Skip to content

Instantly share code, notes, and snippets.

@Valodim

Valodim/gist:59ae7c8a54abd7746412ae114c333721

Created August 2, 2019 12:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Valodim/59ae7c8a54abd7746412ae114c333721 to your computer and use it in GitHub Desktop.
Save Valodim/59ae7c8a54abd7746412ae114c333721 to your computer and use it in GitHub Desktop.
Download ZIP
openpgp.js error case
Raw
gistfile1.txt
let encrypted = `
-----BEGIN PGP MESSAGE-----
hF4D1ovTTUio0zYSAQdAdswHo0VB15l6O0SuyZKrdJihMyJpAXXJ2YchVXzIDGAw
kHawzdnKw2tRCwIwzGolOUvtiLHwelfqrr2oriKouRvNveDRvr3gyIKXgkR8ivOf
hJ4DxVSidf4HPbISAwMEwGq1II3M4Kaj6vDT1PTsaeH3Vod/pkm29ekkMEZVpDUe
9d0wJuabKs5WAJRVRsOe9Y8z4XuqJvyJG3whjo+WLOXCIIiCOZH4L3JaTxay3kS/
PjVKJzc+cn54QM+1FTo4MLtwu4rDUkjI1v6fYB/yGCrnDPNDedOyCOELbsMGjm3B
UIKHwYJwz3PXk5VcdfL2KNLCNQFAshWj55wzcNMr87J9yGaQXJ5b2lmJIa0qNPE2
eGcwe9FQCbl3uthmEj0aAHvsPC/muK0ArG3G7ecCFnIhnliQTxsbY3gKyMfnPBbz
FrublQPUpwnKxr0p5BdPKwZTlQnsR/7eV1crribeGbchwfzg0ZPTWIXFUWZH0I0P
abAeIpxsYkdX5+tUuseI6iCVGLMiNhbhua2CJpMV7V9l1RXIZI5e3srMUdzK8pq+
8M01VOBUtT3wrL3q1WKzuPKt5iRY+FON9dhidtBL/KXa2TzgqmkWy3DQ4h/2jkI/
iijj+lJaIE7yqZoSiJc2d0oWXU/FYOk5XpbFdN6JPYyWtUdIyiD1nMBH1/bK/r8z
i4FfQMAAga7wSFsT1/WLwm7pQWhuVBly4PrA7RYqxBjRmSZosZlk/Ns6RiWTUqF2
SCWpRP16lltpqdnHEAsIpk4uvhOUo3CO7ZUEhtfenN+uL0bKtOldOwzeeooyg7BP
OkMdzG/gRszV5tv60VodeqWMEgjQH+Rsbn2ROZiYdczb4BcDr/6bIKREKEyH5fBx
i9BjvgY3MmL/H9phMQxhd1+PWh9NwN7gam3riC2eKYBHk5BeK7swXKbV3oku6X4L
Ig05jtOF7qeTMHNk+idBrYxLNWEUmXEFMS1wEg1nCAQ+d7//fV5nLVu2BtIio+/J
UcB2ZFXCysvBXDD2SeyOrEImxWIMXFy2p0gJuvVgLOA28gPAYz4K5IpFntbqcPZv
+lpGj9lLwdmefIHcS2+PJ/EcmXQhgO9IE9atGWkCCwlY9HQPzdrZejf9KsSZKm3f
zomzn5Bw8N2imPPvfV6u2/dm6aV2phFIhF5a96JFFM+D+vzdM+LV3oBEHE4RLgTw
Of9UXQy8nQOigLyl29F5ywxjvpGmlJdRMuGtPoDu4SXO7tfSjEWfoKRBO1+yDiiT
dRB8IcFQFeXtb6yxSQtxkwXql98wtzyoSi1cJ14ItDZ0UIbJYjnOZZCUmzurml2V
KCecJse1P6w=
=mpqW
-----END PGP MESSAGE-----
`;
let privkey = `
-----BEGIN PGP PRIVATE KEY BLOCK-----
lFgEXSYEPRYJKwYBBAHaRw8BAQdA8cfIT7Uo6AUP/W6tzFcvR6PuejBE25HYt/Qe
5Cp1HFUAAQC+Ha19kXHGD526VxI3MRjEbpfHsdMKMImO6wZXYbS8Yw7+tBxUZXN0
byA8dGVzdG9AbXVnZW5ndWlsZC5jb20+iHcEEBYKAB8FAl0mBD0GCwkHCAMCBBUI
CgIDFgIBAhkBAhsDAh4BAAoJEBJ8Go5Hf0JyF8YBAIKvXmnPRwp3eerCHPIl5ylg
OUKPfHbXptVcpsEvEITyAQD5MLQdX1vwdiUFYFBd4Z063sYPbFJAOxnvcQBEdWdT
AZxdBF0mBD0SCisGAQQBl1UBBQEBB0BEANlpnCLR+3S7v60KePYSRCm5CYnQSDPn
wQMUgKgrfgMBCAcAAP9AbkoveVerC1OKQo1VFf8us5pNsHud/XbMw6XibH4p6BDV
iGEEGBYIAAkFAl0mBD0CGwwACgkQEnwajkd/QnLTeQEA+YTjzCUB8ls9iNkZu1UP
d6W38OjcOUfxpwj5dCE6Fm4A/iIMskzBHq4LYJX7rz5wTo2Lyb9BV8ORgVEF/mXv
ZdMB
=5ETO
-----END PGP PRIVATE KEY BLOCK-----
`;
let pubkey = `
-----BEGIN PGP PUBLIC KEY BLOCK-----
mG8EXJijFRMFK4EEACIDAwTHefjp1vFEdotzyFw8ALougcwMwQ5FXjf0s8U/pvml5UUnYLEg6C/+
