mirror of
https://github.com/str4d/rage.git
synced 2025-04-04 19:37:51 +03:00
str4d
GitHub
commit
3e3e6a8bd8
13 changed files with 66 additions and 37 deletions
8
Cargo.lock
generated
8
Cargo.lock
generated
|
|
@ -66,7 +66,7 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "age"
|
name = "age"
|
||||||
version = "0.5.1"
|
version = "0.6.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"aes",
|
"aes",
|
||||||
"aes-ctr",
|
"aes-ctr",
|
||||||
|
|
@ -112,7 +112,7 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "age-core"
|
name = "age-core"
|
||||||
version = "0.5.0"
|
version = "0.6.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"base64",
|
"base64",
|
||||||
"c2-chacha",
|
"c2-chacha",
|
||||||
|
|
@ -128,7 +128,7 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "age-plugin"
|
name = "age-plugin"
|
||||||
version = "0.0.0"
|
version = "0.1.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"age-core",
|
"age-core",
|
||||||
"bech32",
|
"bech32",
|
||||||
|
|
@ -1614,7 +1614,7 @@ checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "rage"
|
name = "rage"
|
||||||
version = "0.5.1"
|
version = "0.6.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"age",
|
"age",
|
||||||
"chrono",
|
"chrono",
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,16 @@ and this project adheres to Rust's notion of
|
||||||
to 1.0.0 are beta releases.
|
to 1.0.0 are beta releases.
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
## [0.6.0] - 2021-05-02
|
||||||
|
### Security
|
||||||
|
- `age_core::primitives::aead_decrypt` now takes a `size` argument, checked
|
||||||
|
against the plaintext length. This is to mitigate multi-key attacks, where a
|
||||||
|
ciphertext can be crafted that decrypts successfully under multiple keys.
|
||||||
|
Short ciphertexts can only target two keys, which has limited impact. See
|
||||||
|
[this commit message](https://github.com/FiloSottile/age/commit/2194f6962c8bb3bca8a55f313d5b9302596b593b)
|
||||||
|
for more details.
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
- `age_core::format::FILE_KEY_BYTES` constant.
|
- `age_core::format::FILE_KEY_BYTES` constant.
|
||||||
- `age_core::plugin` module, which contains common backend logic used by both
|
- `age_core::plugin` module, which contains common backend logic used by both
|
||||||
|
|
@ -23,14 +33,6 @@ to 1.0.0 are beta releases.
|
||||||
API `age_core::format::read::legacy_age_stanza` accepts either kind of stanza
|
API `age_core::format::read::legacy_age_stanza` accepts either kind of stanza
|
||||||
body encoding (the legacy minimal encoding, and the new explicit encoding).
|
body encoding (the legacy minimal encoding, and the new explicit encoding).
|
||||||
|
|
||||||
### Security
|
|
||||||
- `age_core::primitives::aead_decrypt` now takes a `size` argument, checked
|
|
||||||
against the plaintext length. This is to mitigate multi-key attacks, where a
|
|
||||||
ciphertext can be crafted that decrypts successfully under multiple keys.
|
|
||||||
Short ciphertexts can only target two keys, which has limited impact. See
|
|
||||||
[this commit message](https://github.com/FiloSottile/age/commit/2194f6962c8bb3bca8a55f313d5b9302596b593b)
|
|
||||||
for more details.
|
|
||||||
|
|
||||||
## [0.5.0] - 2020-11-22
|
## [0.5.0] - 2020-11-22
|
||||||
### Added
|
### Added
|
||||||
- Several structs used when implementing the `age::Identity` and
|
- Several structs used when implementing the `age::Identity` and
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
[package]
|
[package]
|
||||||
name = "age-core"
|
name = "age-core"
|
||||||
description = "[BETA] Common functions used across the age crates"
|
description = "[BETA] Common functions used across the age crates"
|
||||||
version = "0.5.0"
|
version = "0.6.0"
|
||||||
authors = ["Jack Grigg <thestr4d@gmail.com>"]
|
authors = ["Jack Grigg <thestr4d@gmail.com>"]
|
||||||
repository = "https://github.com/str4d/rage"
|
repository = "https://github.com/str4d/rage"
|
||||||
readme = "README.md"
|
readme = "README.md"
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
[package]
|
[package]
|
||||||
name = "age-plugin"
|
name = "age-plugin"
|
||||||
description = "[BETA] API for writing age plugins."
