Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Importing an armored private key results in export_public_armored exporting private key
See original GitHub issueIf a pgp private key is imported directly it works correctly, but it appears to be written to publickey areas as well. This results in the private key being exposed when trying to access the publicKey. Here is a simple proof of concept:
var kbpgp = require('kbpgp');
kbpgp.KeyManager.generate_ecc({'userid' : 'test'}, function(err, km1) {
km1.sign({}, function(err) {
km1.export_pgp_private({}, function(err, privateArmored) {
//Will log out private key, as expected
console.log('privateArmored', privateArmored);
kbpgp.KeyManager.import_from_armored_pgp({armored: privateArmored}, function(err, km2) {
km2.sign({}, function(err) {
km2.export_pgp_public({}, function(err, publicArmored){
//Also logs out private key, which should not happen
console.log('publicArmored', publicArmored);
});
});
});
});
});
});
Issue Analytics
- State:
- Created 8 years ago
- Reactions:1
- Comments:7 (3 by maintainers)
Top Results From Across the Web
How to export and import keys with GPG - Linux Hint
With the help of the “gpg” command, you can easily export and import the public key and private key. However, in the case...
Read more >GPG: Extract private key and import on different machine
If you have a "sub" entry, you can ignore it. Run this command to export your key: Copy gpg --export-secret-keys YOUR_ID_HERE > private.key....
Read more >How to export a GPG private key and public key to a file
Export Public Key. This command will export an ascii armored version of the public key: gpg --output public.pgp --armor --export username@ ...
Read more >Import and Export PGP Certificates - Oracle Help Center
For a PGP certificate, you export the public and private keys for a certificate in separate operations. You can import only public keys....
Read more >Getting information from an armored gpg public key file
mkdir temp-gnupg-dir export GNUPGHOME=temp-gnupg-dir gpg --import ... print the fingerprint of an on-disk armored key without importing it, ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Closed in #143. Sorry for the bug and thanks for the bug report. It will go live in 2.0.67.
@maxtaco that was fast! Thanks!