Merged openpgp package into openpgp-util

105 files changed, 1944 insertions, 182 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..9929e9d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,19 @@
+*.[ao]
+*.hi
+*.swp*
+*.orig
+*.rej
+Data/OpenPGP/Arbitrary.hs
+verify
+sign
+keygen
+tests/suite
+dist/*
+report.html
+dist-ghc/*
+build-*-stamp
+debian/files
+debian/hlibrary.setup
+debian/libghc*
+debian/tmp*
+debian/dh_*
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..14a357b
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,3 @@
+language: haskell
+before_install: "cabal install hlint derive cereal"
+script: "make Data/OpenPGP/Arbitrary.hs && make report.html && [ ! -e report.html ] && make dist/setup-config && make tests/suite && tests/suite --plain && make clean && make Data/OpenPGP/Arbitrary.hs && make CEREAL=1 dist/setup-config && make CEREAL=1 tests/suite && tests/suite --plain"
diff --git a/Arbitrary.patch b/Arbitrary.patch
new file mode 100644
index 0000000..fdbfba6
--- /dev/null
+++ b/Arbitrary.patch
@@ -0,0 +1,108 @@
+--- Data/OpenPGP/Arbitrary.hs   2012-04-27 12:38:11.492411339 -0500
++++ arb.s       2012-04-27 12:37:57.176469214 -0500
+@@ -1 +1,2 @@
++{-# OPTIONS_GHC -fno-warn-orphans -fno-warn-unused-imports #-}
+ module Data.OpenPGP.Arbitrary where
+@@ -14,13 +14,18 @@
+                    1 -> do x1 <- arbitrary
+                            x2 <- arbitrary
+                            x3 <- arbitrary
+-                           x4 <- arbitrary
+-                           x5 <- arbitrary
++                           x4 <- resize 10 (listOf arbitrary)
++                           x5 <- resize 10 (listOf arbitrary)
+                            x6 <- arbitrary
+                            x7 <- arbitrary
+-                           x8 <- arbitrary
+-                           x9 <- arbitrary
+-                           return (SignaturePacket x1 x2 x3 x4 x5 x6 x7 x8 x9)
++                           version <- choose (2 :: Word8, 4)
++                           case version of
++                                   4 ->
++                                           return (signaturePacket 4 x1 x2 x3 x4 x5 x6 x7)
++                                   _ -> do
++                                           creation_time <- arbitrary
++                                           keyid <- vectorOf 16 (elements (['0'..'9'] ++ ['A'..'F']))
++                                           return (signaturePacket version x1 x2 x3 [] [SignatureCreationTimePacket creation_time, IssuerPacket keyid] x6 x7)
+                    2 -> do x1 <- arbitrary
+                            x2 <- arbitrary
+                            x3 <- arbitrary
+@@ -88,5 +93,5 @@
+                            x2 <- arbitrary
+-                           x3 <- arbitrary
++                           x3 <- fmap decode_s2k_count arbitrary
+                            return (IteratedSaltedS2K x1 x2 x3)
+-                   3 -> do x1 <- arbitrary
++                   3 -> do x1 <- suchThat arbitrary (`notElem` [0,1,3])
+                            x2 <- arbitrary
+@@ -73,7 +72,7 @@
+                    4 -> return SHA384
+                    5 -> return SHA512
+                    6 -> return SHA224
+-                   7 -> do x1 <- arbitrary
++                   7 -> do x1 <- suchThat arbitrary (`notElem` [01,02,03,08,09,10,11])
+                            return (HashAlgorithm x1)
+                    _ -> error "FATAL ERROR: Arbitrary instance, logic bug"
+
+@@ -90,7 +89,7 @@
+                    5 -> return ECC
+                    6 -> return ECDSA
+                    7 -> return DH
+-                   8 -> do x1 <- arbitrary
++                   8 -> do x1 <- suchThat arbitrary (`notElem` [01,02,03,16,17,18,19,21])
+                            return (KeyAlgorithm x1)
+                    _ -> error "FATAL ERROR: Arbitrary instance, logic bug"
+
+@@ -108,7 +107,7 @@
+                    6 -> return AES192
+                    7 -> return AES256
+                    8 -> return Twofish
+-                   9 -> do x1 <- arbitrary
++                   9 -> do x1 <- suchThat arbitrary (`notElem` [00,01,02,03,04,07,08,09,10])
+                            return (SymmetricAlgorithm x1)
+                    _ -> error "FATAL ERROR: Arbitrary instance, logic bug"
+
+@@ -121,7 +120,7 @@
+                    1 -> return ZIP
+                    2 -> return ZLIB
+                    3 -> return BZip2
+-                   4 -> do x1 <- arbitrary
++                   4 -> do x1 <- suchThat arbitrary (`notElem` [0,1,2,3])
+                            return (CompressionAlgorithm x1)
+                    _ -> error "FATAL ERROR: Arbitrary instance, logic bug"
+
+@@ -135,7 +134,7 @@
+                    2 -> return KeyCompromised
+                    3 -> return KeyRetired
+                    4 -> return UserIDInvalid
+-                   5 -> do x1 <- arbitrary
++                   5 -> do x1 <- suchThat arbitrary (`notElem` [00,01,02,03,32])
+                            return (RevocationCode x1)
+                    _ -> error "FATAL ERROR: Arbitrary instance, logic bug"
+
+@@ -134,7 +133,7 @@
+
+ instance Arbitrary MPI where
+         arbitrary
+-          = do x1 <- arbitrary
++          = do x1 <- suchThat arbitrary (>=0)
+                return (MPI x1)
+
+
+@@ -160,5 +160,5 @@
+                            return (PreferredSymmetricAlgorithmsPacket x1)
+                    8 -> do x1 <- arbitrary
+                            x2 <- arbitrary
+-                           x3 <- arbitrary
++                           x3 <- vectorOf 40 (elements (['0'..'9'] ++ ['A'..'F']))
+                            return (RevocationKeyPacket x1 x2 x3)
+@@ -166 +165 @@
+-                   9 -> do x1 <- arbitrary
++                   9 -> do x1 <- vectorOf 16 (elements (['0'..'9'] ++ ['A'..'F']))
+@@ -217 +216 @@
+-                   22 -> do x1 <- arbitrary
++                   22 -> do x1 <- suchThat arbitrary isSignaturePacket
+@@ -169,2 +168 @@
+-                            x2 <- arbitrary
+-                            return (UnsupportedSignatureSubpacket x1 x2)
++                            return (UnsupportedSignatureSubpacket 105 x1)
diff --git a/Data/OpenPGP.hs b/Data/OpenPGP.hs
new file mode 100644
index 0000000..74aae5f
--- /dev/null
+++ b/Data/OpenPGP.hs
@@ -0,0 +1,1363 @@
+{-# LANGUAGE CPP #-}
+-- | Main implementation of the OpenPGP message format <http://tools.ietf.org/html/rfc4880>
+--
+-- The recommended way to import this module is:
+--
+-- > import qualified Data.OpenPGP as OpenPGP
+module Data.OpenPGP (
+        Packet(
+                AsymmetricSessionKeyPacket,
+                OnePassSignaturePacket,
+                SymmetricSessionKeyPacket,
+                PublicKeyPacket,
+                SecretKeyPacket,
+                CompressedDataPacket,
+                MarkerPacket,
+                LiteralDataPacket,
+                TrustPacket,
+                UserIDPacket,
+                EncryptedDataPacket,
+                ModificationDetectionCodePacket,
+                UnsupportedPacket,
+                compression_algorithm,
+                content,
+                encrypted_data,
+                filename,
+                format,
+                hash_algorithm,
+                hashed_subpackets,
+                hash_head,
+                key,
+                is_subkey,
+                v3_days_of_validity,
+                key_algorithm,
+                key_id,
+                message,
+                nested,
+                s2k_useage,
+                s2k,
+                signature,
+                signature_type,
+                symmetric_algorithm,
+                timestamp,
+                trailer,
+                unhashed_subpackets,
+                version
+        ),
+        isSignaturePacket,
+        signaturePacket,
+        Message(..),
+        SignatureSubpacket(..),
+        S2K(..),
+        string2key,
+        HashAlgorithm(..),
+        KeyAlgorithm(..),
+        SymmetricAlgorithm(..),
+        CompressionAlgorithm(..),
+        RevocationCode(..),
+        MPI(..),
+        find_key,
+        fingerprint_material,
+        SignatureOver(..),
+        signatures,
+        signature_issuer,
+        public_key_fields,
+        secret_key_fields
+) where
+
+import Numeric
+import Control.Monad
+import Control.Arrow
+import Control.Applicative
+import Data.Monoid
+import Data.Bits
+import Data.Word
+import Data.Char
+import Data.List
+import Data.Maybe
+import Data.OpenPGP.Internal
+import qualified Data.ByteString as BS
+import qualified Data.ByteString.Lazy as LZ
+
+#ifdef CEREAL
+import Data.Serialize
+import qualified Data.ByteString as B
+import qualified Data.ByteString.UTF8 as B (toString, fromString)
+#define BINARY_CLASS Serialize
+#else
+import Data.Binary
+import Data.Binary.Get
+import Data.Binary.Put
+import qualified Data.ByteString.Lazy as B
+import qualified Data.ByteString.Lazy.UTF8 as B (toString, fromString)
+#define BINARY_CLASS Binary
+#endif
+
+import qualified Codec.Compression.Zlib.Raw as Zip
+import qualified Codec.Compression.Zlib as Zlib
+import qualified Codec.Compression.BZip as BZip2
+
+#ifdef CEREAL
+getRemainingByteString :: Get B.ByteString
+getRemainingByteString = remaining >>= getByteString
+
+getSomeByteString :: Word64 -> Get B.ByteString
+getSomeByteString = getByteString . fromIntegral
+
+putSomeByteString :: B.ByteString -> Put
+putSomeByteString = putByteString
+
+localGet :: Get a -> B.ByteString -> Get a
+localGet g bs = case runGet g bs of
+        Left s -> fail s
+        Right v -> return v
+
+compress :: CompressionAlgorithm -> B.ByteString -> B.ByteString
+compress algo = toStrictBS . lazyCompress algo . toLazyBS
+
+decompress :: CompressionAlgorithm -> B.ByteString -> B.ByteString
+decompress algo = toStrictBS . lazyDecompress algo . toLazyBS
+
+toStrictBS :: LZ.ByteString -> B.ByteString
+toStrictBS = B.concat . LZ.toChunks
+
+toLazyBS :: B.ByteString -> LZ.ByteString
+toLazyBS = LZ.fromChunks . (:[])
+
+lazyEncode :: (Serialize a) => a -> LZ.ByteString
+lazyEncode = toLazyBS . encode
+#else
+getRemainingByteString :: Get B.ByteString
+getRemainingByteString = getRemainingLazyByteString
+
+getSomeByteString :: Word64 -> Get B.ByteString
+getSomeByteString = getLazyByteString . fromIntegral
+
+putSomeByteString :: B.ByteString -> Put
+putSomeByteString = putLazyByteString
+
+#if MIN_VERSION_binary(0,6,4)
+localGet :: Get a -> B.ByteString -> Get a
+localGet g bs = case runGetOrFail g bs of
+        Left (_,_,s) -> fail s
+        Right (leftover,_,v)
+                | B.null leftover -> return v
+                | otherwise -> fail $ "Leftover in localGet: " ++ show leftover
+#else
+localGet :: Get a -> B.ByteString -> Get a
+localGet g bs = return $ runGet g bs
+#endif
+
+compress :: CompressionAlgorithm -> B.ByteString -> B.ByteString
+compress = lazyCompress
+
+decompress :: CompressionAlgorithm -> B.ByteString -> B.ByteString
+decompress = lazyDecompress
+
+lazyEncode :: (Binary a) => a -> LZ.ByteString
+lazyEncode = encode
+#endif
+
+lazyCompress :: CompressionAlgorithm -> LZ.ByteString -> LZ.ByteString
+lazyCompress Uncompressed = id
+lazyCompress ZIP          = Zip.compress
+lazyCompress ZLIB         = Zlib.compress
+lazyCompress BZip2        = BZip2.compress
+lazyCompress x            = error ("No implementation for " ++ show x)
+
+lazyDecompress :: CompressionAlgorithm -> LZ.ByteString -> LZ.ByteString
+lazyDecompress Uncompressed = id
+lazyDecompress ZIP          = Zip.decompress
+lazyDecompress ZLIB         = Zlib.decompress
+lazyDecompress BZip2        = BZip2.decompress
+lazyDecompress x            = error ("No implementation for " ++ show x)
+
+assertProp :: (Monad m, Show a) => (a -> Bool) -> a -> m a
+assertProp f x
+        | f x = return $! x
+        | otherwise = fail $ "Assertion failed for: " ++ show x
+
+pad :: Int -> String -> String
+pad l s = replicate (l - length s) '0' ++ s
+
+padBS :: Int -> B.ByteString -> B.ByteString
+padBS l s = B.replicate (fromIntegral l - B.length s) 0 `B.append` s
+
+checksum :: B.ByteString -> Word16
+checksum = fromIntegral .
