CondorCORE/condorcore-keyring
CondorCORE/condorcore-keyring
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feature(keyringctl): yell and abort if processing private key data

Browse Source
This commit is contained in:
Levente Polyak 2021-11-10 21:45:01 +01:00
parent 5a83a7b6c1
commit 8689995b69
No known key found for this signature in database
GPG Key ID: FC1B547C8D8172C8
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libkeyringctl/keyring.py
View File

@ -4,6 +4,7 @@ from collections import defaultdict
from collections.abc import Iterable from collections.abc import Iterable
from itertools import chain from itertools import chain
from logging import debug from logging import debug
from logging import error
from pathlib import Path from pathlib import Path
from re import match from re import match
from shutil import copytree from shutil import copytree
@ -173,6 +174,14 @@ def convert_certificate( # noqa: ignore=C901
current_packet_uid = None current_packet_uid = None
subkeys[current_packet_fingerprint] = packet subkeys[current_packet_fingerprint] = packet
elif packet.name.endswith("--SecretKey"):
error(
"\n###################################################################\n"
"Do not ever process your private key file!\n"
"Consider using a hardware token instead of local private key files!\n"
"###################################################################"
)
raise Exception("Secret key detected, aborting")
elif packet.name.endswith("--Signature"): elif packet.name.endswith("--Signature"):
# ignore user attributes and related signatures # ignore user attributes and related signatures
if current_packet_mode == "uattr": if current_packet_mode == "uattr":