Recent commits to derivepassphrase.git (6e05ad2a2a6d8de341a84dc8257911e21538c64e) https://git.schokokeks.org/derivepassphrase.git/tree/6e05ad2a2a6d8de341a84dc8257911e21538c64e Recent commits feed provided by GitList. Add finished command-line interface, with tests Add a finished command-line interface, with interface parity with vault v0.3. The implementation has 100% coverage, including the tests... even if the tests still contain a lot of manual code and data duplication. The project settings were updated as well, mostly expanding the scope of what is covered by type checking and what is (not) covered by coverage testing. https://git.schokokeks.org/derivepassphrase.git/commit/6e05ad2a2a6d8de341a84dc8257911e21538c64e m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 6e05ad2a2a6d8de341a84dc8257911e21538c64e Fortify the argument parsing and handling in the command-line interface Currently, we use a one-to-one correspondence between command-line argument name and function argument, via catch-all keyword arguments. This is very unwieldy to use with type checking, it exposes us to name clashes with Python keywords, and it doesn't even save that much typing effort because the arguments still ought to be documented in the documentation anyway. Therefore, introduce an explicit target parameter name for the `click` interface and corresponding explicit function arguments. (The implicit list of (function) arguments that `click` passes to the function is already readily available in the context object.) As a related problem, the code for checking whether incompatible options were specified also relies (excessively cleverly) on command-line argument names and function argument names being equal, and sometimes conflates short and long option names, leading to it missing some examples of incompatible options. Therefore, instead, explicitly build a map of (short and long) option names to option objects and test whether incompatible option objects were used. https://git.schokokeks.org/derivepassphrase.git/commit/09e86bfa6549230d20c41600a57c3a7c37bb9397 m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 09e86bfa6549230d20c41600a57c3a7c37bb9397 Move typing classes into separate module `derivepassphrase.typing` In particular, include type guard functions here as well. https://git.schokokeks.org/derivepassphrase.git/commit/1c7c7a74a26be17815a5de3c20375a98400a1d2e m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 1c7c7a74a26be17815a5de3c20375a98400a1d2e Support textual passphrases, if it is safe Some level of awareness is necessary to support passphrases stored in (JSON) config files. We reject the passphrase if there are multiple Unicode representations (and thus UTF-8 representations) of the same text but with different normalizations. In such a case, a byte string must be used, and the value cannot currently be stored in the JSON config file. https://git.schokokeks.org/derivepassphrase.git/commit/fc134c9aa5519d8cf5b394a0036af8be2a0ecaff m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 fc134c9aa5519d8cf5b394a0036af8be2a0ecaff Fix passphrase-from-SSH-signature calculation In vault(1), the passphrase derived from an SSH key signature is *not* just the (framed, binary) SSH signature of the vault UUID. Instead, the payload part of the signature, in binary, is converted to base64, yielding the passphrase. Rewrite the `Vault.phrase_from_signature` method to match vault's behavior, and rename it to `phrase_from_key` to better match the *actual* interface (which takes an SSH key, not a signature). (This design – emitting an SSH signature as payload only, in base64 – is hard-coded into the SSH agent client library used by vault, and likely not a conscious design by vault's primary author.) https://git.schokokeks.org/derivepassphrase.git/commit/d3bdff5889f148f85d644ecfcb3fc9787b0a1aef m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 d3bdff5889f148f85d644ecfcb3fc9787b0a1aef Expose some functionality from `Vault` as interal methods Expose some functionality from `derivepassphrase.Vault` as interal methods, to facilitate testing and to avoid reimplementing the same functionality again in the command-line interface. This includes hash length estimation and SSH key suitability checking. https://git.schokokeks.org/derivepassphrase.git/commit/81f902f6a37fc585684b6fc375ffcb5f2ae964c6 m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 81f902f6a37fc585684b6fc375ffcb5f2ae964c6 Add function for SSH framed byte strings with trailing data The new function `ssh_agent_client.unstring_prefix` does not abort if there is trailing data after the SSH framed byte string. https://git.schokokeks.org/derivepassphrase.git/commit/3d09a07f18a46b597808e3f2030a566d4ef7d1e2 m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 3d09a07f18a46b597808e3f2030a566d4ef7d1e2 Remove public attributes of `ssh_agent_client.SSHAgentClient` https://git.schokokeks.org/derivepassphrase.git/commit/18198578dc3148566fde6e7767a3a1584f338175 m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 21:19:30 +0200 18198578dc3148566fde6e7767a3a1584f338175 Add prototype command-line interface https://git.schokokeks.org/derivepassphrase.git/commit/23390bc56a135d2c97a3e54d3b08bf5e117f32f0 m@the13thletter.info (Marco Ricci) Sat, 22 Jun 2024 19:54:19 +0200 23390bc56a135d2c97a3e54d3b08bf5e117f32f0 Reformat binary test data to aligned hex view For those familiar with SSH protocol messages, make the data more readable by aligning the hex view on the data boundaries according to the protocol. https://git.schokokeks.org/derivepassphrase.git/commit/e999bd54e5f32c3bdb1600b86b43740f14e535b3 m@the13thletter.info (Marco Ricci) Sat, 08 Jun 2024 19:14:35 +0200 e999bd54e5f32c3bdb1600b86b43740f14e535b3