From 01ea3657d4c0f6078434166781d991076abd2faa Mon Sep 17 00:00:00 2001
From: joe <joe@jerkface.net>
Date: Mon, 25 Nov 2013 22:55:27 -0500
Subject: Now avoids trust-signatures on self-certification.

---
 kiki.hs | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/kiki.hs b/kiki.hs
index c616445..034f58d 100644
--- a/kiki.hs
+++ b/kiki.hs
@@ -1104,12 +1104,9 @@ main = do
                         where 
                             w0:ws = pub
 
-    signSelfAuthTorKeys pw g sec grip timestamp xs = ys
+    signSelfAuthTorKeys selfkey g sec grip timestamp xs = ys
      where
         keys = filter isKey sec
-        selfkey = find_key fingerprint (Message keys) (fromJust grip) >>= decryptKey
-            where
-                decryptKey k = decryptSecretKey pw k
         mainpubkey = fst (head xs)
         uid:xs' = map snd xs
         (sigs, xs'') = span isSignaturePacket xs'
@@ -1184,8 +1181,16 @@ main = do
           , sec   -- e3ozbhvej4jvlu43.onion/gpg/gnupghome/secring.gpg
           , grip  -- Just "AD1CA892FCF4ED9829C762269BDEA5B4D5643321"
           ) <- getPGPEnviron cmd
-        S8.putStrLn $ "pasphrase_fd = " <> S8.pack (show (passphrase_fd cmd))
+        flip (maybe (error "No working key?")) grip $ \grip -> do
         pw <- getPassphrase cmd
+        let (pre, wk:subs) = seek_key (KeyGrip grip) sec
+            wkun = if symmetric_algorithm wk == Unencrypted 
+                    then Just wk
+                    else do
+                        k <- decryptSecretKey pw wk 
+                        guard (symmetric_algorithm k == Unencrypted)
+                        return k
+        flip (maybe (error "Bad passphrase?")) wkun$ \wkun -> do
         -- putStrLn $ "getPGPEnviron -> " ++ show (homedir,length sec,grip)
         (Message pub) <- readPacketsFromFile (input cmd)
         putStrLn $ listKeys pub
@@ -1215,7 +1220,7 @@ main = do
         -- timestamp <- epochTime
         let xs:xss = groupBy (\_ (b,_)->not b) marked
             pub' = map (snd . cleanup) xs 
-                    ++ concatMap (signSelfAuthTorKeys pw (g::SystemRandom) sec grip timestamp)
+                    ++ concatMap (signSelfAuthTorKeys (Just wkun) (g::SystemRandom) sec grip timestamp)
                                  (map (map cleanup) xss)
             cleanup (_,(topkey,_,pkt)) = (topkey,pkt)
         putStrLn $ "-------- signed ------> " -- ++ show (length pub, length pub')
@@ -1656,11 +1661,14 @@ torsig g topk wkun uid timestamp extras
                  timestamp
                  g
    where
-    subpackets = [ SignatureCreationTimePacket (fromIntegral timestamp)
-                 , TrustSignaturePacket 1 60
-                 , RegularExpressionPacket regex]
+    subpackets = [ SignatureCreationTimePacket (fromIntegral timestamp) ]
+                 ++ tsign
                  ++ extras
     subpackets_unh = [IssuerPacket (fingerprint wkun)]
+    tsign = if keykey wkun == keykey topk
+             then [] -- tsign doesnt make sense for self-signatures
+             else [ TrustSignaturePacket 1 120
+                  , RegularExpressionPacket regex]
     -- <[^>]+[@.]asdf\.nowhere>$
     regex = "<[^>]+[@.]"++hostname++">$"
     -- regex = username ++ "@" ++ hostname
-- 
cgit v1.2.3