feat: return error if verifySignature fail #149

guilhem · 2021-10-03T17:34:27Z

This prevent hard plumbing and to only use io.Reader interface with
security.

Signed-off-by: Guilhem Lettron guilhem@barpilot.io

This prevent hard plumbing and to only use io.Reader interface with security. VerifySignature() doesn't return error if verifyKeyRing isn't specified. Signed-off-by: Guilhem Lettron <guilhem@barpilot.io>

marinthiercelin · 2023-01-09T10:28:53Z

crypto/keyring_streaming.go

@@ -174,8 +177,6 @@ func (msg *PlainMessageReader) VerifySignature() (err error) {
 	if msg.verifyKeyRing != nil {
 		processSignatureExpiration(msg.details, msg.verifyTime)
 		err = verifyDetailsSignature(msg.details, msg.verifyKeyRing)
-	} else {
-		err = errors.New("gopenpgp: no verify keyring was provided before decryption")


The API is such that if the caller sets the verification key ring to nil, the library should not do any verification. So I don't think we need an error here.

feat: return error if verifySignature fail

4a57375

This prevent hard plumbing and to only use io.Reader interface with security. VerifySignature() doesn't return error if verifyKeyRing isn't specified. Signed-off-by: Guilhem Lettron <guilhem@barpilot.io>

guilhem force-pushed the verifyStream branch from a33753f to 4a57375 Compare October 3, 2021 17:56

marinthiercelin reviewed Jan 9, 2023

View reviewed changes

lubux added the v2 Targeting GopenPGP v2 label Jun 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: return error if verifySignature fail #149

feat: return error if verifySignature fail #149

guilhem commented Oct 3, 2021

marinthiercelin Jan 9, 2023

feat: return error if verifySignature fail #149

Are you sure you want to change the base?

feat: return error if verifySignature fail #149

Conversation

guilhem commented Oct 3, 2021

marinthiercelin Jan 9, 2023

Choose a reason for hiding this comment