[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] [bug #28809] mtn passphrase problems
From: |
Jack Lloyd |
Subject: |
Re: [Monotone-devel] [bug #28809] mtn passphrase problems |
Date: |
Thu, 4 Feb 2010 10:31:52 -0500 |
User-agent: |
Mutt/1.5.20 (2009-06-14) |
On Thu, Feb 04, 2010 at 02:22:36PM +0000, Thomas Keller wrote:
> Two problems with mtn passphrase:
>
> 1) Major: While we allow the creation of passphraseless keys, we do not allow
> to remove the passphrase of an existing key. Furthermore, the error message
> should be improved:
>
> mtn: fatal: Botan::Invalid_Argument: Botan: PKCS#5 PBKDF2: Empty passphrase
> is invalid
I think the fix here is key_store::change_key_passphrase needs to
check if new_phrase() is an empty string or not, and call encrypt_key
or encode depending on that. Basically what create_key_pair is already
doing.
Untested, may not even compile patch follows. -Jack
#
# old_revision [ba1a718b3bd53164ca17e38c0bb0ae5299824d44]
#
# patch "key_store.cc"
# from [b78c703dc6b4f9b29b55526df73c09c60185cdc8]
# to [ad85a628e58894f486e9df7ccbcd95b4cc2a4f0e]
#
============================================================
--- key_store.cc b78c703dc6b4f9b29b55526df73c09c60185cdc8
+++ key_store.cc ad85a628e58894f486e9df7ccbcd95b4cc2a4f0e
@@ -745,13 +745,19 @@ key_store::change_key_passphrase(key_id
get_passphrase(new_phrase, name, id, true, false);
unfiltered_pipe->start_msg();
- Botan::PKCS8::encrypt_key(*priv, *unfiltered_pipe,
+
+ unfiltered_pipe->start_msg();
+ if (new_phrase().length())
+ Botan::PKCS8::encrypt_key(priv, *unfiltered_pipe,
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
- s->rng->get(),
+ s->rng->get(),
#endif
- new_phrase(),
- "PBE-PKCS5v20(SHA-1,TripleDES/CBC)",
- Botan::RAW_BER);
+ new_phrase(),
+ "PBE-PKCS5v20(SHA-1,TripleDES/CBC)",
+ Botan::RAW_BER);
+ else
+ Botan::PKCS8::encode(priv, *unfiltered_pipe);
+
unfiltered_pipe->end_msg();
kp.priv =
rsa_priv_key(unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
origin::internal);