Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2026-03-09 02:12:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add config.rejectPublicKeyAlgorithms (#1264)

Browse Source 
- Add `config.rejectPublicKeyAlgorithms` to disallow using the given algorithms
  to verify, sign or encrypt new messages or third-party certifications.

- Consider `config.minRsaBits` when signing, verifying and encrypting messages
  and third-party certifications, not just on key generation.

- When verifying a message, if the verification key is not found (i.e. not
  provided or too weak), the corresponding `signature` will have
  `signature.valid=false` (used to be `signature.valid=null`).
  `signature.error` will detail whether the key is missing/too weak/etc.

Generating and verifying key certification signatures is still permitted in all cases.
This commit is contained in:
larabr
2021-03-25 15:08:49 +01:00
committed by GitHub
parent 3e808c1578
commit 8a57246ec4
17 changed files with 759 additions and 518 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
test/security/subkey_trust.js
View File

@@ -72,7 +72,8 @@ async function testSubkeyTrust() {
streaming: false
});
expect(verifyAttackerIsBatman.signatures[0].keyid.equals(victimPubKey.subKeys[0].getKeyId())).to.be.true;
expect(verifyAttackerIsBatman.signatures[0].valid).to.be.null;
expect(verifyAttackerIsBatman.signatures[0].valid).to.be.false;
expect(verifyAttackerIsBatman.signatures[0].error).to.match(/Could not find valid signing key packet/);
}
module.exports = () => it('Does not trust subkeys without Primary Key Binding Signature', testSubkeyTrust);