s3lph/easywks
s3lph/easywks
1
0
Fork 0
Code Issues Pull requests Projects Releases 12 Packages Wiki Activity Actions

Fix: Remove too strict signature verification; turns out it does not work when using subkeys for signing.

Browse source
This commit is contained in:
s3lph 2021-10-19 02:48:35 +02:00
parent daee1654d3
commit ebaac40ac2
1 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
easywks/types.py
View file

@ -7,7 +7,7 @@ from email.mime.application import MIMEApplication
from email.mime.text import MIMEText from email.mime.text import MIMEText
from pgpy import PGPKey, PGPMessage, PGPUID from pgpy import PGPKey, PGPMessage, PGPUID
from pgpy.types import SignatureVerification from pgpy.errors import PGPError
from .crypto import pgp_sign from .crypto import pgp_sign
from .config import Config, render_message from .config import Config, render_message
@ -144,11 +144,12 @@ class ConfirmationResponse:
uid: PGPUID = key.get_uid(self._submitter_addr) uid: PGPUID = key.get_uid(self._submitter_addr)
if uid is None or uid.email != self._submitter_addr: if uid is None or uid.email != self._submitter_addr:
raise EasyWksError(f'UID {self._submitter_addr} not found in PGP key') raise EasyWksError(f'UID {self._submitter_addr} not found in PGP key')
verification: SignatureVerification = key.verify(self._msg) try:
for verified, by, sig, subject in verification.good_signatures: # Should raise an error when verification fails, but add the boolean check as a additional protection
if fingerprint(key) == fingerprint(by): if not key.verify(self._msg):
return raise EasyWksError(f'PGP signature could not be verified')
raise EasyWksError('PGP signature could not be verified') except PGPError as e:
raise EasyWksError(f'PGP signature could not be verified: {e}')
class PublishResponse: class PublishResponse: