[v6] Add back armor checksum for non-v6 artifacts #1741
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ibility" This reverts commit b41298a: As per crypto-refresh, v6 signatures MUST NOT include the CRC checksum. Also, the GPG issue isn't actually caused by the missing checksum, but it's due to a failure to properly decode base64 with no trailing padding char (=).
We need to include the checksum to workaround an GnuPG bug where data fails to be decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071)
twiss
reviewed
Apr 9, 2024
larabr
changed the title
twiss
reviewed
Apr 9, 2024
| return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate'); | ||
| // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. | ||
| const emitChecksum = this.keyPacket.version !== 6; | ||
| return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate', emitChecksum); |
There was a problem hiding this comment.
Not really related to this change but maybe we should pass the config also here?
twiss
approved these changes
Apr 9, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We need to include the checksum to workaround a GnuPG bug where data fails to be decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071).
Pure v6 artifacts are unaffected and won't include the checksum, as mandated by the spec.
Breaking change:
openpgp.armortakes an additionalemitChecksumargument (defaults to false).NB: some types of data must not include the checksum, but compliance is left as responsibility of the caller: this function does not carry out any checks. Refer to the crypto-refresh for more details.