Fix: Remove too strict signature verification; turns out it does not work when using subkeys for signing.

This commit is contained in:
s3lph 2021-10-19 02:48:35 +02:00
parent daee1654d3
commit ebaac40ac2

View file

@ -7,7 +7,7 @@ from email.mime.application import MIMEApplication
from email.mime.text import MIMEText
from pgpy import PGPKey, PGPMessage, PGPUID
from pgpy.types import SignatureVerification
from pgpy.errors import PGPError
from .crypto import pgp_sign
from .config import Config, render_message
@ -144,11 +144,12 @@ class ConfirmationResponse:
uid: PGPUID = key.get_uid(self._submitter_addr)
if uid is None or uid.email != self._submitter_addr:
raise EasyWksError(f'UID {self._submitter_addr} not found in PGP key')
verification: SignatureVerification = key.verify(self._msg)
for verified, by, sig, subject in verification.good_signatures:
if fingerprint(key) == fingerprint(by):
return
raise EasyWksError('PGP signature could not be verified')
try:
# Should raise an error when verification fails, but add the boolean check as a additional protection
if not key.verify(self._msg):
raise EasyWksError(f'PGP signature could not be verified')
except PGPError as e:
raise EasyWksError(f'PGP signature could not be verified: {e}')
class PublishResponse: