Added PGP verify operation

Added some more metadata to decrypt & verify Fixes gchq/CyberChef#581
2024-11-02 14:11:02 +01:00 · 2019-06-27 16:48:03 +01:00 · 2019-06-27 16:48:03 +01:00 · 4c27a46d35
commit 4c27a46d35
parent ca9bab5d4c
2 changed files with 114 additions and 2 deletions
--- a/src/core/operations/PGPDecryptAndVerify.mjs
+++ b/src/core/operations/PGPDecryptAndVerify.mjs
@ -93,7 +93,7 @@ class PGPDecryptAndVerify extends Operation {
                            text += `${signer.username} `;
                        }
                        if (signer.comment) {
-                            text += `${signer.comment} `;
+                            text += `(${signer.comment}) `;
                        }
                        if (signer.email) {
                            text += `<${signer.email}>`;
@ -102,7 +102,8 @@ class PGPDecryptAndVerify extends Operation {
                    }
                    text += [
                        `PGP fingerprint: ${km.get_pgp_fingerprint().toString("hex")}`,
-                        `Signed on ${new Date(ds.sig.hashed_subpackets[0].time * 1000).toUTCString()}`,
+                        `PGP key ID: ${km.get_pgp_short_key_id()}`,
+                        `Signed on ${new Date(ds.sig.when_generated() * 1000).toUTCString()}`,
                        "----------------------------------\n"
                    ].join("\n");
                    text += unboxedLiterals.toString();
--- a/src/core/operations/PGPVerify.mjs
+++ b/src/core/operations/PGPVerify.mjs
@ -0,0 +1,111 @@
+/**
+ * @author Matt C [me@mitt.dev]
+ * @copyright Crown Copyright 2019
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation";
+import OperationError from "../errors/OperationError";
+
+import kbpgp from "kbpgp";
+import { ASP, importPublicKey } from "../lib/PGP";
+import * as es6promisify from "es6-promisify";
+const promisify = es6promisify.default ? es6promisify.default.promisify : es6promisify.promisify;
+
+/**
+ * PGP Verify operation
+ */
+class PGPVerify extends Operation {
+
+    /**
+     * PGPVerify constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "PGP Verify";
+        this.module = "PGP";
+        this.description = [
+            "Input: the ASCII-armoured encrypted PGP message you want to verify.",
+            "<br><br>",
+            "Argument: the ASCII-armoured PGP public key of the signer",
+            "<br><br>",
+            "This operation uses PGP to decrypt a clearsigned message.",
+            "<br><br>",
+            "Pretty Good Privacy is an encryption standard (OpenPGP) used for encrypting, decrypting, and signing messages.",
+            "<br><br>",
+            "This function uses the Keybase implementation of PGP.",
+        ].join("\n");
+        this.infoURL = "https://wikipedia.org/wiki/Pretty_Good_Privacy";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Public key of signer",
+                "type": "text",
+                "value": ""
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    async run(input, args) {
+        const signedMessage = input,
+            [publicKey] = args,
+            keyring = new kbpgp.keyring.KeyRing();
+        let unboxedLiterals;
+
+        if (!publicKey) throw new OperationError("Enter the public key of the signer.");
+        const pubKey = await importPublicKey(publicKey);
+        keyring.add_key_manager(pubKey);
+
+        try {
+            unboxedLiterals = await promisify(kbpgp.unbox)({
+                armored: signedMessage,
+                keyfetch: keyring,
+                asp: ASP
+            });
+            const ds = unboxedLiterals[0].get_data_signer();
+            if (ds) {
+                const km = ds.get_key_manager();
+                if (km) {
+                    const signer = km.get_userids_mark_primary()[0].components;
+                    let text = "Signed by ";
+                    if (signer.email || signer.username || signer.comment) {
+                        if (signer.username) {
+                            text += `${signer.username} `;
+                        }
+                        if (signer.comment) {
+                            text += `(${signer.comment}) `;
+                        }
+                        if (signer.email) {
+                            text += `<${signer.email}>`;
+                        }
+                        text += "\n";
+                    }
+                    text += [
+                        `PGP fingerprint: ${km.get_pgp_fingerprint().toString("hex")}`,
+                        `PGP key ID: ${km.get_pgp_short_key_id()}`,
+                        `Signed on ${new Date(ds.sig.when_generated() * 1000).toUTCString()}`,
+                        "----------------------------------\n"
+                    ].join("\n");
+                    text += unboxedLiterals.toString();
+                    return text.trim();
+                } else {
+                    throw new OperationError("Could not identify a key manager.");
+                }
+            } else {
+                throw new OperationError("The data does not appear to be signed.");
+            }
+        } catch (err) {
+            throw new OperationError(`Couldn't verify message: ${err}`);
+        }
+    }
+
+}
+
+export default PGPVerify;