Launchpad itself

lib/lp/registry/templates/person-editpgpkeys.pt (+6/-0)
lib/lp/services/gpg/interfaces.py (+24/-4)
lib/lp/services/gpg/tests/test_gpghandler.py (+6/-6)
lib/lp/testing/gpgkeys/data/foo.bar@canonical.com-nistp256.pub (+14/-0)
lib/lp/testing/gpgkeys/data/foo.bar@canonical.com-nistp256.sec (+18/-0)

High

Fix Released

Link a bug report

Reviewer	Date Requested	Status
Guruprasad		Approve on 2022-09-09
Jürgen Gmach	2022-09-08	Approve on 2022-09-09
Review via email: mp+429660@code.launchpad.net

Commit message

Support GPG ECDSA/ECDH keys

Description of the change

Only some choices of elliptic curve will in fact work at the moment, due to limitations in the versions of GnuPG and GPGME on production; I've tested that at least `nistp256` works.

Revision history for this message

Jürgen Gmach (jugmac00) on 2022-09-09:

review: Approve

Revision history for this message

Guruprasad (lgp171188) wrote on 2022-09-09:

LGTM 👍

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Canonical Launchpad Engineering

Christina A Reitbauer

Colin Watson

Edson_g2020_ubuntuone Gomes

Jordan

Kevin bush

Maximiliano Bertacchini

noômen

to status/vote changes:

asimbol83

 diff --git a/lib/lp/registry/templates/person-editpgpkeys.pt b/lib/lp/registry/templates/person-editpgpkeys.pt
 index 169c5f0..f6dd57b 100644
 --- a/lib/lp/registry/templates/person-editpgpkeys.pt
 +++ b/lib/lp/registry/templates/person-editpgpkeys.pt
@@ -163,6 +163,12 @@
          fingerprint</a>)
        </p>
++      <p>
++        At present, only RSA, DSA, and some ECC keys are supported; see
++        <a href="https://bugs.launchpad.net/launchpad/+bug/1827369">bug
++        1827369</a> for details on the state of support for other key types.
++      </p>
++
            <table class="form" id="launchpad-form-widgets">
              <tbody>
                <tr>
 diff --git a/lib/lp/services/gpg/interfaces.py b/lib/lp/services/gpg/interfaces.py
 index 39ec411..48bae87 100644
 --- a/lib/lp/services/gpg/interfaces.py
 +++ b/lib/lp/services/gpg/interfaces.py
@@ -77,10 +77,14 @@ class GPGKeyAlgorithm(DBEnumeratedType):
      """
      GPG Compliant Key Algorithms Types:
--    1 : "R", # RSA
--    16: "g", # ElGamal
--    17: "D", # DSA
--    20: "G", # ElGamal, compromised
++    1  : "R", # RSA
++    16 : "g", # ElGamal
++    17 : "D", # DSA
++    20 : "G", # ElGamal, compromised
++    301: "E", # ECDSA
++    302: "e", # ECDH
++
++    See `pubkey_letter` in GnuPG for the single-letter codes used here.
      FIXME
      Rewrite it according to the experimental API returning also a name
@@ -120,6 +124,22 @@ class GPGKeyAlgorithm(DBEnumeratedType):
          ElGamal, compromised""",
+     )
++    ECDSA = DBItem(
++        301,
++        """
++        E
++
++        ECDSA""",
++    )
++
++    ECDH = DBItem(
++        302,
++        """
++        e
++
++        ECDH""",
++    )
++
  class MoreThanOneGPGKeyFound(Exception):
      """More than one GPG key was found.
 diff --git a/lib/lp/services/gpg/tests/test_gpghandler.py b/lib/lp/services/gpg/tests/test_gpghandler.py
 index 32cbaf5..653740d 100644
 --- a/lib/lp/services/gpg/tests/test_gpghandler.py
 +++ b/lib/lp/services/gpg/tests/test_gpghandler.py
@@ -117,12 +117,12 @@ class TestGPGHandler(TestCase):
          fingerprints = {
              key.fingerprint for key in self.gpg_handler.localKeys()
+         }
--        self.assertTrue(
--            "340CA3BB270E2716C9EE0B768E7EB7086C64A8C5" in fingerprints
--        )
--        self.assertTrue(
--            "A419AE861E88BC9E04B9C26FBA2B9389DFD20543" in fingerprints
--        )
++        # foo.bar@canonical.com
++        self.assertIn("340CA3BB270E2716C9EE0B768E7EB7086C64A8C5", fingerprints)
++        # test@canonical.com
++        self.assertIn("A419AE861E88BC9E04B9C26FBA2B9389DFD20543", fingerprints)
++        # foo.bar@canonical.com-nistp256
++        self.assertIn("7DF8FEA9E998922E7CCB3EC9BF5D16BC1C0A8AE4", fingerprints)
      def testFilteredGetKeys(self):
          """Check the filtered key lookup mechanism.
 diff --git a/lib/lp/testing/gpgkeys/data/foo.bar@canonical.com-nistp256.pub b/lib/lp/testing/gpgkeys/data/foo.bar@canonical.com-nistp256.pub
 new file mode 100644
 index 0000000..56ec19c
 --- /dev/null
 +++ b/lib/lp/testing/gpgkeys/data/foo.bar@canonical.com-nistp256.pub
@@ -0,0 +1,14 @@
++-----BEGIN PGP PUBLIC KEY BLOCK-----
++
++mFIEYxox9BMIKoZIzj0DAQcCAwTbLMABKGPLD4yX+osrnVWQ9ngSiGBv5muILqO0
++iNYo7kg3rCbp33oBQjJKlEFV0HrlJQTze14c5d2Z1EQnGhHstB9Gb28gQmFyIDxm
++b28uYmFyQGNhbm9uaWNhbC5jb20+iJAEExMIADgWIQR9+P6p6ZiSLnzLPsm/XRa8
++HAqK5AUCYxox9AIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRC/XRa8HAqK
++5CQQAQDLbv63nO+pL+2y1weL4SaGCGny7juMkCQa2V0wU7y74AD/UJVN85Bpw4VD
++XEHW8zhXiEj3Yj9M17viG7tbcZS9mCi4VgRjGjH0EggqhkjOPQMBBwIDBHPuDddS
++Sn1O5XXIDw+k33dccqRz4Z+WSO4k4N+OrSoSAqwe97Wc0YdgDQwW0Tp1gtVQD0mh
++zARX1hepE6vRfTkDAQgHiHgEGBMIACAWIQR9+P6p6ZiSLnzLPsm/XRa8HAqK5AUC
++Yxox9AIbDAAKCRC/XRa8HAqK5D8WAQDkguaZBxo41fbas0FJOFiCDdv5SI5a5Aaa
++nRf2hENLNAEAsEXYzFcKTmx7xkAmynsfN7T80ub5mjkkr27lBYCQfw0=
++=bA48
++-----END PGP PUBLIC KEY BLOCK-----
 diff --git a/lib/lp/testing/gpgkeys/data/foo.bar@canonical.com-nistp256.sec b/lib/lp/testing/gpgkeys/data/foo.bar@canonical.com-nistp256.sec
 new file mode 100644
 index 0000000..f0d99a8
 --- /dev/null
 +++ b/lib/lp/testing/gpgkeys/data/foo.bar@canonical.com-nistp256.sec
@@ -0,0 +1,18 @@
++-----BEGIN PGP PRIVATE KEY BLOCK-----
++
++lKUEYxox9BMIKoZIzj0DAQcCAwTbLMABKGPLD4yX+osrnVWQ9ngSiGBv5muILqO0
++iNYo7kg3rCbp33oBQjJKlEFV0HrlJQTze14c5d2Z1EQnGhHs/gcDAttSqfrTn5HX
++/8N6mjpGbfiaAA/VXUR6+r52IUMn5/9rx7THcjKnSyRtkC+f5w4/Fh/Asm8tpocM
++XMqJPC+oBiF2bMvM+q+4OZj8bUTQR6K0H0ZvbyBCYXIgPGZvby5iYXJAY2Fub25p
++Y2FsLmNvbT6IkAQTEwgAOBYhBH34/qnpmJIufMs+yb9dFrwcCorkBQJjGjH0AhsD
++BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEL9dFrwcCorkJBABAMtu/rec76kv
++7bLXB4vhJoYIafLuO4yQJBrZXTBTvLvgAP9QlU3zkGnDhUNcQdbzOFeISPdiP0zX
++u+Ibu1txlL2YKJypBGMaMfQSCCqGSM49AwEHAgMEc+4N11JKfU7ldcgPD6Tfd1xy
++pHPhn5ZI7iTg346tKhICrB73tZzRh2ANDBbROnWC1VAPSaHMBFfWF6kTq9F9OQMB
++CAf+BwMCIIWZ4OnQZvb/hEJ/s7Kl7PuAEK4eCVw0dkBpIXCR8FQdl8k/Bb5BEO+t
++O9A28j8teXzTRP2sBVHz9rTw+YPOAJYGSIXSXB8i+H+Tt4wgJIh4BBgTCAAgFiEE
++ffj+qemYki58yz7Jv10WvBwKiuQFAmMaMfQCGwwACgkQv10WvBwKiuQ/FgEA5ILm
++mQcaONX22rNBSThYgg3b+UiOWuQGmp0X9oRDSzQBALBF2MxXCk5se8ZAJsp7Hze0
++/NLm+Zo5JK9u5QWAkH8N
++=i86g
++-----END PGP PRIVATE KEY BLOCK-----