+0wyLlJsV2hjeiGmbpNlxD/I955BlnhSL0zFInE2+P/H3eqcRlxLi8fK/HbrHUB9qSjx3ijXFxa0
IkxlaWYgU2NoZXBwZWxtYW5uIDxsZWlmQGNvdGVjaC5kZT6IkgQTEwoAGgQLCQgHAhUKAhYBAhkB
BYJcmKMVAp4BApsDAAoJEPz4fGn0+O/C6F4Bf2lbdXI1cnHo6XJ6iKPtlAFM8Tbb8SeyKXjPQKss
ihefygcXI2jHAvaDiRzaHgMx0QGArtqN1SbDEfU2yV5dBnwBQYlfRXdJYH7PB/wZZBtYJwfK7PvH
K2mlqePqnlt7Ff8quHMEXJijFRIFK4EEACIDAwT/+SAxCp8s8/OYE315ymn/f2H/+vnP24F5rkXq
3BfeTDLZZrznfI9TDW2FtqMxPEzl7zfi+Bw+TZoRXzhytGG8zUvqmGSqeMAnopsC4aTv/p+WPHd/
7iDtyy1TFhn1F5sDAQgHiIEEGBMKAAkFglyYoxUCmwwACgkQ/Ph8afT478JR3gF/TZoYytO27edv
ojPNfe6iMNacg79NepfbmHGsxiKUEeWUvAjWGAYkO8lUSMmtKNXzAXoCo/Xjy7AJk40pfuzcKqTH
kSWgKydJPWzY9rZpyYg7AJ8GJKs8ojbioPrc32mrgIs=
-----END PGP PUBLIC KEY BLOCK-----
`;
let openpgp = require('openpgp');
(async function() {
const privKeyObj = (await openpgp.key.readArmored(privkey)).keys[0]
let pubkeys = await openpgp.key.readArmored(pubkey);
// 7385fc74834e2deb233d2bf0fcf87c69f4f8efc2
console.log(pubkeys.keys[0].getFingerprint());
const options = {
message: await openpgp.message.readArmored(encrypted),
publicKeys: pubkeys.keys,
privateKeys: [privKeyObj]
}
let result = await openpgp.decrypt(options);
// fcf87c69f4f8efc2
console.log(result.signatures[0].keyid.toHex());
// false
console.log(result.signatures[0].valid);
let signature = result.signatures[0].signature;
let message = openpgp.message.fromText(result.data);
let result_two = await openpgp.verify({
message: message,
publicKeys: pubkeys.keys,
signature: signature
});
// false
console.log(result.signatures[0].valid);
// outputs message text, as expected
// console.log(result.data);
// console.log(result_two.data);
})();
@Securitybits-io
Copy link

Hey just a question...

let privkey = `
-----BEGIN PGP PRIVATE KEY BLOCK-----

lFgEXSYEPRYJ [...]

I hope you change that!

@Valodim
Copy link
Author

Valodim commented Aug 2, 2019

Thanks for monitoring. It's a test key.

@dkg
Copy link

dkg commented Aug 21, 2019
edited

pubkey appears to be missing its silly OpenPGP ASCII-armor checksum of =c9Lv just before the -----END PGP PUBLIC KEY BLOCK----- . Also, pubkey's lines of b64 are longer than 76 chars, which violates RFC 4880 §6.3.

i don't think this is the issue you're trying to point out here, but normalizing pubkey will avoid a distraction for future attempts at running this example.

@Valodim
Copy link
Author

Valodim commented Aug 22, 2019

related openpgpjs issue: openpgpjs/openpgpjs#939

This turned out to be an issue in OpenKeychain, which for P-256 signatures didn't include the correct checksum in the signature packet. Those are not cryptograhpically relevant and GnuPG doesn't mind, but openpgp.js rejects them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment