From ecb6798441c2005b250743306aab571fc8ced561 Mon Sep 17 00:00:00 2001
From: Tankred Hase <tankred@whiteout.io>
Date: Mon, 30 Jun 2014 19:26:33 +0200
Subject: [PATCH] Throw an error if a wrong public key is used to verify a
 signature.

---
 package.json          |  2 +-
 src/message.js        |  6 +++++-
 test/general/basic.js | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index 21d0ec58..ae23c005 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "openpgp",
   "description": "OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.",
-  "version": "0.6.3-dev",
+  "version": "0.6.3",
   "homepage": "http://openpgpjs.org/",
   "engines": {
     "node": ">=0.8"
diff --git a/src/message.js b/src/message.js
index 7c4679bb..5fd6ffc8 100644
--- a/src/message.js
+++ b/src/message.js
@@ -232,8 +232,9 @@ Message.prototype.verify = function(keys) {
   if (literalDataList.length !== 1) throw new Error('Can only verify message with one literal data packet.');
   var signatureList = msg.packets.filterByTag(enums.packet.signature);
   keys.forEach(function(key) {
+    var keyPacket = null;
     for (var i = 0; i < signatureList.length; i++) {
-      var keyPacket = key.getKeyPacket([signatureList[i].issuerKeyId]);
+      keyPacket = key.getKeyPacket([signatureList[i].issuerKeyId]);
       if (keyPacket) {
         var verifiedSig = {};
         verifiedSig.keyid = signatureList[i].issuerKeyId;
@@ -242,6 +243,9 @@ Message.prototype.verify = function(keys) {
         break;
       }
     }
+    if (!keyPacket) {
+      throw new Error('No matching signature found for specified keys.');
+    }
   });
   return result;
 };
diff --git a/test/general/basic.js b/test/general/basic.js
index b4018a6b..060b7414 100644
--- a/test/general/basic.js
+++ b/test/general/basic.js
@@ -60,6 +60,40 @@ describe('Basic', function() {
       testHelper('●●●●', '♔♔♔♔ <test@example.com>', 'łäóć');
       done();
     });
+
+    it('should fail to verify signature for wrong public key', function (done) {
+      var userid = 'Test McTestington <test@example.com>';
+      var passphrase = 'password';
+      var message = 'hello world';
+
+      var key = openpgp.generateKeyPair({numBits: 512, userId: userid, passphrase: passphrase});
+
+      var privKeys = openpgp.key.readArmored(key.privateKeyArmored);
+      var publicKeys = openpgp.key.readArmored(key.publicKeyArmored);
+
+      var privKey = privKeys.keys[0];
+      var pubKey = publicKeys.keys[0];
+
+      var success = privKey.decrypt(passphrase);
+
+      var encrypted = openpgp.signAndEncryptMessage([pubKey], privKey, message);
+
+      var msg = openpgp.message.readArmored(encrypted);
+      expect(msg).to.exist;
+
+      var anotherKey = openpgp.generateKeyPair({numBits: 512, userId: userid, passphrase: passphrase});
+      var anotherPubKey = openpgp.key.readArmored(anotherKey.publicKeyArmored).keys[0];
+
+      var decrypted;
+      try {
+        decrypted = openpgp.decryptAndVerifyMessage(privKey, [anotherPubKey], msg);
+      } catch(e) {
+        expect(e).to.exist;
+        expect(decrypted).to.not.exist;
+        done();
+      }
+    });
+
     it('Performance test', function (done) {
       // init test data
       function randomString(length, chars) {