pool/dkgpg
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8fdc352d9d
dkgpg/dkgpg.spec
Karol Babioch 8fdc352d9d Accepting request 574409 from home:kbabioch:branches:security:privacy 
- Update to version 1.0.5 
  * added secure memory allocation from libgcrypt for some parts
  * dkg-verify: added options "-f" and "-t" for a validity period
  * added simple initalization procedure for memory locking
  * added basic check on signature strength in parse_signature()
  * added some basic checks on key strength in parse_public_key()
  * added check for revocation signatures in parse_public_key()
  * dkg-encrypt: added option "-z" for improved privacy (zero key ID) 
  * dkg-verify: added validity checks on key and signature
  * dkg-keycheck: added ROCA vulnerability detector (Infineon RSALib)
  * added option "-U" for dkg-keysign (policy URI)
  * added option "-r" for dkg-keysign (revocation signature)
  * added option "-r" for dkg-keycheck (support for RSA keys)
  * added program dkg-keysign for creating certification signatures
  * dkg-decrypt: removed support for not integrity protected messages
  * dkg-keycheck: added test for small/same k in DSA signatures
  * dkg-refresh: added cache for very strong randomness
- Use https instead of http

OBS-URL: https://build.opensuse.org/request/show/574409
OBS-URL: https://build.opensuse.org/package/show/security:privacy/dkgpg?expand=0&rev=2
2018-02-08 22:16:08 +00:00

58 lines
3.2 KiB
RPMSpec
Raw Blame History

#
# spec file for package dkgpg
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: dkgpg
Version: 1.0.5
Release: 0
Summary: Distributed Key Generation (DKG) and Threshold Cryptography for OpenPGP
License: GPL-2.0+
Group: Productivity/Security
URL: https://www.nongnu.org/dkgpg/
Source: https://download.savannah.gnu.org/releases/dkgpg/%{name}-%{version}.tar.gz
Source2: https://download.savannah.gnu.org/releases/dkgpg/%{name}-%{version}.tar.gz.sig
Source3: %{name}.keyring
BuildRequires: gcc-c++
BuildRequires: gmp-devel >= 4.2
BuildRequires: libTMCG-devel >= 1.3.9
BuildRequires: libgcrypt-devel >= 1.6
BuildRequires: libgpg-error-devel >= 1.12
%description
The Distributed Privacy Guard (DKGPG) implements Distributed Key Generation (DKG) and Threshold Cryptography for OpenPGP. The generated public keys are compatible with the standard and thus can be used by any RFC4880-compliant application (e.g. GnuPG). The main purposes of this software are distributing power among multiple parties, eliminating single points of failure, and increasing the difficulty of side-channel attacks on private key material.
DKGPG consists of a bunch of simple command-line programs. The current implementation is in experimental state and should NOT be used in production environments. Motivation, cryptographical background and some usage scenarios have been presented at 26th Krypto-Tag (GI Working Group) and Datengarten/81 (CCCB). Please consult the slides for a first overview.
Using well-established multi-party protocols a shared private key and a common public key (currently only DSA/ElGamal) is generated. Then further interactive protocols perform the private operations like decryption and signing of files, provided that a previously defined threshold of parties/devices take part in the distributed computation. Due to the interactiveness of the protocols a lot of messages between participating parties have to be exchanged in a secure way. We employ GNUnet, and in particular its mesh routed CADET service, to establish private and broadcast channels for this message exchange. However, as alternative to GNUnet a simple TCP/IP based service for message exchange is included. With torsocks and port-forwarding of a local hidden service this allows running the interactive programs over the well-known TOR network.
%prep
%setup -q
%build
%configure
make %{?_smp_mflags}
%install
%make_install
%files
%doc AUTHORS BUGS ChangeLog COPYING NEWS README TODO
%{_bindir}/dkg-*
%{_mandir}/man1/*%{ext_man}
%changelog
Reference in New Issue View Git Blame Copy Permalink