I'm doing a bit of software spelunking/archaeology, and I'd like to be able to parse old PGP signatures and access their signer information (specifically, Key IDs).
When I try to load that with PGPSignature.from_blob(...), I don't get an exception:
>>> import pgpy
>>> s = pgpy.PGPSignature.from_blob(sig)
However, as soon as I try to access s (even just its repr), I get an AttributeError:
>>> s
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Users/william/personal/devel/pypi-pgp-statistics/env/lib/python3.11/site-packages/pgpy/pgp.py", line 362, in __repr__
return "<PGPSignature [{:s}] object at 0x{:02x}>".format(self.type.name, id(self))
^^^^^^^^^
File "/Users/william/personal/devel/pypi-pgp-statistics/env/lib/python3.11/site-packages/pgpy/pgp.py", line 322, in type
return self._signature.sigtype
^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'sigtype'
I did a quick check, and it looks like this is coming from the following packet check:
This looks wrong to me: rather than pass-ing, this should probably either raise an exception or (longer-term) handler whatever older/legacy packet type appears in these older signatures. That way, the PGPSignature object itself is never constructed in an invalid/inaccessible state.
I'm happy to make the changes for the quick fix (raising an exception); the more detailed fix should probably be done by someone who understands PGP better 🙂
Hi there! Thanks for maintaining this library.
I'm doing a bit of software spelunking/archaeology, and I'd like to be able to parse old PGP signatures and access their signer information (specifically, Key IDs).
For example, a signature like this:
When I try to load that with
PGPSignature.from_blob(...)
, I don't get an exception:However, as soon as I try to access
s
(even just itsrepr
), I get anAttributeError
:I did a quick check, and it looks like this is coming from the following packet check:
https://github.com/SecurityInnovation/PGPy/blob/30a757181ab02f918a94f8549f354d93639b95e6/pgpy/pgp.py#L585-L592
This looks wrong to me: rather than
pass
-ing, this should probably either raise an exception or (longer-term) handler whatever older/legacy packet type appears in these older signatures. That way, thePGPSignature
object itself is never constructed in an invalid/inaccessible state.I'm happy to make the changes for the quick fix (raising an exception); the more detailed fix should probably be done by someone who understands PGP better 🙂