fixed SecurityInnovation#88

docs/source/changelog.rst

@@ -5,6 +5,15 @@
 Changelog
 *********
 
+v0.2.3
+======
+
+PGPy v0.2.3 is a bugfix release
+
+Bugs Fixed
+----------
+ * Fixed an issue where explicitly selecting a key and then trying to validate with it would erroneously raise an exception as though the wrong key were selected.
+
 v0.2.2
 ======
 

pgpy/keys.py

@@ -751,7 +751,7 @@ def verify(self, subject, signature):
             raise PGPError("Key {key} is not loaded!".format(key=self.using if self.using is not None else skeyid))
 
         # respect the selected key, even if it's not the one that was used to generate the signature to be verified
-        if self.using is not None and self.using != skeyid:
+        if self.using is not None and (not self.using == skeyid):
             raise PGPError("Wrong key selected")
 
         # if we get to this point, it should be safe to assume that the requested public key is loaded

tests/test_4_PGPKeyring.py

@@ -51,10 +51,10 @@ def pytest_generate_tests(metafunc):
 
     if 'invkeysel' in metafunc.fixturenames:
         args['invkeysel'] = [ 'DEADBEEF',
-                          'CAFEBABE',
-                          '1DEE7EFFF55B51578F0E40AB127AB47A',
-                          '0'*40,
-                          gpg_getfingerprint('TestRSA-1024')[1:] ]
+                              'CAFEBABE',
+                              '1DEE7EFFF55B51578F0E40AB127AB47A',
+                              '0'*40,
+                              gpg_getfingerprint('TestRSA-1024')[1:] ]
         ids = ['deadbeef', 'cafebabe', '16-byte', '40-null', 'truncated']
 
     if 'export' in metafunc.fixturenames:
@@ -169,8 +169,6 @@ def test_sign_unicode(self, keyring, gpg_verify):
 
         with keyring.key("TestRSA-1024"):
             sig = keyring.sign(sigstr)
-
-        with keyring.key():
             keyring.verify(sigstr, sig)
 
         # now verify the signature