GPG: use key fingerprint suffix to compare id for signing key
Check whether the value of the git config user.signingKey is a suffix of the full fingerprint of the key. This was already used for finding keys in secring.gpg, but not in pubring.kbx. This mechanism allows a user to use any unique suffix to identify keys; to avoid needless collisions it's recommended to use at least the last 16 characters of the hex representation of the fingerprint, which is the key id.[1] [1] https://tools.ietf.org/html/rfc4880#section-12.2 Bug: 545673 Change-Id: If6fb4879502b6ee4b8c26c21b2714aeac4e4670c Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
This commit is contained in:
parent
6e127c089a
commit
6536b5cbca
|
@ -181,10 +181,11 @@ private boolean containsSigningKey(String userId) {
|
|||
|
||||
private PGPPublicKey findPublicKeyByKeyId(KeyBlob keyBlob)
|
||||
throws IOException {
|
||||
String keyId = signingKey.toLowerCase(Locale.ROOT);
|
||||
for (KeyInformation keyInfo : keyBlob.getKeyInformation()) {
|
||||
if (signingKey.toLowerCase(Locale.ROOT)
|
||||
.equals(Hex.toHexString(keyInfo.getKeyID())
|
||||
.toLowerCase(Locale.ROOT))) {
|
||||
String fingerprint = Hex.toHexString(keyInfo.getFingerprint())
|
||||
.toLowerCase(Locale.ROOT);
|
||||
if (fingerprint.endsWith(keyId)) {
|
||||
return getFirstPublicKey(keyBlob);
|
||||
}
|
||||
}
|
||||
|
@ -334,6 +335,7 @@ private PGPSecretKey findSecretKeyInLegacySecring(String signingkey,
|
|||
PGPUtil.getDecoderStream(new BufferedInputStream(in)),
|
||||
new JcaKeyFingerprintCalculator());
|
||||
|
||||
String keyId = signingkey.toLowerCase(Locale.ROOT);
|
||||
Iterator<PGPSecretKeyRing> keyrings = pgpSec.getKeyRings();
|
||||
while (keyrings.hasNext()) {
|
||||
PGPSecretKeyRing keyRing = keyrings.next();
|
||||
|
@ -344,8 +346,7 @@ private PGPSecretKey findSecretKeyInLegacySecring(String signingkey,
|
|||
String fingerprint = Hex
|
||||
.toHexString(key.getPublicKey().getFingerprint())
|
||||
.toLowerCase(Locale.ROOT);
|
||||
if (fingerprint
|
||||
.endsWith(signingkey.toLowerCase(Locale.ROOT))) {
|
||||
if (fingerprint.endsWith(keyId)) {
|
||||
return key;
|
||||
}
|
||||
// try user id
|
||||
|
|
Loading…
Reference in New Issue