When promoting subkey packets to key packets as signature targets,
keep secret keys secret and public keys public. This avoids:
ValueError: corrupted hash
warnings (and was mostly a lucky guess ;), as all RFC 4880 gives us is
[1]:
When a signature is made over a key, the hash data starts with the
octet 0x99, followed by a two-octet length of the key, and then body
of the key packet. (Note that this is an old-style packet header
for a key packet with two-octet length.) A subkey binding signature
(type 0x18) or primary key binding signature (type 0x19) then hashes
the subkey using the same format as the main key (also using 0x99 as
the first octet).
http://tools.ietf.org/search/rfc4880#section-5.2.4
elif isinstance(target, bytes):
return target
elif isinstance(target, PGPPacket):
elif isinstance(target, bytes):
return target
elif isinstance(target, PGPPacket):
- if target['type'] in [
- 'public-subkey packet',
- 'secret-key packet',
- 'secret-subkey packet',
- ]:
+ if target['type'].endswith('-subkey packet'):
- target['type'] = 'public-key packet'
+ target['type'] = target['type'].replace(
+ '-subkey packet', '-key packet')
serialized = target._serialize_body()
if target['type'] in [
'public-key packet',
serialized = target._serialize_body()
if target['type'] in [
'public-key packet',