Shift (sub)key -> public key coercion into _serialize_signature_packet_target

While RFC 4880 explicitly specifies that key fingerprints are
calculated only on the public part of the key packet, it was unclear
if signatures are also only calculated over the public part.  It turns
out that they are, so move the coercion logic from
PGPPacket._parse_generic_public_key_packet into
_serialize_signature_packet_target.

diff --git a/gpg-migrate.py b/gpg-migrate.py
index 7516db82c69feae5efed06fd8df2ecc44cf5abaf..f4651e37fb6a74fd12462aa47778be405843ee77 100755 (executable)
--- a/gpg-migrate.py
+++ b/gpg-migrate.py
@@ -581,12 +581,8 @@ class PGPPacket (dict):
                 'algorithm-specific key fields for {}'.format(
                     self['public-key-algorithm']))
         fingerprint = _hashlib.sha1()
-        fingerprint_target = self
-        if self['type'] != 'public-key packet':
-            fingerprint_target = self.copy()
-            fingerprint_target['type'] = 'public-key packet'
         fingerprint.update(
-            self._serialize_signature_packet_target(target=fingerprint_target))
+            self._serialize_signature_packet_target(target=self))
         self['fingerprint'] = fingerprint.hexdigest()
         return offset
 
@@ -998,6 +994,13 @@ class PGPPacket (dict):
         elif isinstance(target, bytes):
             return target
         elif isinstance(target, PGPPacket):
+            if target['type'] in [
+                    'public-subkey packet',
+                    'secret-key packet',
+                    'secret-subkey packet',
+                    ]:
+                target = target.copy()
+                target['type'] = 'public-key packet'
             serialized = target._serialize_body()
             if target['type'] in [
                     'public-key packet',