moparisthebest/mail
1
0
Fork 0
mirror of https://github.com/moparisthebest/mail synced 2024-11-22 17:02:17 -05:00
Code Issues Releases Wiki Activity

Merge pull request #85 from whiteout-io/dev/WO-279

Browse Source 
[WO-279] Display error message if PGP signature is invalid
This commit is contained in:
Tankred Hase 2014-07-02 15:31:33 +02:00
commit 8ebb24123a
7 changed files with 110 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/js/crypto/pgp.js
View File

@ -265,44 +265,60 @@ define(function(require) {
* Encrypt and sign a pgp message for a list of receivers * Encrypt and sign a pgp message for a list of receivers
*/ */
PGP.prototype.encrypt = function(plaintext, publicKeysArmored, callback) { PGP.prototype.encrypt = function(plaintext, publicKeysArmored, callback) {
var publicKeys = []; var publicKeys;
// check keys // check keys
if (!this._privateKey || publicKeysArmored.length < 1) { if (!this._privateKey) {
callback(new Error('Error encrypting. Keys must be set!')); callback(new Error('Error encrypting. Keys must be set!'));
return; return;
} }
// parse armored public keys // parse armored public keys
try { try {
publicKeysArmored.forEach(function(pubkeyArmored) { if (publicKeysArmored && publicKeysArmored.length) {
publicKeys = publicKeys.concat(openpgp.key.readArmored(pubkeyArmored).keys); publicKeys = [];
}); publicKeysArmored.forEach(function(pubkeyArmored) {
publicKeys = publicKeys.concat(openpgp.key.readArmored(pubkeyArmored).keys);
});
}
} catch (err) { } catch (err) {
callback(new Error('Error encrypting plaintext!')); callback(new Error('Error encrypting plaintext!'));
return; return;
} }
// encrypt and sign the plaintext if (publicKeys) {
openpgp.signAndEncryptMessage(publicKeys, this._privateKey, plaintext, callback); // encrypt and sign the plaintext
openpgp.signAndEncryptMessage(publicKeys, this._privateKey, plaintext, callback);
} else {
// if no public keys are available encrypt for myself
openpgp.signAndEncryptMessage([this._publicKey], this._privateKey, plaintext, callback);
}
}; };
/** /**
* Decrypt and verify a pgp message for a single sender. * [decrypt description]
* You need to check if signatures are both present and valid in the callback! * @param {String} ciphertext The encrypted PGP message block
* @param {String} publicKeyArmored The public key used to sign the message
* @param {Function} callback(error, plaintext, signaturesValid) signaturesValid is undefined in case there are no signature, null in case there are signatures but the wrong public key or no key was used to verify, true if the signature was successfully verified, or false if the signataure verification failed.
*/ */
PGP.prototype.decrypt = function(ciphertext, publicKeyArmored, callback) { PGP.prototype.decrypt = function(ciphertext, publicKeyArmored, callback) {
var publicKeys, message, signaturesValid; var publicKeys, message, signaturesValid;
// check keys // check keys
if (!this._privateKey || !publicKeyArmored) { if (!this._privateKey) {
callback(new Error('Error decrypting. Keys must be set!')); callback(new Error('Error decrypting. Keys must be set!'));
return; return;
} }
// read keys and ciphertext message // read keys and ciphertext message
try { try {
publicKeys = openpgp.key.readArmored(publicKeyArmored).keys; if (publicKeyArmored) {
// parse public keys if available ...
publicKeys = openpgp.key.readArmored(publicKeyArmored).keys;
} else {
// use own public key to know if signatures are available
publicKeys = [this._publicKey];
}
message = openpgp.message.readArmored(ciphertext); message = openpgp.message.readArmored(ciphertext);
} catch (err) { } catch (err) {
callback(new Error('Error parsing encrypted PGP message!')); callback(new Error('Error parsing encrypted PGP message!'));
@ -314,19 +330,19 @@ define(function(require) {
function onDecrypted(err, decrypted) { function onDecrypted(err, decrypted) {
if (err) { if (err) {
callback(new Error('Error decrypting PGP message!')); callback(new Error('Error decrypting and verifying PGP message!'));
return; return;
} }
// check if signatures are valid // check if signatures are valid
if (decrypted.signatures.length > 0) { if (decrypted.signatures.length > 0) {
signaturesValid = true; signaturesValid = true; // signature is correct
for (var i = 0; i < decrypted.signatures.length; i++) { for (var i = 0; i < decrypted.signatures.length; i++) {
if (decrypted.signatures[i].valid === false) { if (decrypted.signatures[i].valid === false) {
signaturesValid = false; // signature is wrong ... message was tampered with signaturesValid = false; // signature is wrong ... message was tampered with
break; break;
} else if (decrypted.signatures[i].valid === null) { } else if (decrypted.signatures[i].valid === null) {
signaturesValid = undefined; // signature not found for the specified public key signaturesValid = null; // signature not found for the specified public key
break; break;
} }
} }

