Add GPGKey and use with GPGSigner #488

GPGKey is a regular Key with additional GnuPG specific key fields, and verification method. It also has conversion helpers to translate from and to a non-in-toto/tuf-spec compliant key format, which is still used by the underlying securesystemslib.gpg subpackage. GPGSigner is updated to: - take a GPGKey as constructor argument, and implement - `from_priv_key_uri`, to load signer from `"gnupg:[<GnuPG homedir>][?id=<keyid>]"` - `import_`, to import a public key from a GnuPG keyring and return it along with a uri to create the signer. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

- add expected exception to verify method - warn on passed secrets handler, don't raise Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

The keyid is redundant with the keyid of the attached public key instance. Same goes for the keyid parameter in the related private key uri, which can also be read from the public key instance passed to the from_priv_key_uri method. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

Include unrecognized fields in GPGKey.to_dict. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

New tests for: - `sign` and `import_` failure but successful verification, if 'gpg' is not available. - verification failure, if 'cryptography' is not available. - key de/serialization (also legacy format) and comparison (__eq__) - expected failures on `from_priv_key` and `verify_signature` Improvements: - remove obsolete `assertFalse` in `with self.assertRaises` block - condense tests in `test_gpg_functions` (use DDT instead of copy-paste) Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

Supporting subkeys in a GPGKey and considering them for verification adds, for no benefit, a PKI hierarchy to tuf/in-toto, which already have their own PKI hierarchies. In addition it makes the verification (and delegation) code more complex and error prone. This commit drops subkey support, by the following two changes: - import_: require exact match between passed keyid, and one of the keys in the bundle returned by gpg, and return a GPGKey only for that key, w/o subkeys - sign: require exact match between keyid on attached public key and keyid on the signature returned by gpg Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

GPGSigner does not support signing with a default key (unlike the lower level securesystemslib gpg signing function), thus the test is redundant with the non-default key test. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

- creation_time + validity_period: key validity should be determined by the metadata expiration time alone, and not by an additional signer-specific key expiration, which is prone to be out of sync (we don't use gpg for verification) - subkeys: dropped support in a previous commit - hashes: static for currently supported schemes. If other hash algorithms are needed, they should be encoded it in the scheme string. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

These methods are ugly no matter where they are implemented. I move them to the signer to keep them together with the legacy signature format conversion methods. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

Change warning type log statement about exported subkeys to debug. This is no longer relevant for GPGSigner.import_, which don't return key bundles to the user, but only a key or a subkey. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add GPGKey and use with GPGSigner #488

Add GPGKey and use with GPGSigner #488

Commits on Mar 6, 2023