[Rpm-maint] [rpm-software-management/rpm] Fingerprint subpacket parsing support (#1728)
Demi Marie Obenour
notifications at github.com
Tue Jun 22 13:58:47 UTC 2021
This PR adds support for parsing fingerprint subpackets (type 33), which are generated by GPG. If both a fingerprint and a key ID are present, they must be consistent with each other. Furthermore, if a fingerprint is present, it must match the fingerprint of the public key. Finally, if more than one key ID, fingerprint, or creation time subpacket is present, the entire signature is rejected. According to RFC 4880, having more than one subpacket with the same type (other than notation subpackets) is a syntax error.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1728
-- Commit Summary --
* Reset the saved flags after each signature
* Treat all signature packets the same
* Fingerprint packet parsing support
* Reject multiple creation times
* Check that fingerprints in signatures and keys match
-- File Changes --
M rpmio/digest.h (2)
M rpmio/rpmkeyring.c (4)
M rpmio/rpmpgp.c (71)
M rpmio/rpmpgp.h (1)
-- Patch Links --
https://github.com/rpm-software-management/rpm/pull/1728.patch
https://github.com/rpm-software-management/rpm/pull/1728.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1728
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210622/81c5d216/attachment.html>
More information about the Rpm-maint
mailing list