Tracking issue for kage MVP #15
Comments
|
Could you clarify a bit the following points:
Also related, IMO
These seem to already be implemented. Is there something missing? Maybe a test for |
|
Hey @simao For For |
|
I can't think of any cases where putting an |
|
I can see the convenience of putting In any case, I think it's fine to leave it for now, just wanted to point it out. |
The following are implemented from android-password-store#15: - Implement methods to parse AgeFile - Implement methods to parse and generate X25519 recipients - Implement crypto methods for X25519 recipients - Implement methods to parse and generate X25519 identity - Implement crypto methods for X25519 identity - Implement a method that takes plaintext and a list of recipients and returns an AgeFile object - Implement a method that takes an AgeFile and an identity and returns the decrypted data - Implement convenience methods for library users
The following are implemented from android-password-store#15: - Implement methods to parse AgeFile - Implement methods to parse and generate X25519 recipients - Implement crypto methods for X25519 recipients - Implement methods to parse and generate X25519 identity - Implement crypto methods for X25519 identity - Implement a method that takes plaintext and a list of recipients and returns an AgeFile object - Implement a method that takes an AgeFile and an identity and returns the decrypted data - Implement convenience methods for library users
|
All the public API we've checked in so far seems to be undocumented so I think we should be including full documentation as an explicit goal as well. |
|
Yeah agreed. What do you think would be the API methods required for kage? What would make sense for android-password-store? We currently have: I guess we'd need to expose the methods to write/parse AgeKeyFile, generate Identities/Recipients? What else? |
You can review the usages of PGPainless here to get a feel for what we'll need. Broadly speaking we'd want the following abilities
|
|
#104 lays out the foundation for integrating with the upstream test suite, I'll work on making it actually run the tests soon. |
|
I think some of these things are going to be a bit tricky to implement.
Age doesn't have a We have
These we already have, I think,
We don't have a GpgIdentifier in Age, how is this used, would this be the equivalent of a public key? |
Public key should be fine.
Correct.
Yep, that's covered.
It's used to parse the |
|
I've raised #110 which takes the parsing code added earlier and dynamically generates tests from it. It has uncovered a bunch of missing and incorrect things that we should be looking into. |
|
Armor might be more work than I anticipated, the Go implementation uses separate readers and writers for armored streams which probably means a fair bit of duplicated code if we follow the same approach. @simao any ideas on this? Armor is the last major hurdle for the interoperability tests. |
|
Hi folks! Thank you for building kage and for running the test suite.
If you don’t implement armoring, you’re welcome to just skip those tests. The suite is designed such that each vector tests exactly one thing, and all armored vectors test the armoring implementation, so you’re not missing out on coverage.
|
|
@FiloSottile thanks that is good to know! @msfjarvis I will try to take some time to see what we can do to implement armoring, I'd like to have it in kage |
|
Hey, I'd really like to see this project make progress so that android-password-store/Android-Password-Store#2061 gets unblocked. Unfortunately I don't have any Kotlin experience (and don't really trust myself to implement cryptography code). However, I'd be willing to sponsor this. I won't be able to pay a full Software Engineer salary, but I'd be happy to throw in some 3-digit USD amount for the main contributor(s) if this gets done¹. I'm sure that's not going to be a huge influence and money probably isn't the thing that's missing here, but I still hope that it might help with motivation to work on this. I do hope I'm not offending anyone by this offer. If there are any tasks that can be done with programming experience but no Kotlin specific knowledge I'd also be happy to look into those myself. ¹ GitHub Sponsorship, Paypal, KoFi, SEPA bank transfer or bug bounty type platforms would all work for me |
|
Hey @Patagonicus, thanks a lot for offering the money, but as you mentioned, money isn't what we're missing here. I'll try to spend some time with Kage and see if we can reach a 0.x beta version or something along those lines. |
|
Yeah not a money problem, it's a time problem. I'll also try to carve some time for this but the next few weeks are busy |
|
@simao @Skrilltrax Hi, I am willing to contribute some time. That said, I am new to Kotlin, and |
|
With #124 being merged we now pass the age specification's test suite, barring two tests. We'll try to resolve them over the coming weeks and tag an initial 0.1.0 release. |
|
I believe I made a mistake during the rebase of the PR, and we actually do fully pass the test suite. I'll fix it on GitHub in a bit. Edit: merged as #231 |
|
v0.1.0 of kage is now available on Maven Central: https://central.sonatype.com/artifact/com.github.android-password-store/kage I'll update the README in a few hours. |
This is the tracking issue for kage MVP. Below are the requirements to achieve our first goal of making kage compatible with age.
API requirements
The requirements are divided into 3 sections -
AgeFile,AgeKey, andAge Client. Once all the requirements are complete we will be able to generate age keys and use those keys to encrypt and decrypt data.AgeFile
AgeKey
Age Client
X25519recipientsX25519recipientsX25519identityX25519identityAgeFileobjectAgeFileand an identity and returns the decrypted dataFinal validation
The text was updated successfully, but these errors were encountered: