If GPG has the correct public key, show signature as verified and display key owner name

3 years ago · 25853962e5
parent 20797ae50e
commit 25853962e5
2 changed files with 22 additions and 7 deletions
--- a/src/js/crypto.js
+++ b/src/js/crypto.js
@ -252,7 +252,7 @@ function importPrivateKey() {
 /**
 * Call the native system GPG to "decrypt" a PGP signature. This should work when the hacky "base64 decode and search for strings" method fails.
 * @param {String} sigdata
- * @param {Function} callback (string) message, (string) fingerprint, (bool) success
+ * @param {Function} callback (string|null) message, (string|null) fingerprint, (string|null) signername, (bool) verified, (bool) success
 * @returns {undefined}
 */
 function readSignatureExternally(sigdata, callback) {
@ -286,15 +286,26 @@ function readSignatureExternally(sigdata, callback) {
        if (stdout.length > 50) {
            msg = stdout;
        } else {
-            callback(null, null, false);
+            callback(null, null, null, false, false);
        }

+        var verified = false;
+        var signername = null;
+
+        console.log(stderr);
        var keyid = null;
        var keyidregex = /(keyid|RSA key) ([A-F0-9]+)/;
        if (keyidregex.test(stderr)) {
            keyid = stderr.match(keyidregex)[2];
        }
-        callback(msg, keyid, true);
+
+        var goodsigregex = /Good signature from "([a-zA-Z0-9\s]+) <.+@.+>"/;
+        if (goodsigregex.test(stderr)) {
+            // GPG actually has a matching public key, so that's cool
+            verified = true;
+            signername = stderr.match(goodsigregex)[1];
+        }
+        callback(msg, keyid, signername, verified, true);
    });
 }

--- a/src/js/pdf.js
+++ b/src/js/pdf.js
@ -83,12 +83,12 @@ function analyzeSignedPDF() {
                            var msg = window.atob(base64).split("START", 2)[1].split("END", 2)[0];
                            parseAndDisplaySignature(msg, pdfhash, false, null);
                        } catch (ex) {
-                            readSignatureExternally(sigdata, function (msg, keyprint, ok) {
+                            readSignatureExternally(sigdata, function (msg, keyprint, signername, verified, ok) {
                                if (!ok) {
                                    showAlert("Error: could not parse signature data.");
                                    return;
                                }
-                                parseAndDisplaySignature(msg, pdfhash, false, keyprint);
+                                parseAndDisplaySignature(msg, pdfhash, verified, keyprint, signername);
                            });
                            console.error(ex);
                        }
@ -149,7 +149,7 @@ function analyzeSignedPDF() {
    }, ".pdf");
 }

-function parseAndDisplaySignature(msg, pdfhash, verified, fingerprint) {
+function parseAndDisplaySignature(msg, pdfhash, verified, fingerprint, signername) {
    var msgparts = {};
    // Decode message contents
    var msglines = msg.split("\n");
@ -246,7 +246,11 @@ then run the analyze tool again to prove if it was changed since notarization.")
            var fingerprintstart = "";
            var fingerprintend = fingerprint;
        }
-        $("#verifyModalDetailedInfoList").append('<li class="list-group-item"><i class="fas fa-fingerprint fa-fw"></i> Signature key ID: ' + fingerprintstart + '<b>' + fingerprintend + '</b></li>');
+        $("#verifyModalDetailedInfoList").append('<li class="list-group-item"><i class="fas fa-fingerprint fa-fw"></i> Public key ID: ' + fingerprintstart + '<b>' + fingerprintend + '</b></li>');
+    }
+
+    if (typeof signername == "string") {
+        $("#verifyModalDetailedInfoList").append('<li class="list-group-item"><i class="fas fa-user-shield fa-fw"></i> Owner of public key: ' + sanitizeHTMLString(signername) + '</li>');
    }
    new bootstrap.Modal(document.getElementById('verifyModal')).show();
 }