suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove valid and error from the verification result of openpgp.verify and decrypt (#1348)

Browse Source 
This change is to make the code more consistent between the streaming and
non-streaming cases.
The validity of a signature (or the corresponding verification error) can be
determined through the existing `verified` property.
This commit is contained in:
larabr 2021-07-09 17:44:34 +02:00 committed by GitHub
parent ed8db3d31e
commit 3886358592
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 222 additions and 246 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
README.md
View File

@ -233,7 +233,13 @@ const openpgp = require('openpgp'); // use as CommonJS, AMD, ES6 module or via w
decryptionKeys: privateKey
});
console.log(decrypted); // 'Hello, World!'
console.log(signatures[0].valid) // signature validity (signed messages only)
// check signature validity (signed messages only)
try {
await signatures[0].verified; // throws on invalid signature
console.log('Signature is valid');
} catch (e) {
throw new Error('Signature could not be verified: ' + e.message);
}
})();
```
@ -441,6 +447,7 @@ and a subkey for encryption using Curve25519.
userIDs: [{ name: 'Jon Smith', email: 'jon@example.com' }], // you can pass multiple user IDs
passphrase: 'super long and hard to guess secret', // protects the private key
format: 'armor' // output key format, defaults to 'armor' (other options: 'binary' or 'object')
});
console.log(privateKey); // '-----BEGIN PGP PRIVATE KEY BLOCK ... '
console.log(publicKey); // '-----BEGIN PGP PUBLIC KEY BLOCK ... '
@ -515,15 +522,16 @@ Using the private key:
const signedMessage = await openpgp.readCleartextMessage({
cleartextMessage // parse armored message
});
const verified = await openpgp.verify({
const verificationResult = await openpgp.verify({
message: signedMessage,
verificationKeys: publicKey
});
const { valid } = verified.signatures[0];
if (valid) {
console.log('signed by key id ' + verified.signatures[0].keyID.toHex());
} else {
throw new Error('signature could not be verified');
const { verified, keyID } = verificationResult.signatures[0];
try {
await verified; // throws on invalid signature
console.log('Signed by key id ' + keyID.toHex());
} catch (e) {
throw new Error('Signature could not be verified: ' + e.message);
}
})();
```
@ -558,16 +566,17 @@ Using the private key:
const signature = await openpgp.readSignature({
armoredSignature: detachedSignature // parse detached signature
});
const verified = await openpgp.verify({
const verificationResult = await openpgp.verify({
message, // Message object
signature,
verificationKeys: publicKey
});
const { valid } = verified.signatures[0];
if (valid) {
console.log('signed by key id ' + verified.signatures[0].keyID.toHex());
} else {
throw new Error('signature could not be verified');
const { verified, keyID } = verificationResult.signatures[0];
try {
await verified; // throws on invalid signature
console.log('Signed by key id ' + keyID.toHex());
} catch (e) {
throw new Error('Signature could not be verified: ' + e.message);
}
})();
```
@ -603,21 +612,21 @@ Using the private key:
});
console.log(signatureArmored); // ReadableStream containing '-----BEGIN PGP MESSAGE ... END PGP MESSAGE-----'
const verified = await openpgp.verify({
const verificationResult = await openpgp.verify({
message: await openpgp.readMessage({ armoredMessage: signatureArmored }), // parse armored signature
verificationKeys: await openpgp.readKey({ armoredKey: publicKeyArmored })
});
for await (const chunk of verified.data) {}
// Note: you *have* to read `verified.data` in some way or other,
for await (const chunk of verificationResult.data) {}
// Note: you *have* to read `verificationResult.data` in some way or other,
// even if you don't need it, as that is what triggers the
// verification of the data.
const valid = await verified.signatures[0].verified;
if (valid) {
console.log('signed by key id ' + verified.signatures[0].keyID.toHex());
} else {
throw new Error('signature could not be verified');
try {
await verificationResult.signatures[0].verified; // throws on invalid signature
console.log('Signed by key id ' + verificationResult.signatures[0].keyID.toHex());
} catch (e) {
throw new Error('Signature could not be verified: ' + e.message);
}
})();
```

14
openpgp.d.ts vendored
View File

@ -38,8 +38,8 @@ export function revokeKey(options: { key: PublicKey, revocationCertificate: stri
export abstract class Key {
public readonly keyPacket: PublicKeyPacket | SecretKeyPacket;
public subkeys: Subkey[];
public users: User[];
public subkeys: Subkey[]; // do not add/replace users directly
public users: User[]; // do not add/replace subkeys directly
public revocationSignatures: SignaturePacket[];
public write(): Uint8Array;
public armor(config?: Config): string;
@ -58,7 +58,7 @@ export abstract class Key {
public verifyPrimaryUser(publicKeys: PublicKey[], date?: Date, userIDs?: UserID, config?: Config): Promise<{ keyID: KeyID, valid: boolean | null }[]>;
public verifyAllUsers(publicKeys: PublicKey[], date?: Date, config?: Config): Promise<{ userID: string, keyID: KeyID, valid: boolean | null }[]>;
public isRevoked(signature: SignaturePacket, key?: AnyKeyPacket, date?: Date, config?: Config): Promise<boolean>;
public getRevocationCertificate(date?: Date, config?: Config): Promise<Stream<string> | string | undefined>;
public getRevocationCertificate(date?: Date, config?: Config): Promise<MaybeStream<string> | undefined>;
public getEncryptionKey(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise<this | Subkey>;
public getSigningKey(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise<this | Subkey>;
public getKeys(keyID?: KeyID): (this | Subkey)[];
@ -132,7 +132,7 @@ export class Signature {
interface VerificationResult {
keyID: KeyID;
verified: Promise<null | boolean>;
verified: Promise<true>; // throws on invalid signature
signature: Promise<Signature>;
}
@ -265,7 +265,7 @@ export class Message<T extends MaybeStream<Data>> {
/** Get literal data that is the body of the message
*/
public getLiteralData(): Uint8Array | Stream<Uint8Array> | null;
public getLiteralData(): MaybeStream<Uint8Array> | null;
/** Returns the key IDs of the keys that signed the message
*/
@ -273,7 +273,7 @@ export class Message<T extends MaybeStream<Data>> {
/** Get literal data as text
*/
public getText(): string | Stream<string> | null;
public getText(): MaybeStream<string> | null;
public getFilename(): string | null;
@ -603,7 +603,7 @@ interface DecryptOptions {
/** (optional) passwords to decrypt the message */
passwords?: MaybeArray<string>;
/** (optional) session keys in the form: { data:Uint8Array, algorithm:String } */
sessionKeys?: SessionKey | SessionKey[];
sessionKeys?: MaybeArray<SessionKey>;
/** (optional) array of public keys or single key, to verify signatures */
verificationKeys?: MaybeArray<PublicKey>;
/** (optional) whether data decryption should fail if the message is not signed with the provided publicKeys */

