mirror of
https://github.com/RoboSats/robosats.git
synced 2024-12-15 03:46:24 +00:00
9e442c386a
verify_signed_message was not checking for the validity of the signature. The documentation of python-gnupg is not clear about this, it says that the fiels are set just if the signature is valid. In this case tests/robots/1/signed_message was signed with the correct key but with the wrong digest-algo (SHA256 instead of SHA512) as expressed on the signature. Running gpg --verify tests/robots/1/signed_message returned: gpg: WARNING: signature digest conflict in message gpg: Can't check signature: General error and a non zero error code, but verify_signed_message was not catching this because verified.fingerprint was set even though verified.valid was False. Co-authored-by: jerryfletcher21 <jerryfletcher@cock.email>
12 lines
322 B
Plaintext
12 lines
322 B
Plaintext
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
bcrt1qrrvml8tr4lkwlqpg9g394tye6s5950qf9tj9e9
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iHUEARYKAB0WIQQyIVYjhac1qLz7sLwuNFtLSY2XJAUCZnxJEwAKCRAuNFtLSY2X
|
|
JEEvAQCh/RPf17JvbodoTbmnyrxWFAeydn3aNefnCVtPrL81XQD/YPMEfIM4f2Tf
|
|
3uPqTn0vtXUKtsYtZvxRi8STL7nXKws=
|
|
=Nlv0
|
|
-----END PGP SIGNATURE-----
|