|
description = "[BETA] API for writing age plugins."
|
||||||
version = "0.0.0"
|
version = "0.1.0"
|
||||||
authors = ["Jack Grigg <thestr4d@gmail.com>"]
|
authors = ["Jack Grigg <thestr4d@gmail.com>"]
|
||||||
repository = "https://github.com/str4d/rage"
|
repository = "https://github.com/str4d/rage"
|
||||||
readme = "README.md"
|
readme = "README.md"
|
||||||
|
|
@ -9,7 +9,7 @@ license = "MIT OR Apache-2.0"
|
||||||
edition = "2018"
|
edition = "2018"
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
age-core = { version = "0.5.0", path = "../age-core", features = ["plugin"] }
|
age-core = { version = "0.6.0", path = "../age-core", features = ["plugin"] }
|
||||||
bech32 = "0.8"
|
bech32 = "0.8"
|
||||||
chrono = "0.4"
|
chrono = "0.4"
|
||||||
secrecy = "0.7"
|
secrecy = "0.7"
|
||||||
|
|
|
||||||
|
|
@ -73,10 +73,10 @@ logic will work as long as it can detect the `--age-plugin=STATE_MACHINE` flag.
|
||||||
```rust
|
```rust
|
||||||
use age_core::format::{FileKey, Stanza};
|
use age_core::format::{FileKey, Stanza};
|
||||||
use age_plugin::{
|
use age_plugin::{
|
||||||
identity::{self, Callbacks, IdentityPluginV1},
|
identity::{self, IdentityPluginV1},
|
||||||
print_new_identity,
|
print_new_identity,
|
||||||
recipient::{self, RecipientPluginV1},
|
recipient::{self, RecipientPluginV1},
|
||||||
run_state_machine,
|
Callbacks, run_state_machine,
|
||||||
};
|
};
|
||||||
use gumdrop::Options;
|
use gumdrop::Options;
|
||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
|
|
@ -85,17 +85,29 @@ use std::io;
|
||||||
struct RecipientPlugin;
|
struct RecipientPlugin;
|
||||||
|
|
||||||
impl RecipientPluginV1 for RecipientPlugin {
|
impl RecipientPluginV1 for RecipientPlugin {
|
||||||
fn add_recipients<'a, I: Iterator<Item = &'a str>>(
|
fn add_recipient(
|
||||||
&mut self,
|
&mut self,
|
||||||
recipients: I,
|
index: usize,
|
||||||
) -> Result<(), Vec<recipient::Error>> {
|
plugin_name: &str,
|
||||||
|
bytes: &[u8],
|
||||||
|
) -> Result<(), recipient::Error> {
|
||||||
todo!()
|
todo!()
|
||||||
}
|
}
|
||||||
|
|
||||||
fn wrap_file_key(
|
fn add_identity(
|
||||||
&mut self,
|
&mut self,
|
||||||
file_key: &FileKey,
|
index: usize,
|
||||||
) -> Result<Vec<Stanza>, Vec<recipient::Error>> {
|
plugin_name: &str,
|
||||||
|
bytes: &[u8]
|
||||||
|
) -> Result<(), recipient::Error> {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn wrap_file_keys(
|
||||||
|
&mut self,
|
||||||
|
file_keys: Vec<FileKey>,
|
||||||
|
mut callbacks: impl Callbacks<recipient::Error>,
|
||||||
|
) -> io::Result<Result<Vec<Vec<Stanza>>, Vec<recipient::Error>>> {
|
||||||
todo!()
|
todo!()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -103,17 +115,19 @@ impl RecipientPluginV1 for RecipientPlugin {
|
||||||
struct IdentityPlugin;
|
struct IdentityPlugin;
|
||||||
|
|
||||||
impl IdentityPluginV1 for IdentityPlugin {
|
impl IdentityPluginV1 for IdentityPlugin {
|
||||||
fn add_identities<'a, I: Iterator<Item = &'a str>>(
|
fn add_identity(
|
||||||
&mut self,
|
&mut self,
|
||||||
identities: I,
|
index: usize,
|
||||||
) -> Result<(), Vec<identity::Error>> {
|
plugin_name: &str,
|
||||||
|
bytes: &[u8]
|
||||||
|
) -> Result<(), identityw::Error> {
|
||||||
todo!()
|
todo!()
|
||||||
}
|
}
|
||||||
|
|
||||||
fn unwrap_file_keys(
|
fn unwrap_file_keys(
|
||||||
&mut self,
|
&mut self,
|
||||||
files: Vec<Vec<Stanza>>,
|
files: Vec<Vec<Stanza>>,
|
||||||
mut callbacks: impl Callbacks,
|
mut callbacks: impl Callbacks<identity::Error>,
|
||||||
) -> io::Result<HashMap<usize, Result<FileKey, Vec<identity::Error>>>> {
|
) -> io::Result<HashMap<usize, Result<FileKey, Vec<identity::Error>>>> {
|
||||||
todo!()
|
todo!()
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,8 @@ and this project adheres to Rust's notion of
|
||||||
to 1.0.0 are beta releases.