17
src/js/dao/email-dao.js
View File

@ -831,19 +831,19 @@ define(function(require) {
return; return;
} }
if (!senderPublicKey) {
// this should only happen if a mail from another channel is in the inbox
showError('Public key for sender not found!');
return;
}
// get the receiver's public key to check the message signature // get the receiver's public key to check the message signature
var encryptedNode = filterBodyParts(message.bodyParts, 'encrypted')[0]; var encryptedNode = filterBodyParts(message.bodyParts, 'encrypted')[0];
self._pgp.decrypt(encryptedNode.content, senderPublicKey.publicKey, function(err, decrypted, signaturesValid) { var senderKey = senderPublicKey ? senderPublicKey.publicKey : undefined;
self._pgp.decrypt(encryptedNode.content, senderKey, function(err, decrypted, signaturesValid) {
if (err || !decrypted) { if (err || !decrypted) {
return showError(err.message || 'An error occurred during the decryption.'); return showError(err.message || 'An error occurred during the decryption.');
} }
// if the decryption worked and signatures are present, everything's fine.
// no error is thrown if signatures are not present
message.signed = typeof signaturesValid !== 'undefined';
message.signaturesValid = signaturesValid;
// if the encrypted node contains pgp/inline, we must not parse it // if the encrypted node contains pgp/inline, we must not parse it
// with the mailreader as it is not well-formed MIME // with the mailreader as it is not well-formed MIME
if (encryptedNode._isPgpInline) { if (encryptedNode._isPgpInline) {
@ -875,9 +875,6 @@ define(function(require) {
}); });
inlineExternalImages(message); inlineExternalImages(message);
// if the decryption worked and signatures are present, everything's fine.
// no error is thrown if signatures are not present
message.signed = signaturesValid;
message.decrypted = true; message.decrypted = true;
// we're done here! // we're done here!

13
src/lib/openpgp/openpgp.js
View File

@ -1503,7 +1503,7 @@ module.exports = {
show_version: true, show_version: true,
show_comment: true, show_comment: true,
versionstring: "OpenPGP.js v0.6.5", versionstring: "OpenPGP.js v0.7.0",
commentstring: "http://openpgpjs.org", commentstring: "http://openpgpjs.org",
keyserver: "keyserver.linux.it", // "pgp.mit.edu:11371" keyserver: "keyserver.linux.it", // "pgp.mit.edu:11371"
@ -12439,24 +12439,25 @@ Message.prototype.verify = function(keys) {
var literalDataList = msg.packets.filterByTag(enums.packet.literal); var literalDataList = msg.packets.filterByTag(enums.packet.literal);
if (literalDataList.length !== 1) throw new Error('Can only verify message with one literal data packet.'); if (literalDataList.length !== 1) throw new Error('Can only verify message with one literal data packet.');
var signatureList = msg.packets.filterByTag(enums.packet.signature); var signatureList = msg.packets.filterByTag(enums.packet.signature);
keys.forEach(function(key) { for (var i = 0; i < signatureList.length; i++) {
var keyPacket = null; var keyPacket = null;
for (var i = 0; i < signatureList.length; i++) { for (var j = 0; j < keys.length; j++) {
keyPacket = key.getKeyPacket([signatureList[i].issuerKeyId]); keyPacket = keys[j].getKeyPacket([signatureList[i].issuerKeyId]);
if (keyPacket) { if (keyPacket) {
break; break;
} }
} }
var verifiedSig = {}; var verifiedSig = {};
if (keyPacket) { if (keyPacket) {
verifiedSig.keyid = signatureList[i].issuerKeyId; verifiedSig.keyid = signatureList[i].issuerKeyId;
verifiedSig.valid = signatureList[i].verify(keyPacket, literalDataList[0]); verifiedSig.valid = signatureList[i].verify(keyPacket, literalDataList[0]);
} else { } else {
verifiedSig.keyid = key.primaryKey.keyid; verifiedSig.keyid = signatureList[i].issuerKeyId;
verifiedSig.valid = null; verifiedSig.valid = null;
} }
result.push(verifiedSig); result.push(verifiedSig);
}); }
return result; return result;
}; };

