8
3
Fork
You've already forked pEpEngine
1
Page: engine cryptotech
Pages 0000 notes about this wiki EpicBackup EpicStandardKeyserver Home adapter adapter build instructions version 3 x draft adapter adapter build instructions adapter adapter development adapter change management adapter change requests adapter cvs conventions adapter message to send passphrase adapter passphrase support adapter pep sec newjoiners dev adapter pull requests apps mime filenames builds cid build status per target env cid c i system comparisons cid ci and cd plan cid ci and cd proposal cid docker cid gitlab ci primer cid index cid internal deployment cid packaging concept cid previous resources cid processes cid projects cid code generation common adapter documentation adapter build instructions common adapter documentation adapters common adapter documentation hecks notepad common adapter documentation how to write a pep adapter concepts email messages mime and message 2 0 engine::transport engine asn1 background engine asn1 message engine basic concepts of the pep engine engine cryptotech engine distribution protocols engine echo and session engine echo protocol engine elevated attachments engine enable log engine engine and adapter releases engine engine breakfast agenda 20200930 engine engine breakfast agenda 20201006 engine engine breakfast agenda 20201013 engine engine breakfast log 20191217 engine engine breakfast log 20200107 engine engine breakfast log 20200121 engine engine breakfast log 20200128 engine engine breakfast log 20200519 engine engine breakfast log 20200526 engine engine breakfast log 20200616 engine engine breakfast log 20200811 engine engine breakfast log 20210223 engine engine breakfast log 20210309 engine engine breakfast log 20210316 engine engine breakfast log 20210323 engine engine breakfast log 20210406 engine engine breakfast log 20211112 engine engine breakfast log 20220127 engine engine breakfast log 20220922 engine engine breakfast log 20221001 engine engine breakfast log 20221006 engine files and paths engine filing engine bugs and feature requests engine general engine gnupg disabled keys engine group encryption to do engine group encryption engine group key reset engine handshake from an application developers perspective engine identity engine key reset overview engine key reset use cases engine key reset engine key sync engine media keys engine message 2 0 and beyond engine message to send passphrase engine mime rules peg engine netpgp engine notes on engine testing engine offline transport engine online transport engine passive mode engine passphrase support engine pep auto consume engine pep message engine pep vs openpgp engine ratings table engine readme engine signed only engine sync and distribution engine sync folder mode engine sync from an application developers perspective engine sync protocol engine sync protocols engine testing pep sync engine tofu engine transport status code engine transport engine trust rating engine trust sync engine trustwords engine uncategorised development themes extracting keys engine uncategorised development themes extracting own public keys engine uncategorised development themes managing expectations for message attachments engine uncategorised development themes old instructions building the engine on debian engine uncategorised development themes playing with the management database engine user pseudonymity engine enigmail pep build enigmail enigmail pep enigmail dep matrix enigmail pep enigmail pep dev env enigmail pep enigmail pep enigmail pep enigmail git alias collection hg2git import from enigmail jobs json adapter about json adapter debug mini adapter json adapter message cache json adapter readme json adapter release builds json adapter rfc mutual auth json adapter session managment json adapter possibly outdated session managment lib pep adapter releases lib pep datatypes notes lib pep mime parsing heuristics lib pep mime list of projects using the engine macos adapter mainframe mime mixnet old document mixnet move engine attack vectors move engine dictionaries pep from an application developers perspective pep jni adapter releases pep python adapter quick setup for sync testing pep python adapter releases playground rtfm security model security models perimeter based vs zero trust software development crypto dev meetings 2016 09 26 software development crypto dev meetings 2016 10 24 software development crypto dev meetings 2017 02 24 software development crypto dev meetings 2018 06 19 software development migration hg git software development release process software development testing software projects overview source conventions specifications key reset specification specifications playground group encryption management specifications sample specification template and guide thunderbird tools and tips docker tools and tips transport config transport offline transport transport online transport transport transport status code transport transport windows character encoding windows desktop adapter
1 engine cryptotech
Luca Saiu edited this page 2026年02月10日 13:55:21 +01:00
17:05 <@edouard> fdik: what should be result of decrypt_and_verify when signer's key is expired ?
17:16 <@fdik> it must decrypt and verify
17:16 <@fdik> expiry is only for encryption
17:17 <@fdik> decryption must not be affected
17:30 <@edouard> ok. is scope of revokation different ?
17:43 <@fdik> for trust level, yes
17:43 <@fdik> but not fot decrypting
17:52 <@edouard> if a key have been revoked, and I receive a message encrypted and signed by that key. All good ?
17:53 <@fdik> Will be decrypted.
17:53 <@fdik> Depending on the date of the message, it will be marked unreliable or forged
17:53 <@fdik> if it was sent before revocation, it's unreliable
17:53 <@fdik> if it was sent after revocation, it's forged
17:53 <@fdik> but that's all trust
17:54 <@fdik> so it has nothing to do with PGP layer in p≡p engine
17:54 <@fdik> because p≡p is not based on the trust system of PGP
17:54 <@edouard> ok, so decrypt_and_verif should keep OK even if key revoked.
17:55 <@fdik> could you please put that into the wiki?
17:55 <@fdik> yes
17:55 <@fdik> to be exact:
17:56 <@fdik> decrypt_and_verify() MUST deliver one of the decryption results of PEP_STATUS
17:56 <@fdik> It's the results 0x0400 - 0x04ff
17:57 <@fdik> If it can be decrypted and verified correctly, it has to deliver PEP_DECRYPTED_AND_VERIFIED
17:57 <@fdik> if verification is not possible, it's PEP_DECRYPTED
17:59 <@edouard> ok. anyhow, the way I rewrote keyring lookup funcs make it parametrable in netpgp. so, we can change our mind later :)
17:59 <@edouard> for now, I'll just decrypt and verif even if revoked
18:12 <@fdik> can you send a PEP_DECRYPTED if it was revoked, plz? ;-)

The content of this wiki is being migrated from an old system, and as of late 2023 / early 2024 a few links may still be broken and some pages may be obsolete.

See 0000-notes-about-this-wiki about the conversion. Please forgive the temporary mess.

(Note for ourselves: this is in _Sidebar.md.)

See https://pep-project.org.

Temporary notes for ourselves:

  • this is in _Footer.md.