Hi, I am working on a html5 offline web app using openpgpjs. I want my users to be able to insert an ascii armored pgp-key (including public AND private key) into their keyring. When looking into the localStorage itself I found out, that the publicKey-Object has an attribute called „armored“, which stores the original ascii-code.
And here it is: it stores the ORIGINAL ascii-armored key.
So the publicKey from my Keyring stores my privateKey in armored Format. I
don’t think this is how
it was meant to be. This is a potential security risk. If a user removes
his/her private key keeping the publicKey
in Keyring he/she would never realize, that the privateKey still persists
sleeping inside the publicKey-Object.
Please have a look into that issue!
Here is my code - if I am making something wrong causing this I would
appreciate ideas for improvement:
require(["openpgp","jquery-1.11.1.min"],
function() {
openpgp.init();
}
);
function setKey(asciiKey) {
console.log('Unarmoring Key from Ascii');
// Importing private Key does not work, openpgp_read_privateKey has no
result
//openpgp.keyring.importPrivateKey(asciiKey);
openpgp.keyring.importPublicKey(asciiKey);
openpgp.keyring.store();
}
Robert Schrenk
[email protected]
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ http://openpgpjs.org Subscribe/unsubscribe: http://list.openpgpjs.org
