From ebaac40ac2d4c4e1cfd44920d85923f23ea8d915 Mon Sep 17 00:00:00 2001 From: s3lph Date: Tue, 19 Oct 2021 02:48:35 +0200 Subject: [PATCH] Fix: Remove too strict signature verification; turns out it does not work when using subkeys for signing. --- easywks/types.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/easywks/types.py b/easywks/types.py index af57ee9..d9d5001 100644 --- a/easywks/types.py +++ b/easywks/types.py @@ -7,7 +7,7 @@ from email.mime.application import MIMEApplication from email.mime.text import MIMEText from pgpy import PGPKey, PGPMessage, PGPUID -from pgpy.types import SignatureVerification +from pgpy.errors import PGPError from .crypto import pgp_sign from .config import Config, render_message @@ -144,11 +144,12 @@ class ConfirmationResponse: uid: PGPUID = key.get_uid(self._submitter_addr) if uid is None or uid.email != self._submitter_addr: raise EasyWksError(f'UID {self._submitter_addr} not found in PGP key') - verification: SignatureVerification = key.verify(self._msg) - for verified, by, sig, subject in verification.good_signatures: - if fingerprint(key) == fingerprint(by): - return - raise EasyWksError('PGP signature could not be verified') + try: + # Should raise an error when verification fails, but add the boolean check as a additional protection + if not key.verify(self._msg): + raise EasyWksError(f'PGP signature could not be verified') + except PGPError as e: + raise EasyWksError(f'PGP signature could not be verified: {e}') class PublishResponse: