lili/amodem
1
0
Fork 0
mirror of https://github.com/romanz/amodem.git synced 2026-04-21 05:36:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

subkey: add backsig

Browse Source
This commit is contained in:
Roman Zeyde
2016-04-28 22:10:40 +03:00
parent 673b1df648
commit 1d3ba7e9b7
2 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
trezor_agent/gpg/encode.py
View File

@@ -228,17 +228,24 @@ class Signer(object):
keygrip = agent.get_keygrip(user_id) keygrip = agent.get_keygrip(user_id)
log.info('adding as subkey to %s (%s)', user_id, keygrip) log.info('adding as subkey to %s (%s)', user_id, keygrip)
data_to_sign = primary['_to_hash'] + self._pubkey_data_to_hash() data_to_sign = primary['_to_hash'] + self._pubkey_data_to_hash()
hashed_subpackets = [
subpacket_time(self.created)] # signature creaion time
back_sign = self._make_signature(visual='Add subkey',
data_to_sign=data_to_sign,
sig_type=0x19, # Primary Key Binding Signature
hashed_subpackets=hashed_subpackets)
log.info('back_sign: %r', back_sign)
hashed_subpackets = [ hashed_subpackets = [
subpacket_time(self.created), # signature creaion time subpacket_time(self.created), # signature creaion time
subpacket_byte(0x1B, 2)] # key flags (certify & sign) subpacket_byte(0x1B, 2)] # key flags (certify & sign)
_conn = self.conn _conn = self.conn
self.conn = AgentSigner(user_id, curve_name=formats.CURVE_NIST256) self.conn = AgentSigner(user_id, curve_name=formats.CURVE_NIST256)
self.key_id = lambda: primary['key_id'] self.key_id = lambda: primary['key_id']
signature = self._make_signature(visual='Add subkey', signature = self._make_signature(visual='Add subkey',
data_to_sign=data_to_sign, data_to_sign=data_to_sign,
sig_type=0x18, # Subkey Binding Signature sig_type=0x18, # Subkey Binding Signature
hashed_subpackets=hashed_subpackets) hashed_subpackets=hashed_subpackets,
unhashed=[subpacket(32, bytes(back_sign))])
self.conn = _conn self.conn = _conn
sign_packet = packet(tag=2, blob=signature) sign_packet = packet(tag=2, blob=signature)
@@ -259,7 +266,7 @@ class Signer(object):
return packet(tag=2, blob=blob) return packet(tag=2, blob=blob)
def _make_signature(self, visual, data_to_sign, def _make_signature(self, visual, data_to_sign,
hashed_subpackets, sig_type=0): hashed_subpackets, sig_type=0, unhashed=()):
curve_info = SUPPORTED_CURVES[self.conn.curve_name] curve_info = SUPPORTED_CURVES[self.conn.curve_name]
header = struct.pack('>BBBB', header = struct.pack('>BBBB',
4, # version 4, # version
@@ -269,7 +276,8 @@ class Signer(object):
hashed = subpackets(*hashed_subpackets) hashed = subpackets(*hashed_subpackets)
log.info('key_id: %s', util.hexlify(self.key_id())) log.info('key_id: %s', util.hexlify(self.key_id()))
unhashed = subpackets( unhashed = subpackets(
subpacket(16, self.key_id()) # issuer key id subpacket(16, self.key_id()), # issuer key id
*unhashed
) )
tail = b'\x04\xff' + struct.pack('>L', len(header) + len(hashed)) tail = b'\x04\xff' + struct.pack('>L', len(header) + len(hashed))
data_to_hash = data_to_sign + header + hashed + tail data_to_hash = data_to_sign + header + hashed + tail

7
trezor_agent/gpg/test.sh Normal file
View File

@@ -0,0 +1,7 @@
set -x
(cd ~/.gnupg && rm -r openpgp-revocs.d/ private-keys-v1.d/ pubring.kbx* trustdb.gpg /tmp/log *.gpg; killall gpg-agent)
gpg2 --full-gen-key --expert
gpg2 --export > romanz.pub
NOW=`date +%s`; trezor-gpg -t $NOW "romanz" -o subkey.pub
gpg2 -vv --import <(cat romanz.pub subkey.pub)
gpg2 -k