mirror of
https://github.com/RoboSats/robosats.git
synced 2025-07-20 09:43:23 +00:00
20d56bdb6f
verify_signed_message was not checking for the validity of the signature. The documentation of python-gnupg is not clear about this, it says that the fiels are set just if the signature is valid. In this case tests/robots/1/signed_message was signed with the correct key but with the wrong digest-algo (SHA256 instead of SHA512) as expressed on the signature. Running gpg --verify tests/robots/1/signed_message returned: gpg: WARNING: signature digest conflict in message gpg: Can't check signature: General error and a non zero error code, but verify_signed_message was not catching this because verified.fingerprint was set even though verified.valid was False.