From 98dd5b53c88cca49a1f7166e2fe4f9d55a7e23b6 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Fri, 20 Dec 2013 16:07:00 -0800 Subject: [PATCH] Check that the first secret-key packet is a 'secret-key packet' From RFC 4880 [1]: The format of a transferable secret key is the same as a transferable public key except that secret-key and secret-subkey packets are used instead of the public key and public-subkey packets. [1]: http://tools.ietf.org/search/rfc4880#section-11.2 --- gpg-migrate.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gpg-migrate.py b/gpg-migrate.py index 9bc9ecc..3041b16 100755 --- a/gpg-migrate.py +++ b/gpg-migrate.py @@ -725,6 +725,10 @@ class PGPKey (object): ['gpg', '--export-secret-keys', self.fingerprint]) self.secret_packets = list( packets_from_bytes(data=key_secret_export)) + if self.secret_packets[0]['type'] != 'secret-key packet': + raise ValueError( + '{} does not start with a secret-key packet'.format( + self.fingerprint)) def export_to_gpg(self): raise NotImplemetedError('export to gpg') -- 2.26.2