search

isislovecruft / python-gnupg

A modified version of python-gnupg, including security patches, extensive documentation, and extra features.
Other
424 stars 172 forks source link

Fingerprints are returned incorrectly in Debian Stretch #225

Open fincham opened 6 years ago

fincham commented 6 years ago

When using stretch's gpg (2.1.18) the output to --list-keys looks like:

pub:-:4096:1:69CF24CFFE54EBDF:1407760456:1533859600::-:::scESC:::::::
fpr:::::::::9C9C89701ECB0A641BC2C7F569CF24CFFE54EBDF:
uid:-::::1502323600::EB0DD40F1BDD380A60CF491EE2E3D323F498ECE9::Michael Fincham <michael.fincham@catalyst.net.nz>:
sub:-:4096:1:FEE31F229A07F41A:1407760456:1533859609:::::e::::::
fpr:::::::::DF5FE720E44C799007C182EEFEE31F229A07F41A:

The first "fpr" line is the correct "fingerprint" for the key that you'd get from e.g. "gpg --fingerprint".

However when list_keys() is called, I get an object like:

{'length': '4096', 'date': '1407760456', 'rev': {}, 'expires': '1533859600', 'dummy': '', 'fingerprint': 'DF5FE720E44C799007C182EEFEE31F229A07F41A', 'ownertrust': '-', 'uids': ['Michael Fincham <michael.fincham@catalyst.net.nz>'], 'keyid': '69CF24CFFE54EBDF', 'subkeys': [['FEE31F229A07F41A', 'e']], 'sigs': {'Michael Fincham <michael.fincham@catalyst.net.nz>': []}, 'trust': '-', 'type': 'pub', 'algo': '1'}

From looking at the code it seems like the second "fpr" line (which I guess is for the subkey?) is overwriting the fingerprint.

jannschu commented 6 years ago

Can confirm. The problem is here, if there are subkeys the fingerprint of the subkey overwrites the the correct one.

A fix might be

def fpr(self, args):
    if 'fingerprint' not in self.curkey:
        self.curkey['fingerprint'] = args[9]
        self.fingerprints.append(args[9])