|
to 1.0.0 are beta releases.
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
## [0.6.0] - 2021-05-02
|
||||||
### Security
|
### Security
|
||||||
- `StreamReader::seek(SeekFrom::End(offset))` did not previously authenticate
|
- `StreamReader::seek(SeekFrom::End(offset))` did not previously authenticate
|
||||||
the ciphertext length; if the ciphertext had been truncated or extended by
|
the ciphertext length; if the ciphertext had been truncated or extended by
|
||||||
|
|
@ -41,6 +43,9 @@ to 1.0.0 are beta releases.
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
- MSRV is now 1.47.0.
|
- MSRV is now 1.47.0.
|
||||||
|
- `age::cli_common::file_io::OutputWriter::File` will now *overwrite* the file
|
||||||
|
if it exists, instead of returning an error. This makes it consistent with
|
||||||
|
`age::cli_common::file_io::OutputWriter::Stdout`, as well as most UNIX tools.
|
||||||
- Files encrypted with this version of `age` might not decrypt with previous
|
- Files encrypted with this version of `age` might not decrypt with previous
|
||||||
beta versions, due to changes in how stanza bodies are canonically encoded.
|
beta versions, due to changes in how stanza bodies are canonically encoded.
|
||||||
This should only affect a small fraction of files (if grease that triggers the
|
This should only affect a small fraction of files (if grease that triggers the
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
[package]
|
[package]
|
||||||
name = "age"
|
name = "age"
|
||||||
description = "[BETA] A simple, secure, and modern encryption library."
|
description = "[BETA] A simple, secure, and modern encryption library."
|
||||||
version = "0.5.1"
|
version = "0.6.0"
|
||||||
authors = ["Jack Grigg <thestr4d@gmail.com>"]
|
authors = ["Jack Grigg <thestr4d@gmail.com>"]
|
||||||
repository = "https://github.com/str4d/rage"
|
repository = "https://github.com/str4d/rage"
|
||||||
readme = "README.md"
|
readme = "README.md"
|
||||||
|
|
@ -14,7 +14,7 @@ edition = "2018"
|
||||||
maintenance = { status = "experimental" }
|
maintenance = { status = "experimental" }
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
age-core = { version = "0.5.0", path = "../age-core" }
|
age-core = { version = "0.6.0", path = "../age-core" }
|
||||||
|
|
||||||
# Dependencies required by the age specification:
|
# Dependencies required by the age specification:
|
||||||
# - Base64 from RFC 4648
|
# - Base64 from RFC 4648
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ The reference interoperable Golang implementation is available at
|
||||||
Add this line to your `Cargo.toml`:
|
Add this line to your `Cargo.toml`:
|
||||||
|
|
||||||
```
|
```
|
||||||
age = "0.5"
|
age = "0.6"
|
||||||
```
|
```
|
||||||
|
|
||||||
See the [documentation](https://docs.rs/age) for examples.
|
See the [documentation](https://docs.rs/age) for examples.
|
||||||
|
|
|
||||||
|
|
@ -101,7 +101,10 @@ where
|
||||||
/// Requests a secret from the user.
|
/// Requests a secret from the user.
|
||||||
///
|
///
|
||||||
/// If a `pinentry` binary is available on the system, it is used to request the secret.
|
/// If a `pinentry` binary is available on the system, it is used to request the secret.
