GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Default of Magicsig keypair toString should be secure

Browse Source 
Prevent crappy coders from leaking private keys.
This commit is contained in:
Mikael Nordfeldth 2014-06-03 12:51:52 +02:00
parent 629cbedee2
commit aaef11077d
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/OStatus/OStatusPlugin.php
View File

@ -1349,7 +1349,7 @@ class OStatusPlugin extends Plugin
if ($magicsig instanceof Magicsig) { if ($magicsig instanceof Magicsig) {
$xrd->links[] = new XML_XRD_Element_Link(Magicsig::PUBLICKEYREL, $xrd->links[] = new XML_XRD_Element_Link(Magicsig::PUBLICKEYREL,
'data:application/magic-public-key,'. $magicsig->toString(false)); 'data:application/magic-public-key,'. $magicsig->toString());
} }
// TODO - finalize where the redirect should go on the publisher // TODO - finalize where the redirect should go on the publisher

4
plugins/OStatus/classes/Magicsig.php
View File

@ -169,10 +169,10 @@ class Magicsig extends Managed_DataObject
/** /**
* Encode the keypair or public key as a string. * Encode the keypair or public key as a string.
* *
* @param boolean $full_pair set to false to leave out the private key. * @param boolean $full_pair set to true to include the private key.
* @return string * @return string
*/ */
public function toString($full_pair = true) public function toString($full_pair=false)
{ {
$mod = Magicsig::base64_url_encode($this->publicKey->modulus->toBytes()); $mod = Magicsig::base64_url_encode($this->publicKey->modulus->toBytes());
$exp = Magicsig::base64_url_encode($this->publicKey->exponent->toBytes()); $exp = Magicsig::base64_url_encode($this->publicKey->exponent->toBytes());