Open J08nY opened 7 years ago
What gpg generates as a PGP PUBLIC KEY BLOCK
is not really a valid transferable public key, so it makes sense that PGPKey.from_blob
errors out. However there should be a way to get at least the signature packet out of an ASCII-Armored blob such as that one.
>>> dearm = Armorable.ascii_unarmor(revoc_sig)
>>> data = bytearray(dearm['body'])
>>> p = Packet(data)
>>> p
<SignatureV4 [tag 02][v4] at 0x....>
>>> sig = PGPSignature()
>>> sig |= p
>>> sig
<PGPSignature [KeyRevocation] object at 0x....>
Interesting that it's wrapped in magic claiming it to be a PUBLIC KEY BLOCK when the only packet contained within is a signature.
A slightly less obnoxious short-term workaround, if you already know ahead of time that it's going to be a revocation signature, could be:
s = PGPSignature.from_blob(revoc_sig.replace('PUBLIC KEY BLOCK', 'SIGNATURE'))
I guess we'll have to take the armor magic as a suggestion in the future 8)
Nice workaround! Definitely using that. 👍
Might be also worthwhile to report this as a bug to GPG, as what they are generating under the PUBLIC KEY BLOCK
magic is definitely not a valid transferable public key and should maybe change that to put it in SIGNATURE
magic. Although the PUBLIC KEY BLOCK
magic is understandable as key revocation sigs are part of keys when they are imported, so I guess that is their logic.
Let's say that I have the following example public key:
For which, gpg generated this key revocation:
PGPy should be able to parse and verify this revocation signature. As currently doing:
doesn't work.