Closed TLINDEN closed 10 years ago
should be fixed with 3f3ba35 - i also added a new test case for catching this error. thx!
Hi,
ok, now I can import public keys which were previously exported by pbp. But I can't import keys exported by pcp. However, in pcp I can import pbp-keys AND pbp-keys created by pcp.
The message is the same:
$ pbp -X -i alice.pbp
Traceback (most recent call last):
File "/usr/local/bin/pbp", line 9, in <module>
load_entry_point('pbp==0.2.1', 'console_scripts', 'pbp')()
File "build/bdist.freebsd-9.1-RELEASE-p4-amd64/egg/pbp/main.py", line 187, in main
File "build/bdist.freebsd-9.1-RELEASE-p4-amd64/egg/pbp/pbp.py", line 299, in import_handler
File "build/bdist.linux-x86_64/egg/pysodium/__init__.py", line 152, in crypto_sign_open
ValueError
Here's the key:
e(^ULDlDlpaNScQ#b_cRuxyq0wH0V!^#@f@4nqrjg^FbGu*BQ;9GE;I8qYIdqp`!FtJd%`*
Ta^5-(2qjc0)3|<5E*+$na^08*}ejlD>`z*w+;CJ~O1@&@pIwwR$U=-a$|{q3o=fzc8-VO53`6
_Uh}QE-{5T_p<y4c0)3|<5E*+$na^08*}ejlD>`z*w+;CJ~O1@&@pIwL2PMbWdHyG
(remove the newlines before trying).
And here are the raw values in there (hex %02x):
edpub: 764332bbe3525367c8f069871b73ef5992be8e08d8d714f13e33a4e1d031687a <= mp
pub: b57a2b99de415036a1ecac98bf30aed54adbba7af6eaeba12e318538f7b2fc07 <= cp
edpub: 764332bbe3525367c8f069871b73ef5992be8e08d8d714f13e33a4e1d031687a <= sp
sig: 7ef137182a2ca93370dd5323c5682220b06c95f7b5156860f50755500e430b7b
858a64f0b0c4dbf61c983c211acf335fa3b1c3a0abd6f032d7c3967ddf5cef01
I'm not really sure, what is the problem with it. Any idea? There's some issue with key.mp I think. Since there's no such thing in pcp (yet), I just use the signing pk for both: mp and sp in the pbp-export.
Update: I added the same hex dumper to pbp/pbp.import_handler() just to see, what pbp sees from my input. This is the output:
pbp -b . -X -i alice.pbp
mp: 764332bbe3525367c8f069871b73ef5992be8e08d8d714f13e33a4e1d031687a
cp: b57a2b99de415036a1ecac98bf30aed54adbba7af6eaeba12e318538f7b2fc07
sp: 764332bbe3525367c8f069871b73ef5992be8e08d8d714f13e33a4e1d031687a
sig: 7ef137182a2ca93370dd5323c5682220b06c95f7b5156860f50755500e430b7b
858a64f0b0c4dbf61c983c211acf335fa3b1c3a0abd6f032d7c3967ddf5cef01
Traceback (most recent call last):
File "/usr/local/bin/pbp", line 9, in <module>
load_entry_point('pbp==0.2.1', 'console_scripts', 'pbp')()
File "build/bdist.freebsd-9.1-RELEASE-p4-amd64/egg/pbp/main.py", line 187, in main
File "build/bdist.freebsd-9.1-RELEASE-p4-amd64/egg/pbp/pbp.py", line 309, in import_handler
File "build/bdist.linux-x86_64/egg/pysodium/__init__.py", line 152, in crypto_sign_open
ValueError
So, as you can see, those are the very same values, pcp1 sees when writing the export.
argh, the export format changed, now it includes the dates and the order of keys changed as well. So I changed my code too, but it just doesn't work. Can't import from pbp and pbp can't import from pcp (same error: crypto_sign_open() fails).
