[gnome-keysign: 13/16] gpgmeh: Add signature check before import

From: Tobias Mueller <tobiasmue src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-keysign: 13/16] gpgmeh: Add signature check before import
Date: Wed, 7 Aug 2019 09:50:03 +0000 (UTC)

commit e87039c9309cba1401d141a1fa5d3591a588a14a
Author: RyuzakiKK <aasonykk gmail com>
Date:   Wed Aug 7 09:05:18 2019 +0200

    gpgmeh: Add signature check before import

 keysign/gpgmeh.py | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)
---
diff --git a/keysign/gpgmeh.py b/keysign/gpgmeh.py
index 5165c26..cee161f 100755
--- a/keysign/gpgmeh.py
+++ b/keysign/gpgmeh.py
@@ -477,8 +477,22 @@ def sign_keydata_and_encrypt(keydata, error_cb=None, homedir=None):
 
 
 def import_signature(encrypted_sig, homedir=None):
-    # ctx = gpg.Context()
     ctx = DirectoryContext(homedir)
+
+    # Check if we are really importing a signature
+    temp_ctx = TempContextWithAgent(ctx)
+    signature = temp_ctx.decrypt(encrypted_sig)
+    temp_ctx.op_import(signature[0])
+    result = temp_ctx.op_import_result()
+
+    if result.imported != 0:
+        log.warning("Trying to import a new key instead of a signature!")
+        raise GPGMEError
+
+    if result.new_signatures == 0 or result.revocations != 0 or result.new_sub_keys != 0:
+        log.warning("The signature that we were importing is not as we expected!")
+        raise GPGMEError
+
     signature = ctx.decrypt(encrypted_sig)
 
     # Try Seahorse DBus

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]