11
src/sass/views/_read.scss
View File

@ -117,6 +117,17 @@
} }
} }
.signature-status {
flex-shrink: 0;
padding: 0.9em;
text-align: center;
p {
color: $label-primary-back-color;
margin: 0;
}
}
.display-images { .display-images {
flex-shrink: 0; flex-shrink: 0;
padding: 0.9em; padding: 0.9em;

5
src/tpl/read.html
View File

@ -53,6 +53,11 @@
</div><!--/.working--> </div><!--/.working-->
</div><!--/.working-wrapper--> </div><!--/.working-wrapper-->
<div class="signature-status"
ng-show="state.mailList.selected.signed && !state.mailList.selected.signaturesValid">
<p>Invalid PGP signature. This message could have been tampered with.</p>
</div>
<div class="display-images"> <div class="display-images">
<a ng-show="html && showImageButton" href='#' wo-touch="displayImages(); $event.preventDefault()">Display images</a> <a ng-show="html && showImageButton" href='#' wo-touch="displayImages(); $event.preventDefault()">Display images</a>
</div> </div>

23
test/integration/email-dao-test.js
View File

@ -461,7 +461,8 @@ define(function(require) {
}, function(err) { }, function(err) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(message.encrypted).to.be.true; expect(message.encrypted).to.be.true;
expect(message.signed).to.be.undefined; expect(message.signed).to.be.false;
expect(message.signaturesValid).to.be.undefined;
expect(message.attachments.length).to.equal(1); expect(message.attachments.length).to.equal(1);
expect(message.body).to.equal('test16'); expect(message.body).to.equal('test16');
done(); done();
@ -484,6 +485,7 @@ define(function(require) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(message.encrypted).to.be.true; expect(message.encrypted).to.be.true;
expect(message.signed).to.be.true; expect(message.signed).to.be.true;
expect(message.signaturesValid).to.be.true;
expect(message.attachments.length).to.equal(1); expect(message.attachments.length).to.equal(1);
expect(message.body).to.equal('test15'); expect(message.body).to.equal('test15');
done(); done();
@ -506,6 +508,7 @@ define(function(require) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(message.encrypted).to.be.true; expect(message.encrypted).to.be.true;
expect(message.signed).to.be.true; expect(message.signed).to.be.true;
expect(message.signaturesValid).to.be.true;
expect(message.attachments.length).to.equal(0); expect(message.attachments.length).to.equal(0);
expect(message.body).to.equal('test12'); expect(message.body).to.equal('test12');
done(); done();
@ -527,7 +530,8 @@ define(function(require) {
}, function(err) { }, function(err) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(message.encrypted).to.be.true; expect(message.encrypted).to.be.true;
expect(message.signed).to.be.undefined; expect(message.signed).to.be.false;
expect(message.signaturesValid).to.be.undefined;
expect(message.attachments.length).to.equal(0); expect(message.attachments.length).to.equal(0);
expect(message.body).to.equal('test13'); expect(message.body).to.equal('test13');
done(); done();
@ -550,6 +554,7 @@ define(function(require) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(message.encrypted).to.be.false; expect(message.encrypted).to.be.false;
expect(message.signed).to.be.true; expect(message.signed).to.be.true;
//TODO (check plaintext signatures): expect(message.signaturesValid).to.be.true;
expect(message.attachments.length).to.equal(1); expect(message.attachments.length).to.equal(1);
expect(message.body).to.equal('test17\n'); expect(message.body).to.equal('test17\n');
done(); done();
@ -572,6 +577,7 @@ define(function(require) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(message.encrypted).to.be.false; expect(message.encrypted).to.be.false;
expect(message.signed).to.be.true; expect(message.signed).to.be.true;
//TODO (check plaintext signatures): expect(message.signaturesValid).to.be.true;
expect(message.attachments.length).to.equal(0); expect(message.attachments.length).to.equal(0);
expect(message.body).to.equal('test14'); expect(message.body).to.equal('test14');
done(); done();
@ -593,7 +599,8 @@ define(function(require) {
}, function(err) { }, function(err) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(message.encrypted).to.be.true; expect(message.encrypted).to.be.true;
