【发布时间】:2017-03-23 20:11:14
【问题描述】:
公钥可以从here下载
这是我要验证的字符串:
6mjdvgmdvggpyoaf.onion
那是分离的签名:
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJYF5+8AAoJEOK8b86OOhToO8EP/ix16wNi/bH+CZuAiOawd2NX
P+rno33WeVLKHg4pJWTeuYumFnjjStRgj/IL2r6Iafa8jnuffMr+DqsbISvbJDXx
dNvwzybPD0dLc/ftJTm1PAR9sTNh3+zeAldmYaaXQTAX/YUVjjru5oiP4H/+oh5t
NezgT7U812r6sVkgOq6dIl84uYRaToB4xxk0C1mdiM2ro1bC7OAAAD5wCFouQNS/
KD+fLebfjPjpDhmd1GgMk08/XGXUQueYPLP6ovsU6ztkjHkKTbPLX9Ity1mLIJlE
WvgZAFd2DwnBhcGUm5o6chvqj8t7kCUldFxJBYtSC0BV8flaRC/2csbKJRLfxy1N
bsRT7sP3fRm3b+bEHXUFdlLUgQbbaH/1HiZO6hsx7qeADvBHEH59kJfRo3XgPNVZ
MBm8kaRDpjYMNwpmrh4uN5ONwDQ5X3weRajZfKub4YzTRqf0gLcfTzbSBDn+YFLX
8NE+9Z7c/UgAsOMzDeVR37BpA9weNeb4EEW4kulr9LBdVbOu6dM9aF9pIBbnD/Nu
5FRcxB3Z/IqUH7PzgS0fCkjroO36Qdu1cAdvkbOgeWpRLcsn/NZdYjBBAD9+JXfT
8tl06AniMFLnyWq5ydytApAu45WW4vthhyPdx+so3R0gN2FJL2pQE01vLO5c0EAP
XSVJLdVLyQTDNW0jwbwo
=vn/m
-----END PGP SIGNATURE-----
代码如下:
var pubkey = openpgp.key.readArmored(key.trim());
var msg = openpgp.message.readSignedContent(domain, signed_block);
var result = msg.verify(pubkey);
console.log(result.valid);
结果日志为:
null
深入代码,调用验证的函数可以在以下位置找到:
https://openpgpjs.org/openpgpjs/doc/message.js.html
在第 367 行:
if (keyPacket) {
verifiedSig.keyid = signatureList[i].issuerKeyId;
verifiedSig.valid = signatureList[i].verify(keyPacket, literalDataList[0]);
} else {
verifiedSig.keyid = signatureList[i].issuerKeyId;
verifiedSig.valid = null;
}
keyPacket 未找到,但我不知道为什么,看起来像是签名块的问题(也许??),但我对 Openpgp 内部结构知之甚少,不知道该怎么做。
任何帮助将不胜感激。
【问题讨论】:
标签: openpgp.js