+        B.foldl (\c i -> (c + fromIntegral i) `mod` 65536) (0::Integer)
+
+data Packet =
+        AsymmetricSessionKeyPacket {
+                version::Word8,
+                key_id::String,
+                key_algorithm::KeyAlgorithm,
+                encrypted_data::B.ByteString
+        } |
+        -- ^ <http://tools.ietf.org/html/rfc4880#section-5.1>
+        SignaturePacket {
+                version::Word8,
+                signature_type::Word8,
+                key_algorithm::KeyAlgorithm,
+                hash_algorithm::HashAlgorithm,
+                hashed_subpackets::[SignatureSubpacket],
+                unhashed_subpackets::[SignatureSubpacket],
+                hash_head::Word16,
+                signature::[MPI],
+                trailer::B.ByteString
+        } |
+        -- ^ <http://tools.ietf.org/html/rfc4880#section-5.2>
+        SymmetricSessionKeyPacket {
+                version::Word8,
+                symmetric_algorithm::SymmetricAlgorithm,
+                s2k::S2K,
+                encrypted_data::B.ByteString
+        } |
+        -- ^ <http://tools.ietf.org/html/rfc4880#section-5.3>
+        OnePassSignaturePacket {
+                version::Word8,
+                signature_type::Word8,
+                hash_algorithm::HashAlgorithm,
+                key_algorithm::KeyAlgorithm,
+                key_id::String,
+                nested::Word8
+        } |
+        -- ^ <http://tools.ietf.org/html/rfc4880#section-5.4>
+        PublicKeyPacket {
+                version::Word8,
+                timestamp::Word32,
+                key_algorithm::KeyAlgorithm,
+                key::[(Char,MPI)],
+                is_subkey::Bool,
+                v3_days_of_validity::Maybe Word16
+        } |
+        -- ^ <http://tools.ietf.org/html/rfc4880#section-5.5.1.1> (also subkey)
+        SecretKeyPacket {
+                version::Word8,
+                timestamp::Word32,
+                key_algorithm::KeyAlgorithm,
+                key::[(Char,MPI)],
+                s2k_useage::Word8,
+                s2k::S2K, -- ^ This is meaningless if symmetric_algorithm == Unencrypted
+                symmetric_algorithm::SymmetricAlgorithm,
+                encrypted_data::B.ByteString,
+                is_subkey::Bool
+        } |
+        -- ^ <http://tools.ietf.org/html/rfc4880#section-5.5.1.3> (also subkey)
+        CompressedDataPacket {
+                compression_algorithm::CompressionAlgorithm,
+                message::Message
+        } |
+        -- ^ <http://tools.ietf.org/html/rfc4880#section-5.6>
+        MarkerPacket | -- ^ <http://tools.ietf.org/html/rfc4880#section-5.8>
+        LiteralDataPacket {
+                format::Char,
+                filename::String,
+                timestamp::Word32,
+                content::B.ByteString
+        } |
+        -- ^ <http://tools.ietf.org/html/rfc4880#section-5.9>
+        TrustPacket B.ByteString | -- ^ <http://tools.ietf.org/html/rfc4880#section-5.10>
+        UserIDPacket String | -- ^ <http://tools.ietf.org/html/rfc4880#section-5.11>
+        EncryptedDataPacket {
+                version::Word8,
+                encrypted_data::B.ByteString
+        } |
+        -- ^ <http://tools.ietf.org/html/rfc4880#section-5.13>
+        -- or <http://tools.ietf.org/html/rfc4880#section-5.7> when version is 0
+        ModificationDetectionCodePacket B.ByteString | -- ^ <http://tools.ietf.org/html/rfc4880#section-5.14>
+        UnsupportedPacket Word8 B.ByteString
+        deriving (Show, Read, Eq)
+
+instance BINARY_CLASS Packet where
+        put p = do
+                -- First two bits are 1 for new packet format
+                put ((tag .|. 0xC0) :: Word8)
+                case tag of
+                        19 -> put =<< assertProp (<192) (blen :: Word8)
+                        _  -> do
+                                -- Use 5-octet lengths
+                                put (255 :: Word8)
+                                put (blen :: Word32)
+                putSomeByteString body
+                where
+                blen :: (Num a) => a
+                blen = fromIntegral $ B.length body
+                (body, tag) = put_packet p
+        get = do
+                tag <- get
+                let (t, l) =
+                        if (tag .&. 64) /= 0 then
+                                (tag .&. 63, parse_new_length)
+                        else
+                                ((tag `shiftR` 2) .&. 15, (,) <$> parse_old_length tag <*> pure False)
+                packet <- uncurry get_packet_bytes =<< l
+                localGet (parse_packet t) (B.concat packet)
+
+get_packet_bytes :: Maybe Word32 -> Bool -> Get [B.ByteString]
+get_packet_bytes len partial = do
+        -- This forces the whole packet to be consumed
+        packet <- maybe getRemainingByteString (getSomeByteString . fromIntegral) len
+        if not partial then return [packet] else
+                (packet:) <$> (uncurry get_packet_bytes =<< parse_new_length)
+
+-- http://tools.ietf.org/html/rfc4880#section-4.2.2
+parse_new_length :: Get (Maybe Word32, Bool)
+parse_new_length = fmap (first Just) $ do
+        len <- fmap fromIntegral (get :: Get Word8)
+        case len of
+                -- One octet length
+                _ | len < 192 -> return (len, False)
+                -- Two octet length
+                _ | len > 191 && len < 224 -> do
+                        second <- fmap fromIntegral (get :: Get Word8)
+                        return (((len - 192) `shiftL` 8) + second + 192, False)
+                -- Five octet length
+                255 -> (,) <$> (get :: Get Word32) <*> pure False
+                -- Partial length (streaming)
+                _ | len >= 224 && len < 255 ->
+                        return (1 `shiftL` (fromIntegral len .&. 0x1F), True)
+                _ -> fail "Unsupported new packet length."
+
+-- http://tools.ietf.org/html/rfc4880#section-4.2.1
+parse_old_length :: Word8 -> Get (Maybe Word32)
+parse_old_length tag =
+        case tag .&. 3 of
+                -- One octet length
+                0 -> fmap (Just . fromIntegral) (get :: Get Word8)
+                -- Two octet length
+                1 -> fmap (Just . fromIntegral) (get :: Get Word16)
+                -- Four octet length
+                2 -> fmap Just get
+                -- Indeterminate length
+                3 -> return Nothing
+                -- Error
+                _ -> fail "Unsupported old packet length."
+
+-- http://tools.ietf.org/html/rfc4880#section-5.5.2
+public_key_fields :: KeyAlgorithm -> [Char]
+public_key_fields RSA     = ['n', 'e']
+public_key_fields RSA_E   = public_key_fields RSA
+public_key_fields RSA_S   = public_key_fields RSA
+public_key_fields ELGAMAL = ['p', 'g', 'y']
+public_key_fields DSA     = ['p', 'q', 'g', 'y']
+public_key_fields ECDSA   = ['c','l','x', 'y']
+public_key_fields _       = undefined -- Nothing in the spec. Maybe empty
+
+-- http://tools.ietf.org/html/rfc4880#section-5.5.3
+secret_key_fields :: KeyAlgorithm -> [Char]
+secret_key_fields RSA     = ['d', 'p', 'q', 'u']
+secret_key_fields RSA_E   = secret_key_fields RSA
+secret_key_fields RSA_S   = secret_key_fields RSA
+secret_key_fields ELGAMAL = ['x']
+secret_key_fields DSA     = ['x']
+secret_key_fields ECDSA   = ['d']
+secret_key_fields _       = undefined -- Nothing in the spec. Maybe empty
+
+(!) :: (Eq k) => [(k,v)] -> k -> v
+(!) xs k = let Just x = lookup k xs in x
+
+-- Need this seperate for trailer calculation
+signature_packet_start :: Packet -> B.ByteString
+signature_packet_start (SignaturePacket {
+        version = 4,
+        signature_type = signature_type,
+        key_algorithm = key_algorithm,
+        hash_algorithm = hash_algorithm,
+        hashed_subpackets = hashed_subpackets
+}) =
+        B.concat [
+                encode (0x04 :: Word8),
+                encode signature_type,
+                encode key_algorithm,
+                encode hash_algorithm,
+                encode ((fromIntegral $ B.length hashed_subs) :: Word16),
+                hashed_subs
+        ]
+        where
+        hashed_subs = B.concat $ map encode hashed_subpackets
+signature_packet_start x =
+        error ("Trying to get start of signature packet for: " ++ show x)
+
+-- The trailer is just the top of the body plus some crap
+calculate_signature_trailer :: Packet -> B.ByteString
+calculate_signature_trailer (SignaturePacket { version = v,
+                                               signature_type = signature_type,
+                                               unhashed_subpackets = unhashed_subpackets
+                                             }) | v `elem` [2,3] =
+        B.concat [
+                encode signature_type,
+                encode creation_time
+        ]
+        where
+        Just (SignatureCreationTimePacket creation_time) = find isCreation unhashed_subpackets
+        isCreation (SignatureCreationTimePacket {}) = True
+        isCreation _ = False
+calculate_signature_trailer p@(SignaturePacket {version = 4}) =
+        B.concat [
+                signature_packet_start p,
+                encode (0x04 :: Word8),
+                encode (0xff :: Word8),
+                encode (fromIntegral (B.length $ signature_packet_start p) :: Word32)
+        ]
+calculate_signature_trailer x =
+        error ("Trying to calculate signature trailer for: " ++ show x)
+
+
+encode_public_key_material :: Packet -> [B.ByteString]
+encode_public_key_material k | key_algorithm k == ECDSA  = do
+    -- http://tools.ietf.org/html/rfc6637
+    c <- maybeToList $ lookup 'c' (key k)
+    MPI l <- maybeToList $ lookup 'l' (key k)
+    MPI x <- maybeToList $ lookup 'x' (key k)
+    MPI y <- maybeToList $ lookup 'y' (key k)
+    let (bitlen,oid) = B.splitAt 2 (encode c)
+        len16 = decode bitlen :: Word16
+        (fullbytes,rembits) = len16 `quotRem` 8
+        len8 = fromIntegral (fullbytes + if rembits/=0 then 1 else 0) :: Word8
+        xy = 4*(4^l) + x*(2^l) + y
+    [ len8 `B.cons` oid, encode (MPI xy) ]
+encode_public_key_material k = map (encode . (key k !)) (public_key_fields $ key_algorithm k)
+
+decode_public_key_material :: KeyAlgorithm -> Get [(Char,MPI)]
+decode_public_key_material ECDSA = do
+    -- http://tools.ietf.org/html/rfc6637
+    oidlen <- get :: Get Word8
+    oidbytes <- getSomeByteString (fromIntegral oidlen)
+    let mpiFromBytes bytes = MPI (B.foldl (\a b -> a `shiftL` 8 .|. fromIntegral b) 0 bytes)
+        oid = mpiFromBytes oidbytes
+    MPI xy <- get
+    let integerBytesize i = fromIntegral $ LZ.length (encode (MPI i)) - 2
+        width = ( integerBytesize xy - 1 ) `div` 2
+        (fx,y) = xy `quotRem` (256^width)
+        x = fx `rem` (256^width)
+        l = width*8
+    return [('c',oid), ('l',MPI l), ('x',MPI x), ('y',MPI y)]
+decode_public_key_material algorithm = mapM (\f -> fmap ((,)f) get) (public_key_fields algorithm)
+
+put_packet :: Packet -> (B.ByteString, Word8)
+put_packet (AsymmetricSessionKeyPacket version key_id key_algorithm dta) =
+        (B.concat [
+                encode version,
+                encode (fst $ head $ readHex $ takeFromEnd 16 key_id :: Word64),
+                encode key_algorithm,
+                dta
+        ], 1)
+put_packet (SignaturePacket { version = v,
+                              unhashed_subpackets = unhashed_subpackets,
+                              key_algorithm = key_algorithm,
+                              hash_algorithm = hash_algorithm,
+                              hash_head = hash_head,
+                              signature = signature,
+                              trailer = trailer }) | v `elem` [2,3] =
+        -- TODO: Assert that there are no subpackets we cannot encode?
+        (B.concat $ [
+                B.singleton v,
+                B.singleton 0x05,
+                trailer, -- signature_type and creation_time
+                encode keyid,
+                encode key_algorithm,
+                encode hash_algorithm,
+                encode hash_head
+        ] ++ map encode signature, 2)
+        where
+        keyid = fst $ head $ readHex $ takeFromEnd 16 keyidS :: Word64
+        Just (IssuerPacket keyidS) = find isIssuer unhashed_subpackets
+        isIssuer (IssuerPacket {}) = True
+        isIssuer _ = False
+put_packet (SymmetricSessionKeyPacket version salgo s2k encd) =
+        (B.concat [encode version, encode salgo, encode s2k, encd], 3)
+put_packet (SignaturePacket { version = 4,
+                              unhashed_subpackets = unhashed_subpackets,
+                              hash_head = hash_head,
+                              signature = signature,
+                              trailer = trailer }) =
+        (B.concat $ [
+                trailer_top,
+                encode (fromIntegral $ B.length unhashed :: Word16),
+                unhashed, encode hash_head
+        ] ++ map encode signature, 2)
+        where
+        trailer_top = B.reverse $ B.drop 6 $ B.reverse trailer
+        unhashed = B.concat $ map encode unhashed_subpackets
+put_packet (OnePassSignaturePacket { version = version,
+                                     signature_type = signature_type,
+                                     hash_algorithm = hash_algorithm,
+                                     key_algorithm = key_algorithm,
+                                     key_id = key_id,
+                                     nested = nested }) =
+        (B.concat [
+                encode version, encode signature_type,
+                encode hash_algorithm, encode key_algorithm,
+                encode (fst $ head $ readHex $ takeFromEnd 16 key_id :: Word64),
+                encode nested
+        ], 4)
+put_packet (SecretKeyPacket { version = version, timestamp = timestamp,
+                              key_algorithm = algorithm, key = key,
+                              s2k_useage = s2k_useage, s2k = s2k,
+                              symmetric_algorithm = symmetric_algorithm,
+                              encrypted_data = encrypted_data,
+                              is_subkey = is_subkey }) =
+        (B.concat $ p :
+        (if s2k_useage `elem` [254,255] then
+                [encode s2k_useage, encode symmetric_algorithm, encode s2k]
+        else
+                [encode symmetric_algorithm]
+        ) ++
+        (if symmetric_algorithm /= Unencrypted then
+                -- For V3 keys, the "encrypted data" has an unencrypted checksum
+                -- of the unencrypted MPIs on the end
+                [encrypted_data]
+        else s ++
+                [encode $ checksum $ B.concat s]),
+        if is_subkey then 7 else 5)
+        where
+        p = fst (put_packet $
+                PublicKeyPacket version timestamp algorithm key False Nothing)
+        s = map (encode . (key !)) (secret_key_fields algorithm)
+put_packet p@(PublicKeyPacket { version = v, timestamp = timestamp,
+                              key_algorithm = algorithm, key = key,
+                              is_subkey = is_subkey })
+        | v == 3 =
+                final (B.concat $ [
+                        B.singleton 3, encode timestamp,
+                        encode v3_days,
+                        encode algorithm
+                ] ++ material)
+        | v == 4 =
+                final (B.concat $ [
+                        B.singleton 4, encode timestamp, encode algorithm
+                ] ++ material)
+        where
+        Just v3_days = v3_days_of_validity p
+        final x = (x, if is_subkey then 14 else 6)
+        material = encode_public_key_material p
+put_packet (CompressedDataPacket { compression_algorithm = algorithm,
+                                   message = message }) =
+        (B.append (encode algorithm) $ compress algorithm $ encode message, 8)
+put_packet MarkerPacket = (B.fromString "PGP", 10)
+put_packet (LiteralDataPacket { format = format, filename = filename,
+                                timestamp = timestamp, content = content
+                              }) =
+        (B.concat [
+                encode format, encode filename_l, lz_filename,
+                encode timestamp, content
+        ], 11)
+        where
+        filename_l  = (fromIntegral $ B.length lz_filename) :: Word8
+        lz_filename = B.fromString filename
+put_packet (TrustPacket bytes) = (bytes, 12)
+put_packet (UserIDPacket txt) = (B.fromString txt, 13)
+put_packet (EncryptedDataPacket 0 encrypted_data) = (encrypted_data, 9)
+put_packet (EncryptedDataPacket version encrypted_data) =
+        (B.concat [encode version, encrypted_data], 18)
+put_packet (ModificationDetectionCodePacket bstr) = (bstr, 19)
+put_packet (UnsupportedPacket tag bytes) = (bytes, fromIntegral tag)
+put_packet x = error ("Unsupported Packet version or type in put_packet: " ++ show x)
+
+parse_packet :: Word8 -> Get Packet
+-- AsymmetricSessionKeyPacket, http://tools.ietf.org/html/rfc4880#section-5.1
+parse_packet  1 = AsymmetricSessionKeyPacket
+        <$> (assertProp (==3) =<< get)
+        <*> fmap (pad 16 . map toUpper . flip showHex "") (get :: Get Word64)
+        <*> get
+        <*> getRemainingByteString
+-- SignaturePacket, http://tools.ietf.org/html/rfc4880#section-5.2
+parse_packet  2 = do
+        version <- get
+        case version of
+                _ | version `elem` [2,3] -> do
+                        _ <- assertProp (==5) =<< (get :: Get Word8)
+                        signature_type <- get
+                        creation_time <- get :: Get Word32
+                        keyid <- get :: Get Word64
+                        key_algorithm <- get
+                        hash_algorithm <- get
+                        hash_head <- get
+                        signature <- listUntilEnd
+                        return SignaturePacket {
+                                version = version,
+                                signature_type = signature_type,
+                                key_algorithm = key_algorithm,
+                                hash_algorithm = hash_algorithm,
+                                hashed_subpackets = [],
+                                unhashed_subpackets = [
+                                        SignatureCreationTimePacket creation_time,
+                                        IssuerPacket $ pad 16 $ map toUpper $ showHex keyid ""
+                                ],
+                                hash_head = hash_head,
+                                signature = signature,
+                                trailer = B.concat [encode signature_type, encode creation_time]
+                        }
+                4 -> do
+                        signature_type <- get
+                        key_algorithm <- get
+                        hash_algorithm <- get
+                        hashed_size <- fmap fromIntegral (get :: Get Word16)
+                        hashed_data <- getSomeByteString hashed_size
+                        hashed <- localGet listUntilEnd hashed_data
+                        unhashed_size <- fmap fromIntegral (get :: Get Word16)
+                        unhashed_data <- getSomeByteString unhashed_size
+                        unhashed <- localGet listUntilEnd unhashed_data
+                        hash_head <- get
+                        signature <- listUntilEnd
+                        return SignaturePacket {
+                                version = version,
+                                signature_type = signature_type,
+                                key_algorithm = key_algorithm,
+                                hash_algorithm = hash_algorithm,
+                                hashed_subpackets = hashed,
+                                unhashed_subpackets = unhashed,
+                                hash_head = hash_head,
+                                signature = signature,
+                                trailer = B.concat [encode version, encode signature_type, encode key_algorithm, encode hash_algorithm, encode (fromIntegral hashed_size :: Word16), hashed_data, B.pack [4, 0xff], encode ((6 + fromIntegral hashed_size) :: Word32)]
+                        }
+                x -> fail $ "Unknown SignaturePacket version " ++ show x ++ "."
