From fcaf5215b42e51e7aea5226092734cc712d58963 Mon Sep 17 00:00:00 2001 From: Yarmo Mackenbach Date: Fri, 25 Mar 2022 23:16:46 +0100 Subject: [PATCH] Fix signature profile verification --- src/signatures.js | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/signatures.js b/src/signatures.js index 0359d21..f403b58 100644 --- a/src/signatures.js +++ b/src/signatures.js @@ -45,13 +45,15 @@ const process = async (signature) => { } } + // Read the signature try { sigData = await openpgp.readCleartextMessage({ cleartextMessage: signature }) - } catch (error) { - throw new Error(`Signature could not be read (${error})`) + } catch (e) { + throw new Error(`Signature could not be read (${e.message})`) } + const issuerKeyID = sigData.signature.packets[0].issuerKeyID.toHex() const signersUserID = sigData.signature.packets[0].signersUserID const preferredKeyServer = @@ -103,10 +105,22 @@ const process = async (signature) => { result.key.data = await keys.fetchURI(result.key.uri) result.key.fetchMethod = 'hkp' } catch (e) { - throw new Error('key_not_found') + throw new Error('Public key not found') } } + // Verify the signature + const verificationResult = await openpgp.verify({ + message: sigData, + verificationKeys: result.key.data + }) + const { verified } = verificationResult.signatures[0] + try { + await verified + } catch (e) { + throw new Error(`Signature could not be verified (${e.message})`) + } + result.fingerprint = result.key.data.keyPacket.getFingerprint() result.users[0].claims.forEach((claim) => {