fix verify_signed_message

verify_signed_message was not checking for the validity of the
signature. The documentation of python-gnupg is not clear about this, it
says that the fiels are set just if the signature is valid.
In this case tests/robots/1/signed_message was signed with the correct
key but with the wrong digest-algo (SHA256 instead of SHA512) as
expressed on the signature.
Running gpg --verify tests/robots/1/signed_message returned:
gpg: WARNING: signature digest conflict in message
gpg: Can't check signature: General error
and a non zero error code, but verify_signed_message was not catching
this because verified.fingerprint was set even though verified.valid was
False.
This commit is contained in:
jerryfletcher21 2024-06-26 19:07:14 +02:00
parent 82b5604ecb
commit 20d56bdb6f
No known key found for this signature in database
GPG Key ID: 6FA7713E574EDEC3
2 changed files with 5 additions and 5 deletions

View File

@ -448,7 +448,7 @@ def verify_signed_message(pub_key, signed_message):
# verify the signed message # verify the signed message
verified = gpg.verify(signed_message) verified = gpg.verify(signed_message)
if verified.fingerprint == import_result.fingerprints[0]: if verified.valid and verified.fingerprint == import_result.fingerprints[0]:
header = "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n" header = "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n"
footer = "-----BEGIN PGP SIGNATURE-----" footer = "-----BEGIN PGP SIGNATURE-----"
cleartext_message = signed_message.split(header)[1].split(footer)[0].strip() cleartext_message = signed_message.split(header)[1].split(footer)[0].strip()

View File

@ -4,8 +4,8 @@ Hash: SHA512
bcrt1qrrvml8tr4lkwlqpg9g394tye6s5950qf9tj9e9 bcrt1qrrvml8tr4lkwlqpg9g394tye6s5950qf9tj9e9
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQyIVYjhac1qLz7sLwuNFtLSY2XJAUCZVUUTQAKCRAuNFtLSY2X iHUEARYKAB0WIQQyIVYjhac1qLz7sLwuNFtLSY2XJAUCZnxJEwAKCRAuNFtLSY2X
JA4zAP9PW71ZvQglGnexa9LYryVbnI0w3WnWXYaOmowy/aMM5wD/a2xZNk95DiDq JEEvAQCh/RPf17JvbodoTbmnyrxWFAeydn3aNefnCVtPrL81XQD/YPMEfIM4f2Tf
s8PnKT41yS+QIBrn7+iZ2DqlCjKdNgc= 3uPqTn0vtXUKtsYtZvxRi8STL7nXKws=
=NOcM =Nlv0
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----