2018-01-24 21:35:52 +01:00
|
|
|
#
|
|
|
|
# spec file for package dkgpg
|
|
|
|
#
|
2019-04-28 23:35:01 +02:00
|
|
|
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
2018-01-24 21:35:52 +01:00
|
|
|
#
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
2018-12-10 16:38:41 +01:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2018-01-24 21:35:52 +01:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
Name: dkgpg
|
Accepting request 706876 from home:kbabioch:branches:security:privacy
- Update to version 1.1.2:
This release adds a lot of features to some programs: two new options
("-K" and "-f") allow dkg-keysign to read the certification key from a
keyring instead of a single key block file. Moreover, with option "-a"
an interactive confirmation by the user is required for each signature.
Passive support of V5 keys (cf. draft RFC 4880bis) has been added for
all programs, however, dkg-generate still generates V4 keys only,
because this new feature of the draft is not widely spread. There is
also a new encryption capability: an empty KEYSPEC tells dkg-encrypt to
create a symmetric-key encrypted session key, i.e., the user has to
supply a passphrase for encryption and decryption without any public-key
cryptography involved. Last but not least, two bugs have been fixed:
First, dkg-decrypt failed on many ZIP-compressed OpenPGP messages with
"ZLIB ERROR: -3 invalid block type" due to a bug in decompression logic.
Second, dkg-decrypt failed in a special case of symmetric-key encrypted
session keys. Finally, the non-installing program dkg-fuzzer (generates
fuzzy samples of somehow corrupted OpenPGP stuctures) has been added.
OBS-URL: https://build.opensuse.org/request/show/706876
OBS-URL: https://build.opensuse.org/package/show/security:privacy/dkgpg?expand=0&rev=19
2019-06-02 10:40:24 +02:00
|
|
|
Version: 1.1.2
|
2018-01-24 21:35:52 +01:00
|
|
|
Release: 0
|
|
|
|
Summary: Distributed Key Generation (DKG) and Threshold Cryptography for OpenPGP
|
2018-07-09 07:54:33 +02:00
|
|
|
License: GPL-2.0-or-later
|
2018-01-24 21:35:52 +01:00
|
|
|
Group: Productivity/Security
|
2018-07-09 07:54:33 +02:00
|
|
|
URL: https://www.nongnu.org/dkgpg/
|
2018-02-08 23:16:08 +01:00
|
|
|
Source: https://download.savannah.gnu.org/releases/dkgpg/%{name}-%{version}.tar.gz
|
|
|
|
Source2: https://download.savannah.gnu.org/releases/dkgpg/%{name}-%{version}.tar.gz.sig
|
2018-01-24 21:35:52 +01:00
|
|
|
Source3: %{name}.keyring
|
|
|
|
BuildRequires: gcc-c++
|
|
|
|
BuildRequires: gmp-devel >= 4.2
|
Accepting request 706876 from home:kbabioch:branches:security:privacy
- Update to version 1.1.2:
This release adds a lot of features to some programs: two new options
("-K" and "-f") allow dkg-keysign to read the certification key from a
keyring instead of a single key block file. Moreover, with option "-a"
an interactive confirmation by the user is required for each signature.
Passive support of V5 keys (cf. draft RFC 4880bis) has been added for
all programs, however, dkg-generate still generates V4 keys only,
because this new feature of the draft is not widely spread. There is
also a new encryption capability: an empty KEYSPEC tells dkg-encrypt to
create a symmetric-key encrypted session key, i.e., the user has to
supply a passphrase for encryption and decryption without any public-key
cryptography involved. Last but not least, two bugs have been fixed:
First, dkg-decrypt failed on many ZIP-compressed OpenPGP messages with
"ZLIB ERROR: -3 invalid block type" due to a bug in decompression logic.
Second, dkg-decrypt failed in a special case of symmetric-key encrypted
session keys. Finally, the non-installing program dkg-fuzzer (generates
fuzzy samples of somehow corrupted OpenPGP stuctures) has been added.
OBS-URL: https://build.opensuse.org/request/show/706876
OBS-URL: https://build.opensuse.org/package/show/security:privacy/dkgpg?expand=0&rev=19
2019-06-02 10:40:24 +02:00
|
|
|
BuildRequires: libTMCG-devel >= 1.3.18
|
Accepting request 635471 from home:kbabioch:branches:security:privacy
- Update to version 1.0.8:
First of all, passive support for ECDSA, ECDH, and EdDSA (cf. RFC 6637
and Werner Koch's draft RFC 4880bis) has been added by relying on the
most recent version of LibTMCG. The threshold signature scheme and the
threshold encryption are still limited to finite field cryptography
(i.e. DSA and ElGamal). Moreover, the programs generate and recognize
a few other new OpenPGP features (e.g. issuer fingerprint subpackets)
from RFC 4880bis. Compressed messages are now decompressed by the
program dkg-decrypt using zlib Compression Library (and optionally by
library routines from libbzip2). This completes DKGPG's compatibility
with other OpenPGP software, however, the prefered compression algorithm
(i.e. "no compression") in self-signatures of generated keys is kept
for now. Support for symmetric-key decryption by dkg-decrypt has been
added too. The program dkg-verify now reads the signature from a file,
if option "-s" is used. To keep track of later protocol changes, all
interactive programs include a version identifier in their common ID of
the reliable broadcast channel. Thus programs from previous releases
will not communicate with those of this release. With the new programs
dkg-timestamp and dkg-timestamp-verify a OpenPGP timestamp signature
can be generated and verified, respectively. Last but not least, by the
new option "-y" some programs (dkg-generate, dkg-decrypt, dkg-sign,
dkg-keysign, and dkg-timestamp) will work with regular OpenPGP keys too.
