[Webfunds-devel] SCW ... unexpected self-sign reject
Ian Grigg
iang@systemics.com
Sun, 27 Aug 2000 17:38:30 -0400
OK, so I tried to *double* strip the key, and that works fine.
No exception thrown when inline double stripping is attempted
(from my unchecked-in- wizard.KeyTop :
final String tag = Contract.USERID_CONTRACT;
PGPPublicKey stripped;
try {
PGPPublicKey Xstripped = KeyUtil.stripAndVerifyKey(contractKey,
tag,
topLevelKey);
stripped = KeyUtil.stripAndVerifyKey(Xstripped,
tag,
topLevelKey);
System.err.println("ok, so double stripping worked!");
...
My next thought that was - as we are sure that stripping it is
the wicked event, then ... it must be close by. How about the
armouring?!? So, the immediate next code does this:
System.err.println("ok, so double stripping worked!");
String am = KeyUtil.publicKeyToString(stripped);
PGPPublicKey unam;
unam = KeyUtil.publicKeyFromString(am);
Xstripped = KeyUtil.stripAndVerifyKey(unam, /* BigBaddaBoom */
tag,
topLevelKey);
} catch (ArmouredKeyException ex) {
error("test: " + ex); return false;
} catch (StripKeyException ex) {
error("Contract key: " + ex);
return false;
}
String contractKeyAsString = KeyUtil.publicKeyToString(stripped);
System.err.println("\n\nCONTRACT +++++++++++\n" + contractKeyAsString);
And bigbaddaboom:
CONTRACT -----------
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Cryptix OpenPGP
mQGiBDmaE9sRBADTRBghpkmbe6VMDZpJ6MT78jAQayOrAB8VyuuO5sYrou7HBUWv
urpi6y3CrtMb+msgzIOCrKfcLkgr9DUk78SJCOkYyE3O95pIBgtNr3zbbkiauXCh
YJTvm1FXUbL4XlEBT5VaBqDkEtYg8p16eIDIcIrpeX2x722u0BFRAx9V5wCggPT/
PDoWOEu8Fc4S6r953fuI0CcEAJ+Pl22i0n++/AJ9NhvPotsqGziUNcmAYKDSM9tY
QDIMW5DPV3Z/+EE+X3jo5VsJMtwboKJiDbjl7xj/jLRW+CZD2Rfb7tQe8aSRJuLU
1kTOmRKdQx6GLhOQV6orQWur7MfudnOaHNTlHTxKMvT5nCl/l2BZOPFKryzPrLBp
fiOHA/0fSnfXFZ4uExpxb4DzWQzWhUNIGd3y8fou2OjTf+RQbT1POaAfPaR0K1ac
KcXohqBHjspiP6TCGC1bnD6ECg7NnJWlvr6aRK0a02OqCjZrHYHX3OwwFQHGtptk
4CjO2VxANOKPuZ30zkGF2KvVgVE+Gf9qHIQ2J9PFq/uPwhqcN7QhaWFuZyBbY29u
dHJhY3RdICh0ZXN0IGtleSkgPGlhbmc+iFYEExECABYFAjmaE9sECwoEAwMVAwID
FgIBAheAAAoJEIuqDmk3guyrJTgAn0H0JBaXqwsrDhRVFkZpapOCEW0XAJkBjTO3
o/PWuCe5RkNo4Q0b6E/4dYhGBBARAgAGBQI5m0WNAAoJEI+08FtT0VuOxeMAn264
S3mz6hW/qbiyG1QI6PZJN0ZPAKCPLracLBJa5mhfyiJ0DH3TAPd8pIhGBBARAgAG
BQI5pyoaAAoJEE7NkgBFeQ1X2XUAn2kJnX8R9mzwFerSsaOfuQz6RyAyAKCz1XrC
pCKeAxWVxw8/xEUFYcNKrw==
=vHoS
-----END PGP PUBLIC KEY BLOCK-----
ok, so double stripping worked!
(2) No SelfSig On Key: webfunds.ricardian.StripKeyException
at webfunds.ricardian.KeyUtil.stripAndVerifyKey(KeyUtil.java:176)
at webfunds.client.contracts.wizard.KeyContract.next(KeyContract.java:33
7)
at webfunds.client.contracts.wizard.Wizard$MySelectionModel.setSelection
Paths(Wizard.java:347)
....
