File: openpgp-sop-ietf-112.md

package info (click to toggle)
stateless-openpgp-docs 13.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 380 kB
  • sloc: sh: 951; ansic: 279; makefile: 49; python: 36
file content (107 lines) | stat: -rw-r--r-- 2,152 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
# Stateless OpenPGP Interface

## IETF 112 OpenPGP (Nov 2021)

Daniel Kahn Gillmor

[draft-dkg-openpgp-stateless-cli](https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/)

---

# What is `sop`

- Abstract interface for OpenPGP
- "Stateless" -- all arguments are explicitly specified
- Not in-charter for WG

---

# Why `sop`?

- Interop testing
- Clarify concepts
- Encourage best practices

---

# Why "stateless"?  Why command line?

- Specify all parts explicitly
- Avoid hidden side effects
- CLI is a "common denominator"

---

# Focus on data management

- key/cert generation
- encrypt/decrypt
- sign/verify

---

# `sop` Examples


    sop generate-key "Alice <alice@openpgp.example>" > alice.sec
    sop extract-cert < alice.sec > alice.pgp

    sop sign --as=text alice.sec < notes.txt > notes.txt.asc
    sop verify notes.txt.asc alice.pgp < notes.txt

    sop encrypt --sign-with=alice.sec --as=mime bob.pgp\
        < msg.eml > encrypted.asc
    sop decrypt alice.sec < ciphertext.asc > cleartext.out

---

# Interaction with Crypto Refresh

- Generic interface explicitly does *not* expose algorithm- or version-specific details.
- Can implementation `X` deal with/interact with wire format object `Y`?

---

# Missing: Inline Signatures?

- Currently expects and works with detached signatures
- How to deal with bundled message+signature objects?
- See [issue 25](https://gitlab.com/dkg/openpgp-stateless-cli/-/issues/25)

---

# Next (1/2): language-specific frameworks

- [Java](https://github.com/pgpainless/pgpainless/tree/master/sop-java)
- [Rust](https://crates.io/crates/sop)
- [Python](https://pypi.org/project/sop/)
- C (shared object)?
- Your preferred language?

---

# Next (2/2): Certificate Management

- Merge
- Validate
- Maintain
- Revoke
- Certify
- …?

---

# Recent `sop` Changes

(from -02 to -03: minor changes)

- added `--micalg-out` to `sop sign`
- change from `KEY` to `KEYS`
- new error code `KEY_CANNOT_SIGN`
- `sop version` expanded for more detailed output

---

# Critique, Suggest, Contribute!

[https://gitlab.com/dkg/openpgp-stateless-cli](https://gitlab.com/dkg/openpgp-stateless-cli)