Preserve public/secret distinction in _serialize_signature_packet_target

When promoting subkey packets to key packets as signature targets,
keep secret keys secret and public keys public.  This avoids:

  ValueError: corrupted hash

warnings (and was mostly a lucky guess ;), as all RFC 4880 gives us is
[1]:

  When a signature is made over a key, the hash data starts with the
  octet 0x99, followed by a two-octet length of the key, and then body
  of the key packet.  (Note that this is an old-style packet header
  for a key packet with two-octet length.)  A subkey binding signature
  (type 0x18) or primary key binding signature (type 0x19) then hashes
  the subkey using the same format as the main key (also using 0x99 as
  the first octet).

http://tools.ietf.org/search/rfc4880#section-5.2.4

diff --git a/gpg-migrate.py b/gpg-migrate.py
index f25cb3609d2f23c504396e18463b1e6f30330c24..ad4f0f52b94ac609fc424295dc7e2a265419fbbd 100755 (executable)
--- a/gpg-migrate.py
+++ b/gpg-migrate.py
@@ -1016,13 +1016,10 @@ class PGPPacket (dict):
         elif isinstance(target, bytes):
             return target
         elif isinstance(target, PGPPacket):
-            if target['type'] in [
-                    'public-subkey packet',
-                    'secret-key packet',
-                    'secret-subkey packet',
-                    ]:
+            if target['type'].endswith('-subkey packet'):
                 target = target.copy()
-                target['type'] = 'public-key packet'
+                target['type'] = target['type'].replace(
+                    '-subkey packet', '-key packet')
             serialized = target._serialize_body()
             if target['type'] in [
                     'public-key packet',