2
src/cleartext.js
View File

@ -83,7 +83,7 @@ export class CleartextMessage {
* @returns {Promise<Array<{
* keyID: module:type/keyid~KeyID,
* signature: Promise<Signature>,
* verified: Promise<Boolean>
* verified: Promise<true>
* }>>} List of signer's keyID and validity of signature.
* @async
*/

8
src/message.js
View File

@ -535,7 +535,7 @@ export class Message {
* @returns {Promise<Array<{
* keyID: module:type/keyid~KeyID,
* signature: Promise<Signature>,
* verified: Promise<Boolean>
* verified: Promise<true>
* }>>} List of signer's keyID and validity of signatures.
* @async
*/
@ -592,7 +592,7 @@ export class Message {
* @returns {Promise<Array<{
* keyID: module:type/keyid~KeyID,
* signature: Promise<Signature>,
* verified: Promise<Boolean>
* verified: Promise<true>
* }>>} List of signer's keyID and validity of signature.
* @async
*/
@ -699,7 +699,7 @@ export async function createSignaturePackets(literalDataPacket, signingKeys, sig
* @returns {Promise<{
* keyID: module:type/keyid~KeyID,
* signature: Promise<Signature>,
* verified: Promise<Boolean>
* verified: Promise<true>
* }>} signer's keyID and validity of signature
* @async
* @private
@ -767,7 +767,7 @@ async function createVerificationObject(signature, literalDataList, verification
* @returns {Promise<Array<{
* keyID: module:type/keyid~KeyID,
* signature: Promise<Signature>,
* verified: Promise<Boolean>
* verified: Promise<true>
* }>>} list of signer's keyID and validity of signatures
* @async
* @private

29
src/openpgp.js
View File

@ -300,8 +300,8 @@ export async function encrypt({ message, encryptionKeys, signingKeys, passwords,
* signatures: [
* {
* keyID: module:type/keyid~KeyID,
* verified: Promise<Boolean>,
* valid: Boolean (if `message` was not created from a stream)
* verified: Promise<true>,
* signature: Promise<Signature>
* }, ...
* ]
* }
@ -340,7 +340,6 @@ export async function decrypt({ message, decryptionKeys, passwords, sessionKeys,
]);
}
result.data = await convertStream(result.data, message.fromStream, format);
if (!message.fromStream) await prepareSignatures(result.signatures);
return result;
} catch (err) {
throw util.wrapError('Error decrypting message', err);
@ -422,8 +421,8 @@ export async function sign({ message, signingKeys, armor = true, detached = fals
* signatures: [
* {
* keyID: module:type/keyid~KeyID,
* verified: Promise<Boolean>,
* valid: Boolean (if `message` was not created from a stream)
* verified: Promise<true>,
* signature: Promise<Signature>
* }, ...
* ]
* }
@ -460,7 +459,6 @@ export async function verify({ message, verificationKeys, expectSigned = false,
]);
}
result.data = await convertStream(result.data, message.fromStream, format);
if (!message.fromStream) await prepareSignatures(result.signatures);
return result;
} catch (err) {
throw util.wrapError('Error verifying signed message', err);
@ -653,25 +651,6 @@ function linkStreams(result, message) {
});
}
/**
* Wait until signature objects have been verified
* @param {Object} signatures - list of signatures
* @async
* @private
*/
async function prepareSignatures(signatures) {
await Promise.all(signatures.map(async signature => {
signature.signature = await signature.signature;
try {
signature.valid = await signature.verified;
} catch (e) {
signature.valid = false;
signature.error = e;
util.printDebugError(e);
}
}));
}
/**
* Convert the key object to the given format
* @param {Key} key

22
test/general/brainpool.js
View File

@ -203,11 +203,11 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
it('Verify clear signed message', async function () {
const pub = await load_pub_key('juliet');
const msg = await openpgp.readCleartextMessage({ cleartextMessage: data.juliet.message_signed });
return openpgp.verify({ verificationKeys: [pub], message: msg }).then(function(result) {
return openpgp.verify({ verificationKeys: [pub], message: msg }).then(async function(result) {
expect(result).to.exist;
expect(result.data).to.equal(data.juliet.message);
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
});
it('Sign message', async function () {
@ -220,7 +220,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message);
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
it('Decrypt and verify message', async function () {
const juliet = await load_pub_key('juliet');
@ -231,7 +231,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message);
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
it('Decrypt and verify message with leading zero in hash', async function () {
const juliet = await load_priv_key('juliet');
@ -242,7 +242,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message_with_leading_zero_in_hash);
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
it('Decrypt and verify message with leading zero in hash signed with old elliptic algorithm', async function () {
//this test would not work with nodeCrypto, since message is signed with leading zero stripped from the hash
@ -256,7 +256,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message_with_leading_zero_in_hash_old_elliptic_implementation);
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
it('Encrypt and sign message', async function () {
@ -272,7 +272,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message);
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
tryTests('Brainpool Omnibus Tests @lightweight', omnibus, {
@ -292,13 +292,13 @@ function omnibus() {
await openpgp.verify({
message: await openpgp.readCleartextMessage({ cleartextMessage }),
verificationKeys: pubHi
}).then(output => expect(output.signatures[0].valid).to.be.true);
}).then(output => expect(output.signatures[0].verified).to.eventually.be.true);
// Verifying detached signature
await openpgp.verify({
message: await openpgp.createMessage({ text: util.removeTrailingSpaces(testData) }),
verificationKeys: pubHi,
signature: (await openpgp.readCleartextMessage({ cleartextMessage })).signature
}).then(output => expect(output.signatures[0].valid).to.be.true);
}).then(output => expect(output.signatures[0].verified).to.eventually.be.true);
// Encrypting and signing
const encrypted = await openpgp.encrypt({
@ -311,9 +311,9 @@ function omnibus() {
message: await openpgp.readMessage({ armoredMessage: encrypted }),
decryptionKeys: bye,
verificationKeys: [pubHi]
}).then(output => {
}).then(async output => {
expect(output.data).to.equal(testData2);
expect(output.signatures[0].valid).to.be.true;
await expect(output.signatures[0].verified).to.eventually.be.true;
});
});
}

