TypeScript-Core functionality to verify signatures

[tomholub]

prerequisite for #278

parseDecryptMsg currently accepts these values: { keys: PrvKeyInfo[], msgPwd: string?, isEmail: boolean }

I'd like to add optional verificationPubkeys: string[]? which will accept an array of armored public keys.

This will get passed into:

const decryptRes = await PgpMsg.decrypt({ kisWithPp, msgPwd, encryptedData: Buf.with(rawBlock.content) });
// which is
public static decrypt: PgpMsgMethod.Decrypt = async ({ kisWithPp, encryptedData, msgPwd }) => {

in the PgpMsg.decrypt method you need to edit const keys = await PgpMsg.getSortedKeys(kisWithPp, prepared.message); to accept this array as well (optionally - can be undefined), which means updating the signature of private static getSortedKeys = async (kiWithPp: PrvKeyInfo[], msg: OpenpgpMsgOrCleartext): Promise<SortedKeysForDecrypt> => { to accept it.

Then finally in getSortedKeys, this line:

await PgpMsg.cryptoMsgGetSignedBy(msg, keys);

should be changed to something like:

if(typeof verificationPubkeys !== 'undefined') {
  keys.forVerification = [];
  for (const verificationPubkey of verificationPubkeys) {
    const { keys: keysForVerification } = await openpgp.key.readArmored(verificationPubkey);
    keys.forVerification.push(...keysForVerification);
  }
} else {
  await PgpMsg.cryptoMsgGetSignedBy(msg, keys);
}

Then please remove everything related to keys.verificationContacts, which includes changing singature of PpgMsg.verify to not accept a Contact? and not return it either.

Once you do all that, and run parseDecryptMsg, you should see it return verification results automatically.

This issue should involve the following tests:

• verify encrypted+signed message by providing it correct public key (pass)
• verify encrypted+signed message by providing it one wrong and one correct (pass)
• verify encrypted+signed message by providing it only a wrong public key (fail: cannot verify)
• verify plain-text signed message by providing it correct key (pass)
• verify plain-text signed message by providing it wrong key (fail: cannot verify)
• verify plain-text signed message that you edited after signing. This invalidates the signature. With correct key. (fail: signature mismatch)

[IvanPizhenko]

@tomholub Is there a difference between:

if (typeof verificationPubkeys !== 'undefined')

and

if (verificationPubkeys !== undefined)

?

[IvanPizhenko]

@tomholub Are there ready test messages that I can use or I need to create new ones?

[tomholub]

@tomholub Are there ready test messages that I can use or I need to create new ones?

You may be able to create most of them by editing https://github.com/FlowCrypt/flowcrypt-ios/blob/master/Core/source/gen-compat-assets.ts and then running it.

[tomholub]

@tomholub Is there a difference between:

if (typeof verificationPubkeys !== 'undefined')

and

if (verificationPubkeys !== undefined)

?

The second one will throw exception in strict mode if the value actually hasn't been defined at all --- as opposed to defined but assigned with undefined (let x = undefined;) or defined without assigning value (let x;).

[tomholub]

javascript is full of footguns, and that's why the compiler and linter will warn you away from these. x === undefined is one of the many.

[IvanPizhenko]

@tomholub in https://github.com/FlowCrypt/flowcrypt-ios/blob/master/Core/source/gen-compat-assets.ts - what does mean this email header:

Openpgp: id=6D24791A5B106262B06217C606CA553EC2455D70

is it:

• a fingerprint of the sender's key
• a fingerprint of the recepient's key
• something else?