-
Towards OpenPGP v6 in PGPainless
I’m very excited to announce the results of what I have been working on for the past 1,5 years. *drumrolls* I added support for OpenPGP v6 (rfc9580) in both Bouncy Castle and PGPainless! In this blog post, I want to go over the work in more details.
-
An Antidote to Apathy
Learning how to climb a tree as a form of protest feels massively self-effective. Suddenly, you are no longer simply part of a protest that comes and goes and is mostly ignored by those in power. Instead, you present an obstruction to them, a disruption which they actively need to deal with. To me, self-efficacy…
-
Creating an OpenPGP Web-of-Trust Implementation – Knitting a Net
I imagine the Web-of-Trust as an old, half-rotten fishing net (bear with me); There are knobbly knots, which may or may not be connected to neighboring knots through yarn of different thickness. Some knots are well-connected with others, as ye olde fisherman did some repair work on the net, while other knots or even whole…
-
Use Any SOP Binary With SOP-Java and External-SOP
I just released another library named external-sop, which implements sop-java and allows the user to use any SOP CLI application of their choice from within their Java / Kotlin application!
-
Implementing Packet Sequence Validation using Pushdown Automata
In the previous blog post I discussed how a formal grammar can be transformed into a pushdown automaton in order to check if a sequence of packets or tokens is part of the language described by the grammar. In this post I will discuss how I implemented said automaton in Java in order to validate…
-
Using Pushdown Automata to verify Packet Sequences
As a software developer, most of my work day is spent working practically by coding and hacking away. Recently though I stumbled across an interesting problem which required another, more theoretical approach…
-
Creating a Web-of-Trust Implementation: Accessing Certificate Stores
I made progress towards a full WoT implementation. The current milestone entails integrating certificate stores more closely with the core API. More specifically, an implementation of the Shared PGP Certificate Directory.
-
Creating a Web-of-Trust Implementation: Certify Keys with PGPainless
Currently I am working on a Web-of-Trust implementation for the OpenPGP library PGPainless. Technically, the WoT consists of a graph where the nodes are OpenPGP keys (certificates) with User-IDs and the edges are signatures. In order to be able to create a WoT, users need to be able to sign other users certificates to create…
-
Reproducible Builds – Telling of a Debugging Story
I try to make PGPainless build reproducible. A few months ago I added some lines to the build script which were supposed to make the project reproducible by using static file modification dates, as well as a deterministic file order in the JAR archive. However, recently my JAR files started to contain mismatching bytes…