From: W. Trevor King <wking@tremily.us>
Date: Fri, 20 Dec 2013 21:52:10 +0000 (-0800)
Subject: Add key flags signature subpacket parsing to PGPPacket
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=a00be41dc65055f4f29ef7bae2b35f3dacd8ec47;p=gpg-migrate.git

Add key flags signature subpacket parsing to PGPPacket

From RFC 4880 [1]:

  (N octets of flags)

  This subpacket contains a list of binary flags that hold information
  about a key.  It is a string of octets, and an implementation MUST
  NOT assume a fixed size.  This is so it can grow over time.  If a
  list is shorter than an implementation expects, the unstated flags
  are considered to be zero.  The defined flags are as follows:

    First octet:

    0x01 - This key may be used to certify other keys.
    0x02 - This key may be used to sign data.
    0x04 - This key may be used to encrypt communications.
    0x08 - This key may be used to encrypt storage.
    0x10 - The private component of this key may have been split by a
           secret-sharing mechanism.
    0x20 - This key may be used for authentication.
    0x80 - The private component of this key may be in the possession
           of more than one person.

[1]: http://tools.ietf.org/search/rfc4880#section-5.2.3.21
---

diff --git a/gpg-migrate.py b/gpg-migrate.py
index 38c7874..aeda78c 100755
--- a/gpg-migrate.py
+++ b/gpg-migrate.py
@@ -292,6 +292,9 @@ class PGPPacket (dict):
     def _str_issuer_signature_subpacket(self, subpacket):
         return subpacket['issuer'][-8:].upper()
 
+    def _str_key_flags_signature_subpacket(self, subpacket):
+        return ', '.join(x for x in sorted(subpacket['key-flags']))
+
     def _str_embedded_signature_signature_subpacket(self, subpacket):
         return subpacket['embedded']['signature-type']
 
@@ -548,6 +551,23 @@ class PGPPacket (dict):
     def _parse_issuer_signature_subpacket(self, data, subpacket):
         subpacket['issuer'] = ''.join('{:02x}'.format(byte) for byte in data)
 
+    def _parse_key_flags_signature_subpacket(self, data, subpacket):
+        subpacket['key-flags'] = set()
+        if data[0] & 0x1:
+            subpacket['key-flags'].add('can certify')
+        if data[0] & 0x2:
+            subpacket['key-flags'].add('can sign')
+        if data[0] & 0x4:
+            subpacket['key-flags'].add('can encrypt communications')
+        if data[0] & 0x8:
+            subpacket['key-flags'].add('can encrypt storage')
+        if data[0] & 0x10:
+            subpacket['key-flags'].add('private split')
+        if data[0] & 0x20:
+            subpacket['key-flags'].add('can authenticate')
+        if data[0] & 0x80:
+            subpacket['key-flags'].add('private shared')
+
     def _parse_embedded_signature_signature_subpacket(self, data, subpacket):
         subpacket['embedded'] = PGPPacket()
         subpacket['embedded']._parse_signature_packet(data=data)