Changes between Version 2 and Version 3 of CryptoPlugin/Dev


Ignore:
Timestamp:
Aug 24, 2015, 12:35:55 PM (7 years ago)
Author:
figaro
Comment:

Cosmetic changes, updated code.google link

Legend:

Unmodified
Added
Removed
Modified
  • CryptoPlugin/Dev

    v2 v3  
    11[[PageOutline(2-4,page content)]]
    2 = CryptoPlugin Development Sketch Board =
     2
     3= CryptoPlugin Development Sketch Board
     4
    35important considerations and random traces
    46
     
    810 [[TitleIndex(CryptoPlugin/Dev/)]]
    911
    10 == Why ==
     12== Why
     13
    1114Cryptography could help to push Trac towards what I proposed as [t:wiki:TracDev/TrustedTrac TrustedTrac].
    1215
     
    1417
    1518Imagine, you're using Trac in a corporate environment, typically allowing external access to Trac, repositories etc. only after authorization or not at all.
    16 Still, you may wish to keep business partners, support customers, etc. informed about certain or all developments, and that involves sending potentially sensitive (security, privacy ...) information outside the tightly controlled corporate network. Co-workers in a home office setup may create a similar demand.
     19Still, you may wish to keep business partners, support customers, etc. informed about certain or all developments, and that involves sending potentially sensitive (security, privacy) information outside the tightly controlled corporate network. Co-workers in a home office setup may create a similar demand.
    1720
    1821Use tickets, wiki and it's notification without concerns on authenticity and discretion:
     
    2124It'll be superior, because the implementation strategy backed by state-of-the-art cryptography is "inherently secure by design", witch non of the other currently available solutions can provide.
    2225
    23 == What ==
     26== What
     27
    2428Here is a description of what shall be done. Experts and GPG/PGP users may wish to skip that section and go to the [#AnnouncerEmailEncryption proposal for Trac-specific use] right away.
    2529
    26 === OpenPGP principles ===
     30=== OpenPGP principles
     31
    2732FIXME: I'll write here and cite sources for more detailed explanation of OpenPGP standard and cryptography in communication in general.
    2833
     34== Development diary and notes
    2935
    30 == Development diary and notes ==
    31 === Discussion ===
     36=== Discussion
     37
    3238Hints, recommendations? Known-good code references or popular applications? Put your comments in here, please.
    3339
    34 === Available interfaces with GnuPG ===
     40=== Available interfaces with GnuPG
     41
    3542To make it more difficult for me to start I've found not one but several candidates for interacting with GnuPG from Python (http://wiki.python.org/moin/GnuPrivacyGuard has a listing with some more comments):
    36  * [http://code.google.com/p/python-gnupg/ python-gnupg]
     43 * [https://bitbucket.org/vinay.sajip/python-gnupg Python-GnuPG]
    3744  * PRO: no additional dependencies but pure Python, works on Windows as well as Unix/Linux, most complete set of gpg actions including key generation and management, active development - python 3 support since July 2009, latest release v0.2.9 from 29-03-2012
    3845  * CON: no Debian package?
    3946  * '''TEST''':
    4047   * download and local install without issues,
    41    * function list_keys() ~~doesn't "just work"~~ works on a known-good gpg keyfile directory - got it
     48   * function list_keys() works on a known-good gpg keyfile directory
    4249   * beware: "gnupghome" directory will be created silently (including parents), if something is not there exactly as specified, init function will need to prevent creation of unwanted directories by (worst case: repeated) mis-configuration
    4350 * [http://py-gnupg.sourceforge.net/ Python GnuPGInterface]
     
    6572 * [http://www.freenet.org.nz/ezPyCrypto/detail/index.html ezPyCrypto], a simpler API on top of !PyCrypto
    6673
    67 === The choice: python-gnupg ===
     74=== The choice: python-gnupg
     75
    6876'''python-gnupg''' was tested, !PyMe a little too. It became clear, that python-gnupg just worked without much hassle. Anything else had more dependencies and was more complicated i.e. by introducing GPGME. This applies to !PyMe as well as PyGPGME. GnuPGInterface, OpenPGP, cryptlib where skipped right after the initial interface research.
    6977
    70 === Q&A ===
     78=== Q&A
     79
    7180[FIXME: add more Q+A here to help with code design evaluation and code review] 
    7281 ?: Does python-gnupg support GnuPG v2?
    7382  A: AFAIK yes, both versions support same CLI syntax. I'll test with both versions in the future to maintain compatibility. There might be even a bonus from using GnuPG v2, since it is announced to be PGP/MIME aware. However this subject to exploration  in the implementation process.
    7483
    75 === Development traces (history) ===
     84=== Development traces (history)
     85
    7686This is kept for reference and personal attitude to preserve historical notes. See the initial development, that has been done since March 2010 [wiki:AnnouncerPlugin/MessageEncryption#Developmenttraceshistory inside TracAnnouncer] (!AnnouncerPlugin).
    7787
    78 == Resources (for ideas and code) ==
     88== Resources (for ideas and code)
     89
    7990 * GNU Privacy Guard Manual at http://www.gnupg.org/documentation/manuals/gnupg/
    8091 * Why sign&encrypt is not very secure by default see http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html (discussion about vulnerability againgst "surreptitious forwarding")