On Thu, Mar 27, 2025 at 07:45:12PM +0100, Bill Allombert wrote:
> Dear Debian developpers,
>
> popularity-contest relies on /usr/bin/gpg for encrypting files.
> (it cannot use gpgv which does not provide encryption).
>
> By design popularity-contest needs to have as few non-essential
> dependencies as possible because this skews the result.
>
> It used to be the case that apt depended on gpg, but not anymore.
> Is it still the best option ?
I am among the people who have moved towards the Sequoia family of
cryptographic tools; in particular, sqop (a Sequoia implementation of
the SOP command-line interface) seems to work:
[roam@straylight ~]$ echo canttouchthis | sqop encrypt /usr/share/popularity-contest/debian-popcon.gpg | pgpdump
New: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes)
New version(3)
Key ID - 0x4E9024B327CBD937
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(4095 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
New: Symmetrically Encrypted and MDC Packet(tag 18)(63 bytes)
Ver 1
Encrypted data [sym alg is specified in pub-key encrypted session key]
(plain text + MDC SHA1(20 bytes))
[roam@straylight ~]$
Hope that helps!
G'luck,
Peter
--
Peter Pentchev roam@ringlet.net roam@debian.org peter@morpheusly.com
PGP key: https://www.ringlet.net/roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
Attachment:
signature.asc
Description: PGP signature