Tickets :: [#6363] PGP-Fingerprint is missing, instead ID is marked as fingerprint

6.0.0-beta5

3/18/26

Summary	PGP-Fingerprint is missing, instead ID is marked as fingerprint
Queue	Horde Base
Queue Version	HEAD
Type	Bug
State	Resolved
Priority	2. Medium
Owners	chuck (at) horde (dot) org
Requester	libre (at) immerda (dot) ch
Created	03/03/2008 (6589 days ago)
Due
Updated	04/11/2008 (6550 days ago)
Assigned	03/05/2008 (6587 days ago)
Resolved	04/11/2008 (6550 days ago)
Github Issue Link
Github Pull Request
Milestone	3.2
Patch	Yes

04/11/2008 09:05:07 PM	Chuck Hagenbuch	Comment #7 Assigned to Chuck Hagenbuch Taken from Horde Developers State ⇒ Resolved	Reply to this comment
Fixed in CVS with these commits: HEAD - http://lists.horde.org/archives/cvs/Week-of-Mon-20080407/077305.html FRAMEWORK_3 - http://lists.horde.org/archives/cvs/Week-of-Mon-20080407/077306.html

04/09/2008 08:53:03 PM	Chuck Hagenbuch	Deleted Original Message

04/09/2008 08:52:57 PM	Chuck Hagenbuch	Deleted Original Message

03/30/2008 12:15:55 AM	Michael Slusarz	Comment #6 Priority ⇒ 2. Medium New Attachment: pgp-fingerprint.patch.2	Reply to this comment
Started to look through this, but I didn't write any of this fingerprint code so none of this code is familiar to me. I did clean up the patch a bit more, so I've attached that to this ticket.

03/06/2008 08:55:26 AM	Matt Selsky	Comment #5 New Attachment: pgp-fingerprint.patch	Reply to this comment
This is an updated version of Chuck's patch. Note: I changed the getFingerprintFromKey() function to return all fingerprints instead of just the 1st one. However the keys and fingerprints don't match up yet, since I think maybe the keys are sorted, but the fingerprints are not. Unfortunately the fingerprints are not available directly from "gpg --list-packets" so we can't insert them into the $key_info hash directly. Also, we print 16 digit key IDs. I think we only want to print 8 digit keys and have a leading 0x. And imp/lib/Crypt/PGP.php needs to be updated to use the new functions still. This patch is definitely not complete.

03/06/2008 07:05:17 AM	Matt Selsky	Comment #4	Reply to this comment
We should deprecate getSignersFingerprint() and create a new function called getSignersKeyID() that does the same thing.

03/06/2008 04:54:50 AM	Chuck Hagenbuch	Patch ⇒ Yes

03/06/2008 04:54:40 AM	Chuck Hagenbuch	Milestone ⇒ 3.2

03/06/2008 04:54:21 AM	Chuck Hagenbuch	Comment #3 New Attachment: pgp.fingerprint.patch	Reply to this comment
Jan or Michael or someone else a bit familiar with PGP, can you take a look at this patch? There's probably a bit more to do, but it's a start.

03/05/2008 11:42:50 PM	Chuck Hagenbuch	Comment #2 Assigned to Horde Developers	Reply to this comment
We seem to be calling the key id the fingerprint in a bunch of places. I've got some preliminary code to get the actual fingerprint, but it needs some work and testing before I commit it.

03/05/2008 11:42:00 PM	Chuck Hagenbuch	State ⇒ Assigned Version ⇒ HEAD

03/03/2008 04:06:03 PM	libre (at) immerda (dot) ch	Comment #1 Priority ⇒ 1. Low State ⇒ Unconfirmed Queue ⇒ Horde Base Summary ⇒ PGP-Fingerprint is missing, instead ID is marked as fingerprint Type ⇒ Bug	Reply to this comment
It is possible to show details of an importet PGP-key via Preferences -> Webmail-> PGP-Preferences -> List of keys ->Details (German: Einstellungen -> Webmail -> PGP-Einstellungen -> Liste von Keys -> Details). The string that is labeled "Fingerprint" is NOT the fingerprint but the ID of the key. The fingerprint is missing which is a problem because this is the crucial point of attack for a man-in-the-middle attack.