duplicity-talk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Sign-key verification with long fingerprints

From: Kenneth Loafman
Subject: Re: [Duplicity-talk] Sign-key verification with long fingerprints
Date: Mon, 21 Nov 2016 10:29:38 -0600
Fix has been committed to the trunk.


On Thu, Nov 17, 2016 at 4:50 PM, Mark Grandi via Duplicity-talk <address@hidden> wrote:
The thing is, GPG knows how to figure out what key one is referring to when given different things, such as email, first 20 characters of fingerprint, all 40 characters of fingerprint, etc, but Duplicity doesn't

Duplicity should probably consult GPG on the full fingerprint of the key being used to encrypt before it saves it, so that way if someone passes in a different (but still valid according to GPG) identifier for the key, we won't get these errors

Example of how GPG could be called by duplicity to get the full 40 character fingerprint given different identifiers passed in by the user (see the 'fpr' line)

with email:

[2016-11-17 15:42:07] address@hidden:~$ gpg2 --list-secret-keys --fingerprint --with-colons address@hidden
sec::4096:1:C7DC9D26A1C7DFB9:1459373464::::::scESC::::
fpr:::::::::BB93C97A6D5BD11F4469A0F6C7DC9D26A1C7DFB9:
uid:::::1459373464::4B52287E61873F1175B997D6DD5684840430C5C4::Aurelion Sol (Hope. Wonder. Insignificance. Imagine what they'll feel when I complete the stars.) <address@hidden>:
uat:::::1459374102::175AADA90BE77BC78BD607F8011CFB34AD2F7A14::1 11228:
ssb::4096:1:AFC816A06E475087:1459373464::::::e::::
ssb::3072:17:2B5AE45A43093539:1459374008::::::s::::
ssb::4096:16:1BAC9BA4BF4D887D:1459374080::::::e::::
ssb::2048:1:AED498799F693180:1459374094::::::e::::

first 20 characters of fingerprint:

[2016-11-17 15:42:17] address@hidden:~$ gpg2 --list-secret-keys --fingerprint --with-colons C7DC9D26A1C7DFB9
sec::4096:1:C7DC9D26A1C7DFB9:1459373464::::::scESC::::
fpr:::::::::BB93C97A6D5BD11F4469A0F6C7DC9D26A1C7DFB9:
uid:::::1459373464::4B52287E61873F1175B997D6DD5684840430C5C4::Aurelion Sol (Hope. Wonder. Insignificance. Imagine what they'll feel when I complete the stars.) <address@hidden>:
uat:::::1459374102::175AADA90BE77BC78BD607F8011CFB34AD2F7A14::1 11228:
ssb::4096:1:AFC816A06E475087:1459373464::::::e::::
ssb::3072:17:2B5AE45A43093539:1459374008::::::s::::
ssb::4096:16:1BAC9BA4BF4D887D:1459374080::::::e::::
ssb::2048:1:AED498799F693180:1459374094::::::e::::

full 40 characters of fingerprint:

[2016-11-17 15:44:07] address@hidden:~$ gpg2 --list-secret-keys --fingerprint --with-colons BB93C97A6D5BD11F4469A0F6C7DC9D26A1C7DFB9
sec::4096:1:C7DC9D26A1C7DFB9:1459373464::::::scESC::::
fpr:::::::::BB93C97A6D5BD11F4469A0F6C7DC9D26A1C7DFB9:
uid:::::1459373464::4B52287E61873F1175B997D6DD5684840430C5C4::Aurelion Sol (Hope. Wonder. Insignificance. Imagine what they'll feel when I complete the stars.) <address@hidden>:
uat:::::1459374102::175AADA90BE77BC78BD607F8011CFB34AD2F7A14::1 11228:
ssb::4096:1:AFC816A06E475087:1459373464::::::e::::
ssb::3072:17:2B5AE45A43093539:1459374008::::::s::::
ssb::4096:16:1BAC9BA4BF4D887D:1459374080::::::e::::
ssb::2048:1:AED498799F693180:1459374094::::::e::::

~Mark

On Nov 17, 2016, at 11:25, Richard McGraw via Duplicity-talk <address@hidden> wrote:

Hello,

I tried to verify a backup signed with --sign-key <40-digit-hex-string>

duplicity responds with:
Volume was signed by key 349A3434, not
123434343434343C3434343434343734349A3434

Does it imply that signature verification was skipped ? If yes, it
looks like a bug.

--
Richard

_______________________________________________
Duplicity-talk mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/duplicity-talk


_______________________________________________
Duplicity-talk mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/duplicity-talk


reply via email to
[Prev in Thread] Current Thread [Next in Thread]