) in OpenPGP is updated when the key holder issues new self-signatures. The new self-signatures replace the previous metadata. See https://openpgp.dev/book/signing_components.html#adding-global-metadata-to-a-certificate for rough pointers. Note that...