+-- SymmetricSessionKeyPacket, http://tools.ietf.org/html/rfc4880#section-5.3
+parse_packet  3 = SymmetricSessionKeyPacket
+        <$> (assertProp (==4) =<< get)
+        <*> get
+        <*> get
+        <*> getRemainingByteString
+-- OnePassSignaturePacket, http://tools.ietf.org/html/rfc4880#section-5.4
+parse_packet  4 = do
+        version <- get
+        signature_type <- get
+        hash_algo <- get
+        key_algo <- get
+        key_id <- get :: Get Word64
+        nested <- get
+        return OnePassSignaturePacket {
+                version = version,
+                signature_type = signature_type,
+                hash_algorithm = hash_algo,
+                key_algorithm = key_algo,
+                key_id = pad 16 $ map toUpper $ showHex key_id "",
+                nested = nested
+        }
+-- SecretKeyPacket, http://tools.ietf.org/html/rfc4880#section-5.5.3
+parse_packet  5 = do
+        -- Parse PublicKey part
+        (PublicKeyPacket {
+                version = version,
+                timestamp = timestamp,
+                key_algorithm = algorithm,
+                key = key
+        }) <- parse_packet 6
+        s2k_useage <- get :: Get Word8
+        let k = SecretKeyPacket version timestamp algorithm key s2k_useage
+        (symmetric_algorithm, s2k) <- case () of
+                _ | s2k_useage `elem` [255, 254] -> (,) <$> get <*> get
+                _ | s2k_useage > 0 ->
+                        -- s2k_useage is symmetric_type in this case
+                        (,) <$> localGet get (encode s2k_useage) <*> pure (SimpleS2K MD5)
+                _ ->
+                        return (Unencrypted, S2K 100 B.empty)
+        if symmetric_algorithm /= Unencrypted then do {
+                encrypted <- getRemainingByteString;
+                return (k s2k symmetric_algorithm encrypted False)
+        } else do
+                skey <- foldM (\m f -> do
+                        mpi <- get :: Get MPI
+                        return $ (f,mpi):m) [] (secret_key_fields algorithm)
+                chk <- get
+                when (checksum (B.concat $ map (encode . snd) skey) /= chk) $
+                        fail "Checksum verification failed for unencrypted secret key"
+                return ((k s2k symmetric_algorithm B.empty False) {key = key ++ skey})
+-- PublicKeyPacket, http://tools.ietf.org/html/rfc4880#section-5.5.2
+parse_packet  6 = do
+        version <- get :: Get Word8
+        case version of
+                3 -> do
+                        timestamp <- get
+                        days <- get
+                        algorithm <- get
+                        key <- decode_public_key_material algorithm
+                        return PublicKeyPacket {
+                                version = version,
+                                timestamp = timestamp,
+                                key_algorithm = algorithm,
+                                key = key,
+                                is_subkey = False,
+                                v3_days_of_validity = Just days
+                        }
+                4 -> do
+                        timestamp <- get
+                        algorithm <- get
+                        key <- decode_public_key_material algorithm
+                        return PublicKeyPacket {
+                                version = 4,
+                                timestamp = timestamp,
+                                key_algorithm = algorithm,
+                                key = key,
+                                is_subkey = False,
+                                v3_days_of_validity = Nothing
+                        }
+                x -> fail $ "Unsupported PublicKeyPacket version " ++ show x ++ "."
+-- Secret-SubKey Packet, http://tools.ietf.org/html/rfc4880#section-5.5.1.4
+parse_packet  7 = do
+        p <- parse_packet 5
+        return p {is_subkey = True}
+-- CompressedDataPacket, http://tools.ietf.org/html/rfc4880#section-5.6
+parse_packet  8 = do
+        algorithm <- get
+        message <- localGet get =<< (decompress algorithm <$> getRemainingByteString)
+        return CompressedDataPacket {
+                compression_algorithm = algorithm,
+                message = message
+        }
+-- EncryptedDataPacket, http://tools.ietf.org/html/rfc4880#section-5.7
+parse_packet  9 = EncryptedDataPacket 0 <$> getRemainingByteString
+-- MarkerPacket, http://tools.ietf.org/html/rfc4880#section-5.8
+parse_packet 10 = return MarkerPacket
+-- LiteralDataPacket, http://tools.ietf.org/html/rfc4880#section-5.9
+parse_packet 11 = do
+        format <- get
+        filenameLength <- get :: Get Word8
+        filename <- getSomeByteString (fromIntegral filenameLength)
+        timestamp <- get
+        content <- getRemainingByteString
+        return LiteralDataPacket {
+                format = format,
+                filename = B.toString filename,
+                timestamp = timestamp,
+                content = content
+        }
+-- TrustPacket, http://tools.ietf.org/html/rfc4880#section-5.10
+parse_packet 12 = fmap TrustPacket getRemainingByteString
+-- UserIDPacket, http://tools.ietf.org/html/rfc4880#section-5.11
+parse_packet 13 =
+        fmap (UserIDPacket . B.toString) getRemainingByteString
+-- Public-Subkey Packet, http://tools.ietf.org/html/rfc4880#section-5.5.1.2
+parse_packet 14 = do
+        p <- parse_packet 6
+        return p {is_subkey = True}
+-- EncryptedDataPacket, http://tools.ietf.org/html/rfc4880#section-5.13
+parse_packet 18 = EncryptedDataPacket <$> get <*> getRemainingByteString
+-- ModificationDetectionCodePacket, http://tools.ietf.org/html/rfc4880#section-5.14
+parse_packet 19 =
+        fmap ModificationDetectionCodePacket getRemainingByteString
+-- Represent unsupported packets as their tag and literal bytes
+parse_packet tag = fmap (UnsupportedPacket tag) getRemainingByteString
+
+-- | Helper method for fingerprints and such
+fingerprint_material :: Packet -> [B.ByteString]
+fingerprint_material p | version p == 4 =
+        [
+                B.singleton 0x99,
+                encode (6 + fromIntegral (B.length material) :: Word16),
+                B.singleton 4, encode (timestamp p), encode (key_algorithm p),
+                material
+        ]
+        where
+        material = B.concat $ encode_public_key_material p
+fingerprint_material p | version p `elem` [2, 3] = [n, e]
+        where
+        n = B.drop 2 (encode (key p ! 'n'))
+        e = B.drop 2 (encode (key p ! 'e'))
+fingerprint_material _ =
+        error "Unsupported Packet version or type in fingerprint_material."
+
+enum_to_word8 :: (Enum a) => a -> Word8
+enum_to_word8 = fromIntegral . fromEnum
+
+enum_from_word8 :: (Enum a) => Word8 -> a
+enum_from_word8 = toEnum . fromIntegral
+
+data S2K =
+        SimpleS2K HashAlgorithm |
+        SaltedS2K HashAlgorithm Word64 |
+        IteratedSaltedS2K HashAlgorithm Word64 Word32 |
+        S2K Word8 B.ByteString
+        deriving (Show, Read, Eq)
+
+instance BINARY_CLASS S2K where
+        put (SimpleS2K halgo) = put (0::Word8) >> put halgo
+        put (SaltedS2K halgo salt) = put (1::Word8) >> put halgo >> put salt
+        put (IteratedSaltedS2K halgo salt count) = put (3::Word8) >> put halgo
+                >> put salt >> put (encode_s2k_count count)
+        put (S2K t body) = put t >> putSomeByteString body
+
+        get = do
+                t <- get :: Get Word8
+                case t of
+                        0 -> SimpleS2K <$> get
+                        1 -> SaltedS2K <$> get <*> get
+                        3 -> IteratedSaltedS2K <$> get <*> get <*> (decode_s2k_count <$> get)
+                        _ -> S2K t <$> getRemainingByteString
+
+-- | Take a hash function and an 'S2K' value and generate the bytes
+--   needed for creating a symmetric key.
+--
+-- Return value is always infinite length.
+-- Take the first n bytes you need for your keysize.