17
test/general/config.js
View File

@ -249,7 +249,7 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z
verificationKeys: [key]
});
expect(data).to.equal(plaintext);
expect(signatures[0].valid).to.be.true;
expect(await signatures[0].verified).to.be.true;
const { data: data2, signatures: signatures2 } = await openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage }),
@ -258,8 +258,7 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z
config: { minRSABits: 4096 }
});
expect(data2).to.equal(plaintext);
expect(signatures2[0].valid).to.be.false;
expect(signatures2[0].error).to.match(/keys shorter than 4096 bits are considered too weak/);
await expect(signatures2[0].verified).to.be.rejectedWith(/keys shorter than 4096 bits are considered too weak/);
const { data: data3, signatures: signatures3 } = await openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage }),
@ -268,8 +267,7 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z
config: { rejectPublicKeyAlgorithms: new Set([openpgp.enums.publicKey.rsaEncryptSign]) }
});
expect(data3).to.equal(plaintext);
expect(signatures3[0].valid).to.be.false;
expect(signatures3[0].error).to.match(/rsaEncryptSign keys are considered too weak/);
await expect(signatures3[0].verified).to.be.rejectedWith(/rsaEncryptSign keys are considered too weak/);
});
it('openpgp.sign', async function() {
@ -313,7 +311,7 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z
config
};
const { signatures: [sig] } = await openpgp.verify(opt);
await expect(sig.error).to.match(/Insecure message hash algorithm/);
await expect(sig.verified).to.be.rejectedWith(/Insecure message hash algorithm/);
const armoredSignature = await openpgp.sign({ message, signingKeys: key, detached: true });
const opt2 = {
message,
@ -322,7 +320,7 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z
config
};
const { signatures: [sig2] } = await openpgp.verify(opt2);
await expect(sig2.error).to.match(/Insecure message hash algorithm/);
await expect(sig2.verified).to.be.rejectedWith(/Insecure message hash algorithm/);
const cleartext = await openpgp.createCleartextMessage({ text: 'test' });
const signedCleartext = await openpgp.sign({ message: cleartext, signingKeys: key });
@ -332,7 +330,7 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z
config
};
const { signatures: [sig3] } = await openpgp.verify(opt3);
await expect(sig3.error).to.match(/Insecure message hash algorithm/);
await expect(sig3.verified).to.be.rejectedWith(/Insecure message hash algorithm/);
const opt4 = {
message: await openpgp.readMessage({ armoredMessage: signed }),
@ -340,7 +338,6 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z
config: { rejectPublicKeyAlgorithms: new Set([openpgp.enums.publicKey.eddsa]) }
};
const { signatures: [sig4] } = await openpgp.verify(opt4);
await expect(sig4.valid).to.be.false;
await expect(sig4.error).to.match(/eddsa keys are considered too weak/);
await expect(sig4.verified).to.be.rejectedWith(/eddsa keys are considered too weak/);
});
});

12
test/general/ecc_nist.js
View File

@ -20,13 +20,13 @@ module.exports = () => describe('Elliptic Curve Cryptography for NIST P-256,P-38
await openpgp.verify({
message: await openpgp.readCleartextMessage({ cleartextMessage }),
verificationKeys: pubHi
}).then(output => expect(output.signatures[0].valid).to.be.true);
}).then(output => expect(output.signatures[0].verified).to.eventually.be.true);
// Verifying detached signature
await openpgp.verify({
message: await openpgp.createMessage({ text: util.removeTrailingSpaces(testData) }),
verificationKeys: pubHi,
signature: (await openpgp.readCleartextMessage({ cleartextMessage })).signature
}).then(output => expect(output.signatures[0].valid).to.be.true);
}).then(output => expect(output.signatures[0].verified).to.eventually.be.true);
// Encrypting and signing
const encrypted = await openpgp.encrypt({
@ -39,9 +39,9 @@ module.exports = () => describe('Elliptic Curve Cryptography for NIST P-256,P-38
message: await openpgp.readMessage({ armoredMessage: encrypted }),
decryptionKeys: bye,
verificationKeys: [pubHi]
}).then(output => {
}).then(async output => {
expect(output.data).to.equal(testData2);
expect(output.signatures[0].valid).to.be.true;
await expect(output.signatures[0].verified).to.eventually.be.true;
});
});
}
@ -55,7 +55,7 @@ module.exports = () => describe('Elliptic Curve Cryptography for NIST P-256,P-38
const signature = await openpgp.sign({ message: await openpgp.createCleartextMessage({ text: testData }), signingKeys: privateKey });
const msg = await openpgp.readCleartextMessage({ cleartextMessage: signature });
const result = await openpgp.verify({ message: msg, verificationKeys: publicKey });
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
it('Encrypt and sign message', async function () {
@ -71,7 +71,7 @@ module.exports = () => describe('Elliptic Curve Cryptography for NIST P-256,P-38
});
const message = await openpgp.readMessage({ armoredMessage: encrypted });
const result = await openpgp.decrypt({ message, decryptionKeys: secondKey.privateKey, verificationKeys: firstKey.publicKey });
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
// TODO find test vectors

10
test/general/ecc_secp256k1.js
View File

@ -177,11 +177,11 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve
it('Verify clear signed message', async function () {
const pub = await load_pub_key('juliet');
const msg = await openpgp.readCleartextMessage({ cleartextMessage: data.juliet.message_signed });
return openpgp.verify({ verificationKeys: [pub], message: msg }).then(function(result) {
return openpgp.verify({ verificationKeys: [pub], message: msg }).then(async function(result) {
expect(result).to.exist;
expect(result.data).to.equal(data.juliet.message);
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
});
it('Sign message', async function () {
@ -194,7 +194,7 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message);
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
it('Decrypt and verify message', async function () {
const juliet = await load_pub_key('juliet');
@ -205,7 +205,7 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve
expect(result).to.exist;
expect(result.data).to.equal(data.juliet.message);
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
it('Encrypt and sign message', async function () {
const romeoPrivate = await load_priv_key('romeo');
@ -220,7 +220,7 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message);
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
it('Generate key', function () {
const options = {

