summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Goins <mjgoins@openflows.com>2009-05-24 15:26:22 -0400
committerMatthew Goins <mjgoins@openflows.com>2009-05-24 15:26:22 -0400
commit2be12861abfe70143aada51e9034a218967658bf (patch)
treee005bbee23c9f224dc7efa31dcc7c82a4ff9bbb0
parent8e5e66add8fdaada67288464750bc86fdb633b40 (diff)
parente2e86b09f48ae9e3c115a7215256ac1345f86a5c (diff)
Merge commit 'dkg/master'
-rw-r--r--packaging/debian/changelog5
-rwxr-xr-xsrc/share/keytrans17
2 files changed, 15 insertions, 7 deletions
diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index b6592ad..e8e535a 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -8,10 +8,13 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
- fix monkeysphere update-known_hosts for sshd running on non-standard
ports
- add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key
+ - pem2openpgp now generates self-sigs over SHA-256 instead of SHA-1
- some portability improvements
+ - properly handle translation of keys with fingerprints with leading
+ all-zero bytes.
* update Standard-Version to 3.8.1
- -- Jameson Graef Rollins <jrollins@finestructure.net> Thu, 30 Apr 2009 15:34:28 -0700
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 21 May 2009 13:04:10 -0400
monkeysphere (0.24-1) unstable; urgency=low
diff --git a/src/share/keytrans b/src/share/keytrans
index f9288fa..c47ccdc 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -426,7 +426,7 @@ sub pem2openpgp {
my $uid = shift;
my $args = shift;
- $rsa->use_sha1_hash();
+ $rsa->use_sha256_hash();
# see page 22 of RFC 4880 for why i think this is the right padding
# choice to use:
@@ -442,7 +442,7 @@ sub pem2openpgp {
# RSA
my $pubkey_algo = pack('C', $asym_algos->{rsa});
# SHA1
- my $hash_algo = pack('C', $digests->{sha1});
+ my $hash_algo = pack('C', $digests->{sha256});
# FIXME: i'm worried about generating a bazillion new OpenPGP
# certificates from the same key, which could easily happen if you run
@@ -497,11 +497,14 @@ sub pem2openpgp {
$ciphers->{tripledes}
);
- # prefer SHA-1, SHA-256, RIPE-MD/160
- my $pref_hash_algos = pack('CCCCC', 4, $subpacket_types->{preferred_digest},
- $digests->{sha1},
+ # prefer SHA-512, SHA-384, SHA-256, SHA-224, RIPE-MD/160, SHA-1
+ my $pref_hash_algos = pack('CCCCCCCC', 7, $subpacket_types->{preferred_digest},
+ $digests->{sha512},
+ $digests->{sha384},
$digests->{sha256},
- $digests->{ripemd160}
+ $digests->{sha224},
+ $digests->{ripemd160},
+ $digests->{sha1}
);
# prefer ZLIB, BZip2, ZIP
@@ -687,6 +690,8 @@ sub openpgp2ssh {
my $foundfpr = fingerprint($pubkey, $timestamp);
my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex();
+ # left-pad with 0's to bring up to full 40-char (160-bit) fingerprint:
+ $foundfprstr = sprintf("%040s", $foundfprstr);
# is this a match?
if ((!defined($fpr)) ||