|
||||||
/// If not, we fall back to requesting directly in the CLI via stdin.
|
/// If not, we fall back to requesting directly in the CLI via a TTY.
|
||||||
|
///
|
||||||
|
/// This API does not take the secret directly from stdin, because it is specifically
|
||||||
|
/// intended to take the secret from a human.
|
||||||
///
|
///
|
||||||
/// # Parameters
|
/// # Parameters
|
||||||
///
|
///
|
||||||
|
|
|
||||||
4
fuzz-afl/Cargo.lock
generated
4
fuzz-afl/Cargo.lock
generated
|
|
@ -30,7 +30,7 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "age"
|
name = "age"
|
||||||
version = "0.5.1"
|
version = "0.6.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"age-core",
|
"age-core",
|
||||||
"base64",
|
"base64",
|
||||||
|
|
@ -57,7 +57,7 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "age-core"
|
name = "age-core"
|
||||||
version = "0.5.0"
|
version = "0.6.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"base64",
|
"base64",
|
||||||
"c2-chacha",
|
"c2-chacha",
|
||||||
|
|
|
||||||
4
fuzz/Cargo.lock
generated
4
fuzz/Cargo.lock
generated
|
|
@ -17,7 +17,7 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "age"
|
name = "age"
|
||||||
version = "0.5.1"
|
version = "0.6.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"age-core",
|
"age-core",
|
||||||
"base64",
|
"base64",
|
||||||
|
|
@ -44,7 +44,7 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "age-core"
|
name = "age-core"
|
||||||
version = "0.5.0"
|
version = "0.6.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"base64",
|
"base64",
|
||||||
"c2-chacha",
|
"c2-chacha",
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,8 @@ and this project adheres to Rust's notion of
|
||||||
to 1.0.0 are beta releases.
|
to 1.0.0 are beta releases.
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
## [0.6.0] - 2021-05-02
|
||||||
### Added
|
### Added
|
||||||
- Plugin support!
|
- Plugin support!
|
||||||
- The new [`age-plugin`](https://crates.io/crates/age-plugin) crate provides
|
- The new [`age-plugin`](https://crates.io/crates/age-plugin) crate provides
|
||||||
|
|
@ -21,6 +23,9 @@ to 1.0.0 are beta releases.
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
- MSRV is now 1.47.0.
|
- MSRV is now 1.47.0.
|
||||||
|
- `-o/--output` will now *overwrite* existing files instead of returning an
|
||||||
|
error. This makes the behaviour consistent with most UNIX tools, as well as
|
||||||
|
when using pipes.
|
||||||
- Files encrypted with this version of `rage` might not decrypt with previous
|
- Files encrypted with this version of `rage` might not decrypt with previous
|
||||||
beta versions, due to changes in how stanza bodies are canonically encoded.
|
beta versions, due to changes in how stanza bodies are canonically encoded.
|
||||||
This should only affect a small fraction of files (if grease that triggers the
|
This should only affect a small fraction of files (if grease that triggers the
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
[package]
|
[package]
|
||||||
name = "rage"
|
name = "rage"
|
||||||
description = "[BETA] A simple, secure, and modern encryption tool."
|
description = "[BETA] A simple, secure, and modern encryption tool."
|
||||||
version = "0.5.1"
|
version = "0.6.0"
|
||||||
authors = ["Jack Grigg <thestr4d@gmail.com>"]
|
authors = ["Jack Grigg <thestr4d@gmail.com>"]
|
||||||
repository = "https://github.com/str4d/rage"
|
repository = "https://github.com/str4d/rage"
|
||||||
readme = "../README.md"
|
readme = "../README.md"
|
||||||
|
|
@ -43,7 +43,7 @@ maintenance = { status = "experimental" }
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
# rage and rage-keygen dependencies
|
# rage and rage-keygen dependencies
|
||||||
age = { version = "0.5.0", path = "../age", features = ["armor", "cli-common", "plugin"] }
|
age = { version = "0.6.0", path = "../age", features = ["armor", "cli-common", "plugin"] }
|
||||||
chrono = "0.4"
|
chrono = "0.4"
|
||||||
console = "0.14"
|
console = "0.14"
|
||||||
env_logger = "0.8"
|
env_logger = "0.8"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue