[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: openpgp fingerprints for subkeys
From: |
Daniel Kahn Gillmor |
Subject: |
Re: openpgp fingerprints for subkeys |
Date: |
Mon, 16 Jun 2008 10:21:43 -0400 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) |
On Mon 2008-06-16 09:41:06 -0400, Nikos Mavrogiannopoulos wrote:
> On Mon, Jun 16, 2008 at 11:55 AM, Simon Josefsson <address@hidden> wrote:
>
>> Is it easy to implement this? I think we could squeeze this
>> addition into 2.4.0 if you or Nikos come up with a patch soon.
>
> Could be easy but please do not delay the 2.4.0 for this. The
> merging of development with my branch is already very difficult!
> Such a function can be easily implemented at any point (currently
> I'm not home so I cannot provide a quick patch).
Attached, please find a patch to provide this functionality. I've
tested it locally against private keys and certificates, and it seems
to work. I still don't understand the test infrastructure, though, so
i haven't added a test, unfortunately.
Feedback on the patch is welcome. I'm afraid it's a bit of a
cargo-cult patch (a fair bit of copy/paste from similar functions),
and it further aggravates the other concern i wrote about having too
many duplicate OpenPGP functions. But it produces the correct
fingerprints for me.
Regards,
--dkg
PS i also fixed a misleading comment in one of the existing
fingerprint function headers. Sorry to have two things in one
patch.
diff --git a/includes/gnutls/openpgp.h b/includes/gnutls/openpgp.h
index e56a226..2bbd99f 100644
--- a/includes/gnutls/openpgp.h
+++ b/includes/gnutls/openpgp.h
@@ -73,6 +73,8 @@ extern "C"
unsigned int *key_usage);
int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *fpr,
size_t * fprlen);
+ int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
unsigned int idx,
+ void *fpr, size_t * fprlen);
int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
int idx, char *buf, size_t * sizeof_buf);
@@ -135,6 +137,8 @@ extern "C"
gnutls_datum_t * signature);
int gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
void *fpr, size_t * fprlen);
+ int gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t
key,
+ unsigned int idx, void
*fpr, size_t * fprlen);
int gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key,
gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key);
int gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key,
const gnutls_openpgp_keyid_t keyid);
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index 02834f7..70ef72d 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -226,7 +226,7 @@ gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
* Get key fingerprint. Depending on the algorithm, the fingerprint
* can be 16 or 20 bytes.
*
- * Returns: the fingerprint of the OpenPGP key.
+ * Returns: On success, 0 is returned. Otherwise, an error code.
**/
int
gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key,
@@ -258,6 +258,7 @@ gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t
key,
return 0;
}
+
int
_gnutls_openpgp_count_key_names (gnutls_openpgp_crt_t key)
{
@@ -937,6 +938,48 @@ gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
}
/**
+ * gnutls_openpgp_crt_get_subkey_fingerprint - Gets the fingerprint of a subkey
+ * @key: the raw data that contains the OpenPGP public key.
+ * @idx: the subkey index
+ * @fpr: the buffer to save the fingerprint, must hold at least 20 bytes.
+ * @fprlen: the integer to save the length of the fingerprint.
+ *
+ * Get key fingerprint of a subkey. Depending on the algorithm, the
fingerprint
+ * can be 16 or 20 bytes.
+ *
+ * Returns: On success, 0 is returned. Otherwise, an error code.
+ **/
+int
+gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
+ unsigned int idx, void *fpr, size_t
* fprlen)
+{
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
+
+ if (!fpr || !fprlen)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *fprlen = 0;
+
+ pkt = _get_public_subkey( key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ pk = pkt->pkt.public_key;
+ *fprlen = 20;
+
+ /* FIXME: Check if the draft allows old PGP keys. */
+ if (is_RSA (pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
+ cdk_pk_get_fingerprint (pk, fpr);
+
+ return 0;
+}
+
+/**
* gnutls_openpgp_crt_get_subkey_idx - Returns the subkey's index
* @key: the structure that contains the OpenPGP public key.
* @keyid: the keyid.
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 5a7e2d5..b94a808 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -606,6 +606,51 @@ gnutls_openpgp_privkey_get_subkey_id
(gnutls_openpgp_privkey_t key,
return 0;
}
+/**
+ * gnutls_openpgp_privkey_get_subkey_fingerprint - Gets the fingerprint of a
subkey
+ * @key: the raw data that contains the OpenPGP secret key.
+ * @idx: the subkey index
+ * @fpr: the buffer to save the fingerprint, must hold at least 20 bytes.
+ * @fprlen: the integer to save the length of the fingerprint.
+ *
+ * Get the fingerprint of an OpenPGP subkey. Depends on the
+ * algorithm, the fingerprint can be 16 or 20 bytes.
+ *
+ * Returns: On success, 0 is returned, or an error code.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t key,
+ unsigned int idx, void *fpr, size_t *
fprlen)
+{
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
+
+ if (!fpr || !fprlen)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *fprlen = 0;
+
+ pkt = _get_secret_subkey( key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+
+ pk = pkt->pkt.secret_key->pk;
+ *fprlen = 20;
+
+ if (is_RSA (pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
+
+ cdk_pk_get_fingerprint (pk, fpr);
+
+ return 0;
+}
+
/* Extracts DSA and RSA parameters from a certificate.
*/
int
pgpUOOWTQbKve.pgp
Description: PGP signature
- openpgp fingerprints for subkeys, Daniel Kahn Gillmor, 2008/06/16
- Re: openpgp fingerprints for subkeys, Simon Josefsson, 2008/06/16
- Re: openpgp fingerprints for subkeys, Nikos Mavrogiannopoulos, 2008/06/16
- Re: openpgp fingerprints for subkeys, Simon Josefsson, 2008/06/16
- Re: openpgp fingerprints for subkeys,
Daniel Kahn Gillmor <=
- Re: openpgp fingerprints for subkeys, Simon Josefsson, 2008/06/16
- Re: openpgp fingerprints for subkeys, Daniel Kahn Gillmor, 2008/06/16
- Re: openpgp fingerprints for subkeys, Daniel Kahn Gillmor, 2008/06/16
- Re: openpgp fingerprints for subkeys, Simon Josefsson, 2008/06/16
- Re: openpgp fingerprints for subkeys, Werner Koch, 2008/06/17
- Re: openpgp fingerprints for subkeys, Simon Josefsson, 2008/06/18