diff options
| author | Joey Hess <joeyh@joeyh.name> | 2017-04-27 15:55:46 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2017-04-27 15:55:46 -0400 |
| commit | fd2cb3cd3608401f42d3d0d06b7f961bb0b1ebb4 (patch) | |
| tree | 773c9c76095fe2ee1d583229cb4ec62bcd8c7990 /Crypto.hs | |
| parent | 686dcc8b172b77e3e612ba4badbb88879d0f5599 (diff) | |
| download | debug-me-fd2cb3cd3608401f42d3d0d06b7f961bb0b1ebb4.tar.gz | |
put the hash of the publickey in the clearsigned gpg message
This way changes to JSON won't risk breaking that.
Diffstat (limited to 'Crypto.hs')
| -rw-r--r-- | Crypto.hs | 8 |
1 files changed, 3 insertions, 5 deletions
@@ -5,14 +5,12 @@ module Crypto where import Val import Hash import Types -import JSON import qualified Crypto.PubKey.Ed25519 as Ed25519 import Crypto.Error import Crypto.Random.Entropy import Data.ByteArray (convert) import qualified Data.ByteString as B -import qualified Data.ByteString.Lazy as L import System.IO import System.Process import System.Exit @@ -104,7 +102,7 @@ gpgSign pk = do { std_in = CreatePipe , std_out = CreatePipe } - L.hPut hin $ encode pk + B.hPut hin $ val $ hashValue $ hash pk hClose hin hSetBinaryMode hout True sig <- GpgSig . Val <$> B.hGetContents hout @@ -131,11 +129,11 @@ gpgVerify gpgopts (GpgSigned pk (GpgSig (Val sig))) = do B.hPut hin sig hClose hin hSetBinaryMode hout True - out <- L.hGetContents hout + signeddata <- B.hGetContents hout st <- waitForProcess pid return $ case st of ExitFailure _ -> False - ExitSuccess -> Just pk == decode out + ExitSuccess -> val (hashValue (hash pk)) == signeddata where extraopts = if any ("--keyserver" `isPrefixOf`) gpgopts then gpgopts |