- Reorganized the code a bit and split each of sigtool's
commands into a separate file.
- Added extra tests to validate verify's new capabilities
- Updated README
* update build script to use a diff go-root
* update tests.sh to use diff go-root
* move pflag to opencoff/pflag
* use common lib to parse string size..
- use HKDF for producing keys, nonces
- add running hmac of plaintext; sender-sign the hmac as trailer
- use header checksum as "salt" for data encryption keys, nonces
- generate explicit nonce for wrapping root keys for each recipient
(previous impl had brittleness)
* bugfix: use os.IsNotExist() instead of comparing errors for equality;
this fixes incorrect handling of missing authorized_keys file.
* move die() and warn() into die.go - and make them public functions.
* teach die.go to also provide atexit() like functionality
* teach all callers of sign.SafeFile{} to use AtExit() to delete
temporary artifacts
* symbol renaming: die->Die, warn->Warn.
* Added new SafeFile (io.WriteCloser) class + methods to atomically write a file.
* Teach core lib to use SafeFile for all file I/O
* Teach sigtool to use SafeFile for all file I/O
* Cleaned up the public interfaces of sign/ to be more coherent:
- with uniform APIs for marshaling, unmarshaling, serialization.
- removed KeyPair class/interface and stick to PrivateKey as the primary
interface.
* collected common rand utility functions into rand.go
* Teach sigtool to NOT overwrite existing output files (keys, signatures etc.)
* Teach sigtool to use a new --overwrite option for every command that creates
files (generate, sign, encrypt, decrypt)
* encrypt/decrypt will try to use the input file mode/perm where possible
(unless input is stdin).
* Added more tests
- removed spurious check in decrypt() against blocksize
- added additional tests for small sized blocks and inputs smaller than
the blocksize.
- updated README to capture dependencies (protobuf tools)
- aead nonce construction is efficient (replace last 8 bytes of salt
with encoded block# and chunk-size
- increase aead nonce size to 32 bytes
- refactor errors into a separate file
- update "build" to latest version
- updated README.
* Sender identity is never shared in the encrypted payload
* Sender signs the data-encryption key via Ed25519 if sender-auth is
desired; else a "signature" of all zeroes is used. In either case, this
signature is encrypted with the same data-encryption key.
* cleaned up stale code and updated tests
* all encryption now uses ephmeral curve25519 keys
* sender can identify themselves by providing a signing key
* sign/verify now uses a string prefix for calculating checksum of the
incoming message + known prefix [prevents us from verifying unknown
blobs]
* encrypt/decrypt key is now expanded with a known prefix _and_ the
header checksum
* protobuf definition changed to include an encrypted sender
identification blob (sender public key)
* moved protobuf files into an internal/pb directory
* general code rearrangement to make it easy to find files
* added extra validation for reading all keys
* bumped version to 1.0.0
* encrypted chunk header now encodes _only_ plain text length
* the AEAD tag length is implicitly added when reading/writing
* added better sanity checks for short blocks during decrypt
* io.ReadAtLeast() reports ErrUnexpectedEOF for less than a full chunk;
use this signal correctly
* major version bump to denote header incompatibility
* Refactored the private key protection to use standard AEAD
construction.
* Fix sanity check of decrypted block length to stay within verified
bounds
* Cleanup test harness to split into utility file (assert()); cleaned up
names of test functions.
* Fixed scrypt params to not take too long (N=2^19)
* Updated README with these changes
* Added support to read openssh public keys and encrypted private keys
* reworked private key handling
* made password the default; generating keys without password
requires explicit "--no-password"
