Engine/Cryptotech

17:05 <@edouard> fdik: what should be result of decrypt_and_verify when signer's key is expired ?
17:16 <@fdik> it must decrypt and verify
17:16 <@fdik> expiry is only for encryption
17:17 <@fdik> decryption must not be affected
17:30 <@edouard> ok. is scope of revokation different ?
17:43 <@fdik> for trust level, yes
17:43 <@fdik> but not fot decrypting
17:52 <@edouard> if a key have been revoked, and I receive a message encrypted and signed by that key. All good ?
17:53 <@fdik> Will be decrypted.
17:53 <@fdik> Depending on the date of the message, it will be marked unreliable or forged
17:53 <@fdik> if it was sent before revocation, it's unreliable
17:53 <@fdik> if it was sent after revocation, it's forged
17:53 <@fdik> but that's all trust
17:54 <@fdik> so it has nothing to do with PGP layer in p≡p engine
17:54 <@fdik> because p≡p is not based on the trust system of PGP
17:54 <@edouard> ok, so decrypt_and_verif should keep OK even if key revoked.
17:55 <@fdik> could you please put that into the wiki?
17:55 <@fdik> yes
17:55 <@fdik> to be exact:
17:56 <@fdik> decrypt_and_verify() MUST deliver one of the decryption results of PEP_STATUS
17:56 <@fdik> It's the results 0x0400 - 0x04ff
17:57 <@fdik> If it can be decrypted and verified correctly, it has to deliver PEP_DECRYPTED_AND_VERIFIED
17:57 <@fdik> if verification is not possible, it's PEP_DECRYPTED
17:59 <@edouard> ok. anyhow, the way I rewrote keyring lookup funcs make it parametrable in netpgp. so, we can change our mind later :)
17:59 <@edouard> for now, I'll just decrypt and verif even if revoked
18:12 <@fdik> can you send a PEP_DECRYPTED if it was revoked, plz? ;-)