X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fkeytrans;h=c47ccdc792d6cdfd98cf6fdb591ee9dae13e3969;hb=e2e86b09f48ae9e3c115a7215256ac1345f86a5c;hp=8b2e2ea52b926a006896de9b1adee71eea6b1f32;hpb=15d752f93a3a9807430fe8b3cd6e16f3cede8e7c;p=monkeysphere.git

diff --git a/src/share/keytrans b/src/share/keytrans
index 8b2e2ea..c47ccdc 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -w -T
+#!/usr/bin/perl -T
 
 # keytrans: this is an RSA key translation utility; it is capable of
 # transforming RSA keys (both public keys and secret keys) between
@@ -195,11 +195,11 @@ my $keyserver_prefs = { nomodify => 0x80
 ########### Math/Utility Functions ##############
 
 
-# see the bottom of page 43 of RFC 4880
+# see the bottom of page 44 of RFC 4880 (http://tools.ietf.org/html/rfc4880#page-44)
 sub simple_checksum {
   my $bytes = shift;
 
-  return unpack("%32W*",$bytes) % 65536;
+  return unpack("%16C*",$bytes);
 }
 
 # calculate the multiplicative inverse of a mod b this is euclid's
@@ -426,7 +426,7 @@ sub pem2openpgp {
   my $uid = shift;
   my $args = shift;
 
-  $rsa->use_sha1_hash();
+  $rsa->use_sha256_hash();
 
   # see page 22 of RFC 4880 for why i think this is the right padding
   # choice to use:
@@ -442,7 +442,7 @@ sub pem2openpgp {
   # RSA
   my $pubkey_algo = pack('C', $asym_algos->{rsa});
   # SHA1
-  my $hash_algo = pack('C', $digests->{sha1});
+  my $hash_algo = pack('C', $digests->{sha256});
 
   # FIXME: i'm worried about generating a bazillion new OpenPGP
   # certificates from the same key, which could easily happen if you run
@@ -497,11 +497,14 @@ sub pem2openpgp {
 			    $ciphers->{tripledes}
 			   );
 
-  # prefer SHA-1, SHA-256, RIPE-MD/160
-  my $pref_hash_algos = pack('CCCCC', 4, $subpacket_types->{preferred_digest},
-			     $digests->{sha1},
+  # prefer SHA-512, SHA-384, SHA-256, SHA-224, RIPE-MD/160, SHA-1
+  my $pref_hash_algos = pack('CCCCCCCC', 7, $subpacket_types->{preferred_digest},
+			     $digests->{sha512},
+			     $digests->{sha384},
 			     $digests->{sha256},
-			     $digests->{ripemd160}
+			     $digests->{sha224},
+			     $digests->{ripemd160},
+			     $digests->{sha1}
 			    );
 
   # prefer ZLIB, BZip2, ZIP
@@ -687,6 +690,8 @@ sub openpgp2ssh {
 	  my $foundfpr = fingerprint($pubkey, $timestamp);
 
 	  my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex();
+	  # left-pad with 0's to bring up to full 40-char (160-bit) fingerprint:
+	  $foundfprstr = sprintf("%040s", $foundfprstr);
 
 	  # is this a match?
 	  if ((!defined($fpr)) ||