-
Notifications
You must be signed in to change notification settings - Fork 791
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
signature/verification fails if text is itself a PGP key #690
Comments
I think you are hitting this bug related to escaping the signed text: #512 OpenPGP spec had escaping of dashes defined in it AFAIK, which may have not been implemented in OpenPGP.js based on the behavior - I have not checked any related code to confirm this though. |
Escaping of dashes was indeed slightly broken: a410177. (Not yet merged, should be soon-ish.) |
@twiss I just manually patched the change from that commit, and indeed it addressed my problem here. any ETA on when this lands in a new release of openpgpjs? blocker for me right now. |
@getify we will make a release with the fix today |
Updated to 3.0.8, bug is fixed. Thanks so much! |
Thanks @sanjanarajan ! |
I tried to sign the text
"abc"
and then verify the signature, and everything worked fine. Then I tried to sign text that was itself a PGP public-key, in its armored text format as outputted bykey.publicKeyArmored
after aopenpgp.generateKey(options)
(RSA key). The signature seems to work fine, but the verification fails:Any idea why this would be happening? Is there some reason you can't sign a public key itself? I assumed I could sign basically any text I wanted.
The text was updated successfully, but these errors were encountered: