Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to decrypt with signature keys #316

Merged
merged 2 commits into from
Nov 25, 2024
Merged

Add option to decrypt with signature keys #316

merged 2 commits into from
Nov 25, 2024

Conversation

lubux
Copy link
Member

@lubux lubux commented Nov 25, 2024

  • Updates go-crypto to v1.1.3
  • Refactors config handling in decryption by de-duplicating code
  • Add option in decryption to allow to decrypt with signature keys for legacy reasons.

@lubux lubux force-pushed the feat/flag-decrypt-signature-keys branch 2 times, most recently from e309689 to 497a411 Compare November 25, 2024 14:56
@lubux
feat(crypto): Add option to decrypt with signature keys
1db926f 
- Refactors config handling in decryption
- Adds option in decryption to allow to decrypt with signature keys
@lubux lubux force-pushed the feat/flag-decrypt-signature-keys branch from 497a411 to 1db926f Compare November 25, 2024 15:01
twiss
twiss reviewed Nov 25, 2024
View reviewed changes
crypto/decryption_handle_builder.go Outdated
Comment on lines 178 to 179
func (dpb *DecryptionHandleBuilder) AllowSignOnlyDecryptionKeys() *DecryptionHandleBuilder {
dpb.handle.DisableNoSignatureKeyForDecryption = true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're introducing quite a lot of slightly different names for the exact same thing. Can we just call this function (and all related properties) InsecureAllowDecryptionWithSigningKeys as well?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

4549b4e

profile/profile.go Outdated Show resolved Hide resolved
twiss
twiss reviewed Nov 25, 2024
View reviewed changes
profile/profile.go Outdated
Comment on lines 51 to 52
// AllowSingingKeyInDecryption is a flag to enable to decrypt with signing keys for compatibility reasons.
AllowSingingKeyInDecryption bool
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe same thing here?

Suggested change
// AllowSingingKeyInDecryption is a flag to enable to decrypt with signing keys for compatibility reasons.
AllowSingingKeyInDecryption bool
// InsecureAllowDecryptionWithSigningKeys is a flag to enable to decrypt with signing keys for compatibility reasons.
InsecureAllowDecryptionWithSigningKeys bool

(arguably, AllowWeakRSA should also be called InsecureAllowWeakRSA, but that's an orthogonal point..)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made it consistent 👍

@lubux lubux force-pushed the feat/flag-decrypt-signature-keys branch from 4549b4e to 10ef709 Compare November 25, 2024 15:45
@lubux lubux merged commit 8db8f36 into main Nov 25, 2024
9 checks passed
@lubux lubux deleted the feat/flag-decrypt-signature-keys branch November 25, 2024 15:52
@lubux lubux mentioned this pull request Nov 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@twiss twiss twiss approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lubux @twiss