suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check validity of key packet before signature verification

Browse Source
This commit is contained in:
Thomas Oberndörfer 2015-03-03 18:15:17 +01:00
parent 6835ff0872
commit a33b8c035d
3 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/cleartext.js
View File

@ -70,6 +70,9 @@ CleartextMessage.prototype.sign = function(privateKeys) {
var literalDataPacket = new packet.Literal(); var literalDataPacket = new packet.Literal();
literalDataPacket.setText(this.text); literalDataPacket.setText(this.text);
for (var i = 0; i < privateKeys.length; i++) { for (var i = 0; i < privateKeys.length; i++) {
if (privateKeys[i].isPublic()) {
throw new Error('Need private key for signing');
}
var signaturePacket = new packet.Signature(); var signaturePacket = new packet.Signature();
signaturePacket.signatureType = enums.signature.text; signaturePacket.signatureType = enums.signature.text;
signaturePacket.hashAlgorithm = config.prefer_hash_algorithm; signaturePacket.hashAlgorithm = config.prefer_hash_algorithm;
@ -96,7 +99,7 @@ CleartextMessage.prototype.verify = function(keys) {
for (var i = 0; i < signatureList.length; i++) { for (var i = 0; i < signatureList.length; i++) {
var keyPacket = null; var keyPacket = null;
for (var j = 0; j < keys.length; j++) { for (var j = 0; j < keys.length; j++) {
keyPacket = keys[j].getKeyPacket([signatureList[i].issuerKeyId]); keyPacket = keys[j].getSigningKeyPacket(signatureList[i].issuerKeyId);
if (keyPacket) { if (keyPacket) {
break; break;
} }

14
src/key.js
View File

@ -278,21 +278,21 @@ Key.prototype.armor = function() {
}; };
/** /**
* Returns first key packet that is available for signing * Returns first key packet or key packet by given keyId that is available for signing or signature verification
* @param {module:type/keyid} keyId, optional
* @return {(module:packet/secret_subkey|module:packet/secret_key|null)} key packet or null if no signing key has been found * @return {(module:packet/secret_subkey|module:packet/secret_key|null)} key packet or null if no signing key has been found
*/ */
Key.prototype.getSigningKeyPacket = function() { Key.prototype.getSigningKeyPacket = function(keyId) {
if (this.isPublic()) {
throw new Error('Need private key for signing');
}
var primaryUser = this.getPrimaryUser(); var primaryUser = this.getPrimaryUser();
if (primaryUser && if (primaryUser &&
isValidSigningKeyPacket(this.primaryKey, primaryUser.selfCertificate)) { isValidSigningKeyPacket(this.primaryKey, primaryUser.selfCertificate) &&
(!keyId || this.primaryKey.getKeyId().equals(keyId))) {
return this.primaryKey; return this.primaryKey;
} }
if (this.subKeys) { if (this.subKeys) {
for (var i = 0; i < this.subKeys.length; i++) { for (var i = 0; i < this.subKeys.length; i++) {
if (this.subKeys[i].isValidSigningKey(this.primaryKey)) { if (this.subKeys[i].isValidSigningKey(this.primaryKey) &&
(!keyId || this.subKeys[i].subKey.getKeyId().equals(keyId))) {
return this.subKeys[i].subKey; return this.subKeys[i].subKey;
} }
} }

5
src/message.js
View File

@ -194,6 +194,9 @@ Message.prototype.sign = function(privateKeys) {
enums.signature.binary : enums.signature.text; enums.signature.binary : enums.signature.text;
var i; var i;
for (i = 0; i < privateKeys.length; i++) { for (i = 0; i < privateKeys.length; i++) {
if (privateKeys[i].isPublic()) {
throw new Error('Need private key for signing');
}
var onePassSig = new packet.OnePassSignature(); var onePassSig = new packet.OnePassSignature();
onePassSig.type = signatureType; onePassSig.type = signatureType;
//TODO get preferred hashg algo from key signature //TODO get preferred hashg algo from key signature
@ -236,7 +239,7 @@ Message.prototype.verify = function(keys) {
for (var i = 0; i < signatureList.length; i++) { for (var i = 0; i < signatureList.length; i++) {
var keyPacket = null; var keyPacket = null;
for (var j = 0; j < keys.length; j++) { for (var j = 0; j < keys.length; j++) {
keyPacket = keys[j].getKeyPacket([signatureList[i].issuerKeyId]); keyPacket = keys[j].getSigningKeyPacket(signatureList[i].issuerKeyId);
if (keyPacket) { if (keyPacket) {
break; break;
} }