+string2key :: (HashAlgorithm -> LZ.ByteString -> BS.ByteString) -> S2K -> LZ.ByteString -> LZ.ByteString
+string2key hsh (SimpleS2K halgo) s = infiniHashes (hsh halgo) s
+string2key hsh (SaltedS2K halgo salt) s =
+        infiniHashes (hsh halgo) (lazyEncode salt `LZ.append` s)
+string2key hsh (IteratedSaltedS2K halgo salt count) s =
+        infiniHashes (hsh halgo) $
+        LZ.take (max (fromIntegral count) (LZ.length s))
+        (LZ.cycle $ lazyEncode salt `LZ.append` s)
+string2key _ s2k _ = error $ "Unsupported S2K specifier: " ++ show s2k
+
+infiniHashes :: (LZ.ByteString -> BS.ByteString) -> LZ.ByteString -> LZ.ByteString
+infiniHashes hsh s = LZ.fromChunks (hs 0)
+        where
+        hs c = hsh (LZ.replicate c 0 `LZ.append` s) : hs (c+1)
+
+data HashAlgorithm = MD5 | SHA1 | RIPEMD160 | SHA256 | SHA384 | SHA512 | SHA224 | HashAlgorithm Word8
+        deriving (Show, Read, Eq)
+
+instance Enum HashAlgorithm where
+        toEnum 01 = MD5
+        toEnum 02 = SHA1
+        toEnum 03 = RIPEMD160
+        toEnum 08 = SHA256
+        toEnum 09 = SHA384
+        toEnum 10 = SHA512
+        toEnum 11 = SHA224
+        toEnum x  = HashAlgorithm $ fromIntegral x
+        fromEnum MD5       = 01
+        fromEnum SHA1      = 02
+        fromEnum RIPEMD160 = 03
+        fromEnum SHA256    = 08
+        fromEnum SHA384    = 09
+        fromEnum SHA512    = 10
+        fromEnum SHA224    = 11
+        fromEnum (HashAlgorithm x) = fromIntegral x
+
+instance BINARY_CLASS HashAlgorithm where
+        put = put . enum_to_word8
+        get = fmap enum_from_word8 get
+
+data KeyAlgorithm = RSA | RSA_E | RSA_S | ELGAMAL | DSA | ECC | ECDSA | DH | KeyAlgorithm Word8
+        deriving (Show, Read, Eq)
+
+instance Enum KeyAlgorithm where
+        toEnum 01 = RSA
+        toEnum 02 = RSA_E
+        toEnum 03 = RSA_S
+        toEnum 16 = ELGAMAL
+        toEnum 17 = DSA
+        toEnum 18 = ECC
+        toEnum 19 = ECDSA
+        toEnum 21 = DH
+        toEnum x  = KeyAlgorithm $ fromIntegral x
+        fromEnum RSA     = 01
+        fromEnum RSA_E   = 02
+        fromEnum RSA_S   = 03
+        fromEnum ELGAMAL = 16
+        fromEnum DSA     = 17
+        fromEnum ECC     = 18
+        fromEnum ECDSA   = 19
+        fromEnum DH      = 21
+        fromEnum (KeyAlgorithm x) = fromIntegral x
+
+instance BINARY_CLASS KeyAlgorithm where
+        put = put . enum_to_word8
+        get = fmap enum_from_word8 get
+
+data SymmetricAlgorithm = Unencrypted | IDEA | TripleDES | CAST5 | Blowfish | AES128 | AES192 | AES256 | Twofish | SymmetricAlgorithm Word8
+        deriving (Show, Read, Eq)
+
+instance Enum SymmetricAlgorithm where
+        toEnum 00 = Unencrypted
+        toEnum 01 = IDEA
+        toEnum 02 = TripleDES
+        toEnum 03 = CAST5
+        toEnum 04 = Blowfish
+        toEnum 07 = AES128
+        toEnum 08 = AES192
+        toEnum 09 = AES256
+        toEnum 10 = Twofish
+        toEnum x  = SymmetricAlgorithm $ fromIntegral x
+        fromEnum Unencrypted = 00
+        fromEnum IDEA        = 01
+        fromEnum TripleDES   = 02
+        fromEnum CAST5       = 03
+        fromEnum Blowfish    = 04
+        fromEnum AES128      = 07
+        fromEnum AES192      = 08
+        fromEnum AES256      = 09
+        fromEnum Twofish     = 10
+        fromEnum (SymmetricAlgorithm x) = fromIntegral x
+
+instance BINARY_CLASS SymmetricAlgorithm where
+        put = put . enum_to_word8
+        get = fmap enum_from_word8 get
+
+data CompressionAlgorithm = Uncompressed | ZIP | ZLIB | BZip2 | CompressionAlgorithm Word8
+        deriving (Show, Read, Eq)
+
+instance Enum CompressionAlgorithm where
+        toEnum 0 = Uncompressed
+        toEnum 1 = ZIP
+        toEnum 2 = ZLIB
+        toEnum 3 = BZip2
+        toEnum x = CompressionAlgorithm $ fromIntegral x
+        fromEnum Uncompressed = 0
+        fromEnum ZIP          = 1
+        fromEnum ZLIB         = 2
+        fromEnum BZip2        = 3
+        fromEnum (CompressionAlgorithm x) = fromIntegral x
+
+instance BINARY_CLASS CompressionAlgorithm where
+        put = put . enum_to_word8
+        get = fmap enum_from_word8 get
+
+data RevocationCode = NoReason | KeySuperseded | KeyCompromised | KeyRetired | UserIDInvalid | RevocationCode Word8 deriving (Show, Read, Eq)
+
+instance Enum RevocationCode where
+        toEnum 00 = NoReason
+        toEnum 01 = KeySuperseded
+        toEnum 02 = KeyCompromised
+        toEnum 03 = KeyRetired
+        toEnum 32 = UserIDInvalid
+        toEnum  x = RevocationCode $ fromIntegral x
+        fromEnum NoReason       = 00
+        fromEnum KeySuperseded  = 01
+        fromEnum KeyCompromised = 02
+        fromEnum KeyRetired     = 03
+        fromEnum UserIDInvalid  = 32
+        fromEnum (RevocationCode x) = fromIntegral x
+
+instance BINARY_CLASS RevocationCode where
+        put = put . enum_to_word8
+        get = fmap enum_from_word8 get
+
+-- | A message is encoded as a list that takes the entire file
+newtype Message = Message [Packet] deriving (Show, Read, Eq)
+instance BINARY_CLASS Message where
+        put (Message xs) = mapM_ put xs
+        get = fmap Message listUntilEnd
+
+instance Monoid Message where
+        mempty = Message []
+        mappend (Message a) (Message b) = Message (a ++ b)
+
+-- | Data needed to verify a signature
+data SignatureOver =
+        DataSignature {literal::Packet, signatures_over::[Packet]} |
+        KeySignature {topkey::Packet, signatures_over::[Packet]} |
+        SubkeySignature {topkey::Packet, subkey::Packet, signatures_over::[Packet]} |
+        CertificationSignature {topkey::Packet, user_id::Packet, signatures_over::[Packet]}
+        deriving (Show, Read, Eq)
+
+-- To get the signed-over bytes
+instance BINARY_CLASS SignatureOver where
+        put (DataSignature (LiteralDataPacket {content = c}) _) =
+                putSomeByteString c
+        put (KeySignature k _) = mapM_ putSomeByteString (fingerprint_material k)
+        put (SubkeySignature k s _) = mapM_ (mapM_ putSomeByteString)
+                [fingerprint_material k, fingerprint_material s]
+        put (CertificationSignature k (UserIDPacket s) _) =
+                mapM_ (mapM_ putSomeByteString) [fingerprint_material k, [
+                        B.singleton 0xB4,
+                        encode ((fromIntegral $ B.length bs) :: Word32),
+                        bs
+                ]]
+                where
+                bs = B.fromString s
+        put x = fail $ "Malformed signature: " ++ show x
+        get = fail "Cannot meaningfully parse bytes to be signed over."
+
+-- | Extract signed objects from a well-formatted message
+--
+-- Recurses into CompressedDataPacket
+--
+-- <http://tools.ietf.org/html/rfc4880#section-11>
+signatures :: Message -> [SignatureOver]
+signatures (Message [CompressedDataPacket _ m]) = signatures m
+signatures (Message ps) =
+        maybe (paired_sigs Nothing ps) (\p -> [DataSignature p sigs]) (find isDta ps)
+        where
+        sigs = filter isSignaturePacket ps
+        isDta (LiteralDataPacket {}) = True
+        isDta _ = False
+
+-- TODO: UserAttribute
+paired_sigs :: Maybe Packet -> [Packet] -> [SignatureOver]
+paired_sigs _ [] = []
+paired_sigs _ (p@(PublicKeyPacket {is_subkey = False}):ps) =
+        KeySignature p (takeWhile isSignaturePacket ps) :
+        paired_sigs (Just p) (dropWhile isSignaturePacket ps)
+paired_sigs _ (p@(SecretKeyPacket {is_subkey = False}):ps) =
+        KeySignature p (takeWhile isSignaturePacket ps) :
+        paired_sigs (Just p) (dropWhile isSignaturePacket ps)
+paired_sigs (Just k) (p@(PublicKeyPacket {is_subkey = True}):ps) =
+        SubkeySignature k p (takeWhile isSignaturePacket ps) :
+        paired_sigs (Just k) (dropWhile isSignaturePacket ps)
+paired_sigs (Just k) (p@(SecretKeyPacket {is_subkey = True}):ps) =
+        SubkeySignature k p (takeWhile isSignaturePacket ps) :
+        paired_sigs (Just k) (dropWhile isSignaturePacket ps)
+paired_sigs (Just k) (p@(UserIDPacket {}):ps) =
+        CertificationSignature k p (takeWhile isSignaturePacket ps) :
+        paired_sigs (Just k) (dropWhile isSignaturePacket ps)
+paired_sigs k (_:ps) = paired_sigs k ps
+
+-- | <http://tools.ietf.org/html/rfc4880#section-3.2>
+newtype MPI = MPI Integer deriving (Show, Read, Eq, Ord)
+instance BINARY_CLASS MPI where
+        put (MPI i)
+                | i >= 0 = do
+                        put (bitl :: Word16)
+                        putSomeByteString bytes
+                | otherwise = fail $ "MPI is less than 0: " ++ show i
+                where
+                (bytes, bitl)
+                        | B.null bytes' = (B.singleton 0, 1)
+                        | otherwise     =
+                                (bytes', (fromIntegral (B.length bytes') - 1) * 8 + sigBit)
+
+                sigBit = fst $ until ((==0) . snd)
+                        (first (+1) . second (`shiftR` 1)) (0,B.index bytes 0)
+                bytes' = B.reverse $ B.unfoldr (\x ->
+                                if x == 0 then Nothing else
+                                        Just (fromIntegral x, x `shiftR` 8)
+                        ) i
+        get = do
+                length <- fmap fromIntegral (get :: Get Word16)
+                bytes <- getSomeByteString =<< assertProp (>0) ((length + 7) `div` 8)
+                return (MPI (B.foldl (\a b ->
+                        a `shiftL` 8 .|. fromIntegral b) 0 bytes))
+
+listUntilEnd :: (BINARY_CLASS a) => Get [a]
+listUntilEnd = do
+        done <- isEmpty
+        if done then return [] else do
+                next <- get
+                rest <- listUntilEnd
+                return (next:rest)
+
+-- | <http://tools.ietf.org/html/rfc4880#section-5.2.3.1>
+data SignatureSubpacket =
+        SignatureCreationTimePacket Word32 |
+        SignatureExpirationTimePacket Word32 | -- ^ seconds after CreationTime
+        ExportableCertificationPacket Bool |
+        TrustSignaturePacket {depth::Word8, trust::Word8} |
+        RegularExpressionPacket String |
+        RevocablePacket Bool |
+        KeyExpirationTimePacket Word32 | -- ^ seconds after key CreationTime
+        PreferredSymmetricAlgorithmsPacket [SymmetricAlgorithm] |
+        RevocationKeyPacket {
+                sensitive::Bool,
+                revocation_key_algorithm::KeyAlgorithm,
+                revocation_key_fingerprint::String
+        } |
+        IssuerPacket String |
+        NotationDataPacket {
+                human_readable::Bool,
+                notation_name::String,
+                notation_value::String
+        } |
+        PreferredHashAlgorithmsPacket [HashAlgorithm] |
+        PreferredCompressionAlgorithmsPacket [CompressionAlgorithm] |
+        KeyServerPreferencesPacket {keyserver_no_modify::Bool} |
+        PreferredKeyServerPacket String |
+        PrimaryUserIDPacket Bool |
+        PolicyURIPacket String |
+        KeyFlagsPacket {
+                certify_keys::Bool,
+                sign_data::Bool,
+                encrypt_communication::Bool,
+                encrypt_storage::Bool,
+                split_key::Bool,
+                authentication::Bool,
+                group_key::Bool
+        } |
+        SignerUserIDPacket String |
+        ReasonForRevocationPacket RevocationCode String |
+        FeaturesPacket {supports_mdc::Bool} |
+        SignatureTargetPacket {
+                target_key_algorithm::KeyAlgorithm,
+                target_hash_algorithm::HashAlgorithm,
+                hash::B.ByteString
+        } |
+        EmbeddedSignaturePacket Packet |
+        UnsupportedSignatureSubpacket Word8 B.ByteString
+        deriving (Show, Read, Eq)
+
+instance BINARY_CLASS SignatureSubpacket where
+        put p = do
+                -- Use 5-octet-length + 1 for tag as the first packet body octet
+                put (255 :: Word8)
+                put (fromIntegral (B.length body) + 1 :: Word32)
+                put tag
+                putSomeByteString body
+                where
+                (body, tag) = put_signature_subpacket p
+        get = do
+                len <- fmap fromIntegral (get :: Get Word8)
+                len <- case len of
+                        _ | len >= 192 && len < 255 -> do -- Two octet length
+                                second <- fmap fromIntegral (get :: Get Word8)
+                                return $ ((len - 192) `shiftL` 8) + second + 192
+                        255 -> -- Five octet length
+                                fmap fromIntegral (get :: Get Word32)
+                        _ -> -- One octet length, no furthur processing
+                                return len
+                tag <- fmap stripCrit get :: Get Word8
+                -- This forces the whole packet to be consumed
+                packet <- getSomeByteString (len-1)
+                localGet (parse_signature_subpacket tag) packet
+                where
+                -- TODO: Decide how to actually encode the "is critical" data
+                -- instead of just ignoring it
+                stripCrit tag = if tag .&. 0x80 == 0x80 then tag .&. 0x7f else tag
+
+put_signature_subpacket :: SignatureSubpacket -> (B.ByteString, Word8)
+put_signature_subpacket (SignatureCreationTimePacket time) =
+        (encode time, 2)
+put_signature_subpacket (SignatureExpirationTimePacket time) =
+        (encode time, 3)
+put_signature_subpacket (ExportableCertificationPacket exportable) =
+        (encode $ enum_to_word8 exportable, 4)
+put_signature_subpacket (TrustSignaturePacket depth trust) =
+        (B.concat [encode depth, encode trust], 5)
+put_signature_subpacket (RegularExpressionPacket regex) =
+        (B.concat [B.fromString regex, B.singleton 0], 6)
+put_signature_subpacket (RevocablePacket exportable) =
+        (encode $ enum_to_word8 exportable, 7)
+put_signature_subpacket (KeyExpirationTimePacket time) =
+        (encode time, 9)
+put_signature_subpacket (PreferredSymmetricAlgorithmsPacket algos) =
+        (B.concat $ map encode algos, 11)
+put_signature_subpacket (RevocationKeyPacket sensitive kalgo fpr) =
+        (B.concat [encode bitfield, encode kalgo, fprb], 12)
+        where
+        bitfield = 0x80 .|. (if sensitive then 0x40 else 0x0) :: Word8
+        fprb = padBS 20 $ B.drop 2 $ encode (MPI fpri)
+        fpri = fst $ head $ readHex fpr
+put_signature_subpacket (IssuerPacket keyid) =
+        (encode (fst $ head $ readHex $ takeFromEnd 16 keyid :: Word64), 16)
+put_signature_subpacket (NotationDataPacket human_readable name value) =
+        (B.concat [
+                B.pack [flag1,0,0,0],
+                encode (fromIntegral (B.length namebs) :: Word16),
+                encode (fromIntegral (B.length valuebs) :: Word16),
+                namebs,
+                valuebs
+        ], 20)
+        where
+        valuebs = B.fromString value
+        namebs = B.fromString name
+        flag1 = if human_readable then 0x80 else 0x0
+put_signature_subpacket (PreferredHashAlgorithmsPacket algos) =
+        (B.concat $ map encode algos, 21)
+put_signature_subpacket (PreferredCompressionAlgorithmsPacket algos) =
+        (B.concat $ map encode algos, 22)
+put_signature_subpacket (KeyServerPreferencesPacket no_modify) =
+        (B.singleton (if no_modify then 0x80 else 0x0), 23)
+put_signature_subpacket (PreferredKeyServerPacket uri) =
+        (B.fromString uri, 24)
+put_signature_subpacket (PrimaryUserIDPacket isprimary) =
+        (encode $ enum_to_word8 isprimary, 25)
+put_signature_subpacket (PolicyURIPacket uri) =
+        (B.fromString uri, 26)
+put_signature_subpacket (KeyFlagsPacket certify sign encryptC encryptS split auth group) =
+        (B.singleton $
+                flag 0x01 certify  .|.
+                flag 0x02 sign     .|.
+                flag 0x04 encryptC .|.
+                flag 0x08 encryptS .|.
+                flag 0x10 split    .|.
+                flag 0x20 auth     .|.
