Re: [Monotone-devel] [bug #28809] mtn passphrase problems

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] [bug #28809] mtn passphrase problems

From:	Jack Lloyd
Subject:	Re: [Monotone-devel] [bug #28809] mtn passphrase problems
Date:	Thu, 4 Feb 2010 10:31:52 -0500
User-agent:	Mutt/1.5.20 (2009-06-14)

On Thu, Feb 04, 2010 at 02:22:36PM +0000, Thomas Keller wrote:
> Two problems with mtn passphrase:
> 
> 1) Major: While we allow the creation of passphraseless keys, we do not allow
> to remove the passphrase of an existing key. Furthermore, the error message
> should be improved:
> 
> mtn: fatal: Botan::Invalid_Argument: Botan: PKCS#5 PBKDF2: Empty passphrase
> is invalid

I think the fix here is key_store::change_key_passphrase needs to
check if new_phrase() is an empty string or not, and call encrypt_key
or encode depending on that. Basically what create_key_pair is already
doing.

Untested, may not even compile patch follows. -Jack

#
# old_revision [ba1a718b3bd53164ca17e38c0bb0ae5299824d44]
#
# patch "key_store.cc"
#  from [b78c703dc6b4f9b29b55526df73c09c60185cdc8]
#    to [ad85a628e58894f486e9df7ccbcd95b4cc2a4f0e]
#
============================================================
--- key_store.cc        b78c703dc6b4f9b29b55526df73c09c60185cdc8
+++ key_store.cc        ad85a628e58894f486e9df7ccbcd95b4cc2a4f0e
@@ -745,13 +745,19 @@ key_store::change_key_passphrase(key_id 
   get_passphrase(new_phrase, name, id, true, false);
 
   unfiltered_pipe->start_msg();
-  Botan::PKCS8::encrypt_key(*priv, *unfiltered_pipe,
+
+  unfiltered_pipe->start_msg();
+  if (new_phrase().length())
+    Botan::PKCS8::encrypt_key(priv, *unfiltered_pipe,
 #if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
-                            s->rng->get(),
+                              s->rng->get(),
 #endif
-                            new_phrase(),
-                            "PBE-PKCS5v20(SHA-1,TripleDES/CBC)",
-                            Botan::RAW_BER);
+                              new_phrase(),
+                              "PBE-PKCS5v20(SHA-1,TripleDES/CBC)",
+                              Botan::RAW_BER);
+  else
+    Botan::PKCS8::encode(priv, *unfiltered_pipe);
+
   unfiltered_pipe->end_msg();
   kp.priv = 
rsa_priv_key(unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
                          origin::internal);

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] [bug #28809] mtn passphrase problems, Thomas Keller, 2010/02/04
- Re: [Monotone-devel] [bug #28809] mtn passphrase problems, Jack Lloyd <=
- [Monotone-devel] [bug #28809] mtn passphrase problems, Thomas Keller, 2010/02/13

Prev by Date: Re: [Monotone-devel] Problems with the tutorial
Next by Date: Re: [Monotone-devel] [bug #28805] Global --key option (and possibly others) are not reset between stdio commands
Previous by thread: [Monotone-devel] [bug #28809] mtn passphrase problems
Next by thread: [Monotone-devel] [bug #28809] mtn passphrase problems
Index(es):
- Date
- Thread