8
test/general/key.js
View File

@ -2595,10 +2595,10 @@ function versionSpecificTests() {
return openpgp.verify(
{ message: await openpgp.readCleartextMessage({ cleartextMessage: signed }), verificationKeys: newKeyPublic }
).then(async function(verified) {
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
const newSigningKey = await newKey.getSigningKey();
expect(verified.signatures[0].keyID.toHex()).to.equal(newSigningKey.getKeyID().toHex());
expect(verified.signatures[0].signature.packets.length).to.equal(1);
expect((await verified.signatures[0].signature).packets.length).to.equal(1);
});
});
});
@ -2635,7 +2635,7 @@ function versionSpecificTests() {
message: await openpgp.readMessage({ armoredMessage: encrypted }), decryptionKeys: newKey, verificationKeys: newKeyPublic, config: { minRSABits: 1024 }
});
expect(decrypted.data).to.equal('hello');
expect(decrypted.signatures[0].valid).to.be.true;
expect(await decrypted.signatures[0].verified).to.be.true;
});
});
@ -3484,7 +3484,7 @@ VYGdb3eNlV8CfoEC
message: await openpgp.createMessage({ text: 'hello' }), passwords: 'test', signingKeys: privateKey, signingUserIDs: { name: 'Test McTestington', email: 'test@example.com' }, armor: false, config
});
const { signatures } = await openpgp.decrypt({ message: await openpgp.readMessage({ binaryMessage: encrypted }), passwords: 'test' });
expect(signatures[0].signature.packets[0].hashAlgorithm).to.equal(openpgp.enums.hash.sha512);
expect((await signatures[0].signature).packets[0].hashAlgorithm).to.equal(openpgp.enums.hash.sha512);
await expect(openpgp.encrypt({
message: await openpgp.createMessage({ text: 'hello' }), encryptionKeys: publicKey, signingKeys: privateKey, signingUserIDs: { name: 'Not Test McTestington', email: 'test@example.com' }, armor: false, config
})).to.be.rejectedWith('Could not find user that matches that user ID');

