From: W. Trevor King Date: Mon, 23 Dec 2013 23:27:08 +0000 (-0800) Subject: Shift (sub)key -> public key coercion into _serialize_signature_packet_target X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=c26b4ddeba80740c3511856dbe7cf36c3806a88d;p=gpg-migrate.git Shift (sub)key -> public key coercion into _serialize_signature_packet_target While RFC 4880 explicitly specifies that key fingerprints are calculated only on the public part of the key packet, it was unclear if signatures are also only calculated over the public part. It turns out that they are, so move the coercion logic from PGPPacket._parse_generic_public_key_packet into _serialize_signature_packet_target. --- diff --git a/gpg-migrate.py b/gpg-migrate.py index 7516db8..f4651e3 100755 --- a/gpg-migrate.py +++ b/gpg-migrate.py @@ -581,12 +581,8 @@ class PGPPacket (dict): 'algorithm-specific key fields for {}'.format( self['public-key-algorithm'])) fingerprint = _hashlib.sha1() - fingerprint_target = self - if self['type'] != 'public-key packet': - fingerprint_target = self.copy() - fingerprint_target['type'] = 'public-key packet' fingerprint.update( - self._serialize_signature_packet_target(target=fingerprint_target)) + self._serialize_signature_packet_target(target=self)) self['fingerprint'] = fingerprint.hexdigest() return offset @@ -998,6 +994,13 @@ class PGPPacket (dict): elif isinstance(target, bytes): return target elif isinstance(target, PGPPacket): + if target['type'] in [ + 'public-subkey packet', + 'secret-key packet', + 'secret-subkey packet', + ]: + target = target.copy() + target['type'] = 'public-key packet' serialized = target._serialize_body() if target['type'] in [ 'public-key packet',