Bug 139774 - kgpg uses wrong keyid to import key from keyserver
Summary: kgpg uses wrong keyid to import key from keyserver
Status: RESOLVED FIXED
Alias: None
Product: kgpg
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Fedora RPMs Linux
: NOR normal with 1 vote (vote)
Target Milestone: ---
Assignee: bj
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-01-08 15:27 UTC by Axel Straschil
Modified: 2008-07-10 18:10 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Axel Straschil 2007-01-08 15:27:59 UTC
Version:           1.2.2 (using KDE KDE 3.5.5)
Installed from:    Fedora RPMs
Compiler:          gcc (GCC) 4.1.1 20061011 (Red Hat 4.1.1-30) 
OS:                Linux

Steps to reproduce:

Add pgpkeys.tuwien.ac.at as Keyserver to KGpg.
Search on this keyserver for "norbert kusolitsch"
A wrong id "9CC57F28" is shown, and the key can't be imported

Further information:
You can view the key with the url
http://pgpkeys.tuwien.ac.at/pks/lookup?op=get&search=Norbert+Kusolitsch&op=index

The request generated by KPgp is 
"GET /pks/lookup?op=index&options=mr&search=norbert%20kusolitsch HTTP/1.1"

The response:
info:1:1
pub:9CC57F2884DE3E03DC9B4F5DE41D1546051CD301:17:1024:1166554756::
uid:Norbert Kusolitsch <kusolitsch@ci.tuwien.ac.at>

This problem only occours in kgpg, not in commandline gpg.

Lg and thanks, AXEL.
Comment 1 Mike Culbertson 2007-03-10 00:57:02 UTC
I did some research on this bug, and it is particularly noticable when using the keyserver "onak" (the output in the original bug looks to be from onak).  onak returns the entire key fingerprint as the key ID, rather than the last 8 characters like other keyservers.  Kgpg appears to assume that the ID will only be 8 characters long, and ends up using the _first_ 8 chars of the fingerprint rather than the last 8 as it should.  It's not clear to me if onak should or should not be returning the whole fingerprint as the key ID, but I think  it would be easy for kgpg to handle it either way.  Considering that onak is one of the very few actively maintained free keyservers may magnify the importance of this issue.

My versions:
kgpg 1.2.x (several)
KDE 3.5.x (several)
Debian/Gentoo

Thanks in advance

-Mike Culbertson
Comment 2 Rolf Eike Beer 2007-08-16 10:49:30 UTC
SVN commit 700719 by dakon:

Fix wrong import key ids if key server returns complete fingerprint

BUG:139774

While at it: use the last 16 bytes of the fingerprint to receive the key. 
This should ease the problem with duplicate key ids a bit.

CCBUG:117799


 M  +5 -5      keyservers.cpp  


--- trunk/KDE/kdeutils/kgpg/keyservers.cpp #700718:700719
@@ -535,7 +535,7 @@
         return;
 
     QString kid;
-    QString keysToSearch;
+    QStringList keysToSearch;
     m_listpop->kLEID->clear();
     QList<Q3ListViewItem*>searchList = m_listpop->kLVsearch->selectedItems();
 
@@ -549,13 +549,13 @@
                 kid = searchList.at(i)->text(0).simplified();
 
             kid = kid.section("key", 1, 1);
-            kid = kid.simplified();
-            keysToSearch.append(' ' + kid.left(8));
+            kid = kid.simplified().section(",", 0, 0);
+            keysToSearch << kid.right(16);
         }
     }
 
-    kDebug(2100) << keysToSearch ;
-    m_listpop->kLEID->setText(keysToSearch.simplified());
+    kDebug(2100) << keysToSearch;
+    m_listpop->kLEID->setText(keysToSearch.join(" "));
 }
 
 void KeyServer::slotPreImport()
Comment 3 Rolf Eike Beer 2008-07-10 18:10:38 UTC
SVN commit 830494 by dakon:

CCBUG:139774

Fix this also for 3.5


 M  +2 -3      keyservers.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=830494