PS: now the import of pbp keys in pcp fails with signature verification error as well. what a nightmare...
ok, now the import works, but only if the patch of issue#10 is re-applied:
$ pcp1 -V va -b -p -O alice.pbp -D
Enter passphrase to decrypt your secret key for signing the export:
mp (0032): 764332bbe3525367c8f069871b73ef5992be8e08d8d714f13e33a4e1d031687a
cp (0032): b57a2b99de415036a1ecac98bf30aed54adbba7af6eaeba12e318538f7b2fc07
sp (0032): 764332bbe3525367c8f069871b73ef5992be8e08d8d714f13e33a4e1d031687a
name (0005): 416c696365
sig (0229): d349f53407277ea9aec81dc57accc85e17eb90c966db2588ca894e921205b5ed13316c80
3ee5067e80a5cd36ccbfe2012547c2f5b66c3d66418400c80317b701764332bbe3525367
c8f069871b73ef5992be8e08d8d714f13e33a4e1d031687a764332bbe3525367c8f06987
1b73ef5992be8e08d8d714f13e33a4e1d031687ab57a2b99de415036a1ecac98bf30aed5
4adbba7af6eaeba12e318538f7b2fc07323031342d30322d30365430393a33333a343620
202020202020202020202020323031342d30322d30365430393a33333a34362020202020
2020202020202020416c696365
public key exported in PBP format.
$ pbp -b . -X -i alice.pbp
mp: 764332bbe3525367c8f069871b73ef5992be8e08d8d714f13e33a4e1d031687a
sp: 764332bbe3525367c8f069871b73ef5992be8e08d8d714f13e33a4e1d031687a
cp: b57a2b99de415036a1ecac98bf30aed54adbba7af6eaeba12e318538f7b2fc07
sig: d349f53407277ea9aec81dc57accc85e17eb90c966db2588ca894e921205b5ed13316c803ee5067e80a5cd36ccbfe2012547c2f5b66c3d66418400c80317b701764332bbe3525367c8f069871b73ef5992be8e08d8d714f13e33a4e1d031687a764332bbe3525367c8f069871b73ef5992be8e08d8d714f13e33a4e1d031687ab57a2b99de415036a1ecac98bf30aed54adbba7af6eaeba12e318538f7b2fc07323031342d30322d30365430393a33333a343620202020202020202020202020323031342d30322d30365430393a33333a343620202020202020202020202020416c696365
dates: 2014-02-06T09:33:46 2014-02-06T09:33:46
name: Alice
backing up existing key to ./pk/Alice.pk.old
Success: imported public keys for Alice
god...
Ok, now I found what was missing: the call to b85decode() in pbp.export_handler() has to set the 2nd argument to true:
return b85encode(pkt, True)
And, as already mentioned, the padding patch of issue#10 has to be applied. Then export and import works in both directions:
PBP => PCP:
$ pbp -b . -x --self Tom > tom.pbp
Passphrase for decrypting master key for Tom:
$ pcp1 -V vx -P -I tom.pbp -b
key 0x61E05C2AA4803742 added to vx.
$ pcp1 -V vx -l
Key ID Type Creation Time Owner
0x61E05C2AA4803742 public 2014-02-06T07:31:00 Tom <>
PCP => PBP:
$ pcp1 -V va -b -p -O alice.pbp
Enter passphrase to decrypt your secret key for signing the export:
public key exported in PBP format.
$ pbp -b . -X -i alice.pbp
Success: imported public keys for Alice
$ pbp -b . -l
invalid 9163 3781 9b14 ea5b 010b 7487 61fd dd46 Alice
valid 9275 5a5d 5375 bb49 d096 e0c5 1261 a575 Bob
Now, how about that? :)
There's one issue left though, pbp marks the imported key as "invalid" for whatever reason.
very cool! can you send a pull request to merge this?
ok, sent it.
I already reported it by mail, to be complete I repeat it here as well: when importing a public key with pbp, an error occurs:
The problem is in
Identity.__getattr__()
where pbp tries to load a secret key with the name of the imported key, because the variablepublicOnly
isFalse
.Also it does the parameter check only if the attribute starts with
^s
and tries to callloadkey()
even for thecreated
andvalid
parameters.Then I made the following changes:
and
then pbp at least doesn't try to load some - nonexisting - secret key, but instead dies with this message:
So, after successfully decoding the b85 encoded pubkey (by using the patch in issue#10), verifying the signature of the result and extracting all 3 public keys (mp, cp, sp) it tries to save it in it's native format and while doing so, it tries to sign the pk using
self.ms
, which of course doesn't exist, since we're importing an external public key.I'm not sure, how to fix this, IMHO it's a design problem. I think the best solution would be to store the signature of the import file in the Identity object and write it out as is. When later reading in a pk from disk, pbp has to verify that signature without the dates though.
best regards, Tom