[gnome-keysign: 32/75] gpgmks: sign_keydata_and_encrypt: Use the fingerprint as recipient

From: Gitlab System User <gitlab src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-keysign: 32/75] gpgmks: sign_keydata_and_encrypt: Use the fingerprint as recipient
Date: Fri, 29 Sep 2017 11:25:02 +0000 (UTC)

commit 10e263a5529cfb37cdaa004d415b174d06fbc253
Author: Tobias Mueller <muelli cryptobitch de>
Date:   Sun Jul 23 12:04:19 2017 +0200

    gpgmks: sign_keydata_and_encrypt: Use the fingerprint as recipient
    
    Rather than the UID.
    We've modified the UID to be a consumable string.  As such, we will not
    be able to use it as an identifier for gpg to identify a key. We could
    somehow pass the raw UID bytes around, but using the fingerprint seems
    like much less effort with very similar results.

 keysign/gpgmks.py | 6 +++++-
 keysign/util.py   | 6 +++---
 2 files changed, 8 insertions(+), 4 deletions(-)
---
diff --git a/keysign/gpgmks.py b/keysign/gpgmks.py
index 744b6f8..55dd384 100644
--- a/keysign/gpgmks.py
+++ b/keysign/gpgmks.py
@@ -407,10 +407,14 @@ def sign_keydata_and_encrypt(keydata, error_cb=None, homedir=None):
     """
     tmpkeyring = TempKeyring()
     tmpkeyring.import_data(keydata)
+    fingerprint = fingerprint_from_keydata(keydata)
     tmpkeyring.context.set_option('always-trust')
     for (uid, signed_key) in sign_keydata(keydata,
         error_cb=error_cb, homedir=homedir):
             if not uid.revoked:
                 encrypted_key = tmpkeyring.encrypt_data(data=signed_key,
-                    recipient=uid.uid)
+                    # We use the fingerprint rather than the email address,
+                    # because we cannot get a reliable representation of the
+                    # UID, i.e. when it contains non-UTF-8 bytes.
+                    recipient=fingerprint)
                 yield (UID.from_monkeysign(uid), encrypted_key)
diff --git a/keysign/util.py b/keysign/util.py
index 565ff6b..5b6317e 100644
--- a/keysign/util.py
+++ b/keysign/util.py
@@ -117,9 +117,9 @@ def sign_keydata_and_send(keydata, error_cb=None):
     # and spawn an email client.
     log.info("About to create signatures for key with fpr %r", fingerprint)
     for uid, encrypted_key in list(sign_keydata_and_encrypt(keydata, error_cb)):
-            log.info("formatting UID: %r", uid)
-            # We expect uid.uid to be bytes rather than a string
-            uid_str = uid.uid.decode('utf-8', 'replace')
+            log.info("Using UID: %r", uid)
+            # We expect uid.uid to be a consumable string
+            uid_str = uid.uid
             ctx = {
                 'uid' : uid_str,
                 'fingerprint': fingerprint,

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]