+                flag 0x80 group
+        , 27)
+        where
+        flag x True = x
+        flag _ False = 0x0
+put_signature_subpacket (SignerUserIDPacket userid) =
+        (B.fromString userid, 28)
+put_signature_subpacket (ReasonForRevocationPacket code string) =
+        (B.concat [encode code, B.fromString string], 29)
+put_signature_subpacket (FeaturesPacket supports_mdc) =
+        (B.singleton $ if supports_mdc then 0x01 else 0x00, 30)
+put_signature_subpacket (SignatureTargetPacket kalgo halgo hash) =
+        (B.concat [encode kalgo, encode halgo, hash], 31)
+put_signature_subpacket (EmbeddedSignaturePacket packet)
+        | isSignaturePacket packet = (fst $ put_packet packet, 32)
+        | otherwise = error $ "Tried to put non-SignaturePacket in EmbeddedSignaturePacket: " ++ show packet
+put_signature_subpacket (UnsupportedSignatureSubpacket tag bytes) =
+        (bytes, tag)
+
+parse_signature_subpacket :: Word8 -> Get SignatureSubpacket
+-- SignatureCreationTimePacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.4
+parse_signature_subpacket  2 = fmap SignatureCreationTimePacket get
+-- SignatureExpirationTimePacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.10
+parse_signature_subpacket  3 = fmap SignatureExpirationTimePacket get
+-- ExportableCertificationPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.11
+parse_signature_subpacket  4 =
+        fmap (ExportableCertificationPacket . enum_from_word8) get
+-- TrustSignaturePacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.13
+parse_signature_subpacket  5 = liftM2 TrustSignaturePacket get get
+-- TrustSignaturePacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.14
+parse_signature_subpacket  6 = fmap
+        (RegularExpressionPacket . B.toString . B.init) getRemainingByteString
+-- RevocablePacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.12
+parse_signature_subpacket  7 =
+        fmap (RevocablePacket . enum_from_word8) get
+-- KeyExpirationTimePacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.6
+parse_signature_subpacket  9 = fmap KeyExpirationTimePacket get
+-- PreferredSymmetricAlgorithms, http://tools.ietf.org/html/rfc4880#section-5.2.3.7
+parse_signature_subpacket 11 =
+        fmap PreferredSymmetricAlgorithmsPacket listUntilEnd
+-- RevocationKeyPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.15
+parse_signature_subpacket 12 = do
+        bitfield <- get :: Get Word8
+        kalgo <- get
+        fpr <- getSomeByteString 20
+        -- bitfield must have bit 0x80 set, says the spec
+        return RevocationKeyPacket {
+                sensitive = bitfield .&. 0x40 == 0x40,
+                revocation_key_algorithm = kalgo,
+                revocation_key_fingerprint =
+                        pad 40 $ map toUpper $ foldr (padB `oo` showHex) "" (B.unpack fpr)
+        }
+        where
+        oo = (.) . (.)
+        padB s | odd $ length s = '0':s
+               | otherwise = s
+-- IssuerPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.5
+parse_signature_subpacket 16 = do
+        keyid <- get :: Get Word64
+        return $ IssuerPacket (pad 16 $ map toUpper $ showHex keyid "")
+-- NotationDataPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.16
+parse_signature_subpacket 20 = do
+        (flag1,_,_,_) <- get4word8
+        (m,n) <- liftM2 (,) get get :: Get (Word16,Word16)
+        name <- fmap B.toString $ getSomeByteString $ fromIntegral m
+        value <- fmap B.toString $ getSomeByteString $ fromIntegral n
+        return NotationDataPacket {
+                human_readable = flag1 .&. 0x80 == 0x80,
+                notation_name = name,
+                notation_value = value
+        }
+        where
+        get4word8 :: Get (Word8,Word8,Word8,Word8)
+        get4word8 = liftM4 (,,,) get get get get
+-- PreferredHashAlgorithmsPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.8
+parse_signature_subpacket 21 =
+        fmap PreferredHashAlgorithmsPacket listUntilEnd
+-- PreferredCompressionAlgorithmsPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.9
+parse_signature_subpacket 22 =
+        fmap PreferredCompressionAlgorithmsPacket listUntilEnd
+-- KeyServerPreferencesPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.17
+parse_signature_subpacket 23 = do
+        empty <- isEmpty
+        flag1 <- if empty then return 0 else get :: Get Word8
+        return KeyServerPreferencesPacket {
+                keyserver_no_modify = flag1 .&. 0x80 == 0x80
+        }
+-- PreferredKeyServerPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.18
+parse_signature_subpacket 24 =
+        fmap (PreferredKeyServerPacket . B.toString) getRemainingByteString
+-- PrimaryUserIDPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.19
+parse_signature_subpacket 25 =
+        fmap (PrimaryUserIDPacket . enum_from_word8) get
+-- PolicyURIPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.20
+parse_signature_subpacket 26 =
+        fmap (PolicyURIPacket . B.toString) getRemainingByteString
+-- KeyFlagsPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.21
+parse_signature_subpacket 27 = do
+        empty <- isEmpty
+        flag1 <- if empty then return 0 else get :: Get Word8
+        return KeyFlagsPacket {
+                certify_keys          = flag1 .&. 0x01 == 0x01,
+                sign_data             = flag1 .&. 0x02 == 0x02,
+                encrypt_communication = flag1 .&. 0x04 == 0x04,
+                encrypt_storage       = flag1 .&. 0x08 == 0x08,
+                split_key             = flag1 .&. 0x10 == 0x10,
+                authentication        = flag1 .&. 0x20 == 0x20,
+                group_key             = flag1 .&. 0x80 == 0x80
+        }
+-- SignerUserIDPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.22
+parse_signature_subpacket 28 =
+        fmap (SignerUserIDPacket . B.toString) getRemainingByteString
+-- ReasonForRevocationPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.23
+parse_signature_subpacket 29 = liftM2 ReasonForRevocationPacket get
+        (fmap B.toString getRemainingByteString)
+-- FeaturesPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.24
+parse_signature_subpacket 30 = do
+        empty <- isEmpty
+        flag1 <- if empty then return 0 else get :: Get Word8
+        return FeaturesPacket {
+                supports_mdc = flag1 .&. 0x01 == 0x01
+        }
+-- SignatureTargetPacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.25
+parse_signature_subpacket 31 =
+        liftM3 SignatureTargetPacket get get getRemainingByteString
+-- EmbeddedSignaturePacket, http://tools.ietf.org/html/rfc4880#section-5.2.3.26
+parse_signature_subpacket 32 =
+        fmap EmbeddedSignaturePacket (parse_packet 2)
+-- Represent unsupported packets as their tag and literal bytes
+parse_signature_subpacket tag =
+        fmap (UnsupportedSignatureSubpacket tag) getRemainingByteString
+
+-- | Find the keyid that issued a SignaturePacket
+signature_issuer :: Packet -> Maybe String
+signature_issuer (SignaturePacket {hashed_subpackets = hashed,
+                                   unhashed_subpackets = unhashed}) =
+        case issuers of
+                IssuerPacket issuer : _ -> Just issuer
+                _                       -> Nothing
+        where
+        issuers = filter isIssuer hashed ++ filter isIssuer unhashed
+        isIssuer (IssuerPacket {}) = True
+        isIssuer _ = False
+signature_issuer _ = Nothing
+
+-- | Find a key with the given Fingerprint/KeyID
+find_key ::
+        (Packet -> String) -- ^ Extract Fingerprint/KeyID from packet
+        -> Message         -- ^ List of packets (some of which are keys)
+        -> String          -- ^ Fingerprint/KeyID to search for
+        -> Maybe Packet
+find_key fpr (Message (x@(PublicKeyPacket {}):xs)) keyid =
+        find_key' fpr x xs keyid
+find_key fpr (Message (x@(SecretKeyPacket {}):xs)) keyid =
+        find_key' fpr x xs keyid
+find_key fpr (Message (_:xs)) keyid =
+        find_key fpr (Message xs) keyid
+find_key _ _ _ = Nothing
+
+find_key' :: (Packet -> String) -> Packet -> [Packet] -> String -> Maybe Packet
+find_key' fpr x xs keyid
+        | thisid == keyid = Just x
+        | otherwise = find_key fpr (Message xs) keyid
+        where
+        thisid = takeFromEnd (length keyid) (fpr x)
+
+takeFromEnd :: Int -> String -> String
+takeFromEnd l = reverse . take l . reverse
+
+-- | SignaturePacket smart constructor
+--
+--   <http://tools.ietf.org/html/rfc4880#section-5.2>
+signaturePacket ::
+        Word8    -- ^ Signature version (probably 4)
+        -> Word8 -- ^ Signature type <http://tools.ietf.org/html/rfc4880#section-5.2.1>
+        -> KeyAlgorithm
+        -> HashAlgorithm
+        -> [SignatureSubpacket] -- ^ Hashed subpackets (these get signed)
+        -> [SignatureSubpacket] -- ^ Unhashed subpackets (these do not get signed)
+        -> Word16 -- ^ Left 16 bits of the signed hash value
+        -> [MPI] -- ^ The raw MPIs of the signature
+        -> Packet
+signaturePacket version signature_type key_algorithm hash_algorithm hashed_subpackets unhashed_subpackets hash_head signature =
+        let p = SignaturePacket {
+                version = version,
+                signature_type = signature_type,
+                key_algorithm = key_algorithm,
+                hash_algorithm = hash_algorithm,
+                hashed_subpackets = hashed_subpackets,
+                unhashed_subpackets = unhashed_subpackets,
+                hash_head = hash_head,
+                signature = signature,
+                trailer = undefined
+        } in p { trailer = calculate_signature_trailer p }
+
+isSignaturePacket :: Packet -> Bool
+isSignaturePacket (SignaturePacket {})  = True
+isSignaturePacket _                     = False
diff --git a/Data/OpenPGP/Internal.hs b/Data/OpenPGP/Internal.hs
new file mode 100644
index 0000000..b2bd506
--- /dev/null
+++ b/Data/OpenPGP/Internal.hs
@@ -0,0 +1,20 @@
+module Data.OpenPGP.Internal where
+
+import Data.Word
+import Data.Bits
+
+decode_s2k_count :: Word8 -> Word32
+decode_s2k_count c =  (16 + (fromIntegral c .&. 15)) `shiftL`
+        ((fromIntegral c `shiftR` 4) + 6)
+
+encode_s2k_count :: Word32 -> Word8
+encode_s2k_count iterations
+        | iterations >= 65011712 = 255
+        | decode_s2k_count result < iterations = result+1
+        | otherwise = result
+        where
+        result = fromIntegral $ (fromIntegral c `shiftL` 4) .|. (count - 16)
+        (count, c) = encode_s2k_count' (iterations `shiftR` 6) (0::Word8)
+        encode_s2k_count' count c
+                | count < 32 = (count, c)
+                | otherwise = encode_s2k_count' (count `shiftR` 1) (c+1)
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..1311fcd
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,76 @@
+ifdef CEREAL
+GHCFLAGS=-Wall -O2 -DCEREAL -fno-warn-name-shadowing -XHaskell98
+else
+GHCFLAGS=-Wall -O2 -fno-warn-name-shadowing -XHaskell98
+endif
+
+ifdef TRAVIS
+GHCFLAGS+=-Werror
+endif
+
+HLINTFLAGS=-u -XHaskell98 -XCPP -i 'Use camelCase' -i 'Use String' -i 'Use string literal' -i 'Use list comprehension'
+VERSION=0.6.1
+
+.PHONY: all clean doc install debian test
+
+all: test report.html doc dist/build/libHSopenpgp-$(VERSION).a dist/openpgp-$(VERSION).tar.gz
+
+install: dist/build/libHSopenpgp-$(VERSION).a
+        cabal install
+
+debian: debian/control
+
+test: tests/suite
+        tests/suite
+
+tests/suite: tests/suite.hs Data/OpenPGP.hs Data/OpenPGP/Internal.hs Data/OpenPGP/Arbitrary.hs
+        ghc --make $(GHCFLAGS) -o $@ $^
+
+Data/OpenPGP/Arbitrary.hs: Data/OpenPGP.hs Arbitrary.patch
+        derive -d Arbitrary -m Data.OpenPGP.Arbitrary -iData.OpenPGP -iData.OpenPGP.Internal -iTest.QuickCheck -iTest.QuickCheck.Instances -iData.Word -o $@ Data/OpenPGP.hs
+        patch $@ Arbitrary.patch
+
+report.html: tests/suite.hs Data/OpenPGP.hs Data/OpenPGP/Internal.hs
+        -hlint $(HLINTFLAGS) --report $^
+
+doc: dist/doc/html/openpgp/index.html README
+
+README: openpgp.cabal
+        tail -n+$$(( `grep -n ^description: $^ | head -n1 | cut -d: -f1` + 1 )) $^ > .$@
+        head -n+$$(( `grep -n ^$$ .$@ | head -n1 | cut -d: -f1` - 1 )) .$@ > $@
+        -printf ',s/        //g\n,s/^.$$//g\nw\nq\n' | ed $@
+        $(RM) .$@
+
+# XXX: Is there a way to make this just pass through $(GHCFLAGS)
+ifdef CEREAL
+dist/doc/html/openpgp/index.html: dist/setup-config Data/OpenPGP.hs Data/OpenPGP/Internal.hs
+        cabal haddock --hyperlink-source --haddock-options="--optghc=-DCEREAL"
+else
+dist/doc/html/openpgp/index.html: dist/setup-config Data/OpenPGP.hs Data/OpenPGP/Internal.hs
+        cabal haddock --hyperlink-source
+endif
+
+ifdef CEREAL
+dist/setup-config: openpgp.cabal
+        -printf '1c\nname:            openpgp-cereal\n.\n,s/binary >= 0.6.4.0,$$/cereal,/g\nw\nq\n' | ed openpgp.cabal
+        cabal configure --enable-tests
+else
+dist/setup-config: openpgp.cabal
+        cabal configure --enable-tests
+endif
+
+clean:
+        -printf '1c\nname:            openpgp\n.\n,s/cereal,$$/binary >= 0.6.4.0,/g\nw\nq\n' | ed openpgp.cabal
+        find -name '*.o' -o -name '*.hi' | xargs $(RM)
+        $(RM) sign verify keygen tests/suite Data/OpenPGP/Arbitrary.hs
+        $(RM) -r dist dist-ghc
+
+debian/control: openpgp.cabal
+        cabal-debian --update-debianization
+
+dist/build/libHSopenpgp-$(VERSION).a: openpgp.cabal dist/setup-config Data/OpenPGP.hs Data/OpenPGP/Internal.hs
+        cabal build --ghc-options="$(GHCFLAGS)"
+
+dist/openpgp-$(VERSION).tar.gz: openpgp.cabal dist/setup-config README Data/OpenPGP.hs Data/OpenPGP/Internal.hs
+        cabal check
+        cabal sdist
diff --git a/README b/README
new file mode 100644
index 0000000..ddad150
--- /dev/null
+++ b/README
@@ -0,0 +1,19 @@
+This is an OpenPGP library inspired by my work on OpenPGP libraries in
+Ruby <https://github.com/singpolyma/openpgp>,
+PHP <http://github.com/singpolyma/openpgp-php>,
+and Python <https://github.com/singpolyma/OpenPGP-Python>.
+
+It defines types to represent OpenPGP messages as a series of packets
+and then defines instances of Data.Binary for each to facilitate
+encoding/decoding.
