Skip to content

Commit

Permalink
Drop Store, use callback functions
Browse files Browse the repository at this point in the history
This PR drops the Cert-D integration through Store object.

I has been problematic for several small reasons: it's not possible to
lookup by subkey fingerprints (the test was broken due to the primary
key being `CS`).

Instead of that ask the client to supply a get_certs callback function
and let them plug their own lookup mechanisms (either through local
storage, keyservers, or any other means).

Signed-off-by: Wiktor Kwapisiewicz <[email protected]>
  • Loading branch information
wiktor-k committed Mar 18, 2024
1 parent b5d2345 commit 11c4f2a
Show file tree
Hide file tree
Showing 7 changed files with 21 additions and 155 deletions.
46 changes: 0 additions & 46 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ hex = "0.4.3"
once_cell = "1.18"
openpgp-card = "0.4.0"
openpgp-card-sequoia = { version = "0.2.0", default-features = false }
openpgp-cert-d = "0.1"
pyo3 = { version = "0.20", features = ["extension-module", "anyhow", "chrono"] }
sequoia-openpgp = { version = "1.17", default-features = false, features = ["compression"] }
testresult = "0.3"
Expand Down
7 changes: 5 additions & 2 deletions NEXT.md
Original file line number Diff line number Diff line change
@@ -1,11 +1,14 @@
# Next version changes
## This file contains changes that will be included in the next version that is released
v0.1.22
v0.1.23

New:
- `verify` - rudimentary support for verifying and extracting signed data.

Changed:
- `verify` now accepts a callback for supplying signing certificates ([#20])

Removed:
- `Store` and the Cert-D has been removed ([#20]) due to confusing semantics

[#20]: https://github.com/wiktor-k/pysequoia/pull/20
### git tag --edit -s -F NEXT.md v...
43 changes: 6 additions & 37 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -128,17 +128,18 @@ assert "PGP MESSAGE" in str(signed)
Verifies signed data and returns verified data:

```python
from pysequoia import Store, verify
from pysequoia import verify

# sign some data
signing_key = Cert.from_file("signing-key.asc")
signed = sign(s.secrets.signer(), "data to be signed".encode("utf8"))

# verify the data
store = Store("/tmp/store")
store.put(signing_key)
def get_certs(key_ids):
print(f"For verification, we need these keys: {key_ids}")
return [signing_key]

result = verify(signed, store)
# verify the data
result = verify(signed, get_certs)
assert result.bytes.decode("utf8") == "data to be signed"
```

Expand Down Expand Up @@ -230,7 +231,6 @@ Merges packets from a new version into an old version of a certificate:
old = Cert.from_file("wiktor.asc")
new = Cert.from_file("wiktor-fresh.asc")
merged = old.merge(new)
print(f"Merged, updated cert: {merged}")
```

### User IDs
Expand Down Expand Up @@ -386,37 +386,6 @@ private_parts = Cert.from_bytes(f"{c.secrets}".encode("utf8"))
assert private_parts.has_secret_keys
```

## Certificate management

### CertD integration

This library exposes [OpenPGP Certificate Directory][CERT-D]
integration, which allows storing and retrieving OpenPGP certificates
in a persistent way directly in the file system.

Note that this will *not* allow you to read GnuPG-specific key
directories. Cert-D [does not allow certificate removal][NO-REMOV].

[CERT-D]: https://sequoia-pgp.gitlab.io/pgp-cert-d/
[NO-REMOV]: https://gitlab.com/sequoia-pgp/pgp-cert-d/-/issues/33

```python
from pysequoia import Store

cert = Cert.from_file("wiktor.asc")
s = Store("/tmp/store")
s.put(cert)
assert s.get(cert.fingerprint) != None
```

The certificate is now stored in the given directory and can be
retrieved later by its fingerprint:

```python
s = Store("/tmp/store")
assert s.get("653909a2f0e37c106f5faf546c8857e0d8e8f074") != None
```

## OpenPGP Cards

There's an experimental feature allowing communication with OpenPGP
Expand Down
2 changes: 0 additions & 2 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ mod notation;
mod sign;
mod signature;
mod signer;
mod store;
mod user_id;
mod verify;

Expand Down Expand Up @@ -51,7 +50,6 @@ impl Decrypted {
#[pymodule]
fn pysequoia(_py: Python, m: &PyModule) -> PyResult<()> {
m.add_class::<cert::Cert>()?;
m.add_class::<store::Store>()?;
m.add_class::<card::Card>()?;
m.add_class::<notation::Notation>()?;
m.add_function(wrap_pyfunction!(sign::sign, m)?)?;
Expand Down
58 changes: 0 additions & 58 deletions src/store.rs

This file was deleted.

19 changes: 10 additions & 9 deletions src/verify.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,10 @@ use openpgp::{parse::stream::*, policy::StandardPolicy};
use pyo3::prelude::*;
use sequoia_openpgp as openpgp;

use crate::store::Store;
use crate::Decrypted;

#[pyfunction]
pub fn verify(bytes: &[u8], store: &Store) -> PyResult<Decrypted> {
pub fn verify(bytes: &[u8], store: Py<PyAny>) -> PyResult<Decrypted> {
let helper = PyVerifier { store };

let policy = &StandardPolicy::new();
Expand All @@ -20,17 +19,19 @@ pub fn verify(bytes: &[u8], store: &Store) -> PyResult<Decrypted> {
Ok(Decrypted { content: sink })
}

struct PyVerifier<'a> {
store: &'a Store,
struct PyVerifier {
store: Py<PyAny>,
}

impl VerificationHelper for PyVerifier<'_> {
impl VerificationHelper for PyVerifier {
fn get_certs(&mut self, ids: &[openpgp::KeyHandle]) -> openpgp::Result<Vec<openpgp::Cert>> {
let mut certs = vec![];
for id in ids {
if let Some(cert) = self.store.get(id.to_string())? {
certs.push(cert.cert().clone());
}
let result: Vec<crate::cert::Cert> = Python::with_gil(|py| {
let str_ids = ids.iter().map(|x| x.to_hex()).collect::<Vec<_>>();
self.store.call1(py, (str_ids,))?.extract(py)
})?;
for cert in result.into_iter() {
certs.push(cert.cert().clone());
}
Ok(certs)
}
Expand Down

0 comments on commit 11c4f2a

Please sign in to comment.