Created
August 2, 2019 12:47
-
-
Save Valodim/59ae7c8a54abd7746412ae114c333721 to your computer and use it in GitHub Desktop.
openpgp.js error case
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let encrypted = ` | |
| -----BEGIN PGP MESSAGE----- | |
| hF4D1ovTTUio0zYSAQdAdswHo0VB15l6O0SuyZKrdJihMyJpAXXJ2YchVXzIDGAw | |
| kHawzdnKw2tRCwIwzGolOUvtiLHwelfqrr2oriKouRvNveDRvr3gyIKXgkR8ivOf | |
| hJ4DxVSidf4HPbISAwMEwGq1II3M4Kaj6vDT1PTsaeH3Vod/pkm29ekkMEZVpDUe | |
| 9d0wJuabKs5WAJRVRsOe9Y8z4XuqJvyJG3whjo+WLOXCIIiCOZH4L3JaTxay3kS/ | |
| PjVKJzc+cn54QM+1FTo4MLtwu4rDUkjI1v6fYB/yGCrnDPNDedOyCOELbsMGjm3B | |
| UIKHwYJwz3PXk5VcdfL2KNLCNQFAshWj55wzcNMr87J9yGaQXJ5b2lmJIa0qNPE2 | |
| eGcwe9FQCbl3uthmEj0aAHvsPC/muK0ArG3G7ecCFnIhnliQTxsbY3gKyMfnPBbz | |
| FrublQPUpwnKxr0p5BdPKwZTlQnsR/7eV1crribeGbchwfzg0ZPTWIXFUWZH0I0P | |
| abAeIpxsYkdX5+tUuseI6iCVGLMiNhbhua2CJpMV7V9l1RXIZI5e3srMUdzK8pq+ | |
| 8M01VOBUtT3wrL3q1WKzuPKt5iRY+FON9dhidtBL/KXa2TzgqmkWy3DQ4h/2jkI/ | |
| iijj+lJaIE7yqZoSiJc2d0oWXU/FYOk5XpbFdN6JPYyWtUdIyiD1nMBH1/bK/r8z | |
| i4FfQMAAga7wSFsT1/WLwm7pQWhuVBly4PrA7RYqxBjRmSZosZlk/Ns6RiWTUqF2 | |
| SCWpRP16lltpqdnHEAsIpk4uvhOUo3CO7ZUEhtfenN+uL0bKtOldOwzeeooyg7BP | |
| OkMdzG/gRszV5tv60VodeqWMEgjQH+Rsbn2ROZiYdczb4BcDr/6bIKREKEyH5fBx | |
| i9BjvgY3MmL/H9phMQxhd1+PWh9NwN7gam3riC2eKYBHk5BeK7swXKbV3oku6X4L | |
| Ig05jtOF7qeTMHNk+idBrYxLNWEUmXEFMS1wEg1nCAQ+d7//fV5nLVu2BtIio+/J | |
| UcB2ZFXCysvBXDD2SeyOrEImxWIMXFy2p0gJuvVgLOA28gPAYz4K5IpFntbqcPZv | |
| +lpGj9lLwdmefIHcS2+PJ/EcmXQhgO9IE9atGWkCCwlY9HQPzdrZejf9KsSZKm3f | |
| zomzn5Bw8N2imPPvfV6u2/dm6aV2phFIhF5a96JFFM+D+vzdM+LV3oBEHE4RLgTw | |
| Of9UXQy8nQOigLyl29F5ywxjvpGmlJdRMuGtPoDu4SXO7tfSjEWfoKRBO1+yDiiT | |
| dRB8IcFQFeXtb6yxSQtxkwXql98wtzyoSi1cJ14ItDZ0UIbJYjnOZZCUmzurml2V | |
| KCecJse1P6w= | |
| =mpqW | |
| -----END PGP MESSAGE----- | |
| `; | |
| let privkey = ` | |
| -----BEGIN PGP PRIVATE KEY BLOCK----- | |
| lFgEXSYEPRYJKwYBBAHaRw8BAQdA8cfIT7Uo6AUP/W6tzFcvR6PuejBE25HYt/Qe | |
| 5Cp1HFUAAQC+Ha19kXHGD526VxI3MRjEbpfHsdMKMImO6wZXYbS8Yw7+tBxUZXN0 | |
| byA8dGVzdG9AbXVnZW5ndWlsZC5jb20+iHcEEBYKAB8FAl0mBD0GCwkHCAMCBBUI | |
| CgIDFgIBAhkBAhsDAh4BAAoJEBJ8Go5Hf0JyF8YBAIKvXmnPRwp3eerCHPIl5ylg | |
| OUKPfHbXptVcpsEvEITyAQD5MLQdX1vwdiUFYFBd4Z063sYPbFJAOxnvcQBEdWdT | |
| AZxdBF0mBD0SCisGAQQBl1UBBQEBB0BEANlpnCLR+3S7v60KePYSRCm5CYnQSDPn | |
| wQMUgKgrfgMBCAcAAP9AbkoveVerC1OKQo1VFf8us5pNsHud/XbMw6XibH4p6BDV | |
| iGEEGBYIAAkFAl0mBD0CGwwACgkQEnwajkd/QnLTeQEA+YTjzCUB8ls9iNkZu1UP | |
| d6W38OjcOUfxpwj5dCE6Fm4A/iIMskzBHq4LYJX7rz5wTo2Lyb9BV8ORgVEF/mXv | |
| ZdMB | |
| =5ETO | |
| -----END PGP PRIVATE KEY BLOCK----- | |
| `; | |
| let pubkey = ` | |
| -----BEGIN PGP PUBLIC KEY BLOCK----- | |
