openpgp - npm Package Compare versions

Comparing version 0.6.2 to 0.6.3

package.json

 {
   "name": "openpgp",
   "description": "OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.",
-  "version": "0.6.2",
+  "version": "0.6.3",
   "homepage": "http://openpgpjs.org/",
@@ -6,0 +6,0 @@ "engines": {

src/message.js

@@ -235,4 +235,5 @@ // GPG4Browsers - An OpenPGP implementation in javascript
   keys.forEach(function(key) {
+    var keyPacket = null;
     for (var i = 0; i < signatureList.length; i++) {
-      var keyPacket = key.getKeyPacket([signatureList[i].issuerKeyId]);
+      keyPacket = key.getKeyPacket([signatureList[i].issuerKeyId]);
       if (keyPacket) {
@@ -246,2 +247,5 @@ var verifiedSig = {};
     }
+    if (!keyPacket) {
+      throw new Error('No matching signature found for specified keys.');
+    }
   });
@@ -248,0 +252,0 @@ return result;

test/general/basic.js

@@ -63,2 +63,36 @@ 'use strict';
     });
+
+    it('should fail to verify signature for wrong public key', function (done) {
+      var userid = 'Test McTestington <test@example.com>';
+      var passphrase = 'password';
+      var message = 'hello world';
+
+      var key = openpgp.generateKeyPair({numBits: 512, userId: userid, passphrase: passphrase});
+
+      var privKeys = openpgp.key.readArmored(key.privateKeyArmored);
+      var publicKeys = openpgp.key.readArmored(key.publicKeyArmored);
+
+      var privKey = privKeys.keys[0];
+      var pubKey = publicKeys.keys[0];
+
+      var success = privKey.decrypt(passphrase);
+
+      var encrypted = openpgp.signAndEncryptMessage([pubKey], privKey, message);
+
+      var msg = openpgp.message.readArmored(encrypted);
+      expect(msg).to.exist;
+
+      var anotherKey = openpgp.generateKeyPair({numBits: 512, userId: userid, passphrase: passphrase});
+      var anotherPubKey = openpgp.key.readArmored(anotherKey.publicKeyArmored).keys[0];
+
+      var decrypted;
+      try {
+        decrypted = openpgp.decryptAndVerifyMessage(privKey, [anotherPubKey], msg);
+      } catch(e) {
+        expect(e).to.exist;
+        expect(decrypted).to.not.exist;
+        done();
+      }
+    });
+
     it('Performance test', function (done) {
@@ -65,0 +99,0 @@ // init test data

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

735771

increased by0.18%

Lines of code

18102

increased by0.15%

No dependency changes