Fix: Remove too strict signature verification; turns out it does not work when using subkeys for signing.
This commit is contained in:
parent
daee1654d3
commit
ebaac40ac2
1 changed files with 7 additions and 6 deletions
|
@ -7,7 +7,7 @@ from email.mime.application import MIMEApplication
|
|||
from email.mime.text import MIMEText
|
||||
|
||||
from pgpy import PGPKey, PGPMessage, PGPUID
|
||||
from pgpy.types import SignatureVerification
|
||||
from pgpy.errors import PGPError
|
||||
|
||||
from .crypto import pgp_sign
|
||||
from .config import Config, render_message
|
||||
|
@ -144,11 +144,12 @@ class ConfirmationResponse:
|
|||
uid: PGPUID = key.get_uid(self._submitter_addr)
|
||||
if uid is None or uid.email != self._submitter_addr:
|
||||
raise EasyWksError(f'UID {self._submitter_addr} not found in PGP key')
|
||||
verification: SignatureVerification = key.verify(self._msg)
|
||||
for verified, by, sig, subject in verification.good_signatures:
|
||||
if fingerprint(key) == fingerprint(by):
|
||||
return
|
||||
raise EasyWksError('PGP signature could not be verified')
|
||||
try:
|
||||
# Should raise an error when verification fails, but add the boolean check as a additional protection
|
||||
if not key.verify(self._msg):
|
||||
raise EasyWksError(f'PGP signature could not be verified')
|
||||
except PGPError as e:
|
||||
raise EasyWksError(f'PGP signature could not be verified: {e}')
|
||||
|
||||
|
||||
class PublishResponse:
|
||||
|
|
Loading…
Reference in a new issue