-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SHA-1 checksum of the Secret-Key packet is not checked #46
Comments
I can only second that. Observed this error recently and was completly confused... |
I have made a minimal test and added it to
Key with password 123 generated with
Here is what
It is an AES-256 encrypted packet and there is a SHA1 checksum. The test fails here: rpgp/src/types/params/encrypted_secret.rs Line 112 in d907163
Apparently it tries to parse plaintext "decrypted" with empty passphrase right above without checking any checksums.
So rPGP must check SHA-1 hash before attempting to parse decrypted data. |
This is where SHA-1 checksum is written in case of id 254: rpgp/src/types/params/plain_secret.rs Line 278 in d907163
But when parsing it is not checked. |
Made a fix: #260 |
Now trying to open a key encrypted with a password fails with an error similar to
Incomplete(Size(6017))
. It is not clear from this error whether the key file is indeed truncated or if the password provided is wrong.See #45
The text was updated successfully, but these errors were encountered: