From a0dc8d6ec2184564c7980d1731f7dd652dbe1d83 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Tue, 7 Jan 2014 09:48:38 -0800 Subject: [PATCH] Preserve public/secret distinction in _serialize_signature_packet_target When promoting subkey packets to key packets as signature targets, keep secret keys secret and public keys public. This avoids: ValueError: corrupted hash warnings (and was mostly a lucky guess ;), as all RFC 4880 gives us is [1]: When a signature is made over a key, the hash data starts with the octet 0x99, followed by a two-octet length of the key, and then body of the key packet. (Note that this is an old-style packet header for a key packet with two-octet length.) A subkey binding signature (type 0x18) or primary key binding signature (type 0x19) then hashes the subkey using the same format as the main key (also using 0x99 as the first octet). http://tools.ietf.org/search/rfc4880#section-5.2.4 --- gpg-migrate.py | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/gpg-migrate.py b/gpg-migrate.py index f25cb36..ad4f0f5 100755 --- a/gpg-migrate.py +++ b/gpg-migrate.py @@ -1016,13 +1016,10 @@ class PGPPacket (dict): elif isinstance(target, bytes): return target elif isinstance(target, PGPPacket): - if target['type'] in [ - 'public-subkey packet', - 'secret-key packet', - 'secret-subkey packet', - ]: + if target['type'].endswith('-subkey packet'): target = target.copy() - target['type'] = 'public-key packet' + target['type'] = target['type'].replace( + '-subkey packet', '-key packet') serialized = target._serialize_body() if target['type'] in [ 'public-key packet', -- 2.26.2