expect(message.signed).to.be.undefined; expect(message.signed).to.be.false;
expect(message.signaturesValid).to.be.undefined;
expect(message.attachments.length).to.equal(1); expect(message.attachments.length).to.equal(1);
expect(message.body).to.equal('test10'); expect(message.body).to.equal('test10');
done(); done();
@ -602,7 +609,7 @@ define(function(require) {
}; };
}); });
it.skip('should parse Thunderbird (attachment - PGP/MIME): Encrypted and signed', function(done) { it('should parse Thunderbird (attachment - PGP/MIME): Encrypted and signed', function(done) {
emailDao.onIncomingMessage = function(messages) { emailDao.onIncomingMessage = function(messages) {
emailDao.getBody({ emailDao.getBody({
folder: currentFolder, folder: currentFolder,
@ -616,6 +623,7 @@ define(function(require) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(message.encrypted).to.be.true; expect(message.encrypted).to.be.true;
expect(message.signed).to.be.true; expect(message.signed).to.be.true;
expect(message.signaturesValid).to.be.true;
expect(message.attachments.length).to.equal(1); expect(message.attachments.length).to.equal(1);
expect(message.body).to.equal('test9'); expect(message.body).to.equal('test9');
done(); done();
@ -624,7 +632,7 @@ define(function(require) {
}; };
}); });
it.skip('should parse Thunderbird (no attachment): Encrypted and signed', function(done) { it('should parse Thunderbird (no attachment): Encrypted and signed', function(done) {
emailDao.onIncomingMessage = function(messages) { emailDao.onIncomingMessage = function(messages) {
emailDao.getBody({ emailDao.getBody({
folder: currentFolder, folder: currentFolder,
@ -638,6 +646,7 @@ define(function(require) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(message.encrypted).to.be.true; expect(message.encrypted).to.be.true;
expect(message.signed).to.be.true; expect(message.signed).to.be.true;
expect(message.signaturesValid).to.be.true;
expect(message.attachments.length).to.equal(0); expect(message.attachments.length).to.equal(0);
expect(message.body).to.equal('test4\n'); expect(message.body).to.equal('test4\n');
done(); done();
@ -660,6 +669,7 @@ define(function(require) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(message.encrypted).to.be.true; expect(message.encrypted).to.be.true;
expect(message.signed).to.be.false; expect(message.signed).to.be.false;
expect(message.signaturesValid).to.be.undefined;
expect(message.attachments.length).to.equal(0); expect(message.attachments.length).to.equal(0);
expect(message.body).to.equal('test5\n'); expect(message.body).to.equal('test5\n');
done(); done();
@ -682,6 +692,7 @@ define(function(require) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(message.encrypted).to.be.false; expect(message.encrypted).to.be.false;
expect(message.signed).to.be.false; expect(message.signed).to.be.false;
expect(message.signaturesValid).to.be.undefined;
expect(message.attachments.length).to.equal(0); expect(message.attachments.length).to.equal(0);
expect(message.body).to.equal('test8\n\n23.06.14 21:12, safewithme kirjutas:\n> test8'); expect(message.body).to.equal('test8\n\n23.06.14 21:12, safewithme kirjutas:\n> test8');
done(); done();
@ -704,6 +715,7 @@ define(function(require) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(message.encrypted).to.be.false; expect(message.encrypted).to.be.false;
expect(message.signed).to.be.true; expect(message.signed).to.be.true;
//TODO (check plaintext signatures): expect(message.signaturesValid).to.be.true;
expect(message.attachments.length).to.equal(1); expect(message.attachments.length).to.equal(1);
expect(message.body).to.equal('test11'); expect(message.body).to.equal('test11');
done(); done();
@ -726,6 +738,7 @@ define(function(require) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(message.encrypted).to.be.false; expect(message.encrypted).to.be.false;
expect(message.signed).to.be.true; expect(message.signed).to.be.true;
//TODO (check plaintext signatures): expect(message.signaturesValid).to.be.true;
expect(message.attachments.length).to.equal(0); expect(message.attachments.length).to.equal(0);
expect(message.body).to.equal('test6'); expect(message.body).to.equal('test6');
done(); done();

