From 6df8c3afb2ec84a34b127bff53523d914ca01d76 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri, 2 Mar 2018 09:38:13 +0100
Subject: [PATCH 1/4] rfc4880bis identifies public key algorithm 22 as EdDSA

---
 pgpdump/packet.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pgpdump/packet.py b/pgpdump/packet.py
index cf83e4e..f8a6f49 100644
--- a/pgpdump/packet.py
+++ b/pgpdump/packet.py
@@ -46,6 +46,7 @@ class AlgoLookup(object):
         19: "ECDSA",
         20: "Formerly ElGamal Encrypt or Sign",
         21: "Diffie-Hellman",
+        22: "EdDSA",
     }
 
     @classmethod

From 3e4e021b25a4e69bcccaf6cb3aed3d8b813f8172 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri, 2 Mar 2018 09:41:06 +0100
Subject: [PATCH 2/4] pass on unknown pubkey algorithms rather than raising an
 Exception

If we're OK with "passing" on experiemntal algorithms, we should be ok
with passing on known algorithms that we know the name of but don't
implement.
---
 pgpdump/packet.py | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/pgpdump/packet.py b/pgpdump/packet.py
index f8a6f49..58e79cc 100644
--- a/pgpdump/packet.py
+++ b/pgpdump/packet.py
@@ -421,12 +421,9 @@ def parse_key_material(self, offset):
             self.prime, offset = get_mpi(self.data, offset)
             self.group_gen, offset = get_mpi(self.data, offset)
             self.key_value, offset = get_mpi(self.data, offset)
-        elif 100 <= self.raw_pub_algorithm <= 110:
-            # Private/Experimental algorithms, just move on
-            pass
         else:
-            raise PgpdumpException("Unsupported public key algorithm %d" %
-                    self.raw_pub_algorithm)
+            # If we don't know how to handle the algorithm, just move on
+            pass
 
         return offset
 
@@ -610,12 +607,9 @@ def parse_private_key_material(self, offset):
             self.pub_algorithm_type = "elg"
             # x
             self.exponent_x, offset = get_mpi(self.data, offset)
-        elif 100 <= self.raw_pub_algorithm <= 110:
-            # Private/Experimental algorithms, just move on
-            pass
         else:
-            raise PgpdumpException("Unsupported public key algorithm %d" %
-                    self.raw_pub_algorithm)
+            # If we don't know how to handle the algorithm, just move on
+            pass
 
         return offset
 

From d786be0c10c00a4f6cc0e968643c2793bf21046a Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri, 2 Mar 2018 09:42:36 +0100
Subject: [PATCH 3/4] Correct copy/pasted error message

---
 pgpdump/packet.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pgpdump/packet.py b/pgpdump/packet.py
index 58e79cc..bd6c363 100644
--- a/pgpdump/packet.py
+++ b/pgpdump/packet.py
@@ -576,7 +576,7 @@ def parse(self):
                             "Unsupported GnuPG S2K extension, encountered mode %d" % mode)
             else:
                 raise PgpdumpException(
-                        "Unsupported public key algorithm %d" % s2k_type_id)
+                        "Unsupported S2K algorithm %d" % s2k_type_id)
 
             if s2k_length != (offset - offset_before_s2k):
                 raise PgpdumpException(

From 4d198678c963570bfce30a8e9a554bdaa074a9c8 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Tue, 8 Jan 2019 15:15:39 -0500
Subject: [PATCH 4/4] rfc4880bis includes embedded issuer fingerprint

The issuer fingerprint effectively supercedes issuer keyID as a more
robust signal of the issuer (though it's possible and in some cases
likely to include both in a signature, to ensure that it's understood
by old and new code).
---
 pgpdump/packet.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pgpdump/packet.py b/pgpdump/packet.py
index bd6c363..f29c5cd 100644
--- a/pgpdump/packet.py
+++ b/pgpdump/packet.py
@@ -144,6 +144,7 @@ def __init__(self, raw, hashed, data):
         30: "Features",
         31: "Signature Target",
         32: "Embedded Signature",
+        33: "Issuer Fingerprint",
     }
 
     @property
@@ -173,6 +174,8 @@ def __init__(self, *args, **kwargs):
         self.raw_expiration_time = None
         self.expiration_time = None
         self.key_id = None
+        self.fingerprint = None
+        self.fingerprint_version = None
         self.hash2 = None
         self.subpackets = []
         super(SignaturePacket, self).__init__(*args, **kwargs)
@@ -276,6 +279,9 @@ def parse_subpackets(self, outer_offset, outer_length, hashed=False):
                 self.raw_expiration_time = get_int4(subpacket.data, 0)
             elif subpacket.subtype == 16:
                 self.key_id = get_key_id(subpacket.data, 0)
+            elif subpacket.subtype == 33:
+                self.fingerprint_version = int(subpacket.data[0])
+                self.fingerprint = get_hex_data(subpacket.data, 1, len(subpacket.data))
             offset += sub_len
             self.subpackets.append(subpacket)