summaryrefslogtreecommitdiff
path: root/src/leap/keymanager/openpgp.py
diff options
context:
space:
mode:
authorRuben Pollan <meskio@sindominio.net>2014-10-30 21:54:32 -0600
committerRuben Pollan <meskio@sindominio.net>2014-11-04 11:53:24 -0600
commitd9df76ea2504a78865209cda3ae6e41613d5e5aa (patch)
tree849c1ef4a0cd3911bc6469526f333cb613e5946f /src/leap/keymanager/openpgp.py
parenta5cf287dabc77b7172c2f058696cee1024ea3297 (diff)
Merge keys when updating an exisiting key
This is needed to prevent roll back attacks where the attacker push us to accept a key with an old expiration date that could be use to push an untrusted key when after it's expiration.
Diffstat (limited to 'src/leap/keymanager/openpgp.py')
-rw-r--r--src/leap/keymanager/openpgp.py12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/leap/keymanager/openpgp.py b/src/leap/keymanager/openpgp.py
index e84cd297..f86b35d8 100644
--- a/src/leap/keymanager/openpgp.py
+++ b/src/leap/keymanager/openpgp.py
@@ -37,6 +37,8 @@ from leap.keymanager.keys import (
build_key_from_dict,
KEYMANAGER_KEY_TAG,
TAGS_ADDRESS_PRIVATE_INDEX,
+ KEY_FINGERPRINT_KEY,
+ KEY_DATA_KEY,
)
from leap.keymanager.validation import ValidationLevel
@@ -394,6 +396,16 @@ class OpenPGPScheme(EncryptionScheme):
if doc is None:
self._soledad.create_doc_from_json(key.get_json())
else:
+ if key.fingerprint == doc.content[KEY_FINGERPRINT_KEY]:
+ # in case of an update of the key merge them with gnupg
+ with self._temporary_gpgwrapper() as gpg:
+ gpg.import_keys(doc.content[KEY_DATA_KEY])
+ gpg.import_keys(key.key_data)
+ gpgkey = gpg.list_keys(secret=key.private).pop()
+ key = _build_key_from_gpg(
+ key.address, gpgkey,
+ gpg.export_keys(gpgkey['fingerprint'],
+ secret=key.private))
doc.set_json(key.get_json())
self._soledad.put_doc(doc)