Where line 337 is marked ...
Ian Grigg wrote:
> Now, however, another bug is there: the [contract] key gets
> rejected by verify as not being self-signed. But, it looks good,
> it got stripped, and gpg and pgp5 both agree it is self signed...
>
> Full stack trace is at the end, including some printed diags
> including the *stripped* key which is rejected. The rejecting
> code is CertificateFactory generated Certificate which is then
> used to extract a key and checked against itself; all in
> ricardian.Contract.java.
>
> If someone can look at this I'd be most grateful... (I have
> updated the lib dir and other dirs). Meanwhile, I'm going to
> look at upgrading the storage of the contract from SCW so that
> DJ can sign in pgp6.5 . . .
>
> --
> iang
....
> done: webfunds.client.Core@50e02bc
> CONTRACT -----------
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: Cryptix OpenPGP
>
> mQGiBDmaE9sRBADTRBghpkmbe6VMDZpJ6MT78jAQayOrAB8VyuuO5sYrou7HBUWv
> urpi6y3CrtMb+msgzIOCrKfcLkgr9DUk78SJCOkYyE3O95pIBgtNr3zbbkiauXCh
> YJTvm1FXUbL4XlEBT5VaBqDkEtYg8p16eIDIcIrpeX2x722u0BFRAx9V5wCggPT/
> PDoWOEu8Fc4S6r953fuI0CcEAJ+Pl22i0n++/AJ9NhvPotsqGziUNcmAYKDSM9tY
> QDIMW5DPV3Z/+EE+X3jo5VsJMtwboKJiDbjl7xj/jLRW+CZD2Rfb7tQe8aSRJuLU
> 1kTOmRKdQx6GLhOQV6orQWur7MfudnOaHNTlHTxKMvT5nCl/l2BZOPFKryzPrLBp
> fiOHA/0fSnfXFZ4uExpxb4DzWQzWhUNIGd3y8fou2OjTf+RQbT1POaAfPaR0K1ac
> KcXohqBHjspiP6TCGC1bnD6ECg7NnJWlvr6aRK0a02OqCjZrHYHX3OwwFQHGtptk
> 4CjO2VxANOKPuZ30zkGF2KvVgVE+Gf9qHIQ2J9PFq/uPwhqcN7QhaWFuZyBbY29u
> dHJhY3RdICh0ZXN0IGtleSkgPGlhbmc+iFYEExECABYFAjmaE9sECwoEAwMVAwID
> FgIBAheAAAoJEIuqDmk3guyrJTgAn0H0JBaXqwsrDhRVFkZpapOCEW0XAJkBjTO3
> o/PWuCe5RkNo4Q0b6E/4dYhGBBARAgAGBQI5m0WNAAoJEI+08FtT0VuOxeMAn264
> S3mz6hW/qbiyG1QI6PZJN0ZPAKCPLracLBJa5mhfyiJ0DH3TAPd8pIhGBBARAgAG
> BQI5pyoaAAoJEE7NkgBFeQ1X2XUAn2kJnX8R9mzwFerSsaOfuQz6RyAyAKCz1XrC
> pCKeAxWVxw8/xEUFYcNKrw==
> =vHoS
> -----END PGP PUBLIC KEY BLOCK-----
>
> CONTRACT +++++++++++
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: Cryptix OpenPGP
>
> mQGiBDmaE9sRBADTRBghpkmbe6VMDZpJ6MT78jAQayOrAB8VyuuO5sYrou7HBUWv
> urpi6y3CrtMb+msgzIOCrKfcLkgr9DUk78SJCOkYyE3O95pIBgtNr3zbbkiauXCh
> YJTvm1FXUbL4XlEBT5VaBqDkEtYg8p16eIDIcIrpeX2x722u0BFRAx9V5wCggPT/
> PDoWOEu8Fc4S6r953fuI0CcEAJ+Pl22i0n++/AJ9NhvPotsqGziUNcmAYKDSM9tY
> QDIMW5DPV3Z/+EE+X3jo5VsJMtwboKJiDbjl7xj/jLRW+CZD2Rfb7tQe8aSRJuLU
> 1kTOmRKdQx6GLhOQV6orQWur7MfudnOaHNTlHTxKMvT5nCl/l2BZOPFKryzPrLBp
> fiOHA/0fSnfXFZ4uExpxb4DzWQzWhUNIGd3y8fou2OjTf+RQbT1POaAfPaR0K1ac
