[#6363] PGP-Fingerprint is missing, instead ID is marked as fingerprint
Summary PGP-Fingerprint is missing, instead ID is marked as fingerprint
Queue Horde Base
Queue Version HEAD
Type Bug
State Resolved
Priority 2. Medium
Owners chuck (at) horde (dot) org
Requester libre (at) immerda (dot) ch
Created 2008-03-03 (4710 days ago)
Updated 2008-04-11 (4671 days ago)
Assigned 2008-03-05 (4708 days ago)
Resolved 2008-04-11 (4671 days ago)
Milestone 3.2
Patch Yes

2008-04-11 21:05:07 Chuck Hagenbuch Comment #7
Assigned to Chuck Hagenbuch
Taken from Horde DevelopersHorde Developers
State ⇒ Resolved
Reply to this comment
2008-04-09 20:53:03 Chuck Hagenbuch Deleted Original Message
2008-04-09 20:52:57 Chuck Hagenbuch Deleted Original Message
2008-03-30 00:15:55 Michael Slusarz Comment #6
Priority ⇒ 2. Medium
New Attachment: pgp-fingerprint.patch.2 Download
Reply to this comment
Started to look through this, but I didn't write any of this 
fingerprint code so none of this code is familiar to me.  I did clean 
up the patch a bit more, so I've attached that to this ticket.
2008-03-06 08:55:26 Matt Selsky Comment #5
New Attachment: pgp-fingerprint.patch
Reply to this comment
This is an updated version of Chuck's patch.  Note: I changed the 
getFingerprintFromKey() function to return all fingerprints instead of 
just the 1st one.  However the keys and fingerprints don't match up 
yet, since I think maybe the keys are sorted, but the fingerprints are 
not.  Unfortunately the fingerprints are not available directly from 
"gpg --list-packets" so we can't insert them into the $key_info hash 

Also, we print 16 digit key IDs.  I think we only want to print 8 
digit keys and have a leading 0x.

And imp/lib/Crypt/PGP.php needs to be updated to use the new functions still.

This patch is definitely not complete.
2008-03-06 07:05:17 Matt Selsky Comment #4 Reply to this comment
We should deprecate getSignersFingerprint() and create a new function 
called getSignersKeyID() that does the same thing.
2008-03-06 04:54:50 Chuck Hagenbuch Patch ⇒ Yes
2008-03-06 04:54:40 Chuck Hagenbuch Milestone ⇒ 3.2
2008-03-06 04:54:21 Chuck Hagenbuch Comment #3
New Attachment: pgp.fingerprint.patch
Reply to this comment
Jan or Michael or someone else a bit familiar with PGP, can you take a 
look at this patch? There's probably a bit more to do, but it's a start.
2008-03-05 23:42:50 Chuck Hagenbuch Comment #2
Assigned to Horde DevelopersHorde Developers
Reply to this comment
We seem to be calling the key id the fingerprint in a bunch of places. 
I've got some preliminary code to get the actual fingerprint, but it 
needs some work and testing before I commit it.
2008-03-05 23:42:00 Chuck Hagenbuch State ⇒ Assigned
Version ⇒ HEAD
2008-03-03 16:06:03 libre (at) immerda (dot) ch Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Summary ⇒ PGP-Fingerprint is missing, instead ID is marked as fingerprint
Queue ⇒ Horde Base
Reply to this comment
It is possible to show details of an importet PGP-key via Preferences 
-> Webmail-> PGP-Preferences -> List of keys ->Details (German: 
Einstellungen -> Webmail -> PGP-Einstellungen -> Liste von Keys -> 
Details). The string that is labeled "Fingerprint" is NOT the 
fingerprint but the ID of the key. The fingerprint is missing which is 
a problem because this is the crucial point of attack for a 
man-in-the-middle attack.

Saved Queries