feature(keyringctl): yell and abort if processing private key data

2021-11-10 21:45:01 +01:00 · 2021-11-10 21:45:01 +01:00 · 8689995b69
commit 8689995b69
parent 5a83a7b6c1
1 changed files with 9 additions and 0 deletions
--- a/libkeyringctl/keyring.py
+++ b/libkeyringctl/keyring.py
@ -4,6 +4,7 @@ from collections import defaultdict
 from collections.abc import Iterable
 from itertools import chain
 from logging import debug
+from logging import error
 from pathlib import Path
 from re import match
 from shutil import copytree
@ -173,6 +174,14 @@ def convert_certificate(  # noqa: ignore=C901
            current_packet_uid = None

            subkeys[current_packet_fingerprint] = packet
+        elif packet.name.endswith("--SecretKey"):
+            error(
+                "\n###################################################################\n"
+                "Do not ever process your private key file!\n"
+                "Consider using a hardware token instead of local private key files!\n"
+                "###################################################################"
+            )
+            raise Exception("Secret key detected, aborting")
        elif packet.name.endswith("--Signature"):
            # ignore user attributes and related signatures
            if current_packet_mode == "uattr":