Recent commits to derivepassphrase.git (b5cb2824fdb57c10cc1021ebe284d33426824a28)

Fix test suite to actually test deterministic signature support

2024-11-26T14:03:34+01:00

So far, the test suite was silently passing for me, because it requires
either a patched version or a not-yet-released version of PuTTY to
actually run the tests against Pageant (which is the main beneficiary of
deterministic signature detection).  Actually plugging in a suitable
patched Pageant version revealed a couple of key places where we
silently assume that the key type alone determines its suitability for
`derivepassphrase`.  This commit rectifies that.
</pre>

Fix spurious overloaded signature mismatch

2024-11-26T13:23:33+01:00

</pre>

Indicate external links in non-API documentation as well

2024-11-26T13:21:54+01:00

</pre>

Split the SSH key how-to into how-to and reference documents

2024-11-26T00:32:29+01:00

Because the original how-to discussed both prerequisites and the how-to
of SSH keys, it was tonally inconsistent.  It makes much more sense from
a reading flow perspective to move the discussion of prerequisites into
a separate reference document and link to it from the how-to page.  So
do exactly that.

Relative to the old how-to page, the new prerequisites reference page
additionally includes sections on how to determine the SSH key type from
the algorithm name used in the wire protocol, and sample transcripts for
generating new SSH keys suitable for `derivepassphrase vault`; this is
based on feedback for the old how-to page.  The new how-to page also
shows the actual key selection dialog instead of only the command-line
to run.
</pre>

Make suitable SSH key listing easier to distinguish

2024-11-26T00:31:20+01:00

On the one hand, truncate and align the listing as two columns, not
three, by combining key type and (truncated) key data into one column.
For heterogenous lists with different key types, this nicely sets off
the comment column (which the user can change to help distinguish the
keys) from the key data (which the user cannot change).

On the other hand, if truncating the key data for the display, truncate
the *front* of the data, not the back.  For homogenous lists, this
generally leads to better distinguishable key listings: the front
contains information common to all keys (the wire-encoded key type), but
the back contains key-specific information (for RSA, Ed25519 and Ed448
keys at least).
</pre>

Add changelog entry for deterministic DSA/ECDSA signature support

2024-11-23T19:15:56+01:00

Do not mention the new how-to in the changelog, because that is not part
of the program history and only pollutes the changelog view.  For the
same reason, also purge the existing mention of the tutorial in the
changelog view.
</pre>

Merge topic branch 'pageant-deterministic-signatures' into topic branch ssh-key-howto

2024-11-23T19:03:23+01:00

* t/pageant-deterministic-signatures:
  Support the "all signatures are deterministic" feature of some SSH agents
  Support one-off SSH agent client child contexts
</pre>

Add how-to for setting up an SSH key for `derivepassphrase vault`

2024-11-23T18:50:10+01:00

We explain the necessary software/operating system prerequisites and
configurations.  We further prominently note that Windows is currently
not supported, and that `gpg-agent` behaves differently than other
agents in regard to SSH key management.

We further clean up the list of future work, and ensure styling
consistency with the basic setup (passphrase) tutorial.
</pre>

Purge the info badges for current Python or derivepassphrase versions

2024-11-13T22:51:21+01:00

The badges are hard to read.  And if writing the versions out as text,
then the information becomes either too inconspicuous to be found again
or too disruptive to the flow of reading.

Also use this opportunity to harmonize the item bullets in the text
source.
</pre>

Support the "all signatures are deterministic" feature of some SSH agents

2024-11-13T21:18:07+01:00

Pageant issues deterministic signatures for all key types.  Support
detecting whether we are running under Pageant (it supports the
`list-extended@putty.projects.tartarus.org` extension request).  When
determining whether a key is suitable for use with the `vault`
subsystem, also return success if we are running under Pageant.

Detecting Pageant requires that we issue an SSH agent extension request,
so also define the necessary enum constants.
</pre>