+
+For performing cryptography, see
+<http://hackage.haskell.org/package/openpgp-crypto-api> or
+<http://hackage.haskell.org/package/openpgp-Crypto>
+
+For dealing with ASCII armor, see
+<http://hackage.haskell.org/package/openpgp-asciiarmor>
+
+It is intended that you use qualified imports with this library.
+
+> import qualified Data.OpenPGP as OpenPGP
diff --git a/debian/changelog b/debian/changelog
deleted file mode 100644
index f4f6a5c..0000000
--- a/debian/changelog
+++ /dev/null
@@ -1,5 +0,0 @@
-haskell-openpgp-util (0.1) unstable; urgency=low
-
-  * Debianization generated by cabal-debian
-
- -- Joe Crayne <joe@jerkface.net>  Tue, 28 Jan 2014 00:08:36 -0500
diff --git a/debian/compat b/debian/compat
deleted file mode 100644
index ec63514..0000000
--- a/debian/compat
+++ /dev/null
@@ -1 +0,0 @@
-9
diff --git a/debian/control b/debian/control
deleted file mode 100644
index a8eeed0..0000000
--- a/debian/control
+++ /dev/null
@@ -1,138 +0,0 @@
-Source: haskell-openpgp-util
-Maintainer: Joe Crayne <joe@jerkface.net>
-Priority: optional
-Section: haskell
-Build-Depends: debhelper (>= 7.0)
-               , haskell-devscripts (>= 0.8)
-               , cdbs
-               , ghc
-               , ghc-prof
-               , libghc-base-dev (>= 4) | ghc
-               , libghc-base-dev (<< 5) | ghc
-               , libghc-base-prof (>= 4) | ghc-prof
-               , libghc-base-prof (<< 5) | ghc-prof
-               , libghc-binary-dev (>= 0.5.1.0) | ghc
-               , libghc-binary-prof (>= 0.5.1.0) | ghc-prof
-               , libghc-byteable-dev
-               , libghc-byteable-prof
-               , libghc-bytestring-dev | ghc
-               , libghc-bytestring-prof | ghc-prof
-               , libghc-cipher-aes-dev (>= 0.2.5)
-               , libghc-cipher-aes-prof (>= 0.2.5)
-               , libghc-cipher-blowfish-dev
-               , libghc-cipher-blowfish-prof
-               , libghc-cipher-cast5-dev
-               , libghc-cipher-cast5-prof
-               , libghc-crypto-cipher-types-dev (>= 0.0.7)
-               , libghc-crypto-cipher-types-prof (>= 0.0.7)
-               , libghc-crypto-pubkey-dev (>= 0.2.3)
-               , libghc-crypto-pubkey-prof (>= 0.2.3)
-               , libghc-crypto-pubkey-types-dev (>= 0.4.1)
-               , libghc-crypto-pubkey-types-prof (>= 0.4.1)
-               , libghc-crypto-random-dev (>= 0.0.7)
-               , libghc-crypto-random-prof (>= 0.0.7)
-               , libghc-cryptohash-dev (>= 0.7.5)
-               , libghc-cryptohash-prof (>= 0.7.5)
-               , libghc-openpgp-dev (>= 0.4)
-               , libghc-openpgp-prof (>= 0.4)
-               , libghc-time-dev (>= 1.4) | ghc
-               , libghc-time-prof (>= 1.4) | ghc-prof
-               , libghc-transformers-dev
-               , libghc-transformers-prof
-Build-Depends-Indep: ghc-doc
-                     , libghc-base-doc (>= 4) | ghc-doc
-                     , libghc-base-doc (<< 5) | ghc-doc
-                     , libghc-binary-doc (>= 0.5.1.0) | ghc-doc
-                     , libghc-byteable-doc
-                     , libghc-bytestring-doc | ghc-doc
-                     , libghc-cipher-aes-doc (>= 0.2.5)
-                     , libghc-cipher-blowfish-doc
-                     , libghc-cipher-cast5-doc
-                     , libghc-crypto-cipher-types-doc (>= 0.0.7)
-                     , libghc-crypto-pubkey-doc (>= 0.2.3)
-                     , libghc-crypto-pubkey-types-doc (>= 0.4.1)
-                     , libghc-crypto-random-doc (>= 0.0.7)
-                     , libghc-cryptohash-doc (>= 0.7.5)
-                     , libghc-openpgp-doc (>= 0.4)
-                     , libghc-time-doc (>= 1.4) | ghc-doc
-                     , libghc-transformers-doc
-
-Package: libghc-openpgp-util-dev
-Architecture: any
-Depends: ${shlibs:Depends}
-         , ${haskell:Depends}
-         , ${misc:Depends}
-Recommends: ${haskell:Recommends}
-Suggests: ${haskell:Suggests}
-Conflicts: ${haskell:Conflicts}
-Provides: ${haskell:Provides}
-Replaces: ${haskell:Replaces}
-Description: Implement cryptography for OpenPGP using libraries compatible with Vincent Hanquez's Haskell Crypto Platform
- Fingerprint generation, signature generation, signature verification,
- and secret key decryption for OpenPGP Packets.
- .
- It is indended to be used with <http://hackage.haskell.org/package/openpgp>
- .
- It is intended that you use qualified imports with this library.
- .
- > import qualified Data.OpenPGP.Util as OpenPGP
- .
-  Author: Stephen Paul Weber <singpolyma@singpolyma.net>
-  Upstream-Maintainer: Joe Crayne <joe@jerkface.net>
- .
- This package provides a library for the Haskell programming language.
- See http:///www.haskell.org/ for more information on Haskell.
-
-Package: libghc-openpgp-util-prof
-Architecture: any
-Depends: ${shlibs:Depends}
-         , ${haskell:Depends}
-         , ${misc:Depends}
-Recommends: ${haskell:Recommends}
-Suggests: ${haskell:Suggests}
-Conflicts: ${haskell:Conflicts}
-Provides: ${haskell:Provides}
-Replaces: ${haskell:Replaces}
-Description: Implement cryptography for OpenPGP using libraries compatible with Vincent Hanquez's Haskell Crypto Platform
- Fingerprint generation, signature generation, signature verification,
- and secret key decryption for OpenPGP Packets.
- .
- It is indended to be used with <http://hackage.haskell.org/package/openpgp>
- .
- It is intended that you use qualified imports with this library.
- .
- > import qualified Data.OpenPGP.Util as OpenPGP
- .
-  Author: Stephen Paul Weber <singpolyma@singpolyma.net>
-  Upstream-Maintainer: Joe Crayne <joe@jerkface.net>
- .
- This package provides a library for the Haskell programming language, compiled
- for profiling.  See http:///www.haskell.org/ for more information on Haskell.
-
-Package: libghc-openpgp-util-doc
-Architecture: all
-Section: doc
-Depends: ${shlibs:Depends}
-         , ${haskell:Depends}
-         , ${misc:Depends}
-Recommends: ${haskell:Recommends}
-Suggests: ${haskell:Suggests}
-Conflicts: ${haskell:Conflicts}
-Provides: ${haskell:Provides}
-Replaces: ${haskell:Replaces}
-Description: Implement cryptography for OpenPGP using libraries compatible with Vincent Hanquez's Haskell Crypto Platform
- Fingerprint generation, signature generation, signature verification,
- and secret key decryption for OpenPGP Packets.
- .
- It is indended to be used with <http://hackage.haskell.org/package/openpgp>
- .
- It is intended that you use qualified imports with this library.
- .
- > import qualified Data.OpenPGP.Util as OpenPGP
- .
-  Author: Stephen Paul Weber <singpolyma@singpolyma.net>
-  Upstream-Maintainer: Joe Crayne <joe@jerkface.net>
- .
- This package provides the documentation for a library for the Haskell
- programming language.
- See http:///www.haskell.org/ for more information on Haskell.
diff --git a/debian/copyright b/debian/copyright
deleted file mode 100644
index d84afa6..0000000
--- a/debian/copyright
+++ /dev/null
@@ -1,31 +0,0 @@
-Copyright © 2013, Joseph Crayne <joe@jerkface.net>
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-
-This software was derived from the OpenPGP-CryptoAPI library which was
-distributed with the following message:
-
-Copyright © 2012, Stephen Paul Weber <singpolyma.net>
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/debian/rules b/debian/rules
deleted file mode 100755
index 924ff72..0000000
--- a/debian/rules
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/make -f
-
-DEB_CABAL_PACKAGE = openpgp-util
-
-include /usr/share/cdbs/1/rules/debhelper.mk
-include /usr/share/cdbs/1/class/hlibrary.mk
-
diff --git a/openpgp.cabal b/openpgp.cabal
new file mode 100644
index 0000000..c23e4ad
--- /dev/null
+++ b/openpgp.cabal
@@ -0,0 +1,168 @@
+name:            openpgp
+version:         0.6.1.1
+cabal-version:   >= 1.8
+license:         OtherLicense
+license-file:    COPYING
+category:        Data
+copyright:       © 2011-2012 Stephen Paul Weber
+author:          Stephen Paul Weber <singpolyma@singpolyma.net>
+maintainer:      Stephen Paul Weber <singpolyma@singpolyma.net>
+stability:       experimental
+tested-with:     GHC == 7.0.3
+synopsis:        Implementation of the OpenPGP message format
+homepage:        http://github.com/singpolyma/OpenPGP-Haskell
+bug-reports:     http://github.com/singpolyma/OpenPGP-Haskell/issues
+build-type:      Simple
+description:
+        This is an OpenPGP library inspired by my work on OpenPGP libraries in
+        Ruby <https://github.com/singpolyma/openpgp>,
+        PHP <http://github.com/singpolyma/openpgp-php>,
+        and Python <https://github.com/singpolyma/OpenPGP-Python>.
+        .
+        It defines types to represent OpenPGP messages as a series of packets
+        and then defines instances of Data.Binary for each to facilitate
+        encoding/decoding.
+        .
+        For performing cryptography, see
+        <http://hackage.haskell.org/package/openpgp-crypto-api> or
+        <http://hackage.haskell.org/package/openpgp-Crypto>
+        .
+        For dealing with ASCII armor, see
+        <http://hackage.haskell.org/package/openpgp-asciiarmor>
+        .
+        It is intended that you use qualified imports with this library.
+        .
+        > import qualified Data.OpenPGP as OpenPGP
+
+extra-source-files:
+        README,
+        tests/suite.hs,
+        tests/data/000001-006.public_key,
+        tests/data/000002-013.user_id,
+        tests/data/000003-002.sig,
+        tests/data/000004-012.ring_trust,
+        tests/data/000005-002.sig,
+        tests/data/000006-012.ring_trust,
+        tests/data/000007-002.sig,
+        tests/data/000008-012.ring_trust,
+        tests/data/000009-002.sig,
+        tests/data/000010-012.ring_trust,
+        tests/data/000011-002.sig,
+        tests/data/000012-012.ring_trust,
+        tests/data/000013-014.public_subkey,
+        tests/data/000014-002.sig,
+        tests/data/000015-012.ring_trust,
+        tests/data/000016-006.public_key,
+        tests/data/000017-002.sig,
+        tests/data/000018-012.ring_trust,
+        tests/data/000019-013.user_id,
+        tests/data/000020-002.sig,
+        tests/data/000021-012.ring_trust,
+        tests/data/000022-002.sig,
+        tests/data/000023-012.ring_trust,
+        tests/data/000024-014.public_subkey,
+        tests/data/000025-002.sig,
+        tests/data/000026-012.ring_trust,
+        tests/data/000027-006.public_key,
+        tests/data/000028-002.sig,
+        tests/data/000029-012.ring_trust,
+        tests/data/000030-013.user_id,
+        tests/data/000031-002.sig,
+        tests/data/000032-012.ring_trust,
+        tests/data/000033-002.sig,
+        tests/data/000034-012.ring_trust,
+        tests/data/000035-006.public_key,
+        tests/data/000036-013.user_id,
+        tests/data/000037-002.sig,
+        tests/data/000038-012.ring_trust,
+        tests/data/000039-002.sig,
+        tests/data/000040-012.ring_trust,
+        tests/data/000041-017.attribute,
+        tests/data/000042-002.sig,
+        tests/data/000043-012.ring_trust,
+        tests/data/000044-014.public_subkey,
+        tests/data/000045-002.sig,
+        tests/data/000046-012.ring_trust,
+        tests/data/000047-005.secret_key,
+        tests/data/000048-013.user_id,
+        tests/data/000049-002.sig,
+        tests/data/000050-012.ring_trust,
+        tests/data/000051-007.secret_subkey,
+        tests/data/000052-002.sig,
+        tests/data/000053-012.ring_trust,
+        tests/data/000054-005.secret_key,
+        tests/data/000055-002.sig,
+        tests/data/000056-012.ring_trust,
+        tests/data/000057-013.user_id,
+        tests/data/000058-002.sig,
+        tests/data/000059-012.ring_trust,
+        tests/data/000060-007.secret_subkey,
+        tests/data/000061-002.sig,
+        tests/data/000062-012.ring_trust,
+        tests/data/000063-005.secret_key,
+        tests/data/000064-002.sig,
+        tests/data/000065-012.ring_trust,
+        tests/data/000066-013.user_id,
+        tests/data/000067-002.sig,
+        tests/data/000068-012.ring_trust,
+        tests/data/000069-005.secret_key,
+        tests/data/000070-013.user_id,
+        tests/data/000071-002.sig,
+        tests/data/000072-012.ring_trust,
+        tests/data/000073-017.attribute,
+        tests/data/000074-002.sig,
+        tests/data/000075-012.ring_trust,
+        tests/data/000076-007.secret_subkey,
+        tests/data/000077-002.sig,
+        tests/data/000078-012.ring_trust,
+        tests/data/002182-002.sig,
+        tests/data/compressedsig-bzip2.gpg,
+        tests/data/compressedsig.gpg,
+        tests/data/compressedsig-zlib.gpg,
+        tests/data/onepass_sig,
+        tests/data/symmetrically_encrypted,
+        tests/data/pubring.gpg,
+        tests/data/secring.gpg,
+        tests/data/uncompressed-ops-dsa.gpg,
+        tests/data/uncompressed-ops-dsa-sha384.txt.gpg,
+        tests/data/uncompressed-ops-rsa.gpg
+
+library
+        exposed-modules:
+                Data.OpenPGP
+
+        other-modules:
+                Data.OpenPGP.Internal
+
+        build-depends:
+                base == 4.*,
+                bytestring,
+                utf8-string,
+                binary >= 0.5.1.0,
+                zlib,
+                bzlib
+
+test-suite tests
+        type:       exitcode-stdio-1.0
+        main-is:    tests/suite.hs
+
+        other-modules:
+                Data.OpenPGP.Arbitrary
+
+        build-depends:
+                base == 4.*,
+                bytestring,
+                utf8-string,
+                binary >= 0.6.4.0,
+                zlib,
+                bzlib,
+                HUnit,
+                QuickCheck >= 2.4.1.1,
