From c26b4ddeba80740c3511856dbe7cf36c3806a88d Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Mon, 23 Dec 2013 15:27:08 -0800 Subject: [PATCH] Shift (sub)key -> public key coercion into _serialize_signature_packet_target While RFC 4880 explicitly specifies that key fingerprints are calculated only on the public part of the key packet, it was unclear if signatures are also only calculated over the public part. It turns out that they are, so move the coercion logic from PGPPacket._parse_generic_public_key_packet into _serialize_signature_packet_target. --- gpg-migrate.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/gpg-migrate.py b/gpg-migrate.py index 7516db8..f4651e3 100755 --- a/gpg-migrate.py +++ b/gpg-migrate.py @@ -581,12 +581,8 @@ class PGPPacket (dict): 'algorithm-specific key fields for {}'.format( self['public-key-algorithm'])) fingerprint = _hashlib.sha1() - fingerprint_target = self - if self['type'] != 'public-key packet': - fingerprint_target = self.copy() - fingerprint_target['type'] = 'public-key packet' fingerprint.update( - self._serialize_signature_packet_target(target=fingerprint_target)) + self._serialize_signature_packet_target(target=self)) self['fingerprint'] = fingerprint.hexdigest() return offset @@ -998,6 +994,13 @@ class PGPPacket (dict): elif isinstance(target, bytes): return target elif isinstance(target, PGPPacket): + if target['type'] in [ + 'public-subkey packet', + 'secret-key packet', + 'secret-subkey packet', + ]: + target = target.copy() + target['type'] = 'public-key packet' serialized = target._serialize_body() if target['type'] in [ 'public-key packet', -- 2.26.2