Now avoids trust-signatures on self-certification.

author: joe <joe@jerkface.net> 2013-11-25 22:55:27 -0500
committer: joe <joe@jerkface.net> 2013-11-25 22:55:27 -0500
commit: 01ea3657d4c0f6078434166781d991076abd2faa (patch)
tree: 073d2fd476eed5774281f52e708f12964755fcf2
parent: a9fc5ee7425b71caccf115f1daaa5a0a932c548b (diff)
1 files changed, 17 insertions, 9 deletions
diff --git a/kiki.hs b/kiki.hs
index c616445..034f58d 100644
--- a/kiki.hs
+++ b/kiki.hs
@@ -1104,12 +1104,9 @@ main = do
                        where 
                            w0:ws = pub
-    signSelfAuthTorKeys pw g sec grip timestamp xs = ys
+    signSelfAuthTorKeys selfkey g sec grip timestamp xs = ys
     where
        keys = filter isKey sec
-        selfkey = find_key fingerprint (Message keys) (fromJust grip) >>= decryptKey
-            where
-                decryptKey k = decryptSecretKey pw k
        mainpubkey = fst (head xs)
        uid:xs' = map snd xs
        (sigs, xs'') = span isSignaturePacket xs'
@@ -1184,8 +1181,16 @@ main = do
          , sec   -- e3ozbhvej4jvlu43.onion/gpg/gnupghome/secring.gpg
          , grip  -- Just "AD1CA892FCF4ED9829C762269BDEA5B4D5643321"
          ) <- getPGPEnviron cmd
-        S8.putStrLn $ "pasphrase_fd = " <> S8.pack (show (passphrase_fd cmd))
+        flip (maybe (error "No working key?")) grip $ \grip -> do
        pw <- getPassphrase cmd
+        let (pre, wk:subs) = seek_key (KeyGrip grip) sec
+            wkun = if symmetric_algorithm wk == Unencrypted 
+                    then Just wk
+                    else do
+                        k <- decryptSecretKey pw wk 
+                        guard (symmetric_algorithm k == Unencrypted)
+                        return k
+        flip (maybe (error "Bad passphrase?")) wkun$ \wkun -> do
        -- putStrLn $ "getPGPEnviron -> " ++ show (homedir,length sec,grip)
        (Message pub) <- readPacketsFromFile (input cmd)
        putStrLn $ listKeys pub
@@ -1215,7 +1220,7 @@ main = do
        -- timestamp <- epochTime
        let xs:xss = groupBy (\_ (b,_)->not b) marked
            pub' = map (snd . cleanup) xs 
-                    ++ concatMap (signSelfAuthTorKeys pw (g::SystemRandom) sec grip timestamp)
+                    ++ concatMap (signSelfAuthTorKeys (Just wkun) (g::SystemRandom) sec grip timestamp)
                                 (map (map cleanup) xss)
            cleanup (_,(topkey,_,pkt)) = (topkey,pkt)
        putStrLn $ "-------- signed ------> " -- ++ show (length pub, length pub')
@@ -1656,11 +1661,14 @@ torsig g topk wkun uid timestamp extras
                 timestamp
                 g
   where
-    subpackets = [ SignatureCreationTimePacket (fromIntegral timestamp)
+    subpackets = [ SignatureCreationTimePacket (fromIntegral timestamp) ]
-                 , TrustSignaturePacket 1 60
+                 ++ tsign
-                 , RegularExpressionPacket regex]
                 ++ extras
    subpackets_unh = [IssuerPacket (fingerprint wkun)]
+    tsign = if keykey wkun == keykey topk
+             then [] -- tsign doesnt make sense for self-signatures
+             else [ TrustSignaturePacket 1 120
+                  , RegularExpressionPacket regex]
    -- <[^>]+[@.]asdf\.nowhere>$
    regex = "<[^>]+[@.]"++hostname++">$"
    -- regex = username ++ "@" ++ hostname
author	joe <joe@jerkface.net>	2013-11-25 22:55:27 -0500
committer	joe <joe@jerkface.net>	2013-11-25 22:55:27 -0500
commit	01ea3657d4c0f6078434166781d991076abd2faa (patch)
tree	073d2fd476eed5774281f52e708f12964755fcf2
parent	a9fc5ee7425b71caccf115f1daaa5a0a932c548b (diff)