diff options
| -rwxr-xr-x | src/share/keytrans | 44 | ||||
| -rwxr-xr-x | tests/keytrans | 47 |
2 files changed, 88 insertions, 3 deletions
diff --git a/src/share/keytrans b/src/share/keytrans index ae4fb09..255a271 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -722,6 +722,7 @@ sub findkey { my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex(); # left-pad with 0's to bring up to full 40-char (160-bit) fingerprint: $foundfprstr = sprintf("%040s", $foundfprstr); + my $matched = 0; # is this a match? if ((!defined($data->{target}->{fpr})) || @@ -731,6 +732,7 @@ sub findkey { } $data->{key} = { 'rsa' => $pubkey, 'timestamp' => $key_timestamp }; + $matched = 1; } if ($tag != $packet_types->{seckey} && @@ -740,7 +742,7 @@ sub findkey { } return; } - if (!defined($data->{key})) { + if (!$matched) { # we don't think the public part of this key matches if ($readbytes < $packetlen) { read($instr, $dummy, $packetlen - $readbytes) or die "Could not skip past this packet.\n"; @@ -810,6 +812,40 @@ sub openpgp2rsa { return $data->{key}->{rsa}; } +sub findkeyfprs { + my $data = shift; + my $instr = shift; + my $tag = shift; + my $packetlen = shift; + + findkey($data, $instr, $tag, $packetlen); + if (defined($data->{key})) { + if (defined($data->{key}->{rsa}) && defined($data->{key}->{timestamp})) { + $data->{keys}->{fingerprint($data->{key}->{rsa}, $data->{key}->{timestamp})} = $data->{key}; + } else { + die "should have found some key here"; + } + undef($data->{key}); + } +}; + +sub getallprimarykeys { + my $instr = shift; + + my $subs = { $packet_types->{pubkey} => \&findkeyfprs, + $packet_types->{seckey} => \&findkeyfprs, + }; + my $data = {target => { } }; + + packetwalk($instr, $subs, $data); + + if (defined $data->{keys}) { + return $data->{keys}; + } else { + return {}; + } +} + sub adduserid { my $instr = shift; my $fpr = shift; @@ -1102,6 +1138,12 @@ for (basename($0)) { }); print $newuid; + } elsif (/^listfprs$/) { + my $instream; + open($instream,'-'); + binmode($instream, ":bytes"); + my $keys = getallprimarykeys($instream); + printf("%s\n", join("\n", map { uc(unpack('H*', $_)) } keys(%{$keys}))); } else { die "Unrecognized subcommand. keytrans subcommands are not a stable interface!\n"; } diff --git a/tests/keytrans b/tests/keytrans index 8808cbc..e70751d 100755 --- a/tests/keytrans +++ b/tests/keytrans @@ -106,8 +106,8 @@ diff -u \ <(hd "$TEMPDIR"/secret.key) \ <(hd "$TEMPDIR"/converted.secret.key) - -KEYID=$(gpg --fingerprint --with-colons --list-keys | grep ^fpr | cut -f10 -d: | cut -b25-40) +KEYFPR=$(gpg --fingerprint --with-colons --list-keys | grep ^fpr | cut -f10 -d:) +KEYID=$(printf "%s" "$KEYFPR" | cut -b25-40) echo "conversions look good!" @@ -162,6 +162,49 @@ EOF diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru) +echo "##################################################" +echo "### test working with two primary keys ... " + +ssh-keygen -t rsa -b 1024 -N '' -f "$TEMPDIR"/newkey + +PEM2OPENPGP_USAGE_FLAGS=authenticate,certify \ +PEM2OPENPGP_TIMESTAMP="$(( $timestamp + 1 ))" pem2openpgp fubar \ + < "$TEMPDIR"/newkey > "$TEMPDIR"/newkey.gpg + +NEWKEYFPR=$(< "$TEMPDIR"/newkey.gpg keytrans listfprs) +NEWKEYID=$( printf "%s" "$NEWKEYFPR" | cut -b25-40) + +< "$TEMPDIR"/newkey.gpg gpg --import + +< "$TEMPDIR"/secring.gpg \ +PEM2OPENPGP_TIMESTAMP="$timestamp" \ + keytrans adduserid "$KEYID" "baz" | gpg --import + +gpg --check-sigs --with-colons --fixed-list-mode + +cat >"$TEMPDIR"/expectedout <<EOF +pub:u:1024:1:$KEYID:$timestamp:::u:::scSC: +uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey: +sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x: +uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest: +sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x: +rev:!::1:$KEYID:$revtime::::monkeymonkey:30x: +uid:u::::$timestamp::EDDC32D783E7F4C7B6982D9AE5DC4A61000648BA::baz: +sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x: +pub:-:1024:1:$NEWKEYID:$(($timestamp + 1)):::-:::caCA: +uid:-::::$(($timestamp + 1))::A0D708F51CC257DEFC01AEDE1E0A5F329DFD8F16::fubar: +sig:!::1:$NEWKEYID:$(($timestamp + 1))::::fubar:13x: +EOF + +diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru) + +cat >"$TEMPDIR"/expectedout <<EOF +$KEYFPR +$NEWKEYFPR +EOF + +diff -u "$TEMPDIR"/expectedout <( < "$TEMPDIR"/secring.gpg keytrans listfprs) + ## FIXME: addtest: not testing subkeys at the moment. |