https://git.schokokeks.org/derivepassphrase.git/tree/8a56dbdafab38d5493e1aee317f9fe7ec480c156 Recent commits feed provided by GitList. Instead of tying deterministic signatures directly to the detection of Pageant specifically, add a general mechanism for attempting to infer the connected SSH agent from its reported list of extensions. This moves the question of *how* we detect certain SSH agents out of the deterministic signature checking function. Alas, OpenSSH does not support the extension query message we issue, despite them supporting the extension system in general *and* stewarding the SSH agent protocol specification which defines this message normatively. So our implementation must tolerate a moderate level of spec violation. https://git.schokokeks.org/derivepassphrase.git/commit/8a56dbdafab38d5493e1aee317f9fe7ec480c156 software@the13thletter.info (Marco Ricci) Tue, 26 Nov 2024 14:12:53 +0100 8a56dbdafab38d5493e1aee317f9fe7ec480c156 So far, the test suite was silently passing for me, because it requires either a patched version or a not-yet-released version of PuTTY to actually run the tests against Pageant (which is the main beneficiary of deterministic signature detection). Actually plugging in a suitable patched Pageant version revealed a couple of key places where we silently assume that the key type alone determines its suitability for `derivepassphrase`. This commit rectifies that. https://git.schokokeks.org/derivepassphrase.git/commit/b5cb2824fdb57c10cc1021ebe284d33426824a28 software@the13thletter.info (Marco Ricci) Tue, 26 Nov 2024 14:03:34 +0100 b5cb2824fdb57c10cc1021ebe284d33426824a28 https://git.schokokeks.org/derivepassphrase.git/commit/ba14c709ba5136482a88d3964e62755d155baf9f software@the13thletter.info (Marco Ricci) Tue, 26 Nov 2024 13:23:33 +0100 ba14c709ba5136482a88d3964e62755d155baf9f https://git.schokokeks.org/derivepassphrase.git/commit/b630c463f6443e090f728d004ef34c8cdf5dc2c6 software@the13thletter.info (Marco Ricci) Tue, 26 Nov 2024 13:21:54 +0100 b630c463f6443e090f728d004ef34c8cdf5dc2c6 Because the original how-to discussed both prerequisites and the how-to of SSH keys, it was tonally inconsistent. It makes much more sense from a reading flow perspective to move the discussion of prerequisites into a separate reference document and link to it from the how-to page. So do exactly that. Relative to the old how-to page, the new prerequisites reference page additionally includes sections on how to determine the SSH key type from the algorithm name used in the wire protocol, and sample transcripts for generating new SSH keys suitable for `derivepassphrase vault`; this is based on feedback for the old how-to page. The new how-to page also shows the actual key selection dialog instead of only the command-line to run. https://git.schokokeks.org/derivepassphrase.git/commit/20931ed0c7a376df2fc2a19746a0ed96fe755ace software@the13thletter.info (Marco Ricci) Tue, 26 Nov 2024 00:32:29 +0100 20931ed0c7a376df2fc2a19746a0ed96fe755ace On the one hand, truncate and align the listing as two columns, not three, by combining key type and (truncated) key data into one column. For heterogenous lists with different key types, this nicely sets off the comment column (which the user can change to help distinguish the keys) from the key data (which the user cannot change). On the other hand, if truncating the key data for the display, truncate the *front* of the data, not the back. For homogenous lists, this generally leads to better distinguishable key listings: the front contains information common to all keys (the wire-encoded key type), but the back contains key-specific information (for RSA, Ed25519 and Ed448 keys at least). https://git.schokokeks.org/derivepassphrase.git/commit/29b26ee3335a21a4e5ef5760cc8b705456d8f78d software@the13thletter.info (Marco Ricci) Tue, 26 Nov 2024 00:31:20 +0100 29b26ee3335a21a4e5ef5760cc8b705456d8f78d Do not mention the new how-to in the changelog, because that is not part of the program history and only pollutes the changelog view. For the same reason, also purge the existing mention of the tutorial in the changelog view. https://git.schokokeks.org/derivepassphrase.git/commit/0e01382a7480ceaee27696655cc62e380263822c software@the13thletter.info (Marco Ricci) Sat, 23 Nov 2024 19:15:56 +0100 0e01382a7480ceaee27696655cc62e380263822c * t/pageant-deterministic-signatures: Support the "all signatures are deterministic" feature of some SSH agents Support one-off SSH agent client child contexts https://git.schokokeks.org/derivepassphrase.git/commit/d28e3c32a2df210a095c9820ffb7a3a33d0dbe1a software@the13thletter.info (Marco Ricci) Sat, 23 Nov 2024 19:03:23 +0100 d28e3c32a2df210a095c9820ffb7a3a33d0dbe1a We explain the necessary software/operating system prerequisites and configurations. We further prominently note that Windows is currently not supported, and that `gpg-agent` behaves differently than other agents in regard to SSH key management. We further clean up the list of future work, and ensure styling consistency with the basic setup (passphrase) tutorial. https://git.schokokeks.org/derivepassphrase.git/commit/423a21a6cc542c455a081e1ebab16c8cf5c3a8ad software@the13thletter.info (Marco Ricci) Sat, 23 Nov 2024 18:50:10 +0100 423a21a6cc542c455a081e1ebab16c8cf5c3a8ad The badges are hard to read. And if writing the versions out as text, then the information becomes either too inconspicuous to be found again or too disruptive to the flow of reading. Also use this opportunity to harmonize the item bullets in the text source. https://git.schokokeks.org/derivepassphrase.git/commit/51a12e35bb2161ddba15c720719755e340ec81a8 software@the13thletter.info (Marco Ricci) Wed, 13 Nov 2024 22:51:21 +0100 51a12e35bb2161ddba15c720719755e340ec81a8