lysann/passforios-gopenpgp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #181 from ProtonMail/fix/mime-explicit-verify

Browse source 
Return decrypted PGP/MIME content with wrong signature
This commit is contained in:
wussler 2022-04-25 20:40:48 +02:00 committed by GitHub
commit b601b54c1f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
CHANGELOG.md
View file

@ -4,9 +4,14 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## Unreleased
### Changed
- `DecryptMIMEMessage` will return the decrypted content in the `OnBody` callback, even when there's a signature verification error. That lets the caller decide whether they want to use the content with a warning or hard fail on signature errors.
## [2.4.6] 2022-03-25
## Fixed
### Fixed
- Update dependency `github.com/ProtonMail/go-mime`. It makes the parsing
of MIME messages more flexible to messages with no specified charsets.
- Fix the verification of PGP/MIME signature, the signature is now verified

1
crypto/mime.go
View file

@ -45,7 +45,6 @@ func (keyRing *KeyRing) DecryptMIMEMessage(
callbacks.OnError(embeddedSigError)
callbacks.OnError(mimeSigError)
callbacks.OnVerified(prioritizeSignatureErrors(embeddedSigError, mimeSigError))
return
} else if verifyKey != nil {
callbacks.OnVerified(constants.SIGNATURE_OK)
}