Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2026-03-05 08:38:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check if any (sub)key is decrypted in Key.prototype.isDecrypted (#1182)

Browse Source 
`key.isDecrypted()` now returns true if either the primary key or any subkey
is decrypted.

Additionally, implement `SecretKeyPacket.prototype.makeDummy` for encrypted
keys.
This commit is contained in:
larabr
2021-01-24 18:19:27 +01:00
committed by Daniel Huigens
parent c23ed58387
commit 66c06dab3e
7 changed files with 75 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
test/general/key.js
View File

@@ -2616,7 +2616,7 @@ function versionSpecificTests() {
return openpgp.reformatKey({ privateKey: original.key, userIds: { name: 'test2', email: 'a@b.com' }, passphrase: '1234' }).then(function() {
throw new Error('reformatKey should result in error when key not decrypted');
}).catch(function(error) {
expect(error.message).to.equal('Error reformatting keypair: Key not decrypted');
expect(error.message).to.equal('Error reformatting keypair: Key is not decrypted');
});
});
});
@@ -2925,6 +2925,26 @@ module.exports = () => describe('Key', function() {
await expect(key.validate()).to.be.rejectedWith('Key is invalid');
});
it("isDecrypted() - should reflect whether all (sub)keys are encrypted", async function() {
const passphrase = '12345678';
const { key } = await openpgp.generateKey({ userIds: {}, curve: 'ed25519', passphrase });
expect(key.isDecrypted()).to.be.false;
await key.decrypt(passphrase, key.subKeys[0].getKeyId());
expect(key.isDecrypted()).to.be.true;
});
it("isDecrypted() - gnu-dummy primary key", async function() {
const key = await openpgp.readArmoredKey(gnuDummyKeySigningSubkey);
expect(key.isDecrypted()).to.be.true;
await key.encrypt('12345678');
expect(key.isDecrypted()).to.be.false;
});
it("isDecrypted() - all-gnu-dummy key", async function() {
const key = await openpgp.readArmoredKey(gnuDummyKey);
expect(key.isDecrypted()).to.be.false;
});
it('makeDummy() - the converted key can be parsed', async function() {
const { key } = await openpgp.generateKey({ userIds: { name: 'dummy', email: 'dummy@alice.com' } });
key.primaryKey.makeDummy();
@@ -2950,7 +2970,7 @@ module.exports = () => describe('Key', function() {
key.primaryKey.makeDummy();
expect(key.primaryKey.isDummy()).to.be.true;
await key.validate();
await expect(openpgp.reformatKey({ privateKey: key, userIds: { name: 'test', email: 'a@b.com' } })).to.be.rejectedWith(/Missing key parameters/);
await expect(openpgp.reformatKey({ privateKey: key, userIds: { name: 'test', email: 'a@b.com' } })).to.be.rejectedWith(/Cannot reformat a gnu-dummy primary key/);
});
it('makeDummy() - subkeys of the converted key can still sign', async function() {
@@ -2962,6 +2982,25 @@ module.exports = () => describe('Key', function() {
await expect(openpgp.sign({ message: openpgp.Message.fromText('test'), privateKeys: [key] })).to.be.fulfilled;
});
it('makeDummy() - should work for encrypted keys', async function() {
const key = await openpgp.readArmoredKey(priv_key_rsa);
expect(key.primaryKey.isDummy()).to.be.false;
expect(key.primaryKey.makeDummy()).to.not.throw;
expect(key.primaryKey.isDummy()).to.be.true;
// dummy primary key should always be marked as not decrypted
await expect(key.decrypt('hello world')).to.be.fulfilled;
expect(key.primaryKey.isDummy()).to.be.true;
expect(key.primaryKey.isEncrypted === null);
expect(key.primaryKey.isDecrypted()).to.be.false;
await expect(key.encrypt('hello world')).to.be.fulfilled;
expect(key.primaryKey.isDummy()).to.be.true;
expect(key.primaryKey.isEncrypted === null);
expect(key.primaryKey.isDecrypted()).to.be.false;
// confirm that the converted key can be parsed
const parsedKeys = (await openpgp.readArmoredKey(key.armor())).keys;
expect(parsedKeys).to.be.undefined;
});
it('clearPrivateParams() - check that private key can no longer be used', async function() {
const key = await openpgp.readArmoredKey(priv_key_rsa);
await key.decrypt('hello world');

6
test/general/signature.js
View File

@@ -878,9 +878,9 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
expect(msg.signatures).to.have.length(1);
expect(msg.signatures[0].valid).to.be.true;
expect(msg.signatures[0].signature.packets.length).to.equal(1);
await expect(openpgp.sign({ message: openpgp.Message.fromText('test'), privateKeys: [priv_key_gnupg_ext] })).to.eventually.be.rejectedWith(/Missing key parameters/);
await expect(openpgp.reformatKey({ userIds: { name: 'test' }, privateKey: priv_key_gnupg_ext })).to.eventually.be.rejectedWith(/Missing key parameters/);
await expect(openpgp.reformatKey({ userIds: { name: 'test' }, privateKey: priv_key_gnupg_ext_2, passphrase: 'test' })).to.eventually.be.rejectedWith(/Missing key parameters/);
await expect(openpgp.sign({ message: openpgp.Message.fromText('test'), privateKeys: [priv_key_gnupg_ext] })).to.eventually.be.rejectedWith(/Cannot sign with a gnu-dummy key/);
await expect(openpgp.reformatKey({ userIds: { name: 'test' }, privateKey: priv_key_gnupg_ext })).to.eventually.be.rejectedWith(/Cannot reformat a gnu-dummy primary key/);
await expect(openpgp.reformatKey({ userIds: { name: 'test' }, privateKey: priv_key_gnupg_ext_2, passphrase: 'test' })).to.eventually.be.rejectedWith(/Cannot reformat a gnu-dummy primary key/);
await priv_key_gnupg_ext.encrypt("abcd");
expect(priv_key_gnupg_ext.isDecrypted()).to.be.false;
const primaryKey_packet2 = priv_key_gnupg_ext.primaryKey.write();