| mG8EXJijFRMFK4EEACIDAwTHefjp1vFEdotzyFw8ALougcwMwQ5FXjf0s8U/pvml5UUnYLEg6C/+ | |
| +0wyLlJsV2hjeiGmbpNlxD/I955BlnhSL0zFInE2+P/H3eqcRlxLi8fK/HbrHUB9qSjx3ijXFxa0 | |
| IkxlaWYgU2NoZXBwZWxtYW5uIDxsZWlmQGNvdGVjaC5kZT6IkgQTEwoAGgQLCQgHAhUKAhYBAhkB | |
| BYJcmKMVAp4BApsDAAoJEPz4fGn0+O/C6F4Bf2lbdXI1cnHo6XJ6iKPtlAFM8Tbb8SeyKXjPQKss | |
| ihefygcXI2jHAvaDiRzaHgMx0QGArtqN1SbDEfU2yV5dBnwBQYlfRXdJYH7PB/wZZBtYJwfK7PvH | |
| K2mlqePqnlt7Ff8quHMEXJijFRIFK4EEACIDAwT/+SAxCp8s8/OYE315ymn/f2H/+vnP24F5rkXq | |
| 3BfeTDLZZrznfI9TDW2FtqMxPEzl7zfi+Bw+TZoRXzhytGG8zUvqmGSqeMAnopsC4aTv/p+WPHd/ | |
| 7iDtyy1TFhn1F5sDAQgHiIEEGBMKAAkFglyYoxUCmwwACgkQ/Ph8afT478JR3gF/TZoYytO27edv | |
| ojPNfe6iMNacg79NepfbmHGsxiKUEeWUvAjWGAYkO8lUSMmtKNXzAXoCo/Xjy7AJk40pfuzcKqTH | |
| kSWgKydJPWzY9rZpyYg7AJ8GJKs8ojbioPrc32mrgIs= | |
| -----END PGP PUBLIC KEY BLOCK----- | |
| `; | |
| let openpgp = require('openpgp'); | |
| (async function() { | |
| const privKeyObj = (await openpgp.key.readArmored(privkey)).keys[0] | |
| let pubkeys = await openpgp.key.readArmored(pubkey); | |
| // 7385fc74834e2deb233d2bf0fcf87c69f4f8efc2 | |
| console.log(pubkeys.keys[0].getFingerprint()); | |
| const options = { | |
| message: await openpgp.message.readArmored(encrypted), | |
| publicKeys: pubkeys.keys, | |
| privateKeys: [privKeyObj] | |
| } | |
| let result = await openpgp.decrypt(options); | |
| // fcf87c69f4f8efc2 | |
| console.log(result.signatures[0].keyid.toHex()); | |
| // false | |
| console.log(result.signatures[0].valid); | |
| let signature = result.signatures[0].signature; | |
| let message = openpgp.message.fromText(result.data); | |
| let result_two = await openpgp.verify({ | |
| message: message, | |
| publicKeys: pubkeys.keys, | |
| signature: signature | |
| }); | |
| // false | |
| console.log(result.signatures[0].valid); | |
| // outputs message text, as expected | |
| // console.log(result.data); | |
| // console.log(result_two.data); | |
| })(); |
pubkey appears to be missing its silly OpenPGP ASCII-armor checksum of =c9Lv just before the -----END PGP PUBLIC KEY BLOCK----- . Also, pubkey's lines of b64 are longer than 76 chars, which violates RFC 4880 §6.3.
i don't think this is the issue you're trying to point out here, but normalizing pubkey will avoid a distraction for future attempts at running this example.
related openpgpjs issue: openpgpjs/openpgpjs#939
This turned out to be an issue in OpenKeychain, which for P-256 signatures didn't include the correct checksum in the signature packet. Those are not cryptograhpically relevant and GnuPG doesn't mind, but openpgp.js rejects them.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for monitoring. It's a test key.