https://git.schokokeks.org/derivepassphrase.git/tree/269369a694a74c6d509755f82b32407cfcc32420 Recent commits feed provided by GitList. https://git.schokokeks.org/derivepassphrase.git/commit/269369a694a74c6d509755f82b32407cfcc32420 software@the13thletter.info (Marco Ricci) Sun, 03 Aug 2025 21:47:37 +0200 269369a694a74c6d509755f82b32407cfcc32420 * fix-version-number: Fix the automatic version increment in `__init__.py` https://git.schokokeks.org/derivepassphrase.git/commit/af222512798d18348bd27f5a75b2c378ff204c40 software@the13thletter.info (Marco Ricci) Sun, 03 Aug 2025 20:45:36 +0200 af222512798d18348bd27f5a75b2c378ff204c40 Despite using software (`bump-my-version`) to automatically update all version number references throughout the project, I forgot to include a rule to update the version recorded in the code itself: `derivepassphrase/__init__.py:__version__`. Thus, version 0.5 and version 0.5.1 have been released while both claiming to be version "0.5 alpha 1 (development build 1)". Oops. https://git.schokokeks.org/derivepassphrase.git/commit/bf55246b94b88068d589977aada6ce60c80dbec5 software@the13thletter.info (Marco Ricci) Sun, 03 Aug 2025 20:45:21 +0200 bf55246b94b88068d589977aada6ce60c80dbec5 * pageant-068-080-keys: Add a script to query test key signatures and derived passphrases from an agent Add Pageant 0.68–0.80 signatures and derived passphrases for DSA keys Harmonize syntax for the test key definitions https://git.schokokeks.org/derivepassphrase.git/commit/608a84da61fabd375cf2859d21acfdb5d5f4b607 software@the13thletter.info (Marco Ricci) Sun, 03 Aug 2025 20:20:55 +0200 608a84da61fabd375cf2859d21acfdb5d5f4b607 The script attempts to upload each test key to the running SSH agent, then queries the agent for the signature of the `vault` UUID and computes the derived passphrase. If that works, then it prints the test key, augmented by the new signature and new derived passphrase, in a `repr`-compatible representation that could principally directly be included into the `tests` module. (The real code in the `tests` module basically only differs in whitespace: the hex codes that make up the signatures and the key data are wrapped manually, in a manner that highlights their structure but which is difficult/tedious to produce automatically.) The script has only been tested on UNIX, and because it imports the `tests` module directly, it should be run in a compatible environment, e.g., the `hatch-static-analysis` environment. https://git.schokokeks.org/derivepassphrase.git/commit/07abfb9a325939fbb8f06378b1819bbfe0cf171a software@the13thletter.info (Marco Ricci) Sun, 03 Aug 2025 20:07:56 +0200 07abfb9a325939fbb8f06378b1819bbfe0cf171a I generated these signatures and derived passphrases against a manually compiled instance of Pageant 0.80. (Because, as already hinted at in d2bb555fd898d63b413b37dc2bd1374d82daeffe, it is somewhat hard to obtain pre-compiled versions of Pageant with a known security hole. It turned out to be much easier to compile Pageant ourselves than to find an unpatched PuTTY distribution.) (These test vectors are not actually in active use yet.) https://git.schokokeks.org/derivepassphrase.git/commit/ea2c3cb5d4ca09932f947922c91baaa906daeb25 software@the13thletter.info (Marco Ricci) Sun, 03 Aug 2025 19:59:19 +0200 ea2c3cb5d4ca09932f947922c91baaa906daeb25 No functional change. But harmonizing the syntax makes it easier to compare machine-generated output with the recorded test vectors for the test keys. https://git.schokokeks.org/derivepassphrase.git/commit/10f92193e28b82f843b2ae027cee89935548e842 software@the13thletter.info (Marco Ricci) Sun, 03 Aug 2025 19:35:25 +0200 10f92193e28b82f843b2ae027cee89935548e842 * test-suite-cleanups: Comment on coverage exclusions, in shorthand Provide more deterministic signatures for the test keys Fix, and test for, the consistency of the SSH test keys Fix some test suite setup mistakes https://git.schokokeks.org/derivepassphrase.git/commit/27a3cf661d83a37f54ed358893ce24345a349c31 software@the13thletter.info (Marco Ricci) Sun, 27 Jul 2025 23:12:36 +0200 27a3cf661d83a37f54ed358893ce24345a349c31 Add shorthand codes for different types of coverage exclusions, explained in `pyproject.toml` in the `tool.coverage` section, because reasons for excluding code branches from coverage tend to fall into a handful of common categories. Also add explicit coverage exclusion patterns for dummy classes which are never intended to actually be called, such as the `_types._Omitted` class (for styling function signatures in the generated documentation) and the two `_DummyModule` classes (which stub out missing dependencies to appease the type checker). A very few coverage exclusions were actually unnecessary or nonsensical, and have been rectified. https://git.schokokeks.org/derivepassphrase.git/commit/c5c882a238537077279b1ea8ad0076b1d812cc85 software@the13thletter.info (Marco Ricci) Sat, 26 Jul 2025 17:35:21 +0200 c5c882a238537077279b1ea8ad0076b1d812cc85 Record and provide more deterministic signatures for the test keys, where feasible. In particular, for DSA and ECDSA keys, support recording the RFC 6979 deterministic DSA signatures, as implemented by Pageant. In particular, this entails that the `expected_signature` and `derived_passphrase` fields of the test keys need to change to accomodate the new shape of the data. For the existing DSA and ECDSA keys, RFC 6979 signatures and expected master passphrases are also provided. Providing the Pageant 0.68–0.80 deterministic signatures and expected master passphrases however is not quite so straight-forward: because the signature class is the subject of CVE-2024-31497, Pageant < 0.81 is considered to have a security hole, and thus it is hard to obtain pre-compiled, unpatched installations of Pageant to compute the signatures/master passphrases against. https://git.schokokeks.org/derivepassphrase.git/commit/d2bb555fd898d63b413b37dc2bd1374d82daeffe software@the13thletter.info (Marco Ricci) Sat, 26 Jul 2025 16:45:41 +0200 d2bb555fd898d63b413b37dc2bd1374d82daeffe