Use Key ID instead of fingerprint in OpenPGP URL interpolation.

2025-12-22 11:55:40 +01:00 · 2021-12-01 20:51:39 +01:00 · 2021-12-01 20:51:39 +01:00 · fbe20dbf60
commit fbe20dbf60
parent 9cf4a7cb5c
2 changed files with 19 additions and 17 deletions
--- a/cmd/csaf_provider/controller.go
+++ b/cmd/csaf_provider/controller.go
@ -112,65 +112,66 @@ func loadCSAF(r *http.Request) (string, []byte, error) {
 	return cleanFileName(handler.Filename), buf.Bytes(), nil
 }
-func (c *controller) handleSignature(r *http.Request, data []byte) (string, string, error) {
+func (c *controller) handleSignature(
 	r *http.Request,
 	data []byte,
 ) (string, *crypto.Key, error) {
 	// Either way ... we need the key.
 	key, err := c.cfg.loadCryptoKey()
 	if err != nil {
-		return "", "", err
+		return "", nil, err
 	}
 	fingerprint := key.GetFingerprint()
 	// Was the signature given via request?
 	if c.cfg.UploadSignature {
 		sigText := r.FormValue("signature")
 		if sigText == "" {
-			return "", "", errors.New("missing signature in request")
+			return "", nil, errors.New("missing signature in request")
 		}
 		pgpSig, err := crypto.NewPGPSignatureFromArmored(sigText)
 		if err != nil {
-			return "", "", err
+			return "", nil, err
 		}
 		// Use as public key
 		signRing, err := crypto.NewKeyRing(key)
 		if err != nil {
-			return "", "", err
+			return "", nil, err
 		}
 		if err := signRing.VerifyDetached(
 			crypto.NewPlainMessage(data),
 			pgpSig, crypto.GetUnixTime(),
 		); err != nil {
-			return "", "", err
+			return "", nil, err
 		}
-		return sigText, fingerprint, nil
+		return sigText, key, nil
 	}
 	// Sign ourself
 	if passwd := r.FormValue("passphrase"); !c.cfg.NoPassphrase && passwd != "" {
 		if key, err = key.Unlock([]byte(passwd)); err != nil {
-			return "", "", err
+			return "", nil, err
 		}
 	}
 	// Use as private key
 	signRing, err := crypto.NewKeyRing(key)
 	if err != nil {
-		return "", "", err
+		return "", nil, err
 	}
 	sig, err := signRing.SignDetached(crypto.NewPlainMessage(data))
 	if err != nil {
-		return "", "", err
+		return "", nil, err
 	}
 	armored, err := sig.GetArmored()
-	return armored, fingerprint, err
+	return armored, key, err
 }
 func (c *controller) upload(rw http.ResponseWriter, r *http.Request) {
@ -208,7 +209,7 @@ func (c *controller) upload(rw http.ResponseWriter, r *http.Request) {
 		}
 	}
-	armored, fingerprint, err := c.handleSignature(r, data)
+	armored, key, err := c.handleSignature(r, data)
 	if err != nil {
 		c.failed(rw, "upload.html", err)
 		return
@ -330,7 +331,8 @@ func (c *controller) upload(rw http.ResponseWriter, r *http.Request) {
 			// TODO: Check for conflicts.
 			pmd.Publisher = ex.publisher
-			pmd.SetPGP(fingerprint, c.cfg.GetOpenPGPURL(fingerprint))
+			keyID, fingerprint := key.GetHexKeyID(), key.GetFingerprint()
 			pmd.SetPGP(fingerprint, c.cfg.GetOpenPGPURL(keyID))
 			return nil
 		}); err != nil {
--- a/cmd/csaf_provider/create.go
+++ b/cmd/csaf_provider/create.go
@ -101,8 +101,8 @@ func createProviderMetadata(c *config, wellknownCSAF string) error {
 	if err != nil {
 		return err
 	}
-	fingerprint := key.GetFingerprint()
+	keyID, fingerprint := key.GetHexKeyID(), key.GetFingerprint()
-	pm.SetPGP(fingerprint, c.GetOpenPGPURL(fingerprint))
+	pm.SetPGP(fingerprint, c.GetOpenPGPURL(keyID))
 	return saveToFile(path, pm)
 }