Re: [openpgp] Stateless OpenPGP command line interface proposal
Santiago Torres-Arias <santiago@archlinux.org> Mon, 28 October 2019 20:41 UTC
Return-Path: <santiago@archlinux.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A94A120096 for <openpgp@ietfa.amsl.com>; Mon, 28 Oct 2019 13:41:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.821
X-Spam-Level:
X-Spam-Status: No, score=-1.821 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SIN28hgugfj5 for <openpgp@ietfa.amsl.com>; Mon, 28 Oct 2019 13:41:34 -0700 (PDT)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43DBA120072 for <openpgp@ietf.org>; Mon, 28 Oct 2019 13:41:34 -0700 (PDT)
Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 47267v1NXhzFcNP; Mon, 28 Oct 2019 13:41:31 -0700 (PDT)
X-Riseup-User-ID: F884FB1A4840A646EF4732DD72576C4F8BE181B0812FC97C55B303121A9F7845
Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 47266p41xFzJsrf; Mon, 28 Oct 2019 13:40:34 -0700 (PDT)
Date: Mon, 28 Oct 2019 16:40:33 -0400
From: Santiago Torres-Arias <santiago@archlinux.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: openpgp@ietf.org
Message-ID: <20191028204032.bubbzueti2ebpobm@LykOS.localdomain>
References: <87ftjck4fc.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="22z5hniabnxgprq3"
Content-Disposition: inline
In-Reply-To: <87ftjck4fc.fsf@fifthhorseman.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/MoqZ5zWc3dxUeSP_OhAZ57VIpxw>
Subject: Re: [openpgp] Stateless OpenPGP command line interface proposal
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2019 20:41:36 -0000
On Mon, Oct 28, 2019 at 04:20:39PM -0400, Daniel Kahn Gillmor wrote: > Hi OpenPGP folks-- > > The recently-announced OpenPGP test suite [0] inspired me to try > drafting a spec for a purely-functional, stateless OpenPGP command line > interface. The idea is that different implementers could provide the > same interface, focusing specifically on the object security aspect of > OpenPGP (leaving aside identity management). > > An example (using "sop" as the command, short for "Stateless OpenPGP"): > > sop generate 'Alice Lovelace <alice@openpgp.example>' > alice.sec > sop convert < alice.sec > alice.pgp > > sop sign --as=text alice.sec < announcement.txt > announcement.txt.asc > sop verify announcement.txt.asc alice.pgp < announcement.txt > > sop encrypt --sign-with=alice.sec --as=mime bob.pgp < msg.eml > encrypted.asc > sop decrypt alice.sec < ciphertext.asc > cleartext.out > I think this is a *phenomenal* idea. I wonder if this could mature in a well-defined API that e.g., gpgme could adopt? > I've just published an initial draft of this specification here: > > https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/ > > It's tracked as markdown source in git at: > > https://gitlab.com/dkg/openpgp-stateless-cli > > But i'd very much like other contributions or authors. If you're an > implementer of an OpenPGP toolkit, and you think you might take a crack > at implementing part of it, i'd love your feedback. If there's > sufficient interest in the community, i'd be happy to move the `sop` > spec over to https://gitlab.com/openpgp-wg/ so that it's clearly not > something that i'd be a blocker on. I'll definitely take a look, as we implement bits and pieces of rfc4880/rfc4880bis on NYU's securesystemslib. Thanks! -Santiago.
- [openpgp] Stateless OpenPGP command line interfac… Daniel Kahn Gillmor
- Re: [openpgp] Stateless OpenPGP command line inte… Santiago Torres-Arias
- Re: [openpgp] Stateless OpenPGP command line inte… Daniel Kahn Gillmor
- Re: [openpgp] Stateless OpenPGP command line inte… iang
- Re: [openpgp] Stateless OpenPGP command line inte… Wyllys Ingersoll
- Re: [openpgp] Stateless OpenPGP command line inte… Daniel Kahn Gillmor
- Re: [openpgp] Stateless OpenPGP command line inte… Peter Gutmann
- Re: [openpgp] Stateless OpenPGP command line inte… Daniel Kahn Gillmor
- Re: [openpgp] Stateless OpenPGP command line inte… Peter Gutmann