-
PGPainless meets the Web-of-Trust
Path finding in a “Web-of-Trust” – Photo by Mads Schmidt Rasmussen on Unsplash We are very proud to announce the release of PGPainless-WOT, an implementation of the OpenPGP Web of Trust specification using PGPainless. Big thanks to Heiko for his valuable contributions and the great boost in motivation working together gave me 🙂 Also big thanks to NLnet for sponsoring this project in such a flexible way. Lastly,…
-
Creating an OpenPGP Web-of-Trust Implementation – Knitting a Net
A densely interconnected directed graph forming the Web-of-Trust. Photo by Ricardo Resende on Unsplash I imagine the Web-of-Trust as an old, half-rotten fishing net (bear with me); There are knobbly knots, which may or may not be connected to neighboring knots through yarn of different thickness. Some knots are well-connected with others, as ye olde fisherman did some repair work on the net, while other knots or even whole…
-
Use Any SOP Binary With SOP-Java and External-SOP
I just released another library named external-sop, which implements sop-java and allows the user to use any SOP CLI application of their choice from within their Java / Kotlin application!
-
Implementing Packet Sequence Validation using Pushdown Automata
In the previous blog post I discussed how a formal grammar can be transformed into a pushdown automaton in order to check if a sequence of packets or tokens is part of the language described by the grammar. In this post I will discuss how I implemented said automaton in Java in order to validate…
-
Using Pushdown Automata to verify Packet Sequences
As a software developer, most of my work day is spent working practically by coding and hacking away. Recently though I stumbled across an interesting problem which required another, more theoretical approach…
-
Creating a Web-of-Trust Implementation: Accessing Certificate Stores
A different type of certificate store. Photo by K Fraser on Unsplash I made progress towards a full WoT implementation. The current milestone entails integrating certificate stores more closely with the core API. More specifically, an implementation of the Shared PGP Certificate Directory.
-
Creating a Web-of-Trust Implementation: Certify Keys with PGPainless
Currently I am working on a Web-of-Trust implementation for the OpenPGP library PGPainless. Technically, the WoT consists of a graph where the nodes are OpenPGP keys (certificates) with User-IDs and the edges are signatures. In order to be able to create a WoT, users need to be able to sign other users certificates to create…
-
Reproducible Builds – Telling of a Debugging Story
I try to make PGPainless build reproducible. A few months ago I added some lines to the build script which were supposed to make the project reproducible by using static file modification dates, as well as a deterministic file order in the JAR archive. However, recently my JAR files started to contain mismatching bytes…
-
Creating an OpenPGP Web-of-Trust Implementation – A Series
I am excited to announce that PGPainless will receive funding by NGI Assure to develop an implementation of the Web-of-Trust specification proposal! The Web-of-Trust (WoT) serves as an example of a decentralized authentication mechanism for OpenPGP.
-
PGPainless 1.0.0 Released!
Close to the end of 2021 I’m excited to announce the release of PGPainless version 1.0.0! I feel like it finally reached a state of sufficient maturity to be worthy of a major release with a “1” at the front.