143
test/general/openpgp.js
View File

@ -1261,7 +1261,7 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
expectSigned: true
});
expect(data).to.equal(plaintext);
expect(signatures[0].valid).to.be.true;
expect(await signatures[0].verified).to.be.true;
});
it('decrypt/verify should throw on missing public keys (expectSigned=true)', async function () {
@ -1443,8 +1443,8 @@ aOU=
});
expect(msg.signatures).to.exist;
expect(msg.signatures).to.have.length(1);
expect(msg.signatures[0].valid).to.be.true;
expect(msg.signatures[0].signature.packets.length).to.equal(1);
expect(await msg.signatures[0].verified).to.be.true;
expect((await msg.signatures[0].signature).packets.length).to.equal(1);
// secret key operations involving the primary key should fail
await expect(openpgp.sign({
message: await openpgp.createMessage({ text: 'test' }), signingKeys: decryptedDummyKey, config: { rejectPublicKeyAlgorithms: new Set() }
@ -1589,7 +1589,7 @@ aOU=
expectSigned: true
});
expect(data).to.equal(text);
expect(signatures[0].valid).to.be.true;
expect(await signatures[0].verified).to.be.true;
});
it('verify should throw on missing signature (expectSigned=true)', async function () {
@ -2105,10 +2105,10 @@ aOU=
return openpgp.decrypt(decOpt);
}).then(async function (decrypted) {
expect(decrypted.data).to.equal(plaintext);
expect(decrypted.signatures[0].valid).to.be.true;
expect(await decrypted.signatures[0].verified).to.be.true;
const signingKey = await privateKey.getSigningKey();
expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
expect((await decrypted.signatures[0].signature).packets.length).to.equal(1);
});
});
@ -2129,10 +2129,10 @@ aOU=
return openpgp.decrypt(decOpt);
}).then(async function (decrypted) {
expect(decrypted.data).to.equal(plaintext);
expect(decrypted.signatures[0].valid).to.be.true;
expect(await decrypted.signatures[0].verified).to.be.true;
const signingKey = await privateKey.getSigningKey();
expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
expect((await decrypted.signatures[0].signature).packets.length).to.equal(1);
});
});
@ -2152,10 +2152,10 @@ aOU=
return openpgp.decrypt(decOpt);
}).then(async function (decrypted) {
expect(decrypted.data).to.equal(plaintext);
expect(decrypted.signatures[0].valid).to.be.true;
expect(await decrypted.signatures[0].verified).to.be.true;
const signingKey = await privateKey.getSigningKey();
expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
expect((await decrypted.signatures[0].signature).packets.length).to.equal(1);
});
});
@ -2183,10 +2183,10 @@ aOU=
return openpgp.decrypt(decOpt);
}).then(async function (decrypted) {
expect(decrypted.data).to.equal(plaintext);
expect(decrypted.signatures[0].valid).to.be.true;
expect(await decrypted.signatures[0].verified).to.be.true;
const signingKey = await newPrivateKey.getSigningKey();
expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
expect((await decrypted.signatures[0].signature).packets.length).to.equal(1);
});
});
});
@ -2216,10 +2216,10 @@ aOU=
verificationKeys: newPublicKey
});
expect(decrypted.data).to.equal(plaintext);
expect(decrypted.signatures[0].valid).to.be.true;
expect(await decrypted.signatures[0].verified).to.be.true;
const signingKey = await newPrivateKey.getSigningKey();
expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
expect((await decrypted.signatures[0].signature).packets.length).to.equal(1);
});
it('should encrypt/sign and decrypt/verify with null string input', async function () {
@ -2237,10 +2237,10 @@ aOU=
return openpgp.decrypt(decOpt);
}).then(async function (decrypted) {
expect(decrypted.data).to.equal('');
expect(decrypted.signatures[0].valid).to.be.true;
expect(await decrypted.signatures[0].verified).to.be.true;
const signingKey = await privateKey.getSigningKey();
expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
expect((await decrypted.signatures[0].signature).packets.length).to.equal(1);
});
});
@ -2261,10 +2261,10 @@ aOU=
verificationKeys: publicKey
});
expect(decrypted.data).to.equal(plaintext);
expect(decrypted.signatures[0].valid).to.be.true;
expect(await decrypted.signatures[0].verified).to.be.true;
const signingKey = await privateKey.getSigningKey();
expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
expect((await decrypted.signatures[0].signature).packets.length).to.equal(1);
});
it('should encrypt and decrypt/verify with detached signature as input for encryption', async function () {
@ -2307,14 +2307,14 @@ aOU=
}).then(async function (decrypted) {
let signingKey;
expect(decrypted.data).to.equal(plaintext);
expect(decrypted.signatures[0].valid).to.be.true;
expect(await decrypted.signatures[0].verified).to.be.true;
signingKey = await privateKey.getSigningKey();
expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
expect(decrypted.signatures[1].valid).to.be.true;
expect((await decrypted.signatures[0].signature).packets.length).to.equal(1);
expect(await decrypted.signatures[1].verified).to.be.true;
signingKey = await privKeyDE.getSigningKey();
expect(decrypted.signatures[1].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(decrypted.signatures[1].signature.packets.length).to.equal(1);
expect((await decrypted.signatures[1].signature).packets.length).to.equal(1);
});
} finally {
openpgp.config.rejectPublicKeyAlgorithms = rejectPublicKeyAlgorithms;
@ -2346,11 +2346,10 @@ aOU=
return openpgp.decrypt(decOpt);
}).then(async function ({ signatures, data }) {
expect(data).to.equal(plaintext);
expect(signatures[0].valid).to.be.false;
expect(signatures[0].error).to.match(/Could not find signing key/);
await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/);
const signingKey = await privateKey.getSigningKey();
expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(signatures[0].signature.packets.length).to.equal(1);
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -2369,11 +2368,10 @@ aOU=
return openpgp.decrypt(decOpt);
}).then(async function ({ signatures, data }) {
expect(data).to.equal(plaintext);
expect(signatures[0].valid).to.be.false;
expect(signatures[0].error).to.match(/Could not find signing key/);
await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/);
const signingKey = await privateKey.getSigningKey();
expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(signatures[0].signature.packets.length).to.equal(1);
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -2392,11 +2390,10 @@ aOU=
return openpgp.decrypt(decOpt);
}).then(async function ({ signatures, data }) {
expect(data).to.equal('');
expect(signatures[0].valid).to.be.false;
expect(signatures[0].error).to.match(/Could not find signing key/);
await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/);
const signingKey = await privateKey.getSigningKey();
expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(signatures[0].signature.packets.length).to.equal(1);
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -2414,11 +2411,10 @@ aOU=
return openpgp.decrypt(decOpt);
}).then(async function ({ signatures, data }) {
expect(data).to.equal(plaintext);
expect(signatures[0].valid).to.be.false;
expect(signatures[0].error).to.match(/Could not find signing key/);
await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/);
const signingKey = await privateKey.getSigningKey();
expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(signatures[0].signature.packets.length).to.equal(1);
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -2439,11 +2435,10 @@ aOU=
verificationKeys: await openpgp.readKey({ armoredKey: wrong_pubkey })
});
expect(data).to.equal(plaintext);
expect(signatures[0].valid).to.be.false;
expect(signatures[0].error).to.match(/Could not find signing key/);
await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/);
const signingKey = await privateKey.getSigningKey();
expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(signatures[0].signature.packets.length).to.equal(1);
expect((await signatures[0].signature).packets.length).to.equal(1);
});
it('should encrypt and decrypt/verify both signatures when signed with two private keys', async function () {
@ -2475,14 +2470,14 @@ aOU=
}).then(async function (decrypted) {
let signingKey;
expect(decrypted.data).to.equal(plaintext);
expect(decrypted.signatures[0].valid).to.be.true;
expect(await decrypted.signatures[0].verified).to.be.true;
signingKey = await privateKey.getSigningKey();
expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
expect(decrypted.signatures[1].valid).to.be.true;
