Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2025-06-08 15:16:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add SecretKey.prototype.makeDummy (#1131)

Browse Source
This commit is contained in:
larabr 2020-08-03 15:52:50 +02:00 committed by GitHub
parent e29de76dc1
commit 25bf080871
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/key/key.js
View File

@ -457,7 +457,7 @@ Key.prototype.validate = async function() {
}
let signingKeyPacket;
if (!this.keyPacket.isDummy()) {
if (!this.primaryKey.isDummy()) {
signingKeyPacket = this.primaryKey;
} else {
/**

20
src/packet/secret_key.js
View File

@ -267,6 +267,26 @@ SecretKey.prototype.isDummy = function() {
return !!(this.s2k && this.s2k.type === 'gnu-dummy');
};
/**
* Remove private key material, converting the key to a dummy one
* The resulting key cannot be used for signing/decrypting but can still verify signatures
*/
SecretKey.prototype.makeDummy = function () {
if (this.isDummy()) {
return;
}
if (!this.isDecrypted()) {
// this is technically not needed, but makes the conversion simpler
throw new Error("Key is not decrypted");
}
this.clearPrivateParams();
this.isEncrypted = false;
this.s2k = new type_s2k();
this.s2k.algorithm = 0;
this.s2k.c = 0;
this.s2k.type = 'gnu-dummy';
};
/**
* Encrypt the payload. By default, we use aes256 and iterated, salted string
* to key specifier. If the key is in a decrypted state (isEncrypted === false)

19
test/general/key.js
View File

@ -2748,6 +2748,25 @@ describe('Key', function() {
await expect(key.validate()).to.be.rejectedWith('Key is invalid');
});
it('makeDummy() - the converted key is valid but can no longer sign', async function() {
const { keys: [key] } = await openpgp.key.readArmored(priv_key_rsa);
await key.decrypt('hello world');
expect(key.primaryKey.isDummy()).to.be.false;
key.primaryKey.makeDummy();
expect(key.primaryKey.isDummy()).to.be.true;
await key.validate();
await expect(openpgp.reformatKey({ privateKey: key, userIds: 'test2 <b@a.com>' })).to.be.rejectedWith(/Missing private key parameters/);
});
it('makeDummy() - subkeys of the converted key can still sign', async function() {
const { keys: [key] } = await openpgp.key.readArmored(priv_key_rsa);
await key.decrypt('hello world');
expect(key.primaryKey.isDummy()).to.be.false;
key.primaryKey.makeDummy();
expect(key.primaryKey.isDummy()).to.be.true;
await expect(openpgp.sign({ message: openpgp.message.fromText('test'), privateKeys: [key] })).to.be.fulfilled;
});
it('clearPrivateParams() - check that private key can no longer be used', async function() {
const { keys: [key] } = await openpgp.key.readArmored(priv_key_rsa);
await key.decrypt('hello world');