42
test/unit/pgp-test.js
View File

@ -2,6 +2,7 @@ define(function(require) {
'use strict'; 'use strict';
var PGP = require('js/crypto/pgp'), var PGP = require('js/crypto/pgp'),
openpgp = require('openpgp'),
expect = chai.expect; expect = chai.expect;
describe('PGP Crypto Api unit tests', function() { describe('PGP Crypto Api unit tests', function() {
@ -13,7 +14,7 @@ define(function(require) {
keySize = 512, keySize = 512,
keyId = 'F6F60E9B42CDFF4C', keyId = 'F6F60E9B42CDFF4C',
pubkey = '-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n' + pubkey = '-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n' +
'Version: OpenPGP.js v0.6.5\r\n' + 'Version: OpenPGP.js v0.7.0\r\n' +
'Comment: http://openpgpjs.org\r\n' + 'Comment: http://openpgpjs.org\r\n' +
'\r\n' + '\r\n' +
'xk0EUlhMvAEB/2MZtCUOAYvyLFjDp3OBMGn3Ev8FwjzyPbIF0JUw+L7y2XR5\r\n' + 'xk0EUlhMvAEB/2MZtCUOAYvyLFjDp3OBMGn3Ev8FwjzyPbIF0JUw+L7y2XR5\r\n' +
@ -24,7 +25,7 @@ define(function(require) {
'=6XMW\r\n' + '=6XMW\r\n' +
'-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n', '-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n',
privkey = '-----BEGIN PGP PRIVATE KEY BLOCK-----\r\n' + privkey = '-----BEGIN PGP PRIVATE KEY BLOCK-----\r\n' +
'Version: OpenPGP.js v0.6.5\r\n' + 'Version: OpenPGP.js v0.7.0\r\n' +
'Comment: http://openpgpjs.org\r\n' + 'Comment: http://openpgpjs.org\r\n' +
'\r\n' + '\r\n' +
'xcBeBFJYTLwBAf9jGbQlDgGL8ixYw6dzgTBp9xL/BcI88j2yBdCVMPi+8tl0\r\n' + 'xcBeBFJYTLwBAf9jGbQlDgGL8ixYw6dzgTBp9xL/BcI88j2yBdCVMPi+8tl0\r\n' +
@ -219,7 +220,6 @@ define(function(require) {
var keyId = pgp.getKeyId(); var keyId = pgp.getKeyId();
expect(keyId).to.equal('F6F60E9B42CDFF4C'); expect(keyId).to.equal('F6F60E9B42CDFF4C');
}); });
it('should work with param', function() { it('should work with param', function() {
var keyId = pgp.getKeyId(pubkey); var keyId = pgp.getKeyId(pubkey);
expect(keyId).to.equal('F6F60E9B42CDFF4C'); expect(keyId).to.equal('F6F60E9B42CDFF4C');
@ -231,7 +231,6 @@ define(function(require) {
var fingerprint = pgp.getFingerprint(); var fingerprint = pgp.getFingerprint();
expect(fingerprint).to.equal('5856CEF789C3A307E8A1B976F6F60E9B42CDFF4C'); expect(fingerprint).to.equal('5856CEF789C3A307E8A1B976F6F60E9B42CDFF4C');
}); });
it('should work with param', function() { it('should work with param', function() {
var fingerprint = pgp.getFingerprint(pubkey); var fingerprint = pgp.getFingerprint(pubkey);
