mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
ff8819577b
secure-systems-lab/securesystemslib#288 changes the key generation interface functions in such a way that it is clear if a call opens a blocking prompt, or writes the key unencrypted. To do this two functions are added per key type: - `generate_and_write_*_keypair_with_prompt` - `generate_and_write_unencrypted_*_keypair` The default `generate_and_write_*_keypair` function now only allows encrypted keys and only using a passed password. This respects the principle of secure defaults and least surprise. sslib#288 furthermore adds a protected `_generate_and_write_*_keypair`, which is not exposed publicly because it does not encrypt by default, but is more flexible and thus convenient e.g. to consume all arguments from a key generation command line tool such as 'repo.py'. This commit adds the new public functions to the tuf namespace and adopts their usage accordingly. NOTE regarding repo.py: This commit does not fix any problematic password behavior of 'repo.py' like default passwords, etc. (see #881). It only adopts the sslib#288 changes to maintain the current behvior, plus removing one glaringly obsolete password prompt. NOTE regarding key import: The securesystemslib private key import functions were also changed to no longer auto-prompt for decryption passwords , TUF, however, only exposes custom wrappers (see repository_lib) that do auto-prompt. sslib#288 changes to the prompt texts are nevertheless propagated to tuf and reflected in this commit. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu> |
||
|---|---|---|
| .. | ||
| repository_data | ||
| ssl_certs | ||
| .coveragerc | ||
| __init__.py | ||
| aggregate_tests.py | ||
| proxy_server.py | ||
| simple_https_server.py | ||
| simple_server.py | ||
| slow_retrieval_server.py | ||
| test_api.py | ||
| test_arbitrary_package_attack.py | ||
| test_developer_tool.py | ||
| test_download.py | ||
| test_endless_data_attack.py | ||
| test_extraneous_dependencies_attack.py | ||
| test_formats.py | ||
| test_indefinite_freeze_attack.py | ||
| test_key_revocation_integration.py | ||
| test_keydb.py | ||
| test_log.py | ||
| test_mirrors.py | ||
| test_mix_and_match_attack.py | ||
| test_multiple_repositories_integration.py | ||
| test_proxy_use.py | ||
| test_replay_attack.py | ||
| test_repository_lib.py | ||
| test_repository_tool.py | ||
| test_roledb.py | ||
| test_root_versioning_integration.py | ||
| test_sig.py | ||
| test_slow_retrieval_attack.py | ||
| test_tutorial.py | ||
| test_unittest_toolbox.py | ||
| test_updater.py | ||
| test_updater_root_rotation_integration.py | ||
| utils.py | ||