mirror of
https://github.com/openpgpjs/openpgpjs.git
synced 2025-06-11 08:36:42 +00:00

The latest version of the crypto refresh (i.e., !313, !314) specifies that the "Hash" header is deprecated, and that an implementation that is verifying a cleartext signed message MUST ignore this header. However, we go against this directive, and keep the checks in place to avoid arbitrary injection of text as part of the "Hash" header payload. We also mandate that if the hash header is present, the declared algorithm matches the signature algorithm. This is again to avoid a spoofing attack where e.g. a SHA1 signature is presented as using SHA512. Related CVEs: CVE-2019-11841, CVE-2023-41037. This commit does not change the writing part of cleartext messages. # Conflicts: # src/cleartext.js