expect(fingerprint).to.equal('5856CEF789C3A307E8A1B976F6F60E9B42CDFF4C'); expect(fingerprint).to.equal('5856CEF789C3A307E8A1B976F6F60E9B42CDFF4C');
@ -280,7 +279,6 @@ define(function(require) {
done(); done();
}); });
}); });
it('should work', function(done) { it('should work', function(done) {
pgp.encrypt(message, [pubkey], function(err, ct) { pgp.encrypt(message, [pubkey], function(err, ct) {
expect(err).to.not.exist; expect(err).to.not.exist;
@ -288,10 +286,18 @@ define(function(require) {
done(); done();
}); });
}); });
it('should encrypt to myself if public keys are empty', function(done) {
pgp.encrypt(message, undefined, function(err, ct) {
expect(err).to.not.exist;
expect(ct).to.exist;
done();
});
});
}); });
describe('Decrypt and verify', function() { describe('Decrypt and verify', function() {
var ciphertext; var ciphertext;
var wrongPubkey = '-----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: OpenPGP.js v.1.20131116\r\nComment: Whiteout Mail - http://whiteout.io\r\n\r\nxsBNBFKODs4BB/9iOF4THsjQMY+WEpT7ShgKxj4bHzRRaQkqczS4nZvP0U3g\r\nqeqCnbpagyeKXA+bhWFQW4GmXtgAoeD5PXs6AZYrw3tWNxLKu2Oe6Tp9K/XI\r\nxTMQ2wl4qZKDXHvuPsJ7cmgaWqpPyXtxA4zHHS3WrkI/6VzHAcI/y6x4szSB\r\nKgSuhI3hjh3s7TybUC1U6AfoQGx/S7e3WwlCOrK8GTClirN/2mCPRC5wuIft\r\nnkoMfA6jK8d2OPrJ63shy5cgwHOjQg/xuk46dNS7tkvGmbaa+X0PgqSKB+Hf\r\nYPPNS/ylg911DH9qa8BqYU2QpNh9jUKXSF+HbaOM+plWkCSAL7czV+R3ABEB\r\nAAHNLVdoaXRlb3V0IFVzZXIgPHNhZmV3aXRobWUudGVzdHVzZXJAZ21haWwu\r\nY29tPsLAXAQQAQgAEAUCUo4O2gkQ1/uT/N+/wjwAAN2cB/9gFRmAfvEQ2qz+\r\nWubmT2EsSSnjPMxzG4uyykFoa+TaZCWo2Xa2tQghmU103kEkQb1OEjRjpgwJ\r\nYX9Kghnl8DByM686L5AXnRyHP78qRJCLXSXl0AGicboUDp5sovaa4rswQceH\r\nvcdWgZ/mgHTRoiQeJddy9k+H6MPFiyFaVcFwegVsmpc+dCcC8yT+qh8ZIbyG\r\nRJU60PmKKN7LUusP+8DbSv39zCGJCBlVVKyA4MzdF5uM+sqTdXbKzOrT5DGd\r\nCZaox4s+w16Sq1rHzZKFWfQPfKLDB9pyA0ufCVRA3AF6BUi7G3ZqhZiHNhMP\r\nNvE45V/hS1PbZcfPVoUjE2qc1Ix1\r\n=7Wpe\r\n-----END PGP PUBLIC KEY BLOCK-----';
beforeEach(function(done) { beforeEach(function(done) {
pgp.encrypt(message, [pubkey], function(err, ct) { pgp.encrypt(message, [pubkey], function(err, ct) {
@ -311,7 +317,6 @@ define(function(require) {
done(); done();
}); });
}); });
it('should work', function(done) { it('should work', function(done) {
pgp.decrypt(ciphertext, pubkey, function(err, pt, signValid) { pgp.decrypt(ciphertext, pubkey, function(err, pt, signValid) {
