An encryption format offering better security, performance and ease of use than PGP. File a bug if you found anything where we are worse than our competition, and we will fix it.
40
stars
10
forks
source link
Public/Secret key decoding and error handling tests #71
Decoding of keys, in particular of encrypted minisign and ssh secret keys, is not tested adequately. A single unit test for each of those using the keys within tests/keys/ should be added, and ideally also the various error checks should be tried. The ssh password is password while the test key for Minisign has an empty password.
These use cryptographic functions not used by any other parts of Covert, so having them tested is not only about our code quality but also to avoid regressions if we switch cryptographic libraries.
Both have a lot of error checking and special conditions that are never hit in normal operation, thus needing specialised tests that hit every line of code there, to avoid otherwise hard to find bugs. As an added difficulty, Minisign password hashing is so slow that we want to avoid doing more than one true run of that in automated tests. Other cases (such as incorrect password entry) need to be tested by mocking those functions to go faster. Not a particularly easy task to do, but someone with advanced coding skills would be welcome to pick up on this, despite not knowing the cryptography very intimately.
Decoding of keys, in particular of encrypted minisign and ssh secret keys, is not tested adequately. A single unit test for each of those using the keys within
tests/keys/should be added, and ideally also the various error checks should be tried. The ssh password ispasswordwhile the test key for Minisign has an empty password.These use cryptographic functions not used by any other parts of Covert, so having them tested is not only about our code quality but also to avoid regressions if we switch cryptographic libraries.
Both have a lot of error checking and special conditions that are never hit in normal operation, thus needing specialised tests that hit every line of code there, to avoid otherwise hard to find bugs. As an added difficulty, Minisign password hashing is so slow that we want to avoid doing more than one true run of that in automated tests. Other cases (such as incorrect password entry) need to be tested by mocking those functions to go faster. Not a particularly easy task to do, but someone with advanced coding skills would be welcome to pick up on this, despite not knowing the cryptography very intimately.