expect((await decrypted.signatures[0].signature).packets.length).to.equal(1);
expect(await decrypted.signatures[1].verified).to.be.true;
signingKey = await privKeyDE.getSigningKey();
expect(decrypted.signatures[1].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(decrypted.signatures[1].signature.packets.length).to.equal(1);
expect((await decrypted.signatures[1].signature).packets.length).to.equal(1);
});
} finally {
openpgp.config.rejectPublicKeyAlgorithms = rejectPublicKeyAlgorithms;
@ -2591,10 +2586,10 @@ aOU=
}).then(async function (decrypted) {
expect(decrypted.data).to.exist;
expect(decrypted.data).to.equal(plaintext);
expect(decrypted.signatures[0].valid).to.be.true;
expect(await decrypted.signatures[0].verified).to.be.true;
const signingKey = await privKeyDE.getSigningKey();
expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
expect((await decrypted.signatures[0].signature).packets.length).to.equal(1);
});
} finally {
openpgp.config.rejectPublicKeyAlgorithms = rejectPublicKeyAlgorithms;
@ -2837,10 +2832,10 @@ aOU=
return openpgp.verify(verifyOpt);
}).then(async function (verified) {
expect(verified.data).to.equal(plaintext.replace(/[ \t]+$/mg, ''));
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
const signingKey = await privateKey.getSigningKey();
expect(verified.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(verified.signatures[0].signature.packets.length).to.equal(1);
expect((await verified.signatures[0].signature).packets.length).to.equal(1);
});
});
@ -2869,14 +2864,14 @@ aOU=
}).then(async function (verified) {
let signingKey;
expect(verified.data).to.equal(plaintext.replace(/[ \t]+$/mg, ''));
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
signingKey = await privateKey.getSigningKey();
expect(verified.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(verified.signatures[0].signature.packets.length).to.equal(1);
expect(verified.signatures[1].valid).to.be.true;
expect((await verified.signatures[0].signature).packets.length).to.equal(1);
expect(await verified.signatures[1].verified).to.be.true;
signingKey = await privKeyDE.getSigningKey();
expect(verified.signatures[1].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(verified.signatures[1].signature.packets.length).to.equal(1);
expect((await verified.signatures[1].signature).packets.length).to.equal(1);
});
} finally {
openpgp.config.rejectPublicKeyAlgorithms = rejectPublicKeyAlgorithms;
@ -2899,10 +2894,10 @@ aOU=
return openpgp.verify(verifyOpt);
}).then(async function (verified) {
expect(verified.data).to.equal(plaintext);
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
const signingKey = await privateKey.getSigningKey();
expect(verified.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(verified.signatures[0].signature.packets.length).to.equal(1);
expect((await verified.signatures[0].signature).packets.length).to.equal(1);
});
});
@ -2920,11 +2915,10 @@ aOU=
return openpgp.verify(verifyOpt);
}).then(async function ({ data, signatures }) {
expect(data).to.equal(plaintext.replace(/[ \t]+$/mg, ''));
expect(signatures[0].valid).to.be.false;
expect(signatures[0].error).to.match(/Could not find signing key/);
await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/);
const signingKey = await privateKey.getSigningKey();
expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(signatures[0].signature.packets.length).to.equal(1);
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -2944,11 +2938,10 @@ aOU=
return openpgp.verify(verifyOpt);
}).then(async function ({ data, signatures }) {
expect(data).to.equal(plaintext);
expect(signatures[0].valid).to.be.false;
expect(signatures[0].error).to.match(/Could not find signing key/);
await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/);
const signingKey = await privateKey.getSigningKey();
expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(signatures[0].signature.packets.length).to.equal(1);
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -2967,10 +2960,10 @@ aOU=
return openpgp.verify(verifyOpt);
}).then(async function (verified) {
expect(verified.data).to.equal(plaintext);
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
const signingKey = await privateKey.getSigningKey();
expect(verified.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(verified.signatures[0].signature.packets.length).to.equal(1);
expect((await verified.signatures[0].signature).packets.length).to.equal(1);
});
});
@ -2992,12 +2985,12 @@ aOU=
return openpgp.verify(verifyOpt);
}).then(async function (verified) {
expect(verified.data).to.equal(plaintext);
expect(+verified.signatures[0].signature.packets[0].created).to.be.lte(+util.normalizeDate());
expect(+verified.signatures[0].signature.packets[0].created).to.be.gte(+start);
expect(verified.signatures[0].valid).to.be.true;
expect(+(await verified.signatures[0].signature).packets[0].created).to.be.lte(+util.normalizeDate());
expect(+(await verified.signatures[0].signature).packets[0].created).to.be.gte(+start);
expect(await verified.signatures[0].verified).to.be.true;
const signingKey = await privateKey.getSigningKey();
expect(verified.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex());
expect(verified.signatures[0].signature.packets.length).to.equal(1);
expect((await verified.signatures[0].signature).packets.length).to.equal(1);
});
});
@ -3019,22 +3012,22 @@ aOU=
return openpgp.sign(signOpt).then(async function (signed) {
verifyOpt.signature = await openpgp.readSignature({ binarySignature: signed });
return openpgp.verify(verifyOpt).then(async function (verified) {
expect(+verified.signatures[0].signature.packets[0].created).to.equal(+past);
expect(+(await verified.signatures[0].signature).packets[0].created).to.equal(+past);
expect(verified.data).to.equal(plaintext);
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
expect(await privateKey_1337.getSigningKey(verified.signatures[0].keyID, past))
.to.be.not.null;
expect(verified.signatures[0].signature.packets.length).to.equal(1);
expect((await verified.signatures[0].signature).packets.length).to.equal(1);
// now check with expiration checking disabled
verifyOpt.date = null;
return openpgp.verify(verifyOpt);
}).then(async function (verified) {
expect(+verified.signatures[0].signature.packets[0].created).to.equal(+past);
expect(+(await verified.signatures[0].signature).packets[0].created).to.equal(+past);
expect(verified.data).to.equal(plaintext);
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
expect(await privateKey_1337.getSigningKey(verified.signatures[0].keyID, null))
.to.be.not.null;
expect(verified.signatures[0].signature.packets.length).to.equal(1);
expect((await verified.signatures[0].signature).packets.length).to.equal(1);
});
});
});
@ -3059,12 +3052,12 @@ aOU=
verifyOpt.signature = await openpgp.readSignature({ binarySignature: signed });
return openpgp.verify(verifyOpt);
}).then(async function (verified) {
expect(+verified.signatures[0].signature.packets[0].created).to.equal(+future);
expect(+(await verified.signatures[0].signature).packets[0].created).to.equal(+future);
expect([].slice.call(verified.data)).to.deep.equal([].slice.call(data));
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
expect(await privateKey_2038_2045.getSigningKey(verified.signatures[0].keyID, future))
.to.be.not.null;
expect(verified.signatures[0].signature.packets.length).to.equal(1);
expect((await verified.signatures[0].signature).packets.length).to.equal(1);
});
});
@ -3089,10 +3082,10 @@ aOU=
return openpgp.verify(verifyOpt);
}).then(async function (verified) {
expect([].slice.call(verified.data)).to.deep.equal([].slice.call(data));
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
expect(await privateKey.getSigningKey(verified.signatures[0].keyID))
.to.be.not.null;
expect(verified.signatures[0].signature.packets.length).to.equal(1);
expect((await verified.signatures[0].signature).packets.length).to.equal(1);
});
});
@ -3473,7 +3466,7 @@ amnR6g==
const { privateKey: key } = await openpgp.generateKey({ curve, userIDs: { name: 'Alice', email: 'info@alice.com' }, format: 'object' });
const signed = await openpgp.sign({ signingKeys:[key], message: await openpgp.createCleartextMessage({ text: plaintext }) });
const verified = await openpgp.verify({ verificationKeys:[key], message: await openpgp.readCleartextMessage({ cleartextMessage: signed }) });
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
});
});