+                quickcheck-instances,
+                test-framework,
+                test-framework-hunit,
+                test-framework-quickcheck2
+
+source-repository head
+        type:     git
+        location: git://github.com/singpolyma/OpenPGP-Haskell.git
diff --git a/tests/data/000001-006.public_key b/tests/data/000001-006.public_key
new file mode 100644
index 0000000..7cbab17
--- /dev/null
+++ b/tests/data/000001-006.public_key
diff --git a/tests/data/000002-013.user_id b/tests/data/000002-013.user_id
new file mode 100644
index 0000000..759449b
--- /dev/null
+++ b/tests/data/000002-013.user_id
@@ -0,0 +1 @@
+´$Test Key (RSA) <testkey@example.org>
\ No newline at end of file
diff --git a/tests/data/000003-002.sig b/tests/data/000003-002.sig
new file mode 100644
index 0000000..1e0656d
--- /dev/null
+++ b/tests/data/000003-002.sig
diff --git a/tests/data/000004-012.ring_trust b/tests/data/000004-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000004-012.ring_trust
diff --git a/tests/data/000005-002.sig b/tests/data/000005-002.sig
new file mode 100644
index 0000000..108b998
--- /dev/null
+++ b/tests/data/000005-002.sig
diff --git a/tests/data/000006-012.ring_trust b/tests/data/000006-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000006-012.ring_trust
diff --git a/tests/data/000007-002.sig b/tests/data/000007-002.sig
new file mode 100644
index 0000000..14276d0
--- /dev/null
+++ b/tests/data/000007-002.sig
diff --git a/tests/data/000008-012.ring_trust b/tests/data/000008-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000008-012.ring_trust
diff --git a/tests/data/000009-002.sig b/tests/data/000009-002.sig
new file mode 100644
index 0000000..4a282dd
--- /dev/null
+++ b/tests/data/000009-002.sig
diff --git a/tests/data/000010-012.ring_trust b/tests/data/000010-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000010-012.ring_trust
diff --git a/tests/data/000011-002.sig b/tests/data/000011-002.sig
new file mode 100644
index 0000000..cae1b73
--- /dev/null
+++ b/tests/data/000011-002.sig
diff --git a/tests/data/000012-012.ring_trust b/tests/data/000012-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000012-012.ring_trust
diff --git a/tests/data/000013-014.public_subkey b/tests/data/000013-014.public_subkey
new file mode 100644
index 0000000..08676d0
--- /dev/null
+++ b/tests/data/000013-014.public_subkey
diff --git a/tests/data/000014-002.sig b/tests/data/000014-002.sig
new file mode 100644
index 0000000..dd60180
--- /dev/null
+++ b/tests/data/000014-002.sig
diff --git a/tests/data/000015-012.ring_trust b/tests/data/000015-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000015-012.ring_trust
diff --git a/tests/data/000016-006.public_key b/tests/data/000016-006.public_key
new file mode 100644
index 0000000..c9dccbf
--- /dev/null
+++ b/tests/data/000016-006.public_key
diff --git a/tests/data/000017-002.sig b/tests/data/000017-002.sig
new file mode 100644
index 0000000..e734505
--- /dev/null
+++ b/tests/data/000017-002.sig
diff --git a/tests/data/000018-012.ring_trust b/tests/data/000018-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000018-012.ring_trust
diff --git a/tests/data/000019-013.user_id b/tests/data/000019-013.user_id
new file mode 100644
index 0000000..ab3f51d
--- /dev/null
+++ b/tests/data/000019-013.user_id
@@ -0,0 +1 @@
+´$Test Key (DSA) <testkey@example.com>
\ No newline at end of file
diff --git a/tests/data/000020-002.sig b/tests/data/000020-002.sig
new file mode 100644
index 0000000..8588489
--- /dev/null
+++ b/tests/data/000020-002.sig
diff --git a/tests/data/000021-012.ring_trust b/tests/data/000021-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000021-012.ring_trust
diff --git a/tests/data/000022-002.sig b/tests/data/000022-002.sig
new file mode 100644
index 0000000..fefcb5f
--- /dev/null
+++ b/tests/data/000022-002.sig
diff --git a/tests/data/000023-012.ring_trust b/tests/data/000023-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000023-012.ring_trust
diff --git a/tests/data/000024-014.public_subkey b/tests/data/000024-014.public_subkey
new file mode 100644
index 0000000..2e8deea
--- /dev/null
+++ b/tests/data/000024-014.public_subkey
diff --git a/tests/data/000025-002.sig b/tests/data/000025-002.sig
new file mode 100644
index 0000000..a3eea0a
--- /dev/null
+++ b/tests/data/000025-002.sig
diff --git a/tests/data/000026-012.ring_trust b/tests/data/000026-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000026-012.ring_trust
diff --git a/tests/data/000027-006.public_key b/tests/data/000027-006.public_key
new file mode 100644
index 0000000..5817e00
--- /dev/null
+++ b/tests/data/000027-006.public_key
diff --git a/tests/data/000028-002.sig b/tests/data/000028-002.sig
new file mode 100644
index 0000000..5194b78
--- /dev/null
+++ b/tests/data/000028-002.sig
diff --git a/tests/data/000029-012.ring_trust b/tests/data/000029-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000029-012.ring_trust
diff --git a/tests/data/000030-013.user_id b/tests/data/000030-013.user_id
new file mode 100644
index 0000000..fb3f49e
--- /dev/null
+++ b/tests/data/000030-013.user_id
@@ -0,0 +1 @@
+´+Test Key (DSA sign-only) <test@example.net>
\ No newline at end of file
diff --git a/tests/data/000031-002.sig b/tests/data/000031-002.sig
new file mode 100644
index 0000000..f69f687
--- /dev/null
+++ b/tests/data/000031-002.sig
diff --git a/tests/data/000032-012.ring_trust b/tests/data/000032-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000032-012.ring_trust
diff --git a/tests/data/000033-002.sig b/tests/data/000033-002.sig
new file mode 100644
index 0000000..2bb55d4
--- /dev/null
+++ b/tests/data/000033-002.sig
diff --git a/tests/data/000034-012.ring_trust b/tests/data/000034-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000034-012.ring_trust
diff --git a/tests/data/000035-006.public_key b/tests/data/000035-006.public_key
new file mode 100644
index 0000000..5980638
--- /dev/null
+++ b/tests/data/000035-006.public_key
diff --git a/tests/data/000036-013.user_id b/tests/data/000036-013.user_id
new file mode 100644
index 0000000..5d0d46e
--- /dev/null
+++ b/tests/data/000036-013.user_id
@@ -0,0 +1 @@
+´.Test Key (RSA sign-only) <testkey@example.net>
\ No newline at end of file
diff --git a/tests/data/000037-002.sig b/tests/data/000037-002.sig
new file mode 100644
index 0000000..833b563
--- /dev/null
+++ b/tests/data/000037-002.sig
diff --git a/tests/data/000038-012.ring_trust b/tests/data/000038-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000038-012.ring_trust
diff --git a/tests/data/000039-002.sig b/tests/data/000039-002.sig
new file mode 100644
index 0000000..89c34fa
--- /dev/null
+++ b/tests/data/000039-002.sig
diff --git a/tests/data/000040-012.ring_trust b/tests/data/000040-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000040-012.ring_trust
diff --git a/tests/data/000041-017.attribute b/tests/data/000041-017.attribute
new file mode 100644
index 0000000..a21a82f
--- /dev/null
+++ b/tests/data/000041-017.attribute
diff --git a/tests/data/000042-002.sig b/tests/data/000042-002.sig
new file mode 100644
index 0000000..fc6267f
--- /dev/null
+++ b/tests/data/000042-002.sig
diff --git a/tests/data/000043-012.ring_trust b/tests/data/000043-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000043-012.ring_trust
diff --git a/tests/data/000044-014.public_subkey b/tests/data/000044-014.public_subkey
new file mode 100644
index 0000000..06bf50e
--- /dev/null
+++ b/tests/data/000044-014.public_subkey
diff --git a/tests/data/000045-002.sig b/tests/data/000045-002.sig
new file mode 100644
index 0000000..336eb0f
--- /dev/null
+++ b/tests/data/000045-002.sig
diff --git a/tests/data/000046-012.ring_trust b/tests/data/000046-012.ring_trust
new file mode 100644
index 0000000..ffa57e5
--- /dev/null
+++ b/tests/data/000046-012.ring_trust
diff --git a/tests/data/000047-005.secret_key b/tests/data/000047-005.secret_key
new file mode 100644
index 0000000..77b5d42
--- /dev/null
+++ b/tests/data/000047-005.secret_key
diff --git a/tests/data/000048-013.user_id b/tests/data/000048-013.user_id
new file mode 100644
index 0000000..759449b
--- /dev/null
+++ b/tests/data/000048-013.user_id
@@ -0,0 +1 @@
+´$Test Key (RSA) <testkey@example.org>
\ No newline at end of file
diff --git a/tests/data/000049-002.sig b/tests/data/000049-002.sig
new file mode 100644
index 0000000..14276d0
--- /dev/null
+++ b/tests/data/000049-002.sig
diff --git a/tests/data/000050-012.ring_trust b/tests/data/000050-012.ring_trust
new file mode 100644
index 0000000..b1eeabb
--- /dev/null
+++ b/tests/data/000050-012.ring_trust
diff --git a/tests/data/000051-007.secret_subkey b/tests/data/000051-007.secret_subkey
new file mode 100644
index 0000000..b4e65c9
--- /dev/null
+++ b/tests/data/000051-007.secret_subkey
diff --git a/tests/data/000052-002.sig b/tests/data/000052-002.sig
new file mode 100644
index 0000000..dd60180
--- /dev/null
+++ b/tests/data/000052-002.sig
diff --git a/tests/data/000053-012.ring_trust b/tests/data/000053-012.ring_trust
new file mode 100644
index 0000000..b1eeabb
--- /dev/null
+++ b/tests/data/000053-012.ring_trust
diff --git a/tests/data/000054-005.secret_key b/tests/data/000054-005.secret_key
new file mode 100644
index 0000000..f153e59
--- /dev/null
+++ b/tests/data/000054-005.secret_key
diff --git a/tests/data/000055-002.sig b/tests/data/000055-002.sig
new file mode 100644
index 0000000..e734505
--- /dev/null
+++ b/tests/data/000055-002.sig
diff --git a/tests/data/000056-012.ring_trust b/tests/data/000056-012.ring_trust
new file mode 100644
index 0000000..b1eeabb
--- /dev/null
+++ b/tests/data/000056-012.ring_trust
diff --git a/tests/data/000057-013.user_id b/tests/data/000057-013.user_id
new file mode 100644
index 0000000..ab3f51d
--- /dev/null
+++ b/tests/data/000057-013.user_id
@@ -0,0 +1 @@
+´$Test Key (DSA) <testkey@example.com>
\ No newline at end of file
diff --git a/tests/data/000058-002.sig b/tests/data/000058-002.sig
new file mode 100644
index 0000000..8588489
--- /dev/null
+++ b/tests/data/000058-002.sig
diff --git a/tests/data/000059-012.ring_trust b/tests/data/000059-012.ring_trust
new file mode 100644
index 0000000..b1eeabb
--- /dev/null
+++ b/tests/data/000059-012.ring_trust
diff --git a/tests/data/000060-007.secret_subkey b/tests/data/000060-007.secret_subkey
new file mode 100644
index 0000000..9df45f3
--- /dev/null
+++ b/tests/data/000060-007.secret_subkey
diff --git a/tests/data/000061-002.sig b/tests/data/000061-002.sig
new file mode 100644
index 0000000..6394942
--- /dev/null
+++ b/tests/data/000061-002.sig
diff --git a/tests/data/000062-012.ring_trust b/tests/data/000062-012.ring_trust
new file mode 100644
index 0000000..b1eeabb
--- /dev/null
+++ b/tests/data/000062-012.ring_trust
diff --git a/tests/data/000063-005.secret_key b/tests/data/000063-005.secret_key
new file mode 100644
index 0000000..2f4268e
--- /dev/null
+++ b/tests/data/000063-005.secret_key
diff --git a/tests/data/000064-002.sig b/tests/data/000064-002.sig
new file mode 100644
index 0000000..5194b78
--- /dev/null
+++ b/tests/data/000064-002.sig
diff --git a/tests/data/000065-012.ring_trust b/tests/data/000065-012.ring_trust
new file mode 100644
index 0000000..b1eeabb
--- /dev/null
+++ b/tests/data/000065-012.ring_trust
diff --git a/tests/data/000066-013.user_id b/tests/data/000066-013.user_id
new file mode 100644
index 0000000..fb3f49e
--- /dev/null
+++ b/tests/data/000066-013.user_id
@@ -0,0 +1 @@
+´+Test Key (DSA sign-only) <test@example.net>
\ No newline at end of file
diff --git a/tests/data/000067-002.sig b/tests/data/000067-002.sig
new file mode 100644
index 0000000..d354e79
--- /dev/null
+++ b/tests/data/000067-002.sig
diff --git a/tests/data/000068-012.ring_trust b/tests/data/000068-012.ring_trust
new file mode 100644
index 0000000..b1eeabb
--- /dev/null
+++ b/tests/data/000068-012.ring_trust
diff --git a/tests/data/000069-005.secret_key b/tests/data/000069-005.secret_key
new file mode 100644
index 0000000..17a2c35
--- /dev/null
+++ b/tests/data/000069-005.secret_key
diff --git a/tests/data/000070-013.user_id b/tests/data/000070-013.user_id
new file mode 100644
index 0000000..5d0d46e
--- /dev/null
+++ b/tests/data/000070-013.user_id
@@ -0,0 +1 @@
+´.Test Key (RSA sign-only) <testkey@example.net>
\ No newline at end of file
diff --git a/tests/data/000071-002.sig b/tests/data/000071-002.sig
new file mode 100644
index 0000000..833b563
--- /dev/null
+++ b/tests/data/000071-002.sig
diff --git a/tests/data/000072-012.ring_trust b/tests/data/000072-012.ring_trust
new file mode 100644
index 0000000..b1eeabb
--- /dev/null
+++ b/tests/data/000072-012.ring_trust
diff --git a/tests/data/000073-017.attribute b/tests/data/000073-017.attribute
new file mode 100644
index 0000000..a21a82f
--- /dev/null
+++ b/tests/data/000073-017.attribute
diff --git a/tests/data/000074-002.sig b/tests/data/000074-002.sig
new file mode 100644
index 0000000..fc6267f
--- /dev/null
+++ b/tests/data/000074-002.sig
diff --git a/tests/data/000075-012.ring_trust b/tests/data/000075-012.ring_trust
new file mode 100644
index 0000000..b1eeabb
--- /dev/null
+++ b/tests/data/000075-012.ring_trust
diff --git a/tests/data/000076-007.secret_subkey b/tests/data/000076-007.secret_subkey
new file mode 100644
index 0000000..b380339
--- /dev/null
+++ b/tests/data/000076-007.secret_subkey
diff --git a/tests/data/000077-002.sig b/tests/data/000077-002.sig
new file mode 100644
index 0000000..336eb0f
--- /dev/null
+++ b/tests/data/000077-002.sig
diff --git a/tests/data/000078-012.ring_trust b/tests/data/000078-012.ring_trust
new file mode 100644
index 0000000..b1eeabb
--- /dev/null
+++ b/tests/data/000078-012.ring_trust
diff --git a/tests/data/002182-002.sig b/tests/data/002182-002.sig
