Throw an error if a wrong public key is used to verify a signature.

2014-06-30 19:26:33 +02:00 · 2014-06-30 19:26:33 +02:00 · ecb6798441
commit ecb6798441
parent dbbb207211
3 changed files with 40 additions and 2 deletions
--- a/package.json
+++ b/package.json
@ -1,7 +1,7 @@
 {
  "name": "openpgp",
  "description": "OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.",
-  "version": "0.6.3-dev",
+  "version": "0.6.3",
  "homepage": "http://openpgpjs.org/",
  "engines": {
    "node": ">=0.8"
--- a/src/message.js
+++ b/src/message.js
@ -232,8 +232,9 @@ Message.prototype.verify = function(keys) {
  if (literalDataList.length !== 1) throw new Error('Can only verify message with one literal data packet.');
  var signatureList = msg.packets.filterByTag(enums.packet.signature);
  keys.forEach(function(key) {
+    var keyPacket = null;
    for (var i = 0; i < signatureList.length; i++) {
-      var keyPacket = key.getKeyPacket([signatureList[i].issuerKeyId]);
+      keyPacket = key.getKeyPacket([signatureList[i].issuerKeyId]);
      if (keyPacket) {
        var verifiedSig = {};
        verifiedSig.keyid = signatureList[i].issuerKeyId;
@ -242,6 +243,9 @@ Message.prototype.verify = function(keys) {
        break;
      }
    }
+    if (!keyPacket) {
+      throw new Error('No matching signature found for specified keys.');
+    }
  });
  return result;
 };
--- a/test/general/basic.js
+++ b/test/general/basic.js
@ -60,6 +60,40 @@ describe('Basic', function() {
      testHelper('●●●●', '♔♔♔♔ <test@example.com>', 'łäóć');
      done();
    });
+
+    it('should fail to verify signature for wrong public key', function (done) {
+      var userid = 'Test McTestington <test@example.com>';
+      var passphrase = 'password';
+      var message = 'hello world';
+
+      var key = openpgp.generateKeyPair({numBits: 512, userId: userid, passphrase: passphrase});
+
+      var privKeys = openpgp.key.readArmored(key.privateKeyArmored);
+      var publicKeys = openpgp.key.readArmored(key.publicKeyArmored);
+
+      var privKey = privKeys.keys[0];
+      var pubKey = publicKeys.keys[0];
+
+      var success = privKey.decrypt(passphrase);
+
+      var encrypted = openpgp.signAndEncryptMessage([pubKey], privKey, message);
+
+      var msg = openpgp.message.readArmored(encrypted);
+      expect(msg).to.exist;
+
+      var anotherKey = openpgp.generateKeyPair({numBits: 512, userId: userid, passphrase: passphrase});
+      var anotherPubKey = openpgp.key.readArmored(anotherKey.publicKeyArmored).keys[0];
+
+      var decrypted;
+      try {
+        decrypted = openpgp.decryptAndVerifyMessage(privKey, [anotherPubKey], msg);
+      } catch(e) {
+        expect(e).to.exist;
+        expect(decrypted).to.not.exist;
+        done();
+      }
+    });
+
    it('Performance test', function (done) {
      // init test data
      function randomString(length, chars) {