Recent commits to derivepassphrase.git (fc134c9aa5519d8cf5b394a0036af8be2a0ecaff)

Support textual passphrases, if it is safe

2024-06-22T21:19:30+02:00

Some level of awareness is necessary to support passphrases stored in
(JSON) config files.  We reject the passphrase if there are multiple
Unicode representations (and thus UTF-8 representations) of the same
text but with different normalizations.  In such a case, a byte string
must be used, and the value cannot currently be stored in the JSON
config file.
</pre>

Fix passphrase-from-SSH-signature calculation

2024-06-22T21:19:30+02:00

In vault(1), the passphrase derived from an SSH key signature is *not*
just the (framed, binary) SSH signature of the vault UUID.  Instead, the
payload part of the signature, in binary, is converted to base64,
yielding the passphrase.  Rewrite the `Vault.phrase_from_signature`
method to match vault's behavior, and rename it to `phrase_from_key` to
better match the *actual* interface (which takes an SSH key, not
a signature).

(This design – emitting an SSH signature as payload only, in base64 – is
hard-coded into the SSH agent client library used by vault, and likely
not a conscious design by vault's primary author.)
</pre>

Expose some functionality from `Vault` as interal methods

2024-06-22T21:19:30+02:00

Expose some functionality from `derivepassphrase.Vault` as interal
methods, to facilitate testing and to avoid reimplementing the same
functionality again in the command-line interface.  This includes hash
length estimation and SSH key suitability checking.
</pre>

Add function for SSH framed byte strings with trailing data

2024-06-22T21:19:30+02:00

The new function `ssh_agent_client.unstring_prefix` does not abort if
there is trailing data after the SSH framed byte string.
</pre>

Remove public attributes of `ssh_agent_client.SSHAgentClient`

2024-06-22T21:19:30+02:00

</pre>

Add prototype command-line interface

2024-06-22T19:54:19+02:00

</pre>

Reformat binary test data to aligned hex view

2024-06-08T19:14:35+02:00

For those familiar with SSH protocol messages, make the data more
readable by aligning the hex view on the data boundaries according to
the protocol.
</pre>

Remove about.py files, use init.py instead

2024-06-08T19:07:53+02:00

Apparently, this is a `hatch` convention/tradeoff, but one that doesn't
appear sensible to a project like this.

On that note, since we're starting with a clear target API in mind,
start directly at release 0.1.0 instead of the `hatch` default 0.0.1.
</pre>

Exclude known "emergency exits" from coverage reporting

2024-06-08T19:06:56+02:00

These "emergency exits" are code paths rooted in defensive programming
(of both code and of tests), and are not intended to be reached in
practice.
</pre>

Add coverage testing

2024-06-08T19:06:56+02:00

</pre>

Recent commits to derivepassphrase.git (fc134c9aa5519d8cf5b394a0036af8be2a0ecaff)

Support textual passphrases, if it is safe

Fix passphrase-from-SSH-signature calculation

Expose some functionality from `Vault` as interal methods

Add function for SSH framed byte strings with trailing data

Remove public attributes of `ssh_agent_client.SSHAgentClient`

Add prototype command-line interface

Reformat binary test data to aligned hex view

Remove __about__.py files, use __init__.py instead

Exclude known "emergency exits" from coverage reporting

Add coverage testing

Remove about.py files, use init.py instead