Openpgpjs: unable to verify a detached signature

时间:2016-11-09 22:02:29

标签: openpgp.js

The public key can be downloaded from here

的功能

这是我要验证的字符串:

6mjdvgmdvggpyoaf.onion

这是分离的签名:

-----BEGIN PGP SIGNATURE-----

iQIcBAABCgAGBQJYF5+8AAoJEOK8b86OOhToO8EP/ix16wNi/bH+CZuAiOawd2NX
P+rno33WeVLKHg4pJWTeuYumFnjjStRgj/IL2r6Iafa8jnuffMr+DqsbISvbJDXx
dNvwzybPD0dLc/ftJTm1PAR9sTNh3+zeAldmYaaXQTAX/YUVjjru5oiP4H/+oh5t
NezgT7U812r6sVkgOq6dIl84uYRaToB4xxk0C1mdiM2ro1bC7OAAAD5wCFouQNS/
KD+fLebfjPjpDhmd1GgMk08/XGXUQueYPLP6ovsU6ztkjHkKTbPLX9Ity1mLIJlE
WvgZAFd2DwnBhcGUm5o6chvqj8t7kCUldFxJBYtSC0BV8flaRC/2csbKJRLfxy1N
bsRT7sP3fRm3b+bEHXUFdlLUgQbbaH/1HiZO6hsx7qeADvBHEH59kJfRo3XgPNVZ
MBm8kaRDpjYMNwpmrh4uN5ONwDQ5X3weRajZfKub4YzTRqf0gLcfTzbSBDn+YFLX
8NE+9Z7c/UgAsOMzDeVR37BpA9weNeb4EEW4kulr9LBdVbOu6dM9aF9pIBbnD/Nu
5FRcxB3Z/IqUH7PzgS0fCkjroO36Qdu1cAdvkbOgeWpRLcsn/NZdYjBBAD9+JXfT
8tl06AniMFLnyWq5ydytApAu45WW4vthhyPdx+so3R0gN2FJL2pQE01vLO5c0EAP
XSVJLdVLyQTDNW0jwbwo
=vn/m
-----END PGP SIGNATURE-----

以下是代码:

var pubkey = openpgp.key.readArmored(key.trim());
var msg = openpgp.message.readSignedContent(domain, signed_block);
var result = msg.verify(pubkey);
console.log(result.valid);

结果日志是:

null

在代码中,可以在以下位置找到要求验证的函数:

https://openpgpjs.org/openpgpjs/doc/message.js.html

第367行:

if (keyPacket) {

  verifiedSig.keyid = signatureList[i].issuerKeyId;

  verifiedSig.valid = signatureList[i].verify(keyPacket, literalDataList[0]);

} else {

  verifiedSig.keyid = signatureList[i].issuerKeyId;

  verifiedSig.valid = null;

}

找不到keyPacket,但我无法理解为什么,看起来像签名块的问题(也许??)但我不太了解Openpgp内部,知道该怎么做。

任何帮助将不胜感激。

1 个答案:

答案 0 :(得分:1)

解决:

var pubkey = openpgp.key.readArmored(key.trim()).keys;