Fix signature profile verification

This commit is contained in:
Yarmo Mackenbach 2022-03-25 23:16:46 +01:00
parent fb101d8227
commit fcaf5215b4
No known key found for this signature in database
GPG key ID: 37367F4AF4087AD1

View file

@ -45,13 +45,15 @@ const process = async (signature) => {
} }
} }
// Read the signature
try { try {
sigData = await openpgp.readCleartextMessage({ sigData = await openpgp.readCleartextMessage({
cleartextMessage: signature cleartextMessage: signature
}) })
} catch (error) { } catch (e) {
throw new Error(`Signature could not be read (${error})`) throw new Error(`Signature could not be read (${e.message})`)
} }
const issuerKeyID = sigData.signature.packets[0].issuerKeyID.toHex() const issuerKeyID = sigData.signature.packets[0].issuerKeyID.toHex()
const signersUserID = sigData.signature.packets[0].signersUserID const signersUserID = sigData.signature.packets[0].signersUserID
const preferredKeyServer = const preferredKeyServer =
@ -103,10 +105,22 @@ const process = async (signature) => {
result.key.data = await keys.fetchURI(result.key.uri) result.key.data = await keys.fetchURI(result.key.uri)
result.key.fetchMethod = 'hkp' result.key.fetchMethod = 'hkp'
} catch (e) { } catch (e) {
throw new Error('key_not_found') throw new Error('Public key not found')
} }
} }
// Verify the signature
const verificationResult = await openpgp.verify({
message: sigData,
verificationKeys: result.key.data
})
const { verified } = verificationResult.signatures[0]
try {
await verified
} catch (e) {
throw new Error(`Signature could not be verified (${e.message})`)
}
result.fingerprint = result.key.data.keyPacket.getFingerprint() result.fingerprint = result.key.data.keyPacket.getFingerprint()
result.users[0].claims.forEach((claim) => { result.users[0].claims.forEach((claim) => {