Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

V4 Secret key id and fingerprint not calculated correctly #23

Open
arwyersfs opened this issue Oct 25, 2019 · 1 comment
Open

V4 Secret key id and fingerprint not calculated correctly #23

arwyersfs opened this issue Oct 25, 2019 · 1 comment

Comments

@arwyersfs
Copy link

Don't think this is actively maintained, but figured I could spare someone some pain if they need to use this in the future. The fingerprint(and subsequently key_id) for version 4 key packets is calculated incorrectly. According to the RFC 4880 only the public key packets are supposed to be used in SHA1 to get the fingerprint, but the code uses the entire packet content(including the secret key material).
@arwyersfs
Copy link
Author

Adding this segment of code after line 481 should do the trick
public_len = offset
if self.pubkey_version == 4:
sha1 = hashlib.sha1()
seed_bytes = (0x99, (public_len >> 8) & 0xff, public_len & 0xff)
sha1.update(pack_data(bytearray(seed_bytes)))
sha1.update(pack_data(self.data[:public_len]))
self.fingerprint = sha1.hexdigest().upper().encode('ascii')
self.key_id = self.fingerprint[24:]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@arwyersfs