Comments (5)
hello @bpholt sorry for the delay. I was able to build this branch, publishLocal and switch my project to use the snapshot version.
I have a unit test that is set up to fail in the case where this feature is implemented, and it failed. Which means the feature works!
test("FUTURE FEATURE: decrypt does not work with gpg encrypted message, anonymous recipient") {
val input = "foobarfoobarfoobar\n"
val encryptedInput = ??? //omitted for brevity
(for {
resultString <- PgpService.decryptString[IO](unitTestOnlyPrivateKeyString, encryptedInput)
} yield resultString).unsafeRunSync() match {
case Right(s) =>
fail(
s"Decryption with anonymous recipient worked, unexpectedly.\n" +
s"Result String: ${s}\n" +
s"input: ${input}"
)
case Left(e) =>
assert(
e.getMessage.contains(
"Cannot decrypt message with the passed keyring because it requires key 0"
)
)
}
}
and the result:
[info] - FUTURE FEATURE: decrypt does not work with gpg encrypted message, anonymous recipient *** FAILED ***
[info] Decryption with anonymous recipient worked, unexpectedly.
[info] Result String: foobarfoobarfoobar
[info]
[info] input: foobarfoobarfoobar (PgpServiceSpec.scala:560)
Thank you for implementing this!
from fs2-pgp.
I think I was able to reproduce this with the private key that's part of the test suite of this library.
$ export GNUPGHOME="$(mktemp -d)/.gnupg"
$ mkdir -m 0700 -p "${GNUPGHOME}"
$ pbpaste | gpg --import
gpg: invalid armor header: lQVYBGDozbkBDACt63OSGFh4pVHSpVcPZXot2ZcHepkPXSJOFE+PnLOAvcMK8O9s\n
gpg: /var/folders/zl/t99c6ptn4p78vg6l6f24xwjc0000gq/T/tmp.b1L1ozoY/.gnupg/trustdb.gpg: trustdb created
gpg: key 52AFF6B5A43D6EBB: public key "key 1 <[email protected]>" imported
gpg: key 52AFF6B5A43D6EBB: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
$ echo "Hello World" | gpg --encrypt --armor --hidden-recipient "key 1 <[email protected]>"
gpg: 54E4844CFE7C68E1: There is no assurance this key belongs to the named user
sub rsa3072/54E4844CFE7C68E1 2021-07-09 key 1 <[email protected]>
Primary key fingerprint: 7EEE F61D E397 A6B1 350B 6F93 52AF F6B5 A43D 6EBB
Subkey fingerprint: C4BD 9D01 85E9 B333 4D8D D55D 54E4 844C FE7C 68E1
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
-----BEGIN PGP MESSAGE-----
hQGMAwAAAAAAAAAAAQv/QQ8RnRGF6jaPTUpuBoPollIBvPIzqokTGzuTaVD4bKsg
GGt4ooPpcTkxn0MRLs3rNJfZjaULSkWtUxc4NsSbqmrl8g3smnwJWk/UIR097zlC
s30/o3WlmSodAGbEuP5Y+mbAErwGbCs1e7cn1LqQO3BrSZ3m7djif9fiWRdb3AZ4
YPX5dmmOZLZoNQO5zLNu3iolrTXyimQLcS7VoFQ+Nbj9hOS+vDzcg6Kycaky7U+M
arfyyaqWan8hVygDthMT+n3Au0l7lBzN99aZmC13OP2fhuBBXvrGF+njFS+RkEOs
LToMlpFVYWlEFSnYlIQjsxKBzMKThNudKM7r4Kc1yw88DQ9C/rWZxmMxTyLAA4C7
QZKdO+zYfzSCYq3bO+YdN8vUGZPS63YN8Pp6qWvIXOZ3oecxmidqjGsItLpxJ0KK
zJ0IWVsQj1Zc/2zSojw8edcMh86PFbQsC4aPpMK54KiU4YKXcUnaDeQ48BGv27Po
Qx9PqZi+1ROo+anCVWrn0kcB/+g0TzSpG+nwMI4gxNTTAuybzEscK2ifkA76Df45
cSypFoj4OIRtTZ8iSGhfgt0fCn1qUrEs7Vw+iNYSqpl9/ue3u1icCQ==
=kHjl
-----END PGP MESSAGE-----
Then I added a test to CryptoAlgSpec
:
test("CryptoAlg should decrypt a fixed value encrypted with our test key") {
val crypto = resource()
val message =
"""-----BEGIN PGP MESSAGE-----
|
|hQGMAwAAAAAAAAAAAQv/QQ8RnRGF6jaPTUpuBoPollIBvPIzqokTGzuTaVD4bKsg
|GGt4ooPpcTkxn0MRLs3rNJfZjaULSkWtUxc4NsSbqmrl8g3smnwJWk/UIR097zlC
|s30/o3WlmSodAGbEuP5Y+mbAErwGbCs1e7cn1LqQO3BrSZ3m7djif9fiWRdb3AZ4
|YPX5dmmOZLZoNQO5zLNu3iolrTXyimQLcS7VoFQ+Nbj9hOS+vDzcg6Kycaky7U+M
|arfyyaqWan8hVygDthMT+n3Au0l7lBzN99aZmC13OP2fhuBBXvrGF+njFS+RkEOs
|LToMlpFVYWlEFSnYlIQjsxKBzMKThNudKM7r4Kc1yw88DQ9C/rWZxmMxTyLAA4C7
|QZKdO+zYfzSCYq3bO+YdN8vUGZPS63YN8Pp6qWvIXOZ3oecxmidqjGsItLpxJ0KK
|zJ0IWVsQj1Zc/2zSojw8edcMh86PFbQsC4aPpMK54KiU4YKXcUnaDeQ48BGv27Po
|Qx9PqZi+1ROo+anCVWrn0kcB/+g0TzSpG+nwMI4gxNTTAuybzEscK2ifkA76Df45
|cSypFoj4OIRtTZ8iSGhfgt0fCn1qUrEs7Vw+iNYSqpl9/ue3u1icCQ==
|=kHjl
|-----END PGP MESSAGE-----
|""".stripMargin
for {
key <- PGPKeyAlg[IO].readSecretKeyCollection(TestKey())
text <- Stream
.emit(message)
.through(text.utf8.encode)
.through(crypto.decrypt(key))
.through(text.utf8.decode)
.compile
.lastOrError
} yield {
assertEquals(text, "Hello World")
}
}
which fails with
com.dwolla.security.crypto.KeyRingMissingKeyException: Cannot decrypt message with the passed keyring because it requires key 0, but the ring does not contain that key
If I change it to use PGPKeyAlg[IO].readPrivateKey(TestKey())
instead of readSecretKeyCollection
, it still fails, but with
com.dwolla.security.crypto.KeyMismatchException: Cannot decrypt message with key 0 because it requires key 5958252092039458491
Does that seem like a correct reproduction, @CJSmith-0141?
from fs2-pgp.
Yes, exactly. Reading through RFC 4880 It's not clear to me if this is compliant with OpenPGP or is a GPG extension.
EDIT: What I mean by saying that is if you tag this "will-not-do" I would totally understand.
from fs2-pgp.
@CJSmith-0141 could you try the code in the hidden-recipients
branch (what's in #77) and let me know if it works for you? If so, we should be able to merge it and cut a new release.
from fs2-pgp.
Excellent! I'll get the PR merged and cut a release!
from fs2-pgp.
Related Issues (4)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fs2-pgp.