expect(err).to.not.exist; expect(err).to.not.exist;
@ -320,17 +325,34 @@ define(function(require) {
done(); done();
}); });
}); });
it('should work without signature', function(done) {
var ct = openpgp.encryptMessage([pgp._publicKey], message);
it('should decrypt but signValid should be undefined for wrong public key', function(done) { pgp.decrypt(ct, undefined, function(err, pt, signValid) {
var wrongPubkey = '-----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: OpenPGP.js v.1.20131116\r\nComment: Whiteout Mail - http://whiteout.io\r\n\r\nxsBNBFKODs4BB/9iOF4THsjQMY+WEpT7ShgKxj4bHzRRaQkqczS4nZvP0U3g\r\nqeqCnbpagyeKXA+bhWFQW4GmXtgAoeD5PXs6AZYrw3tWNxLKu2Oe6Tp9K/XI\r\nxTMQ2wl4qZKDXHvuPsJ7cmgaWqpPyXtxA4zHHS3WrkI/6VzHAcI/y6x4szSB\r\nKgSuhI3hjh3s7TybUC1U6AfoQGx/S7e3WwlCOrK8GTClirN/2mCPRC5wuIft\r\nnkoMfA6jK8d2OPrJ63shy5cgwHOjQg/xuk46dNS7tkvGmbaa+X0PgqSKB+Hf\r\nYPPNS/ylg911DH9qa8BqYU2QpNh9jUKXSF+HbaOM+plWkCSAL7czV+R3ABEB\r\nAAHNLVdoaXRlb3V0IFVzZXIgPHNhZmV3aXRobWUudGVzdHVzZXJAZ21haWwu\r\nY29tPsLAXAQQAQgAEAUCUo4O2gkQ1/uT/N+/wjwAAN2cB/9gFRmAfvEQ2qz+\r\nWubmT2EsSSnjPMxzG4uyykFoa+TaZCWo2Xa2tQghmU103kEkQb1OEjRjpgwJ\r\nYX9Kghnl8DByM686L5AXnRyHP78qRJCLXSXl0AGicboUDp5sovaa4rswQceH\r\nvcdWgZ/mgHTRoiQeJddy9k+H6MPFiyFaVcFwegVsmpc+dCcC8yT+qh8ZIbyG\r\nRJU60PmKKN7LUusP+8DbSv39zCGJCBlVVKyA4MzdF5uM+sqTdXbKzOrT5DGd\r\nCZaox4s+w16Sq1rHzZKFWfQPfKLDB9pyA0ufCVRA3AF6BUi7G3ZqhZiHNhMP\r\nNvE45V/hS1PbZcfPVoUjE2qc1Ix1\r\n=7Wpe\r\n-----END PGP PUBLIC KEY BLOCK-----';
pgp.decrypt(ciphertext, wrongPubkey, function(err, pt, signValid) {
expect(err).to.not.exist; expect(err).to.not.exist;
expect(pt).to.equal(message); expect(pt).to.equal(message);
expect(signValid).to.be.undefined; expect(signValid).to.be.undefined;
done(); done();
}); });
}); });
it('should fail to verify if public keys are empty', function(done) {
// setup another public key so that signature verification fails
pgp._publicKey = openpgp.key.readArmored(wrongPubkey).keys[0];
pgp.decrypt(ciphertext, undefined, function(err, pt, signValid) {
expect(err).to.not.exist;
expect(pt).to.equal(message);
expect(signValid).to.be.null;
done();
});
});
it('should decrypt but signValid should be null for wrong public key', function(done) {
pgp.decrypt(ciphertext, wrongPubkey, function(err, pt, signValid) {
expect(err).to.not.exist;
expect(pt).to.equal(message);
expect(signValid).to.be.null;
done();
});
});
}); });
}); });