I bring a different bug, but it strongly relates to the previous bugs
in this conversation, so I'll post it here.
/**
* Verify signatures of cleartext signed message
* @param {Array<module:key~Key>} publicKeys public keys to verify signatures
* @return {Array<{keyid: module:type/keyid, valid: Boolean}>} list of
signer's keyid and validity of signature
*/
CleartextMessage.prototype.verify = function(publicKeys) {
var result = [];
var signatureList = this.packets.filterByTag(enums.packet.signature);
var literalDataPacket = new packet.Literal();
// we assume that cleartext signature is generated based on UTF8 cleartext
literalDataPacket.setText(this.text);
publicKeys.forEach(function(pubKey) {
for (var i = 0; i < signatureList.length; i++) {
var publicKeyPacket =
pubKey.getPublicKeyPacket([signatureList[i].issuerKeyId]);
if (publicKeyPacket) {
var verifiedSig = {};
verifiedSig.keyid = signatureList[i].issuerKeyId;
verifiedSig.valid = signatureList[i].verify(publicKeyPacket,
literalDataPacket) || false;
result.push(verifiedSig);
break;
}
}
});
return result;
};
the "literalDataPacket.setText(this.text);" line, this will not only
normalize line endings, but it will also util.encode_utf8
/**
* Set the packet data to a javascript native string, end of line
* will be normalized to \r\n and by default text is converted to UTF8
* @param {String} text Any native javascript string
*/
Literal.prototype.setText = function (text) {
// normalize EOL to \r\n
text = text.replace(/\r/g, '').replace(/\n/g, '\r\n');
// encode UTF8
this.data = this.format == 'utf8' ? util.encode_utf8(text) : text;
};
which would be ok, but
/**
* verifys the signature packet. Note: not signature types are implemented
* @param {String|Object} data data which on the signature applies
* @param {module:packet/public_subkey|module:packet/public_key} key
the public key to verify the signature
* @return {boolean} True if message is verified, else false.
*/
Signature.prototype.verify = function (key, data) {
var signatureType = enums.write(enums.signature, this.signatureType),
publicKeyAlgorithm = enums.write(enums.publicKey, this.publicKeyAlgorithm),
hashAlgorithm = enums.write(enums.hash, this.hashAlgorithm);
var bytes = this.toSign(signatureType, data),
trailer = this.calculateTrailer();
"var bytes = this.toSign(signatureType, data),"
calls:
Signature.prototype.toSign = function (type, data) {
var t = enums.signature;
switch (type) {
case t.binary:
case t.text:
return data.getBytes();
getBytes.
which doesn't de-encode it.
--
the test case is http://pastebin.com/raw.php?i=Z5mEnMvF
-tim
On 4/9/14, Thomas Oberndörfer <[email protected]> wrote:
>> that:
>> a = unescape(c.deflate()[0][0]);
>>
>> is causing signatures to fail.
>
> I opened an issue here: https://github.com/openpgpjs/openpgpjs/issues/210
> Thanks for finding this.
>
>>> When I look at the minified with Chrome, I see the verify function
>>> calls "setText" on a "Literal"...
>>>
>>> that "setText" code also removes \r
>>> so even if the message is "fromBinary" (unless there is some mechanism
>>> in the code I don't know), the msg.verify ?might? still fail?
>
> fromBinary calls literalDataPacket.setBytes and here the \r is not
> replaced.
> But in general for the problem of handling of \r I opened an issue:
> https://github.com/openpgpjs/openpgpjs/issues/211
>
> Thomas
>
>
>>>
>>> Anyhowz,
>>>
>>> looking forward to next version,
>>>
>>> -tim
>>>
>>> On 4/7/14, Thomas Oberndörfer <[email protected]> wrote:
>>>> I see, this scenario is currently not supported.
>>>> You are having a binary and signature packets as base64.
>>>>
>>>> First we would need to expose the base64 module to openpgp namespace.
