https://git.schokokeks.org/derivepassphrase.git/tree/7c1d055316e9e6a254c91e9b9f206cddbec4df8f Recent commits feed provided by GitList. DSA and ECDSA keys use a nonce during signing, and it is well-known that reusing the nonce for another signature allows the private key to be derived directly from those two signatures. Because of this, many implementations choose the nonce via a high-quality random number generator. This leads to DSA and ECDSA signatures being non-repeatable, i.e. signing the same document twice leads to two different signatures/binary strings. OpenSSH's agent behaves this way. However, various implementations of DSA or DSA variants have attempted to find a way to avoid the random number generator by choosing the nonce deterministically (but still unpredictably, for an attacker): EdDSA mandates a specific nonce as part of the specification, and RFC 6979 outlines a different deterministic nonce scheme for all (other) DSA variants. All versions of PuTTY/Pageant use deterministic nonce generation (a homegrown system in 0.80 and lower, RFC 6979 afterwards), so DSA and ECDSA signatures by Pageant *are* repeatable. And there is no reason why OpenSSH couldn't adopt RFC 6979 in the future. Therefore, remove the check for repeatability in the tests. The `Vault` class check for key suitability remains unchanged, because while DSA/ECDSA keys *can* use repeatable signatures, such use is not *guaranteed*. https://git.schokokeks.org/derivepassphrase.git/commit/7c1d055316e9e6a254c91e9b9f206cddbec4df8f software@the13thletter.info (Marco Ricci) Sat, 21 Sep 2024 12:17:48 +0200 7c1d055316e9e6a254c91e9b9f206cddbec4df8f Add the necessary protocol numbers to the `SSH_AGENT` and `SSH_AGENTC` enums, and the necessary `private_key_blob` data to the `tests.SUPPORTED_KEYS` and `tests.UNSUITABLE_KEYS` objects. This suffices for key uploads without constraints, but adding a key *with* constraints still requires knowledge about the encoding of the constraints in the agent protocol. https://git.schokokeks.org/derivepassphrase.git/commit/3035794147127de9be9b42cf96353e598389b71a software@the13thletter.info (Marco Ricci) Sat, 21 Sep 2024 12:10:20 +0200 3035794147127de9be9b42cf96353e598389b71a Remove unused test parameters, which were used solely for display purposes to generate a readable test ID. Instead of this, use the `ids` parameter of `pytest.mark.parametrize` directly. https://git.schokokeks.org/derivepassphrase.git/commit/ddce2cbfe9821f95d24d3e2649edbac6f3801574 software@the13thletter.info (Marco Ricci) Sat, 21 Sep 2024 11:58:57 +0200 ddce2cbfe9821f95d24d3e2649edbac6f3801574 This shifts the remaining error checking into the `SSHAgentClient.request` method, most of the time. On the other hand, this makes mocking that method somewhat more involved. https://git.schokokeks.org/derivepassphrase.git/commit/2bb23da7602076aa37f43c3363f6cfcee91f59bd software@the13thletter.info (Marco Ricci) Sat, 21 Sep 2024 11:45:20 +0200 2bb23da7602076aa37f43c3363f6cfcee91f59bd https://git.schokokeks.org/derivepassphrase.git/commit/df459996c5d005264830175d20a149002266e13e m@the13thletter.info (Marco Ricci) Thu, 12 Sep 2024 13:59:16 +0200 df459996c5d005264830175d20a149002266e13e When we abandoned `hatch version` in 565dd46f8506662fd4abcc8e7f9c7a99ae15958f, we had three top-level packages sharing a version number, but `hatch version` did not support reading or updating the version from multiple sources. Since c4a57f311710768cb18df717a73fd48a8a3077fe however the system is rooted in the `derivepassphrase` top-level package, and the version number is internally copied from that package root. We are therefore once again in the classic scenario that `hatch version` supports. https://git.schokokeks.org/derivepassphrase.git/commit/e4371b6e3217dce085a3a2abea18828a6de0a5e2 m@the13thletter.info (Marco Ricci) Thu, 12 Sep 2024 13:40:04 +0200 e4371b6e3217dce085a3a2abea18828a6de0a5e2 https://git.schokokeks.org/derivepassphrase.git/commit/80c2cd1295cb481f4c9fa1e2950f1dd287017f3d m@the13thletter.info (Marco Ricci) Thu, 12 Sep 2024 13:35:41 +0200 80c2cd1295cb481f4c9fa1e2950f1dd287017f3d https://git.schokokeks.org/derivepassphrase.git/commit/519040a8d1d84e4061b91c2d95f74d0641e94efe m@the13thletter.info (Marco Ricci) Thu, 12 Sep 2024 13:31:26 +0200 519040a8d1d84e4061b91c2d95f74d0641e94efe * t/issue10-command-config-renaming: Add changelog entries for subcommand/config subsystem migration Rename the configuration file to be subsystem-specific Fix minor typo, formatting and logic errors in tests Modularize test helpers to not unnecessarily manipulate config files Reintegrate all functionality as subcommands GitHub: Closes #10, closes #11. https://git.schokokeks.org/derivepassphrase.git/commit/69cf6a48483555dbcb4c8506673ef942fb008e18 m@the13thletter.info (Marco Ricci) Thu, 12 Sep 2024 13:15:58 +0200 69cf6a48483555dbcb4c8506673ef942fb008e18 https://git.schokokeks.org/derivepassphrase.git/commit/eecea3e9d87d0d6ef1f57b553c5d6bcaeb7df01e m@the13thletter.info (Marco Ricci) Thu, 12 Sep 2024 13:15:04 +0200 eecea3e9d87d0d6ef1f57b553c5d6bcaeb7df01e