Skip to content

fix: reject revoked signers after decrypt and verify#24

Open
kushaldas wants to merge 4 commits into
mainfrom
fix/reject_revoked
Open

fix: reject revoked signers after decrypt and verify#24
kushaldas wants to merge 4 commits into
mainfrom
fix/reject_revoked

Conversation

@kushaldas

Copy link
Copy Markdown
Contributor

Centralize decrypt-and-verify signature classification for software and card-backed paths. Downgrade cryptographically valid signatures to Bad when the primary certificate or exact verifier subkey is revoked.

Add regression coverage for sign-before-revocation messages and confirm that revocation of an unrelated subkey does not invalidate a valid signer. Update the public Good outcome documentation to require a non-revoked signer.

Centralize decrypt-and-verify signature classification for software and
card-backed paths. Downgrade cryptographically valid signatures to Bad
when the primary certificate or exact verifier subkey is revoked.

Add regression coverage for sign-before-revocation messages and confirm
that revocation of an unrelated subkey does not invalidate a valid
signer. Update the public Good outcome documentation to require a
non-revoked signer.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR centralizes decrypt-and-verify signature classification so both software and card-backed decryption paths apply the same trust policy, specifically downgrading otherwise-cryptographically-valid signatures to non-trusted outcomes when the signer is revoked.

Changes:

  • Added a shared signature-classification helper that normalizes signer identifiers and applies a consistent revocation policy.
  • Updated Good outcome documentation to require a non-revoked signer.
  • Added regression tests for “signed before revocation” scenarios and for revocation scoping to the actual verifying key.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/decrypt.rs
Comment thread src/decrypt.rs Outdated

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

Comment thread src/decrypt.rs Outdated
Comment thread src/decrypt.rs Outdated
Reuse exact issuer matching and signer revocation checks across decrypt
and verify paths. Add documented shared test helpers and an end-to-end
regression for revocation of the selected signing subkey.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

Comment thread src/lib.rs
pub mod error;
pub mod key;
pub mod paths;
mod revocation;
Comment thread src/decrypt.rs
Comment on lines 328 to 331
use super::*;
use crate::revocation::test_support::{parse_secret_key, revoke_subkey};
use pgp::types::KeyDetails;
use wecanencrypt::{create_key_simple, encrypt_bytes, sign_and_encrypt_to_multiple, KeyStore};

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

Comment thread src/decrypt.rs
Comment on lines +329 to +330
use crate::revocation::test_support::{parse_secret_key, revoke_subkey};
use pgp::types::KeyDetails;
Comment thread src/revocation.rs
use pgp::composed::{Deserializable, SignedSecretKey, SignedSecretSubKey};
use pgp::packet::{SignatureConfig, SignatureType, Subpacket, SubpacketData};
use pgp::ser::Serialize;
use pgp::types::{KeyDetails, KeyVersion, Password, Timestamp};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants