New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Regex for QRcode scanned VCard #2600
base: master
Are you sure you want to change the base?
Conversation
KEY:OPENPGP4FPR:[HASH] Standard VCard Format (https://en.wikipedia.org/wiki/VCard#Properties)
For someone more experienced with this project... Is there a significant reason we cannot import PGP keys from VCards that have the VCard standard syntax? This seems like a really useful feature... But maybe there is a security reason or something else? It seems to me that looking up PGP keys by Fingerprint on the PGP servers would be the same security as from a custom |
- URL must contain full 40 character Fingerprint - Handles most SKS Server keys - Handles keys.openpgp.org - Handles OPENPGP4FPR
With the above commit a1fed15:
Edit: Update to reflect regex improvements in later commits too (a1fed15...fc3dd86) |
- Fix the difference between: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x[Hash] https://pgp.mit.edu/pks/lookup?search=0x[Hash] - New Regex accounts for the 'op=get&' missing/existing in some URLs
Hi @Awbmilne, the reason why fingerprint format is supported but not arbitrary URLs is the following: the fingerprint provides end-to-end verification of the key while the URL could point to any key. HTTPS does not protect against malicious server/VPS admin replacing the key or against your domain expiring and someone squatting your domain name. The fingerprint format on the other hand does not relay on the format but verifies that the key is the correct one. Do note that business cards don't change often so it's important to have a correct key info all the time there. Edit:
This would be fine too 👍 Edit 2: It seems the issue with your QR encoded VCard in the original issue is that you used \r\n instead of \n to separate VCard fields:
(see |
Thanks @wiktor-k
Good find! Wouldve never though of line endings. Windows is really a pain for raw text files.🥴
This is a good point, I agree. Forcing the use of well-established and well-maintained key servers is a good idea. Luckily, My existing changes comply with this sentiment! This may not be useful for many people, but it does expand the options for QRcode based VCards. If you are looking for unit test examples, Lines 154-158 has some typical examples of URLs that this type of Regex fingerprint extraction should work for. (Fingerprint used being Linus Torvalds' Key. May want to change for unit tests, as his key is multiple MB these days) |
IMPORTANT NOTE:The VCard standard RFC6350 states in Section 3.2 that:
Meaning that VCard files are "supposed" to be standardized with Personally, This seems like a dumb decision for the standardization. (Feels like Microsoft had some financial pull there) The commits above handle both cases (though, Unit testing should be added for verification, Which is past my knowledge). This issue has been documented in #2601 |
Secondary Note:The
The use of Uppercase and Lowercase digits is accounted for in the new Regex. |
Fix issues with QRCode VCard Key importing |
closes #2599closes #2601Regex needs to be corrected for handling values in a VCard format.
It also seems possible to extend the import functionality to the URL syntax of the Vcard Standard.
Description
Currently:
KEY:OPENPGP4FPR:[HASH]
with better regexFor example:
KEY;MEDIATYPE=application/pgp-keys:https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x[40-CHAR-HASH]
Prospective:
Motivation and Context
I have been looking to streamline my VCard Contact and PGP information, This would make it easier to deal with on android. Easier to share Keys and Contact info with same QRcode on Business card or such. Refer to #2599
How Has This Been Tested?
Hasnt been tested, Dont have the Facilities to do so... Sorry.
Its just regex though... So it should work fine.
Types of changes