121
test/general/signature.js
View File

@ -750,7 +750,7 @@ cJRRGJPL16wINuk=
const message = await openpgp.createMessage({ text: 'Marker + Detached signature' });
const signature = await openpgp.readSignature({ armoredSignature: signatureWithMarkerPacket });
const { signatures: [sigInfo] } = await openpgp.verify({ message, signature, verificationKeys: key });
expect(sigInfo.valid).to.be.true;
expect(await sigInfo.verified).to.be.true;
});
@ -765,10 +765,10 @@ cJRRGJPL16wINuk=
rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.md5, openpgp.enums.hash.ripemd]),
rejectPublicKeyAlgorithms: new Set()
};
const decrypted = await openpgp.decrypt({ decryptionKeys: privateKey, verificationKeys: publicKey, message, config });
expect(decrypted.data).to.exist;
expect(decrypted.signatures[0].valid).to.be.true;
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
const { data, signatures } = await openpgp.decrypt({ decryptionKeys: privateKey, verificationKeys: publicKey, message, config });
expect(data).to.exist;
expect(await signatures[0].verified).to.be.true;
expect((await signatures[0].signature).packets.length).to.equal(1);
});
it('Consider signature expired at the expiration time', async function() {
@ -1033,12 +1033,12 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU=
return openpgp.decrypt({
decryptionKeys: privKey, verificationKeys: pubKey , message, config: { minRSABits: 1024 }
}).then(decrypted => {
expect(decrypted.data).to.exist;
expect(decrypted.data).to.equal(plaintext);
expect(decrypted.signatures).to.have.length(1);
expect(decrypted.signatures[0].valid).to.be.true;
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
}).then(async ({ signatures, data }) => {
expect(data).to.exist;
expect(data).to.equal(plaintext);
expect(signatures).to.have.length(1);
expect(await signatures[0].verified).to.be.true;
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -1083,8 +1083,7 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU=
const message = await openpgp.readMessage({ armoredMessage: signature_with_critical_notation });
const key = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const { signatures: [sig] } = await openpgp.verify({ message, verificationKeys: key, config: { minRSABits: 1024 } });
expect(sig.valid).to.be.false;
expect(sig.error).to.match(/Unknown critical notation: test@example.com/);
await expect(sig.verified).to.be.rejectedWith(/Unknown critical notation: test@example.com/);
});
it('Verify succeeds with known signed message with critical notations', async function() {
@ -1093,7 +1092,7 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU=
const config = { knownNotations: ['test@example.com'], minRSABits: 1024 };
const { signatures: [sig] } = await openpgp.verify({ message, verificationKeys: key, config });
expect(sig.valid).to.be.true;
expect(await sig.verified).to.be.true;
});
it('Verify cleartext signed message with two signatures with openpgp.verify', async function() {
@ -1130,14 +1129,13 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU=
expect(pubKey2.getKeys(keyIDs[0])).to.not.be.empty;
expect(pubKey3.getKeys(keyIDs[1])).to.not.be.empty;
return openpgp.verify({ verificationKeys:[pubKey2, pubKey3], message, config: { minRSABits: 1024 } }).then(function(cleartextSig) {
expect(cleartextSig).to.exist;
expect(cleartextSig.data).to.equal(plaintext);
expect(cleartextSig.signatures).to.have.length(2);
expect(cleartextSig.signatures[0].valid).to.be.true;
expect(cleartextSig.signatures[1].valid).to.be.true;
expect(cleartextSig.signatures[0].signature.packets.length).to.equal(1);
expect(cleartextSig.signatures[1].signature.packets.length).to.equal(1);
return openpgp.verify({ verificationKeys:[pubKey2, pubKey3], message, config: { minRSABits: 1024 } }).then(async function({ signatures, data }) {
expect(data).to.equal(plaintext);
expect(signatures).to.have.length(2);
expect(await signatures[0].verified).to.be.true;
expect(await signatures[1].verified).to.be.true;
expect((await signatures[0].signature).packets.length).to.equal(1);
expect((await signatures[1].signature).packets.length).to.equal(1);
});
});
@ -1203,16 +1201,15 @@ zmuVOdNuWQqxT9Sqa84=
expect(pubKey.getKeys(keyIDs[0])).to.not.be.empty;
const cleartextSig = await openpgp.verify({
const { signatures, data } = await openpgp.verify({
verificationKeys:[pubKey],
message,
config: { minRSABits: 1024, rejectMessageHashAlgorithms: new Set() }
});
expect(cleartextSig).to.exist;
expect(cleartextSig.data).to.equal(plaintext.replace(/[ \t]+$/mg, ''));
expect(cleartextSig.signatures).to.have.length(1);
expect(cleartextSig.signatures[0].valid).to.be.true;
expect(cleartextSig.signatures[0].signature.packets.length).to.equal(1);
expect(data).to.equal(plaintext.replace(/[ \t]+$/mg, ''));
expect(signatures).to.have.length(1);
expect(await signatures[0].verified).to.be.true;
expect((await signatures[0].signature).packets.length).to.equal(1);
});
function tests() {
@ -1237,11 +1234,15 @@ yYDnCgA=
const keyIDs = message.getSigningKeyIDs();
expect(pubKey.getKeys(keyIDs[0])).to.not.be.empty;
return openpgp.verify({ verificationKeys: [pubKey], message, config: { minRSABits: 1024 } }).then(({ data, signatures }) => {
return openpgp.verify({ verificationKeys: [pubKey], message, config: { minRSABits: 1024 } }).then(async ({ data, signatures }) => {
expect(data).to.equal(plaintext);
expect(signatures).to.have.length(1);
expect(signatures[0].valid).to.equal(!openpgp.config.rejectMessageHashAlgorithms.has(openpgp.enums.hash.sha1));
expect(signatures[0].signature.packets.length).to.equal(1);
if (openpgp.config.rejectMessageHashAlgorithms.has(openpgp.enums.hash.sha1)) {
await expect(signatures[0].verified).to.be.rejected;
} else {
expect(await signatures[0].verified).to.be.true;
}
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -1378,11 +1379,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
return openpgp.verify({ verificationKeys:[pubKey], message, config });
}).then(function({ data, signatures }) {
}).then(async function({ data, signatures }) {
expect(data).to.equal(plaintext.replace(/[ \t\r]+$/mg, ''));
expect(signatures).to.have.length(1);
expect(signatures[0].valid).to.be.true;
expect(signatures[0].signature.packets.length).to.equal(1);
expect(await signatures[0].verified).to.be.true;
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -1400,11 +1401,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
return openpgp.verify({ verificationKeys: pubKey, message, config });
}).then(function({ data, signatures }) {
}).then(async function({ data, signatures }) {
expect(data).to.equal(plaintext);
expect(signatures).to.have.length(1);
expect(signatures[0].valid).to.be.true;
expect(signatures[0].signature.packets.length).to.equal(1);
expect(await signatures[0].verified).to.be.true;
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -1422,11 +1423,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
return openpgp.verify({ verificationKeys: pubKey, message, config });
}).then(function({ data, signatures }) {
}).then(async function({ data, signatures }) {
expect(data).to.equal(plaintext.replace(/[ \t]+$/mg, ''));
expect(signatures).to.have.length(1);
expect(signatures[0].valid).to.be.true;
expect(signatures[0].signature.packets.length).to.equal(1);
expect(await signatures[0].verified).to.be.true;
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -1444,11 +1445,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
const message = await openpgp.readMessage({ armoredMessage: signed });
return openpgp.verify({ verificationKeys: pubKey, message, format: 'binary', config });
}).then(function({ data, signatures }) {
}).then(async function({ data, signatures }) {
expect(data).to.deep.equal(plaintext);
expect(signatures).to.have.length(1);
expect(signatures[0].valid).to.be.true;
expect(signatures[0].signature.packets.length).to.equal(1);
expect(await signatures[0].verified).to.be.true;
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -1466,11 +1467,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
const message = await openpgp.readMessage({ binaryMessage: signed });
return openpgp.verify({ verificationKeys: pubKey, message, format: 'binary', config });
}).then(function({ data, signatures }) {
}).then(async function({ data, signatures }) {
expect(data).to.deep.equal(plaintext);
expect(signatures).to.have.length(1);
expect(signatures[0].valid).to.be.true;
expect(signatures[0].signature.packets.length).to.equal(1);
expect(await signatures[0].verified).to.be.true;
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -1486,11 +1487,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
return openpgp.sign({ signingKeys: privKey, message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async armoredSignature => {
const signature = await openpgp.readSignature({ armoredSignature });
return openpgp.verify({ verificationKeys: pubKey, message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), signature, config });
}).then(function({ data, signatures }) {
}).then(async function({ data, signatures }) {
expect(data).to.equal(plaintext);
expect(signatures).to.have.length(1);
expect(signatures[0].valid).to.be.true;
expect(signatures[0].signature.packets.length).to.equal(1);
expect(await signatures[0].verified).to.be.true;
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -1508,11 +1509,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
const signature = await openpgp.readSignature({ armoredSignature });
return openpgp.verify({ verificationKeys: pubKey, message: await openpgp.createMessage({ text: plaintext }), signature, config });
}).then(function({ data, signatures }) {
}).then(async function({ data, signatures }) {
expect(data).to.equal(plaintext);
expect(signatures).to.have.length(1);
expect(signatures[0].valid).to.be.true;
expect(signatures[0].signature.packets.length).to.equal(1);
expect(await signatures[0].verified).to.be.true;
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -1533,11 +1534,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
const message = await openpgp.readMessage({ armoredMessage });
return openpgp.decrypt({ message, decryptionKeys: [privKey], verificationKeys: [pubKey], config });
}).then(function({ data, signatures }) {
}).then(async function({ data, signatures }) {
expect(data).to.equal(plaintext);
expect(signatures).to.have.length(1);
expect(signatures[0].valid).to.be.true;
expect(signatures[0].signature.packets.length).to.equal(1);
expect(await signatures[0].verified).to.be.true;
expect((await signatures[0].signature).packets.length).to.equal(1);
});
});
@ -1624,8 +1625,8 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
const { data, signatures } = await openpgp.verify({ verificationKeys:[publicKey], message, config: { minRSABits: 1024 } });
expect(data).to.equal(content);
expect(signatures).to.have.length(1);
expect(signatures[0].valid).to.be.true;
expect(signatures[0].signature.packets.length).to.equal(1);
expect(await signatures[0].verified).to.be.true;
expect((await signatures[0].signature).packets.length).to.equal(1);
expect(await signatures[0].verified).to.be.true;
});
@ -1789,7 +1790,7 @@ oaBUyhCKt8tz6Q==
decryptionKeys: key,
config: { minRSABits: 1024 }
});
expect(decrypted.signatures[0].valid).to.be.true;
expect(await decrypted.signatures[0].verified).to.be.true;
});
it('should verify a shorter EdDSA signature', async function() {
@ -1822,7 +1823,7 @@ Ie6jnY0zP2ldtS4JmhKBa43qmOHCxHc=
=7B58
-----END PGP MESSAGE-----`;
const decrypted = await openpgp.decrypt({ message: await openpgp.readMessage({ armoredMessage: encrypted }), decryptionKeys: key, verificationKeys: key.toPublic() });
expect(decrypted.signatures[0].valid).to.be.true;
expect(await decrypted.signatures[0].verified).to.be.true;
});
it('should verify a shorter ECDSA signature', async function() {
@ -1858,6 +1859,6 @@ JImeZLY02MctIpGZULbqgcUGK0P/yqrPL8Pe4lQM
-----END PGP SIGNATURE-----`;
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
const verified = await openpgp.verify({ verificationKeys: key, message });
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
});
});

