[pacman-dev] [PATCH] add gpg key length to import message

Dan McGee dpmcgee at gmail.com
Tue Oct 18 19:11:52 EDT 2011


On Tue, Oct 18, 2011 at 3:54 PM, Florian Pritz <bluewind at xinu.at> wrote:
> Displaying the length of the key we are about to import allows the user
> to spot forged keys more easily.
>
> References:
> http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-keys.html#key-public-key-forgery

This seems to instill a false confidence, I'm not sold on the supposed
benefits here. Shouldn't we be more concerned with showing the 40-char
long full fingerprint rather than this length value which is not all
that explanatory or useful? (At least I have no idea how to use it or
where else it even shows up.)

-Dan

> Signed-off-by: Florian Pritz <bluewind at xinu.at>
> ---
>  lib/libalpm/alpm.h    |    1 +
>  lib/libalpm/signing.c |    1 +
>  src/pacman/callback.c |    4 ++--
>  3 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h
> index 9fda940..2e4de79 100644
> --- a/lib/libalpm/alpm.h
> +++ b/lib/libalpm/alpm.h
> @@ -226,6 +226,7 @@ typedef struct _alpm_pgpkey_t {
>        char *email;
>        alpm_time_t created;
>        alpm_time_t expires;
> +       unsigned int length;
>  } alpm_pgpkey_t;
>
>  /** Signature result. Contains the key, status, and validity of a given
> diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
> index bdaa83a..3d965b4 100644
> --- a/lib/libalpm/signing.c
> +++ b/lib/libalpm/signing.c
> @@ -270,6 +270,7 @@ static int key_search(alpm_handle_t *handle, const char *fpr,
>        pgpkey->email = key->uids->email;
>        pgpkey->created = key->subkeys->timestamp;
>        pgpkey->expires = key->subkeys->expires;
> +       pgpkey->length = key->subkeys->length;
>        ret = 1;
>
>  error:
> diff --git a/src/pacman/callback.c b/src/pacman/callback.c
> index d856455..cb2b080 100644
> --- a/src/pacman/callback.c
> +++ b/src/pacman/callback.c
> @@ -349,8 +349,8 @@ void cb_question(alpm_question_t event, void *data1, void *data2,
>                                char created[12];
>                                time_t time = (time_t)key->created;
>                                strftime(created, 12, "%Y-%m-%d", localtime(&time));
> -                               *response = yesno(_(":: Import PGP key %s, \"%s\", created %s?"),
> -                                               key->fingerprint, key->uid, created);
> +                               *response = yesno(_(":: Import PGP key %s, \"%s\", created %s, length %d bytes?"),
> +                                               key->fingerprint, key->uid, created, key->length);
>                        }
>                        break;
>        }
> --
> 1.7.7
>
>


More information about the pacman-dev mailing list