Fixes

openpgpjs · Mar 18, 2021 · 1ce7292 · 1ce7292
1 parent e2ab82a
commit 1ce7292
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 14 deletions.
diff --git a/src/key/factory.js b/src/key/factory.js
@@ -88,7 +88,9 @@ export async function reformat(options, config) {
     options.subkeys = await Promise.all(privateKey.subKeys.map(async subkey => {
       const secretSubkeyPacket = subkey.keyPacket;
       const dataToVerify = { key: secretKeyPacket, bind: secretSubkeyPacket };
-      const bindingSignature = await helper.getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config);
+      const bindingSignature = await (
+        helper.getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)
+      ).catch(() => ({}));
       return {
         sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)
       };

diff --git a/src/key/helper.js b/src/key/helper.js
@@ -370,6 +370,7 @@ export function isValidSigningKeyPacket(keyPacket, signature) {
   if (!signature.verified || signature.revoked !== false) { // Sanity check
     throw new Error('Signature not verified');
   }
+
   const keyAlgo = enums.write(enums.publicKey, keyPacket.algorithm);
   return keyAlgo !== enums.publicKey.rsaEncrypt &&
     keyAlgo !== enums.publicKey.elgamal &&
@@ -417,5 +418,4 @@ export function assertKeyStrength(keyPacket, config) {
   if (rsaAlgos.has(keyAlgo) && util.uint8ArrayBitLength(keyPacket.publicParams.n) < config.minRsaBits) {
     throw new Error(`RSA keys shorter than ${config.minRsaBits} bits are considered too weak.`);
   }
-  return true;
 }
diff --git a/src/key/key.js b/src/key/key.js
@@ -299,7 +299,7 @@ class Key {
           const bindingSignature = await helper.getLatestValidSignature(
             subKey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config
           );
-          if (!bindingSignature || !helper.isValidSigningKeyPacket(subKey.keyPacket, bindingSignature)) {
+          if (!helper.isValidSigningKeyPacket(subKey.keyPacket, bindingSignature)) {
             continue;
           }
           if (!bindingSignature.embeddedSignature) {
@@ -316,11 +316,16 @@ class Key {
         }
       }
     }
-    const primaryUser = await this.getPrimaryUser(date, userId, config);
-    if ((!keyId || primaryKey.getKeyId().equals(keyId)) &&
-        helper.isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification, config)) {
-      helper.assertKeyStrength(primaryKey, config);
-      return this;
+
+    try {
+      const primaryUser = await this.getPrimaryUser(date, userId, config);
+      if ((!keyId || primaryKey.getKeyId().equals(keyId)) &&
+          helper.isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification, config)) {
+        helper.assertKeyStrength(primaryKey, config);
+        return this;
+      }
+    } catch (e) {
+      exception = e;
     }
     throw util.wrapError('Could not find valid signing key packet in key ' + this.getKeyId().toHex(), exception);
   }
@@ -346,7 +351,7 @@ class Key {
           await subKey.verify(primaryKey, date, config);
           const dataToVerify = { key: primaryKey, bind: subKey.keyPacket };
           const bindingSignature = await helper.getLatestValidSignature(subKey.bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);
-          if (bindingSignature && helper.isValidEncryptionKeyPacket(subKey.keyPacket, bindingSignature)) {
+          if (helper.isValidEncryptionKeyPacket(subKey.keyPacket, bindingSignature)) {
             helper.assertKeyStrength(subKey.keyPacket, config);
             return subKey;
           }
@@ -388,7 +393,7 @@ class Key {
         try {
           const dataToVerify = { key: primaryKey, bind: this.subKeys[i].keyPacket };
           const bindingSignature = await helper.getLatestValidSignature(this.subKeys[i].bindingSignatures, primaryKey, enums.signature.subkeyBinding, dataToVerify, date, config);
-          if (bindingSignature && helper.isValidDecryptionKeyPacket(bindingSignature, config)) {
+          if (helper.isValidDecryptionKeyPacket(bindingSignature, config)) {
             keys.push(this.subKeys[i]);
           }
         } catch (e) {}

diff --git a/src/key/user.js b/src/key/user.js
@@ -59,10 +59,7 @@ class User {
       if (privateKey.hasSameFingerprintAs(primaryKey)) {
         throw new Error('Not implemented for self signing');
       }
-      const signingKey = await privateKey.getSigningKey(
-        undefined, undefined, undefined,
-        { ...config, rejectPublicKeyAlgorithms: new Set(), minRsaBits: 0 }
-      );
+      const signingKey = await privateKey.getSigningKey(undefined, undefined, undefined, config);
       return createSignaturePacket(dataToSign, privateKey, signingKey.keyPacket, {
         // Most OpenPGP implementations use generic certification (0x10)
         signatureType: enums.signature.certGeneric,