NowpPublishing fedora developer PGP keys in DNSSEC
Björn Persson
Bjorn at xn--rombobjrn-67a.se
Mon Feb 2 05:18:50 UTC 2015
Paul Wouters wrote:
>On Sun, 1 Feb 2015, Björn Persson wrote:
>
>> Paul Wouters wrote:
>>> paul at bofh:~$ openpgpkey --fetch pwouters at fedoraproject.org
>>
>> openpgpkey: /var/lib/unbound/root.anchor is not a file. Unable to use
>> it as rootanchor
>>
>> Huh?
>
>turns out a bug in %post of unbound-libs. I pushed a fix into rawhide.
>I've also made openpgpkey smarter so it looks for more file locations
>for the root.anchor or root.key file. I'll push that upstream.
Thanks. Meanwhile a Cron job seems to have created root.anchor, so now
I get this output:
$ openpgpkey --fetch Bjorn at xn--rombobjrn-67a.se
openpgpkey: Received OpenPGP data does not contain a key with keyid Bjorn at xn--rombobjrn-67a.se
(add --uid <uid> to override with any of the below received uids)
# Björn Persson <Bjorn at Rombobjörn.se>
# Björn Persson <Bjorn at Rombobeorn.se>
Besides the lack of IDNA, this shows another character encoding bug. The
UIDs on the key are encoded in UTF-8, and my locale also uses UTF-8, so
no transcoding should be needed, but somewhere along the way the strings
get erroneously interpreted as an 8-bit encoding, probably ISO 8859-1,
and then transcoded from that to UTF-8.
>> Traceback (most recent call last):
>> File "/usr/bin/openpgpkey", line 189, in <module>
>> if "<%s>"%args.email in uid:
>> UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position
>> 14: ordinal not in range(128)
>
>I'll work on adding punycode support :)
>
>(the LHS does not matter, we just sha224 whatever you give us)
Don't you need to ensure that the local part is encoded in UTF-8 per
RFC 6530 before you hash it, in case the user's locale uses another
encoding?
--
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signatur
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150202/27e1b007/attachment.sig>
More information about the devel
mailing list