6
test/general/streaming.js
View File

@ -683,7 +683,7 @@ function tests() {
});
expect(verified.data).to.equal('hello world');
expect(verified.signatures).to.exist.and.have.length(1);
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
});
it('Detached sign small message using brainpool curve keys', async function() {
@ -722,7 +722,7 @@ function tests() {
});
expect(verified.data).to.equal('hello world');
expect(verified.signatures).to.exist.and.have.length(1);
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
});
it('Detached sign small message using x25519 curve keys', async function() {
@ -761,7 +761,7 @@ function tests() {
});
expect(verified.data).to.equal('hello world');
expect(verified.signatures).to.exist.and.have.length(1);
expect(verified.signatures[0].valid).to.be.true;
expect(await verified.signatures[0].verified).to.be.true;
});
it("Detached sign is expected to pull entire input stream when we're not pulling signed stream", async function() {

18
test/general/x25519.js
View File

@ -164,11 +164,11 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr
const name = 'light';
const pub = await load_pub_key(name);
const msg = await openpgp.readCleartextMessage({ cleartextMessage: data[name].message_signed });
return openpgp.verify({ verificationKeys: [pub], message: msg }).then(function(result) {
return openpgp.verify({ verificationKeys: [pub], message: msg }).then(async function(result) {
expect(result).to.exist;
expect(result.data).to.equal(data[name].message);
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
});
@ -184,7 +184,7 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr
expect(result).to.exist;
expect(result.data).to.equal(randomData.replace(/[ \t]+$/mg, ''));
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
it('Decrypt and verify message', async function () {
@ -196,7 +196,7 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr
expect(result).to.exist;
expect(result.data).to.equal(data.night.message);
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
it('Encrypt and sign message', async function () {
@ -213,7 +213,7 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr
expect(result).to.exist;
expect(result.data).to.equal(randomData);
expect(result.signatures).to.have.length(1);
expect(result.signatures[0].valid).to.be.true;
expect(await result.signatures[0].verified).to.be.true;
});
describe('Ed25519 Test Vectors from RFC8032', function () {
@ -445,13 +445,13 @@ function omnibus() {
return Promise.all([
openpgp.verify(
{ message: msg, verificationKeys: hi.toPublic() }
).then(output => expect(output.signatures[0].valid).to.be.true),
).then(output => expect(output.signatures[0].verified).to.eventually.be.true),
// Verifying detached signature
openpgp.verify({
message: await openpgp.createMessage({ text: 'Hi, this is me, Hi!' }),
verificationKeys: hi.toPublic(),
signature: msg.signature
}).then(output => expect(output.signatures[0].valid).to.be.true)
}).then(output => expect(output.signatures[0].verified).to.eventually.be.true)
]);
}),
// Encrypting and signing
@ -466,9 +466,9 @@ function omnibus() {
message: msg,
decryptionKeys: bye,
verificationKeys: [hi.toPublic()]
}).then(output => {
}).then(async output => {
expect(output.data).to.equal('Hi, Hi wrote this but only Bye can read it!');
expect(output.signatures[0].valid).to.be.true;
await expect(output.signatures[0].verified).to.eventually.be.true;
});
})
]);

3
test/security/subkey_trust.js
View File

@ -69,8 +69,7 @@ async function testSubkeyTrust() {
verificationKeys: fakeKey
});
expect(verifyAttackerIsBatman.signatures[0].keyID.equals(victimPubKey.subkeys[0].getKeyID())).to.be.true;
expect(verifyAttackerIsBatman.signatures[0].valid).to.be.false;
expect(verifyAttackerIsBatman.signatures[0].error).to.match(/Could not find valid signing key packet/);
await expect(verifyAttackerIsBatman.signatures[0].verified).to.be.rejectedWith(/Could not find valid signing key packet/);
}
module.exports = () => it('Does not trust subkeys without Primary Key Binding Signature', testSubkeyTrust);

4
test/worker/worker_example.js
View File

@ -68,9 +68,7 @@ onmessage = async function({ data: { action, message }, ports: [port] }) {
verificationKeys: publicKey,
decryptionKeys: privateKey
});
if (!signatures[0].valid) {
throw new Error("Couldn't veriy signature");
}
await signatures[0].verified;
result = data;
break;
}