> KcXohqBHjspiP6TCGC1bnD6ECg7NnJWlvr6aRK0a02OqCjZrHYHX3OwwFQHGtptk
> 4CjO2VxANOKPuZ30zkGF2KvVgVE+Gf9qHIQ2J9PFq/uPwhqcN7QhaWFuZyBbY29u
> dHJhY3RdICh0ZXN0IGtleSkgPGlhbmc+iFYEExECABYFAjmaE9sECwoEAwMVAwID
> FgIBAheAAAoJEIuqDmk3guyrJTgAn2kJnX8R9mzwFerSsaOfuQz6RyAyAKCz1XrC
> pCKeAxWVxw8/xEUFYcNKr4hGBBARAgAGBQI5pyoaAAoJEE7NkgBFeQ1X2XUAn2kJ
> nX8R9mzwFerSsaOfuQz6RyAyAKCz1XrCpCKeAxWVxw8/xEUFYcNKrw==
> =OpbW
> -----END PGP PUBLIC KEY BLOCK-----
>
> (original) - - - -
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: Cryptix OpenPGP
>
> mQGiBDmaE9sRBADTRBghpkmbe6VMDZpJ6MT78jAQayOrAB8VyuuO5sYrou7HBUWv
> urpi6y3CrtMb+msgzIOCrKfcLkgr9DUk78SJCOkYyE3O95pIBgtNr3zbbkiauXCh
> YJTvm1FXUbL4XlEBT5VaBqDkEtYg8p16eIDIcIrpeX2x722u0BFRAx9V5wCggPT/
> PDoWOEu8Fc4S6r953fuI0CcEAJ+Pl22i0n++/AJ9NhvPotsqGziUNcmAYKDSM9tY
> QDIMW5DPV3Z/+EE+X3jo5VsJMtwboKJiDbjl7xj/jLRW+CZD2Rfb7tQe8aSRJuLU
> 1kTOmRKdQx6GLhOQV6orQWur7MfudnOaHNTlHTxKMvT5nCl/l2BZOPFKryzPrLBp
> fiOHA/0fSnfXFZ4uExpxb4DzWQzWhUNIGd3y8fou2OjTf+RQbT1POaAfPaR0K1ac
> KcXohqBHjspiP6TCGC1bnD6ECg7NnJWlvr6aRK0a02OqCjZrHYHX3OwwFQHGtptk
> 4CjO2VxANOKPuZ30zkGF2KvVgVE+Gf9qHIQ2J9PFq/uPwhqcN7QhaWFuZyBbY29u
> dHJhY3RdICh0ZXN0IGtleSkgPGlhbmc+iFYEExECABYFAjmaE9sECwoEAwMVAwID
> FgIBAheAAAoJEIuqDmk3guyrJTgAn2kJnX8R9mzwFerSsaOfuQz6RyAyAKCz1XrC
> pCKeAxWVxw8/xEUFYcNKr4hGBBARAgAGBQI5pyoaAAoJEE7NkgBFeQ1X2XUAn2kJ
> nX8R9mzwFerSsaOfuQz6RyAyAKCz1XrCpCKeAxWVxw8/xEUFYcNKrw==
> =OpbW
> -----END PGP PUBLIC KEY BLOCK-----
>
> (rearmoured key) -----
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: Cryptix OpenPGP
>
> mQGiBDmaE9sRBADTRBghpkmbe6VMDZpJ6MT78jAQayOrAB8VyuuO5sYrou7HBUWv
> urpi6y3CrtMb+msgzIOCrKfcLkgr9DUk78SJCOkYyE3O95pIBgtNr3zbbkiauXCh
> YJTvm1FXUbL4XlEBT5VaBqDkEtYg8p16eIDIcIrpeX2x722u0BFRAx9V5wCggPT/
> PDoWOEu8Fc4S6r953fuI0CcEAJ+Pl22i0n++/AJ9NhvPotsqGziUNcmAYKDSM9tY
> QDIMW5DPV3Z/+EE+X3jo5VsJMtwboKJiDbjl7xj/jLRW+CZD2Rfb7tQe8aSRJuLU
> 1kTOmRKdQx6GLhOQV6orQWur7MfudnOaHNTlHTxKMvT5nCl/l2BZOPFKryzPrLBp
> fiOHA/0fSnfXFZ4uExpxb4DzWQzWhUNIGd3y8fou2OjTf+RQbT1POaAfPaR0K1ac
> KcXohqBHjspiP6TCGC1bnD6ECg7NnJWlvr6aRK0a02OqCjZrHYHX3OwwFQHGtptk
> 4CjO2VxANOKPuZ30zkGF2KvVgVE+Gf9qHIQ2J9PFq/uPwhqcN7QhaWFuZyBbY29u
> dHJhY3RdICh0ZXN0IGtleSkgPGlhbmc+iFYEExECABYFAjmaE9sECwoEAwMVAwID
> FgIBAheAAAoJEIuqDmk3guyrJTgAn2kJnX8R9mzwFerSsaOfuQz6RyAyAKCz1XrC
> pCKeAxWVxw8/xEUFYcNKr4hGBBARAgAGBQI5pyoaAAoJEE7NkgBFeQ1X2XUAn2kJ
> nX8R9mzwFerSsaOfuQz6RyAyAKCz1XrCpCKeAxWVxw8/xEUFYcNKrw==
> =OpbW
> -----END PGP PUBLIC KEY BLOCK-----