The README file contains a configuration sample showing how to replace
classic PGP by DKGPG in the famous mail user agent mutt based on this
option. Please note that this feature is experimental and semantics
may be changed later.
- Added new build requirements:
* zlib
* bzip2
OBS-URL: https://build.opensuse.org/request/show/635471
OBS-URL: https://build.opensuse.org/package/show/security:privacy/dkgpg?expand=0&rev=10
2018-09-21 11:20:12 +02:00
|
|
|
BuildRequires: libbz2-devel
|
2018-07-09 07:54:33 +02:00
|
|
|
BuildRequires: libgcrypt-devel >= 1.6
|
2018-01-24 21:35:52 +01:00
|
|
|
BuildRequires: libgpg-error-devel >= 1.12
|
Accepting request 635471 from home:kbabioch:branches:security:privacy
- Update to version 1.0.8:
First of all, passive support for ECDSA, ECDH, and EdDSA (cf. RFC 6637
and Werner Koch's draft RFC 4880bis) has been added by relying on the
most recent version of LibTMCG. The threshold signature scheme and the
threshold encryption are still limited to finite field cryptography
(i.e. DSA and ElGamal). Moreover, the programs generate and recognize
a few other new OpenPGP features (e.g. issuer fingerprint subpackets)
from RFC 4880bis. Compressed messages are now decompressed by the
program dkg-decrypt using zlib Compression Library (and optionally by
library routines from libbzip2). This completes DKGPG's compatibility
with other OpenPGP software, however, the prefered compression algorithm
(i.e. "no compression") in self-signatures of generated keys is kept
for now. Support for symmetric-key decryption by dkg-decrypt has been
added too. The program dkg-verify now reads the signature from a file,
if option "-s" is used. To keep track of later protocol changes, all
interactive programs include a version identifier in their common ID of
the reliable broadcast channel. Thus programs from previous releases
will not communicate with those of this release. With the new programs
dkg-timestamp and dkg-timestamp-verify a OpenPGP timestamp signature
can be generated and verified, respectively. Last but not least, by the
new option "-y" some programs (dkg-generate, dkg-decrypt, dkg-sign,
dkg-keysign, and dkg-timestamp) will work with regular OpenPGP keys too.
The README file contains a configuration sample showing how to replace
classic PGP by DKGPG in the famous mail user agent mutt based on this
option. Please note that this feature is experimental and semantics
may be changed later.
- Added new build requirements:
* zlib
* bzip2
OBS-URL: https://build.opensuse.org/request/show/635471
OBS-URL: https://build.opensuse.org/package/show/security:privacy/dkgpg?expand=0&rev=10
2018-09-21 11:20:12 +02:00
|
|
|
BuildRequires: zlib-devel
|
2018-01-24 21:35:52 +01:00
|
|
|
|
|
|
|
%description
|
2018-02-11 12:19:02 +01:00
|
|
|
The Distributed Privacy Guard (DKGPG) implements Distributed Key
|
|
|
|
Generation (DKG) and Threshold Cryptography for OpenPGP. The
|
|
|
|
generated public keys are RFC4880 compatible and can be used by e.g.
|
|
|
|
GnuPG. The main purpose of this software is distributing power among
|
|
|
|
multiple parties, eliminating single points of failure, and
|
|
|
|
increasing the difficulty of side-channel attacks on private key
|
|
|
|
material.
|
2018-01-24 21:35:52 +01:00
|
|
|
|
2018-02-11 12:19:02 +01:00
|
|
|
DKGPG consists of a number of command-line programs. The current implementation
|
|
|
|
is in experimental state and should NOT be used in production environments.
|
2018-01-24 21:35:52 +01:00
|
|
|
|
2018-02-11 12:19:02 +01:00
|
|
|
A shared private key and a common public key (currently only
|
|
|
|
DSA/ElGamal) are generated. Further interactive protocols perform the
|
|
|
|
private operations like decryption and signing of files, provided
|
|
|
|
that a previously defined threshold of parties/devices take part in
|
|
|
|
the distributed computation. Due to the interactiveness of the
|
|
|
|
protocols, a lot of messages between participating parties have to be
|
|
|
|
exchanged in a secure way. GNUnet's mesh-routed CADET srvice is used
|
|
|
|
to establish private and broadcast channels for this message
|
|
|
|
exchange. A TCP/IP-based service is included as an alternative. It
|
|
|
|
may be combined with torsocks and NAT of a local hidden service.
|
2018-01-24 21:35:52 +01:00
|
|
|
|
|
|
|
%prep
|
|
|
|
%setup -q
|
|
|
|
|
|
|
|
%build
|
|
|
|
%configure
|
|
|
|
make %{?_smp_mflags}
|
|
|
|
|
|
|
|
%install
|
|
|
|
%make_install
|
|
|
|
|
|
|
|
%files
|
2018-07-09 07:54:33 +02:00
|
|
|
%license COPYING
|
|
|
|
%doc AUTHORS BUGS ChangeLog NEWS README TODO
|
2018-01-24 21:35:52 +01:00
|
|
|
%{_bindir}/dkg-*
|
|
|
|
%{_mandir}/man1/*%{ext_man}
|
|
|
|
|
|
|
|
%changelog
|