Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Property 'verified' is not set after successful signature verification #1489

Closed
IvanPizhenko opened this issue Feb 9, 2022 · 0 comments
Closed

Property 'verified' is not set after successful signature verification #1489

IvanPizhenko opened this issue Feb 9, 2022 · 0 comments

Comments

@IvanPizhenko
Copy link
Contributor

IvanPizhenko commented Feb 9, 2022
edited

  • OpenPGP.js version: 5.1.0
  • Affected platform (Browser or Node.js version): Node 12 (v12.22.10)

Following code in async verify(key, signatureType, data, ...

this[verified] = await mod.signature.verify( ...

breaks following use case (Typescript, source code origin: https://github.com/FlowCrypt/flowcrypt-ios/, please note: this code is "source available", but not open source):

  public static lastSig = async (key: Key): Promise<number> => {
    let i = 0;
    console.log(`Key OUID ${(Object as any).__oid(key)}`);
    await key.getExpirationTime(); // will force all sigs to be verified
    const allSignatures: SignaturePacket[] = [];
    for (const user of key.users) {
      i = 0;
      for (const sig of user.selfCertifications) {
        console.log(`user ${user.userID?.email} sig[${i++}](OUID ${(Object as any).__oid(sig)} => ${sig.verified})\n`);
      }
      allSignatures.push(...user.selfCertifications);
    }
    i = 0;
    for (const subKey of key.subkeys) {
      i = 0;
      for (const sig of subKey.bindingSignatures) {
        console.log(`subkey ${subKey.getKeyID().toHex()} sig[${i++}](OUID ${(Object as any).__oid(sig)} => ${sig.verified})}\n`);
      }
      allSignatures.push(...subKey.bindingSignatures);
    }
    allSignatures.sort((a, b) => (b.created ? b.created.getTime() : 0) - (a.created ? a.created.getTime() : 0));
    console.log(`nsig=${allSignatures.length}`);
    i = 0;
    for (const sig of allSignatures) {
      console.log(`sig[${i++}](OUID ${(Object as any).__oid(sig)} => ${sig.verified})}\n`);
    }
    const newestSig = allSignatures.find(sig => sig.verified === true);
    if (newestSig) {
      return newestSig.created ? newestSig.created.getTime() : 0;
    }
    throw new Error('No valid signature found in key');
  }

After calling await key.getExpirationTime(); // will force all sigs to be verified we expect signatures to be verified, however when enumerating signatures, verified is not set.
I could solve it by changing all this[verified] into this.verified.

Additional info:
Extra stuff used here:

// Based on https://stackoverflow.com/a/1997811/1540501
// inject oids
(function() {
  if ( typeof Object.__oid == "undefined" ) {
      var id = 0;

      Object.__oid = function(o) {
          if ( typeof o.__uniqueid == "undefined" ) {
              Object.defineProperty(o, "__uniqueid", {
                  value: ++id,
                  enumerable: false,
                  // This could go either way, depending on your
                  // interpretation of what an "id" is
                  writable: false
              });
          }

          return o.__uniqueid;
      };
  }
})();
This was referenced Feb 9, 2022
Closed
Closed
@openpgpjs openpgpjs locked and limited conversation to collaborators Feb 10, 2022
@larabr larabr converted this issue into discussion #1491 Feb 10, 2022

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

issue #1489 Use this.verified instead of this[verfied]
1 participant
@IvanPizhenko