>
> (11) Bad Contract Signing Key: webfunds.ricardian.ContractException: OpenPGP cert <contract> not self-signed - java.security.SignatureException: Not all userIds are signed with the given key.
> at webfunds.ricardian.Contract.getOpenPGPCertFromString(Contract.java:894)
> at webfunds.ricardian.Contract.getCertFromString(Contract.java:837)
> at webfunds.ricardian.Contract.getCert(Contract.java:800)
> at webfunds.ricardian.Contract.getContractCert(Contract.java:732)
> at webfunds.ricardian.Contract.verifyOpenPGPSignatures(Contract.java:990)
> at webfunds.ricardian.Contract.verifyContract(Contract.java:955)
> at webfunds.client.contracts.wizard.FinishSig.sanityCheckContract(FinishSig.java:446)
> at webfunds.client.contracts.wizard.FinishSig.next(FinishSig.java:422)
> at webfunds.client.contracts.wizard.Wizard$MySelectionModel.setSelectionPaths(Wizard.java:347)
> at javax.swing.JTree.setSelectionPaths(JTree.java:993)
> at javax.swing.JTree.setSelectionRows(JTree.java:1028)
> at javax.swing.JTree.setSelectionRow(JTree.java:1005)
> at webfunds.client.contracts.wizard.Wizard.actionPerformed(Wizard.java:253)
> at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1066)
> at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(AbstractButton.java:1101)
> at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:378)
> at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:250)
> at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:204)
> at java.awt.Component.processMouseEvent(Component.java:2358)
> at java.awt.Component.processEvent(Component.java:2203)
> at java.awt.Container.processEvent(Container.java:901)
> at java.awt.Component.dispatchEventImpl(Component.java:1812)
> at java.awt.Container.dispatchEventImpl(Container.java:946)
> at java.awt.Component.dispatchEvent(Component.java:1744)
> at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:1841)
> at java.awt.LightweightDispatcher.processMouseEvent(Container.java:1630)
> at java.awt.LightweightDispatcher.dispatchEvent(Container.java:1531)
> at java.awt.Container.dispatchEventImpl(Container.java:933)
> at java.awt.Window.dispatchEventImpl(Window.java:509)
> at java.awt.Component.dispatchEvent(Component.java:1744)
> at java.awt.EventDispatchThread.run(EventDispatchThread.java:79)
>
> _______________________________________________
> WebFunds-Devel mailing list
> WebFunds-Devel@webfunds.org
> http://www.webfunds.org/mailman/listinfo/webfunds-devel
--
iang