suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement Key.prototype.clearPrivateParams

Browse Source
This commit is contained in:
Daniel Huigens 2020-01-24 17:00:04 +01:00
parent 26d107b856
commit 523432334f
2 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/key/key.js
View File

@ -416,6 +416,20 @@ Key.prototype.validate = async function() {
return signature.verify(signingKeyPacket, signatureType, data);
};
/**
* Clear private key parameters
*/
Key.prototype.clearPrivateParams = function () {
if (!this.isPrivate()) {
throw new Error("Can't clear private parameters of a public key");
}
this.getKeys().forEach(({ keyPacket }) => {
if (keyPacket.isDecrypted()) {
keyPacket.clearPrivateParams();
}
});
};
/**
* Checks if a signature on a key is revoked
* @param {module:packet.SecretKey|

33
test/general/key.js
View File

@ -2598,6 +2598,39 @@ describe('Key', function() {
expect(await key.validate()).to.be.false;
});
it('clearPrivateParams() - check that private key can no longer be used', async function() {
const { keys: [key] } = await openpgp.key.readArmored(priv_key_rsa);
await key.decrypt('hello world');
await key.clearPrivateParams();
await expect(key.validate()).to.be.rejectedWith('Key is not decrypted');
});
it('clearPrivateParams() - check that private key parameters were removed', async function() {
const { keys: [key] } = await openpgp.key.readArmored(priv_key_rsa);
await key.decrypt('hello world');
const params = key.primaryKey.params;
await key.clearPrivateParams();
key.primaryKey.isEncrypted = false;
key.primaryKey.params = params;
await expect(key.validate()).to.be.rejectedWith('Missing private key parameters');
});
it.only('clearPrivateParams() - check that private key parameters were zeroed out', async function() {
const { keys: [key] } = await openpgp.key.readArmored(priv_key_rsa);
await key.decrypt('hello world');
const params = key.primaryKey.params.slice();
await key.clearPrivateParams();
key.primaryKey.isEncrypted = false;
key.primaryKey.params = params;
const use_nativeVal = openpgp.config.use_native;
openpgp.config.use_native = false;
try {
expect(await key.validate()).to.be.false;
} finally {
openpgp.config.use_native = use_nativeVal;
}
});
it('update() - throw error if fingerprints not equal', async function() {
const keys = (await openpgp.key.readArmored(twoKeys)).keys;
await expect(keys[0].update.bind(