Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle unkonwn public key types in GPG #5

Open
alex opened this issue Oct 16, 2017 · 6 comments
Open

Handle unkonwn public key types in GPG #5

alex opened this issue Oct 16, 2017 · 6 comments
Labels
enhancement

Comments

@alex
Copy link

alex commented Oct 16, 2017

Right now an unknown public key in GPG stops all processing of that public key block; it'd be great if it ignored such keys and still tested all other keys. To reproduce:

(t) root@6a5c5567c5c4:/roca# gpg --export --armor --keyring /usr/share/keyrings/debian-maintainers.gpg > x
(t) root@6a5c5567c5c4:/roca# roca-detect x
2017-10-16 15:25:39 [6961] ERROR Exception in processing PGP rec file x: Unsupported public key algorithm 22
2017-10-16 15:25:39 [6961] INFO ### SUMMARY ####################
2017-10-16 15:25:39 [6961] INFO Records tested: 0
2017-10-16 15:25:39 [6961] INFO .. PEM certs: . . . 0
2017-10-16 15:25:39 [6961] INFO .. DER certs: . . . 0
2017-10-16 15:25:39 [6961] INFO .. RSA key files: . 0
2017-10-16 15:25:39 [6961] INFO .. PGP master keys: 0
2017-10-16 15:25:39 [6961] INFO .. PGP total keys:  0
2017-10-16 15:25:39 [6961] INFO .. SSH keys:  . . . 0
2017-10-16 15:25:39 [6961] INFO .. APK keys:  . . . 0
2017-10-16 15:25:39 [6961] INFO .. JSON keys: . . . 0
2017-10-16 15:25:39 [6961] INFO .. LDIFF certs: . . 0
2017-10-16 15:25:39 [6961] INFO .. JKS certs: . . . 0
2017-10-16 15:25:39 [6961] INFO No fingerprinted keys found (OK)
2017-10-16 15:25:39 [6961] INFO ################################

(Run on debian/buster)
@ph4r05
Copy link
Member

ph4r05 commented Oct 16, 2017

Thanks for suggestion!

Unfortunately the problem lies in the pgpdump dependency used for PGP parsing.

Its all one big PGP key so the packet parsing would have to be fixed in the lib or monkey-patch it somehow.

@tycho
Copy link

tycho commented Oct 16, 2017

I ran into this too. Trying to figure out some kind of workaround... Even just being able to tell GPG "please only export RSA public keys" would get around this, but I can't find such an option. The real solution would be to get pgpdump to do what we want, but I am not sure how to get that to happen either.

@tycho
Copy link

tycho commented Oct 16, 2017

Aha, found a workaround.

https://github.com/SkierPGP/python-pgpdump

The above fork has support for ed25519 keys. It's in pypi with the name "pgpdump3". If you modify setup.py to reference that instead of "pgpdump" then it works.

@J08nY
Copy link
Member

J08nY commented Oct 17, 2017

I would recommend using: https://github.com/SecurityInnovation/PGPy a much better, python-only PGP library in my opinion. And it shouldn't hiccup when it encounters an ed25519 key.

@ph4r05
Copy link
Member

ph4r05 commented Oct 18, 2017

@J08nY thanks for suggestion, lib looks nice and maintained.

I won't have time to port it to this - API seems different.

I want to preserve all current functionality:

  • all public keys parsing (including sub-keys, PublicKeyPacket, PublicSubkeyPacket)
  • identities parsing (UserIDPacket, name, email)
  • signatures parsing (SignaturePacket)

If the library can do exactly the same as the current one (all json fields extracted) then it is a good choice to change, but I won't get to that any time soon.

@J08nY
Copy link
Member

J08nY commented Oct 18, 2017

Sure PGPy supports all that, let me have a look on how pgpdump is used here, and hopefully make a PR to switch to PGPy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alex @tycho @ph4r05 @J08nY