mirror of
https://github.com/RoboSats/robosats.git
synced 2025-02-12 08:19:02 +00:00
20d56bdb6f
verify_signed_message was not checking for the validity of the signature. The documentation of python-gnupg is not clear about this, it says that the fiels are set just if the signature is valid. In this case tests/robots/1/signed_message was signed with the correct key but with the wrong digest-algo (SHA256 instead of SHA512) as expressed on the signature. Running gpg --verify tests/robots/1/signed_message returned: gpg: WARNING: signature digest conflict in message gpg: Can't check signature: General error and a non zero error code, but verify_signed_message was not catching this because verified.fingerprint was set even though verified.valid was False. |
||
|---|---|---|
| .. | ||
| b91_token | ||
| enc_priv_key | ||
| nickname | ||
| pub_key | ||
| signed_message | ||
| token | ||