Tickets :: [#6363] PGP-Fingerprint is missing, instead ID is marked as fingerprint

6.0.0-git

2021-01-24

Summary	PGP-Fingerprint is missing, instead ID is marked as fingerprint
Queue	Horde Base
Queue Version	HEAD
Type	Bug
State	Resolved
Priority	2. Medium
Owners	chuck (at) horde (dot) org
Requester	libre (at) immerda (dot) ch
Created	2008-03-03 (4710 days ago)
Due
Updated	2008-04-11 (4671 days ago)
Assigned	2008-03-05 (4708 days ago)
Resolved	2008-04-11 (4671 days ago)
Milestone	3.2
Patch	Yes

2008-04-11 21:05:07	Chuck Hagenbuch	Comment #7 Assigned to Chuck Hagenbuch Taken from Horde Developers State ⇒ Resolved	Reply to this comment
Fixed in CVS with these commits: HEAD - http://lists.horde.org/archives/cvs/Week-of-Mon-20080407/077305.html FRAMEWORK_3 - http://lists.horde.org/archives/cvs/Week-of-Mon-20080407/077306.html

2008-04-09 20:53:03	Chuck Hagenbuch	Deleted Original Message

2008-04-09 20:52:57	Chuck Hagenbuch	Deleted Original Message

2008-03-30 00:15:55	Michael Slusarz	Comment #6 Priority ⇒ 2. Medium New Attachment: pgp-fingerprint.patch.2	Reply to this comment
Started to look through this, but I didn't write any of this fingerprint code so none of this code is familiar to me. I did clean up the patch a bit more, so I've attached that to this ticket.

2008-03-06 08:55:26	Matt Selsky	Comment #5 New Attachment: pgp-fingerprint.patch	Reply to this comment
This is an updated version of Chuck's patch. Note: I changed the getFingerprintFromKey() function to return all fingerprints instead of just the 1st one. However the keys and fingerprints don't match up yet, since I think maybe the keys are sorted, but the fingerprints are not. Unfortunately the fingerprints are not available directly from "gpg --list-packets" so we can't insert them into the $key_info hash directly. Also, we print 16 digit key IDs. I think we only want to print 8 digit keys and have a leading 0x. And imp/lib/Crypt/PGP.php needs to be updated to use the new functions still. This patch is definitely not complete.

2008-03-06 07:05:17	Matt Selsky	Comment #4	Reply to this comment
We should deprecate getSignersFingerprint() and create a new function called getSignersKeyID() that does the same thing.

2008-03-06 04:54:50	Chuck Hagenbuch	Patch ⇒ Yes

2008-03-06 04:54:40	Chuck Hagenbuch	Milestone ⇒ 3.2

2008-03-06 04:54:21	Chuck Hagenbuch	Comment #3 New Attachment: pgp.fingerprint.patch	Reply to this comment
Jan or Michael or someone else a bit familiar with PGP, can you take a look at this patch? There's probably a bit more to do, but it's a start.

2008-03-05 23:42:50	Chuck Hagenbuch	Comment #2 Assigned to Horde Developers	Reply to this comment
We seem to be calling the key id the fingerprint in a bunch of places. I've got some preliminary code to get the actual fingerprint, but it needs some work and testing before I commit it.

2008-03-05 23:42:00	Chuck Hagenbuch	State ⇒ Assigned Version ⇒ HEAD

2008-03-03 16:06:03	libre (at) immerda (dot) ch	Comment #1 Type ⇒ Bug State ⇒ Unconfirmed Priority ⇒ 1. Low Summary ⇒ PGP-Fingerprint is missing, instead ID is marked as fingerprint Queue ⇒ Horde Base	Reply to this comment
It is possible to show details of an importet PGP-key via Preferences -> Webmail-> PGP-Preferences -> List of keys ->Details (German: Einstellungen -> Webmail -> PGP-Einstellungen -> Liste von Keys -> Details). The string that is labeled "Fingerprint" is NOT the fingerprint but the ID of the key. The fingerprint is missing which is a problem because this is the crucial point of attack for a man-in-the-middle attack.