Verification fails to find the issuer key when signed with a subkey

[etnbrd]

• OpenPGP.js version: openpgp@npm:5.10.1 (via npm:^5.10.1)
• Affected platform (Browser or Node.js version): v16.20.2

I miss a lot of knowledge around PGP, so it might really be a mistake on my part.

When verifying the signature of the Release file from the google chrome repository against the provided signing key, gpg recognizes the signatures, while openpgp.js fails to find the signing key, which seems to be a subkey within the signing key.

Reproduction scripts:

openpgp

const got = require('got')
const openpgp = require('openpgp')

async function main(){
    const {body: armoredKeys} = await got('https://dl-ssl.google.com/linux/linux_signing_key.pub')
    const {body: text} = await got('https://dl.google.com/linux/chrome/deb/dists/stable/Release')
    const {body: armoredSignature} = await got('https://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg')

    const message = await openpgp.createMessage({text})
    const signature = await openpgp.readSignature({armoredSignature})
    const verificationKeys = await openpgp.readKeys({armoredKeys})
  
    const verificationResult = await openpgp.verify({expectSigned: true, message, signature, verificationKeys})
    const {verified} = verificationResult.signatures[0]
    await verified
}

main()

When verifying with opengpg, it fails to find the signing key:

$ node test-openpgp.js
Error: Error verifying signed message: Could not find signing key with key ID 4eb27db2a3b88b8b

gpg

#! /usr/bin/env bash

wget https://dl-ssl.google.com/linux/linux_signing_key.pub
wget https://dl.google.com/linux/chrome/deb/dists/stable/Release
wget https://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg

gpg --import linux_signing_key.pub
gpg --verify Release.gpg Release

When running with gpg, it seems to verify correctly:

$ ./test-openpgp.sh
gpg: key A040830F7FAC5991: "Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>" not changed
gpg: key 7721F63BD38B4796: "Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2
gpg: Signature made Sam 16 sep 01:58:39 2023 CEST
gpg:                using RSA key 8461EFA0E74ABAE010DE66994EB27DB2A3B88B8B
gpg: Good signature from "Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EB4C 1BFD 4F04 2F6D DDCC  EC91 7721 F63B D38B 4796
     Subkey fingerprint: 8461 EFA0 E74A BAE0 10DE  6699 4EB2 7DB2 A3B8 8B8B
     
$ gpg --version
gpg (GnuPG) 2.4.3
libgcrypt 1.10.2
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/etienne.brodu/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

[larabr]

The key input file is not formatted properly to be read using readKeys. That function expect a specific type of armored data, which includes multiple keys in a single block, not separate armored keys. Your code is thus reading the first key only, which is not the one that signed the message.
We don't have an API to automatically read the key file you are provided, you'll have to manually extract the separate keys (one option is to split the text based on the armored delimiters -----BEGIN PGP PUBLIC KEY BLOCK-----.

In this case, the second key is the signing one, in case you want to extract it manually, to test that it works 🙂

PS: passing expectSigned: true to verify is sufficient to confirm the signature is valid. If signatures are missing, or invalid, the function will throw. No need to await verified.

[etnbrd]

Thanks a lot for your reply, it'd have taken me quite some time to figure that out 🙇

Here's the implementation I ended up using:

const got = require('got')
const openpgp = require('openpgp')

async function main(){
    const {body: armoredKeys} = await got('https://dl-ssl.google.com/linux/linux_signing_key.pub')
    const {body: text} = await got('https://dl.google.com/linux/chrome/deb/dists/stable/Release')
    const {body: armoredSignature} = await got('https://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg')

    let lastIndex
    let providedKeys = armoredKeys
    const keys = []
    while ((lastIndex = providedKeys.indexOf('-----END PGP PUBLIC KEY BLOCK-----\n')) > 0) {
      lastIndex = lastIndex + '-----END PGP PUBLIC KEY BLOCK-----\n'.length
      keys.push(providedKeys.slice(0, lastIndex))
      providedKeys = providedKeys.slice(lastIndex)
    }
  
    const message = await openpgp.createMessage({text})
    const signature = await openpgp.readSignature({armoredSignature})
    const verificationKeys = await Promise.all(keys.map(async (armoredKey) => openpgp.readKey({armoredKey})))
    await openpgp.verify({expectSigned: true, message, signature, verificationKeys})
}

main()