Add private key decrypt validation#1390
Conversation
|
Hello sir, @IvanPizhenko, I have added the initial validation to I also think of adding the validation to So If I check the error message through throwAsync it receives the json debug data from normalized and not getting the "Error: key is invalid" native error. Lastly, I feel like I'm still missing some place where to add the validation. My goal is to add it on Many Thanks! |
|
On When you add to |
IvanPizhenko
left a comment
IvanPizhenko
left a comment
There was a problem hiding this comment.
@martgil please see my remarks
Core/source/core/pgp-key.ts
Outdated
| public static validateAllDecryptedPackets = async (key: Key): Promise<void> => { | ||
| const packets = key.toPacketList() as PacketList<SecretKeyPacket>; | ||
| for (const prvPacket of packets.filter(PgpKey.isPacketPrivate).filter(packet => packet.isDecrypted())) { | ||
| await (prvPacket as SecretKeyPacket).validate(); // gnu-dummy never raises an exception, invalid keys raise exceptions |
There was a problem hiding this comment.
should be type cast to BaseSecretKeyPacket
There was a problem hiding this comment.
updated, thanks!
There was a problem hiding this comment.
sir, I made a recent change that would work without further typecasting but by checking if the prvPacket is an instance of SecretKeyPacket. would that be ok?
Core/source/core/pgp-key.ts
Outdated
| } | ||
|
|
||
| public static validateAllDecryptedPackets = async (key: Key): Promise<void> => { | ||
| const packets = key.toPacketList() as PacketList<SecretKeyPacket>; |
There was a problem hiding this comment.
Please remove type cast to PacketList<SecretKeyPacket>, not all packets will be of type SecretKeyPacket, return type of the toPacketList() is PacketList<AllowedKeyPackets>, that's what we need to operate on.
There was a problem hiding this comment.
thank you, sir, I revert the change to use PacketList<AllowedKeyPackets> and check if the instance of prvPacket is SecretKeyPacket and if the prvPacket is already decrypted because I don't have much idea of how I could make the .filter(PgpKey.isPacketPrivate) to work.
There was a problem hiding this comment.
What's the problem with .filter(PgpKey.isPacketPrivate)? Why doesn't it work?
This code losing checks for SecretSubkeyPacket. I assumed it should be like this:
for (const packet of (key.toPacketList().filter(PgpKey.isPacketPrivate) as BaseSecretKeyPacket[])) {
await packet.validate();
}or even
There was a problem hiding this comment.
I'm not sure but i'm getting the following type error when doing so:
No overload matches this call.
Overload 1 of 2, '(predicate: (value: AllowedKeyPackets, index: number, array: AllowedKeyPackets[]) => value is PrvPacket, thisArg?: any): PrvPacket[]', gave the following error.
Argument of type '(p: AnyKeyPacket) => p is PrvPacket' is not assignable to parameter of type '(value: AllowedKeyPackets, index: number, array: AllowedKeyPackets[]) => value is PrvPacket'.
Types of parameters 'p' and 'value' are incompatible.
Type 'AllowedKeyPackets' is not assignable to type 'BasePublicKeyPacket'.
Type 'SignaturePacket' is missing the following properties from type 'BasePublicKeyPacket': algorithm, getAlgorithmInfo, getFingerprint, getFingerprintBytes, and 6 more.
Overload 2 of 2, '(predicate: (value: AllowedKeyPackets, index: number, array: AllowedKeyPackets[]) => unknown, thisArg?: any): AllowedKeyPackets[]', gave the following error.
Argument of type '(p: AnyKeyPacket) => p is PrvPacket' is not assignable to parameter of type '(value: AllowedKeyPackets, index: number, array: AllowedKeyPackets[]) => unknown'.
Types of parameters 'p' and 'value' are incompatible.
Type 'AllowedKeyPackets' is not assignable to type 'BasePublicKeyPacket'.ts(2769)
There was a problem hiding this comment.
ok, I'll try to fix this myself a bit later.
There was a problem hiding this comment.
thank you sir, I'll have my eyes on them so that I would learn from them and digest the idea as much as I can so that I can handle it myself the next time.
There was a problem hiding this comment.
Maybe just change parameter type of isPrvPacket() to AllowedKeyPackets?
There was a problem hiding this comment.
@martgil I've changed parameter type of the isPacketPrivate() to AllowedKeyPackets and it worked. I've pushed this change.
@martgil You can extend return type of |
Thank you sir, it helps a lot. I tried to apply it the better way I know of - please correct me if any of the changes look awful. Thanks again! |
Thank you, sir, I also find this helpful with help of the additional field |
Core/source/core/pgp-key.ts
Outdated
| } | ||
|
|
||
| public static normalize = async (armored: string): Promise<{ normalized: string, keys: Key[] }> => { | ||
| public static normalize = async (armored: string): Promise<{ normalized: string, keys: Key[], exception: string }> => { |
There was a problem hiding this comment.
should be optional, i.e. exception?: string, i.e. it can be undefined.
There was a problem hiding this comment.
name exception is a bit misleading. It could be exception if you would return here the whole exception object, but only error message is returned, as I can see later in the code. So I suggest to rename it into error, (and moreover, this will be more aligned with what we already have in this codebase).
There was a problem hiding this comment.
oh, okay sir. I've rename it appropriately to error field, making it optional and removing the error from the returning data. thanks!
Core/source/core/pgp-key.ts
Outdated
| } | ||
| } | ||
| return { normalized: keys.map(k => k.armor()).join('\n'), keys }; | ||
| return { normalized: keys.map(k => k.armor()).join('\n'), keys, exception: '' }; |
There was a problem hiding this comment.
no need to return exception here if it is declared optional
Core/source/core/pgp-key.ts
Outdated
| public static parse = async (armored: string): Promise<{ original: string, normalized: string, keys: KeyDetails[] }> => { | ||
| const { normalized, keys } = await PgpKey.normalize(armored); | ||
| return { original: armored, normalized, keys: await Promise.all(keys.map(PgpKey.details)) }; | ||
| public static parse = async (armored: string): Promise<{ original: string, normalized: string, keys: KeyDetails[], exception: string }> => { |
There was a problem hiding this comment.
same: exception should be optional
|
@martgil Some more comments, please check. |
|
@martgil Generally looks good, I will try later today to solve this issue with |
4 participants
This PR adds a private key validation test.
close #1346 // if this PR closes an issue
issue #0000 // if it doesn't close the issue yet
Tests (delete all except exactly one):
To be filled by reviewers
I have reviewed that this PR... (tick whichever items you personally focused on during this review):