>>>> Then you could do something like:
>>>>
>>>> - create message msg with openpgp.message.fromBinary(binary)
>>>> - decode base64 signatures, read result into new packetlist
>>>> - concat signature packetlist to msg.packets
>>>> - call msg.verify...
>>>>
>>>> Thomas
>>>>
>>>> On Mon, Apr 7, 2014 at 4:38 PM, Tim Prepscius <[email protected]>
>>>> wrote:
>>>>> Here's my work around, it shows the difficulties I'm having.
>>>>>
>>>>> (I'd copy-paste,but i think the formatting is going to come through
>>>>> even more badly)
>>>>>
>>>>> http://pastebin.com/raw.php?i=AJUHtyzH
>>>>>
>>>>> -tim
>>>>>
>>>>>
>>>>> On 4/7/14, Thomas Oberndörfer <[email protected]> wrote:
>>>>>>> 1. Can openpgpjs read a signature directly?
>>>>>>
>>>>>> Here is an example:
>>>>>> https://github.com/openpgpjs/openpgpjs/blob/master/test/general/signature.js#L472
>>>>>>
>>>>>>> 2. Can openpgjs handle binary signatures?
>>>>>>
>>>>>> You could do:
>>>>>>
>>>>>> openpgp.message.fromBinary('\r').sign(...
>>>>>>
>>>>>> Or what is your exact use case?
>>>>>>
>>>>>> Thomas
>>>>>>
>>>>>>
>>>>>> On Mon, Apr 7, 2014 at 4:08 AM, Tim Prepscius
>>>>>> <[email protected]>
>>>>>> wrote:
>>>>>>> I just wanted to check to make sure I've not overlooked it:
>>>>>>>
>>>>>>> 1. Can openpgpjs read a signature directly?
>>>>>>> (I haven't found it, and am using this kludge
>>>>>>>
>>>>>>> // i'm having problems getting the signature with
>>>>>>> openpgpjs, so I
>>>>>>> make a fake message and
>>>>>>> // then get the signature from that
>>>>>>>
>>>>>>> var armoredText = "-----BEGIN PGP SIGNED
>>>>>>> MESSAGE-----\n\n"
>>>>>>> + data[1];
>>>>>>> var input =
>>>>>>> window.openpgp.armor.decode(armoredText);
>>>>>>> var packetlist = new window.openpgp.packet.List();
>>>>>>> packetlist.read(input.data);
>>>>>>>
>>>>>>> )
>>>>>>>
>>>>>>>
>>>>>>> 2. Can openpgjs handle binary signatures?
>>>>>>>
>>>>>>> Actually I sort of know that it can't. Or, any signature that
>>>>>>> requires the \r. -- And have done a work around. Is a bug for that
>>>>>>> somewhere I can put myself as a watcher? I'd like to eventually
>>>>>>> remove my work-around.
>>>>>>>
>>>>>>> -tim
>>>>>>> _______________________________________________
>>>>>>>
>>>>>>> http://openpgpjs.org
>>>>>>> Subscribe/unsubscribe: http://list.openpgpjs.org
>>>>>> _______________________________________________
>>>>>>
>>>>>> http://openpgpjs.org
>>>>>> Subscribe/unsubscribe: http://list.openpgpjs.org
>>>>>>
>>>>> _______________________________________________
>>>>>
>>>>> http://openpgpjs.org
>>>>> Subscribe/unsubscribe: http://list.openpgpjs.org
>>>> _______________________________________________
>>>>
>>>> http://openpgpjs.org
>>>> Subscribe/unsubscribe: http://list.openpgpjs.org
>>>>
>>>
>> _______________________________________________
>>
>> http://openpgpjs.org
>> Subscribe/unsubscribe: http://list.openpgpjs.org
> _______________________________________________
>
> http://openpgpjs.org
> Subscribe/unsubscribe: http://list.openpgpjs.org
>
_______________________________________________
http://openpgpjs.org
Subscribe/unsubscribe: http://list.openpgpjs.org