new file mode 100644
index 0000000..2bc6679
--- /dev/null
+++ b/tests/data/002182-002.sig
diff --git a/tests/data/3F5BBA0B0694BEB6000005-002.sig b/tests/data/3F5BBA0B0694BEB6000005-002.sig
new file mode 100644
index 0000000..94055af
--- /dev/null
+++ b/tests/data/3F5BBA0B0694BEB6000005-002.sig
diff --git a/tests/data/3F5BBA0B0694BEB6000017-002.sig b/tests/data/3F5BBA0B0694BEB6000017-002.sig
new file mode 100644
index 0000000..b22f23b
--- /dev/null
+++ b/tests/data/3F5BBA0B0694BEB6000017-002.sig
diff --git a/tests/data/compressedsig-bzip2.gpg b/tests/data/compressedsig-bzip2.gpg
new file mode 100644
index 0000000..87539db
--- /dev/null
+++ b/tests/data/compressedsig-bzip2.gpg
diff --git a/tests/data/compressedsig-zlib.gpg b/tests/data/compressedsig-zlib.gpg
new file mode 100644
index 0000000..4da4dfa
--- /dev/null
+++ b/tests/data/compressedsig-zlib.gpg
diff --git a/tests/data/compressedsig.gpg b/tests/data/compressedsig.gpg
new file mode 100644
index 0000000..dd617de
--- /dev/null
+++ b/tests/data/compressedsig.gpg
diff --git a/tests/data/onepass_sig b/tests/data/onepass_sig
new file mode 100644
index 0000000..87b2895
--- /dev/null
+++ b/tests/data/onepass_sig
diff --git a/tests/data/pubring.gpg b/tests/data/pubring.gpg
new file mode 100644
index 0000000..a1519ee
--- /dev/null
+++ b/tests/data/pubring.gpg
diff --git a/tests/data/secring.gpg b/tests/data/secring.gpg
new file mode 100644
index 0000000..1359875
--- /dev/null
+++ b/tests/data/secring.gpg
diff --git a/tests/data/symmetrically_encrypted b/tests/data/symmetrically_encrypted
new file mode 100644
index 0000000..129155a
--- /dev/null
+++ b/tests/data/symmetrically_encrypted
diff --git a/tests/data/uncompressed-ops-dsa-sha384.txt.gpg b/tests/data/uncompressed-ops-dsa-sha384.txt.gpg
new file mode 100644
index 0000000..39828fc
--- /dev/null
+++ b/tests/data/uncompressed-ops-dsa-sha384.txt.gpg
diff --git a/tests/data/uncompressed-ops-dsa.gpg b/tests/data/uncompressed-ops-dsa.gpg
new file mode 100644
index 0000000..97e7a26
--- /dev/null
+++ b/tests/data/uncompressed-ops-dsa.gpg
diff --git a/tests/data/uncompressed-ops-rsa.gpg b/tests/data/uncompressed-ops-rsa.gpg
new file mode 100644
index 0000000..7ae453d
--- /dev/null
+++ b/tests/data/uncompressed-ops-rsa.gpg
diff --git a/tests/suite.hs b/tests/suite.hs
new file mode 100644
index 0000000..cb4f4aa
--- /dev/null
+++ b/tests/suite.hs
@@ -0,0 +1,160 @@
+{-# LANGUAGE CPP #-}
+import Test.Framework (defaultMain, testGroup, Test)
+import Test.Framework.Providers.HUnit
+import Test.Framework.Providers.QuickCheck2
+import Test.HUnit hiding (Test)
+
+import Data.Word
+import Data.OpenPGP.Arbitrary ()
+import qualified Data.OpenPGP as OpenPGP
+import qualified Data.OpenPGP.Internal as OpenPGP
+
+#ifdef CEREAL
+import Data.Serialize
+import qualified Data.ByteString as B
+
+decode' :: (Serialize a) => B.ByteString -> a
+decode' x = let Right v = decode x in v
+#else
+import Data.Binary
+import qualified Data.ByteString.Lazy as B
+
+decode' :: (Binary a) => B.ByteString -> a
+decode' = decode
+#endif
+
+testSerialization :: FilePath -> Assertion
+testSerialization fp = do
+        bs <- B.readFile $ "tests/data/" ++ fp
+        nullShield "First" (decode' bs) (\firstpass ->
+                        nullShield "Second" (decode' $ encode firstpass) (
+                                assertEqual ("for " ++ fp) firstpass
+                        )
+                )
+        where
+        nullShield pass (OpenPGP.Message []) _ =
+                assertFailure $ pass ++ " pass of " ++ fp ++ " decoded to nothing."
+        nullShield _ m f = f m
+
+prop_s2k_count :: Word8 -> Bool
+prop_s2k_count c =
+        c == OpenPGP.encode_s2k_count (OpenPGP.decode_s2k_count c)
+
+prop_MPI_serialization_loop :: OpenPGP.MPI -> Bool
+prop_MPI_serialization_loop mpi =
+        mpi == decode' (encode mpi)
+
+prop_S2K_serialization_loop :: OpenPGP.S2K -> Bool
+prop_S2K_serialization_loop s2k =
+        s2k == decode' (encode s2k)
+
+prop_SignatureSubpacket_serialization_loop :: OpenPGP.SignatureSubpacket -> Bool
+prop_SignatureSubpacket_serialization_loop packet =
+        packet == decode' (encode packet)
+
+tests :: [Test]
+tests =
+        [
+                testGroup "Serialization" [
+                        testCase "000001-006.public_key" (testSerialization "000001-006.public_key"),
+                        testCase "000002-013.user_id" (testSerialization "000002-013.user_id"),
+                        testCase "000003-002.sig" (testSerialization "000003-002.sig"),
+                        testCase "000004-012.ring_trust" (testSerialization "000004-012.ring_trust"),
+                        testCase "000005-002.sig" (testSerialization "000005-002.sig"),
+                        testCase "000006-012.ring_trust" (testSerialization "000006-012.ring_trust"),
+                        testCase "000007-002.sig" (testSerialization "000007-002.sig"),
+                        testCase "000008-012.ring_trust" (testSerialization "000008-012.ring_trust"),
+                        testCase "000009-002.sig" (testSerialization "000009-002.sig"),
+                        testCase "000010-012.ring_trust" (testSerialization "000010-012.ring_trust"),
+                        testCase "000011-002.sig" (testSerialization "000011-002.sig"),
+                        testCase "000012-012.ring_trust" (testSerialization "000012-012.ring_trust"),
+                        testCase "000013-014.public_subkey" (testSerialization "000013-014.public_subkey"),
+                        testCase "000014-002.sig" (testSerialization "000014-002.sig"),
+                        testCase "000015-012.ring_trust" (testSerialization "000015-012.ring_trust"),
+                        testCase "000016-006.public_key" (testSerialization "000016-006.public_key"),
+                        testCase "000017-002.sig" (testSerialization "000017-002.sig"),
+                        testCase "000018-012.ring_trust" (testSerialization "000018-012.ring_trust"),
+                        testCase "000019-013.user_id" (testSerialization "000019-013.user_id"),
+                        testCase "000020-002.sig" (testSerialization "000020-002.sig"),
+                        testCase "000021-012.ring_trust" (testSerialization "000021-012.ring_trust"),
+                        testCase "000022-002.sig" (testSerialization "000022-002.sig"),
+                        testCase "000023-012.ring_trust" (testSerialization "000023-012.ring_trust"),
+                        testCase "000024-014.public_subkey" (testSerialization "000024-014.public_subkey"),
+                        testCase "000025-002.sig" (testSerialization "000025-002.sig"),
+                        testCase "000026-012.ring_trust" (testSerialization "000026-012.ring_trust"),
+                        testCase "000027-006.public_key" (testSerialization "000027-006.public_key"),
+                        testCase "000028-002.sig" (testSerialization "000028-002.sig"),
+                        testCase "000029-012.ring_trust" (testSerialization "000029-012.ring_trust"),
+                        testCase "000030-013.user_id" (testSerialization "000030-013.user_id"),
+                        testCase "000031-002.sig" (testSerialization "000031-002.sig"),
+                        testCase "000032-012.ring_trust" (testSerialization "000032-012.ring_trust"),
+                        testCase "000033-002.sig" (testSerialization "000033-002.sig"),
+                        testCase "000034-012.ring_trust" (testSerialization "000034-012.ring_trust"),
+                        testCase "000035-006.public_key" (testSerialization "000035-006.public_key"),
+                        testCase "000036-013.user_id" (testSerialization "000036-013.user_id"),
+                        testCase "000037-002.sig" (testSerialization "000037-002.sig"),
+                        testCase "000038-012.ring_trust" (testSerialization "000038-012.ring_trust"),
+                        testCase "000039-002.sig" (testSerialization "000039-002.sig"),
+                        testCase "000040-012.ring_trust" (testSerialization "000040-012.ring_trust"),
+                        testCase "000041-017.attribute" (testSerialization "000041-017.attribute"),
+                        testCase "000042-002.sig" (testSerialization "000042-002.sig"),
+                        testCase "000043-012.ring_trust" (testSerialization "000043-012.ring_trust"),
+                        testCase "000044-014.public_subkey" (testSerialization "000044-014.public_subkey"),
+                        testCase "000045-002.sig" (testSerialization "000045-002.sig"),
+                        testCase "000046-012.ring_trust" (testSerialization "000046-012.ring_trust"),
+                        testCase "000047-005.secret_key" (testSerialization "000047-005.secret_key"),
+                        testCase "000048-013.user_id" (testSerialization "000048-013.user_id"),
+                        testCase "000049-002.sig" (testSerialization "000049-002.sig"),
+                        testCase "000050-012.ring_trust" (testSerialization "000050-012.ring_trust"),
+                        testCase "000051-007.secret_subkey" (testSerialization "000051-007.secret_subkey"),
+                        testCase "000052-002.sig" (testSerialization "000052-002.sig"),
+                        testCase "000053-012.ring_trust" (testSerialization "000053-012.ring_trust"),
+                        testCase "000054-005.secret_key" (testSerialization "000054-005.secret_key"),
+                        testCase "000055-002.sig" (testSerialization "000055-002.sig"),
+                        testCase "000056-012.ring_trust" (testSerialization "000056-012.ring_trust"),
+                        testCase "000057-013.user_id" (testSerialization "000057-013.user_id"),
+                        testCase "000058-002.sig" (testSerialization "000058-002.sig"),
+                        testCase "000059-012.ring_trust" (testSerialization "000059-012.ring_trust"),
+                        testCase "000060-007.secret_subkey" (testSerialization "000060-007.secret_subkey"),
+                        testCase "000061-002.sig" (testSerialization "000061-002.sig"),
+                        testCase "000062-012.ring_trust" (testSerialization "000062-012.ring_trust"),
+                        testCase "000063-005.secret_key" (testSerialization "000063-005.secret_key"),
+                        testCase "000064-002.sig" (testSerialization "000064-002.sig"),
+                        testCase "000065-012.ring_trust" (testSerialization "000065-012.ring_trust"),
+                        testCase "000066-013.user_id" (testSerialization "000066-013.user_id"),
+                        testCase "000067-002.sig" (testSerialization "000067-002.sig"),
+                        testCase "000068-012.ring_trust" (testSerialization "000068-012.ring_trust"),
+                        testCase "000069-005.secret_key" (testSerialization "000069-005.secret_key"),
+                        testCase "000070-013.user_id" (testSerialization "000070-013.user_id"),
+                        testCase "000071-002.sig" (testSerialization "000071-002.sig"),
+                        testCase "000072-012.ring_trust" (testSerialization "000072-012.ring_trust"),
+                        testCase "000073-017.attribute" (testSerialization "000073-017.attribute"),
+                        testCase "000074-002.sig" (testSerialization "000074-002.sig"),
+                        testCase "000075-012.ring_trust" (testSerialization "000075-012.ring_trust"),
+                        testCase "000076-007.secret_subkey" (testSerialization "000076-007.secret_subkey"),
+                        testCase "000077-002.sig" (testSerialization "000077-002.sig"),
+                        testCase "000078-012.ring_trust" (testSerialization "000078-012.ring_trust"),
+                        testCase "002182-002.sig" (testSerialization "002182-002.sig"),
+                        testCase "pubring.gpg" (testSerialization "pubring.gpg"),
+                        testCase "secring.gpg" (testSerialization "secring.gpg"),
+                        testCase "compressedsig.gpg" (testSerialization "compressedsig.gpg"),
+                        testCase "compressedsig-zlib.gpg" (testSerialization "compressedsig-zlib.gpg"),
+                        testCase "compressedsig-bzip2.gpg" (testSerialization "compressedsig-bzip2.gpg"),
+                        testCase "onepass_sig" (testSerialization "onepass_sig"),
+                        testCase "symmetrically_encrypted" (testSerialization "symmetrically_encrypted"),
+                        testCase "uncompressed-ops-dsa.gpg" (testSerialization "uncompressed-ops-dsa.gpg"),
+                        testCase "uncompressed-ops-dsa-sha384.txt.gpg" (testSerialization "uncompressed-ops-dsa-sha384.txt.gpg"),
+                        testCase "uncompressed-ops-rsa.gpg" (testSerialization "uncompressed-ops-rsa.gpg"),
+                        testCase "3F5BBA0B0694BEB6000005-002.sig" (testSerialization "3F5BBA0B0694BEB6000005-002.sig"),
+                        testCase "3F5BBA0B0694BEB6000017-002.sig" (testSerialization "3F5BBA0B0694BEB6000017-002.sig"),
+                        testProperty "MPI encode/decode" prop_MPI_serialization_loop,
+                        testProperty "S2K encode/decode" prop_S2K_serialization_loop,
+                        testProperty "SignatureSubpacket encode/decode" prop_SignatureSubpacket_serialization_loop
+                ],
+                testGroup "S2K count" [
+                        testProperty "S2K count encode reverses decode" prop_s2k_count
+                ]
+        ]
+
+main :: IO ()
+main = defaultMain tests