Default of Magicsig keypair toString should be secure
Prevent crappy coders from leaking private keys.
This commit is contained in:
parent
629cbedee2
commit
aaef11077d
|
@ -1349,7 +1349,7 @@ class OStatusPlugin extends Plugin
|
||||||
|
|
||||||
if ($magicsig instanceof Magicsig) {
|
if ($magicsig instanceof Magicsig) {
|
||||||
$xrd->links[] = new XML_XRD_Element_Link(Magicsig::PUBLICKEYREL,
|
$xrd->links[] = new XML_XRD_Element_Link(Magicsig::PUBLICKEYREL,
|
||||||
'data:application/magic-public-key,'. $magicsig->toString(false));
|
'data:application/magic-public-key,'. $magicsig->toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO - finalize where the redirect should go on the publisher
|
// TODO - finalize where the redirect should go on the publisher
|
||||||
|
|
|
@ -169,10 +169,10 @@ class Magicsig extends Managed_DataObject
|
||||||
/**
|
/**
|
||||||
* Encode the keypair or public key as a string.
|
* Encode the keypair or public key as a string.
|
||||||
*
|
*
|
||||||
* @param boolean $full_pair set to false to leave out the private key.
|
* @param boolean $full_pair set to true to include the private key.
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
public function toString($full_pair = true)
|
public function toString($full_pair=false)
|
||||||
{
|
{
|
||||||
$mod = Magicsig::base64_url_encode($this->publicKey->modulus->toBytes());
|
$mod = Magicsig::base64_url_encode($this->publicKey->modulus->toBytes());
|
||||||
$exp = Magicsig::base64_url_encode($this->publicKey->exponent->toBytes());
|
$exp = Magicsig::base64_url_encode($this->publicKey->exponent->toBytes());
|
||||||
|
|
Loading…
Reference in New Issue
Block a user