6.0.0-beta1
7/4/25

[#6363] PGP-Fingerprint is missing, instead ID is marked as fingerprint
Summary PGP-Fingerprint is missing, instead ID is marked as fingerprint
Queue Horde Base
Queue Version HEAD
Type Bug
State Resolved
Priority 2. Medium
Owners chuck (at) horde (dot) org
Requester libre (at) immerda (dot) ch
Created 03/03/2008 (6332 days ago)
Due
Updated 04/11/2008 (6293 days ago)
Assigned 03/05/2008 (6330 days ago)
Resolved 04/11/2008 (6293 days ago)
Github Issue Link
Github Pull Request
Milestone 3.2
Patch Yes

History
04/11/2008 09:05:07 PM Chuck Hagenbuch Comment #7
Assigned to Chuck Hagenbuch
Taken from Horde DevelopersHorde Developers
State ⇒ Resolved
Reply to this comment
04/09/2008 08:53:03 PM Chuck Hagenbuch Deleted Original Message
 
04/09/2008 08:52:57 PM Chuck Hagenbuch Deleted Original Message
 
03/30/2008 12:15:55 AM Michael Slusarz Comment #6
Priority ⇒ 2. Medium
New Attachment: pgp-fingerprint.patch.2 Download
Reply to this comment
Started to look through this, but I didn't write any of this 
fingerprint code so none of this code is familiar to me.  I did clean 
up the patch a bit more, so I've attached that to this ticket.
03/06/2008 08:55:26 AM Matt Selsky Comment #5
New Attachment: pgp-fingerprint.patch
Reply to this comment
This is an updated version of Chuck's patch.  Note: I changed the 
getFingerprintFromKey() function to return all fingerprints instead of 
just the 1st one.  However the keys and fingerprints don't match up 
yet, since I think maybe the keys are sorted, but the fingerprints are 
not.  Unfortunately the fingerprints are not available directly from 
"gpg --list-packets" so we can't insert them into the $key_info hash 
directly.



Also, we print 16 digit key IDs.  I think we only want to print 8 
digit keys and have a leading 0x.



And imp/lib/Crypt/PGP.php needs to be updated to use the new functions still.



This patch is definitely not complete.
03/06/2008 07:05:17 AM Matt Selsky Comment #4 Reply to this comment
We should deprecate getSignersFingerprint() and create a new function 
called getSignersKeyID() that does the same thing.
03/06/2008 04:54:50 AM Chuck Hagenbuch Patch ⇒ Yes
 
03/06/2008 04:54:40 AM Chuck Hagenbuch Milestone ⇒ 3.2
 
03/06/2008 04:54:21 AM Chuck Hagenbuch Comment #3
New Attachment: pgp.fingerprint.patch
Reply to this comment
Jan or Michael or someone else a bit familiar with PGP, can you take a 
look at this patch? There's probably a bit more to do, but it's a start.
03/05/2008 11:42:50 PM Chuck Hagenbuch Comment #2
Assigned to Horde DevelopersHorde Developers
Reply to this comment
We seem to be calling the key id the fingerprint in a bunch of places. 
I've got some preliminary code to get the actual fingerprint, but it 
needs some work and testing before I commit it.
03/05/2008 11:42:00 PM Chuck Hagenbuch State ⇒ Assigned
Version ⇒ HEAD
 
03/03/2008 04:06:03 PM libre (at) immerda (dot) ch Comment #1
Priority ⇒ 1. Low
State ⇒ Unconfirmed
Queue ⇒ Horde Base
Summary ⇒ PGP-Fingerprint is missing, instead ID is marked as fingerprint
Type ⇒ Bug
Reply to this comment
It is possible to show details of an importet PGP-key via Preferences 
-> Webmail-> PGP-Preferences -> List of keys ->Details (German: 
Einstellungen -> Webmail -> PGP-Einstellungen -> Liste von Keys -> 
Details). The string that is labeled "Fingerprint" is NOT the 
fingerprint but the ID of the key. The fingerprint is missing which is 
a problem because this is the crucial point of attack for a 
man-in-the-middle attack.

Saved Queries