OpenARC icon indicating copy to clipboard operation
OpenARC copied to clipboard
verified publisher icon trusteddomainproject

Fix verification when key specifies hash algorithm

Open abeverley opened this issue 2 years ago • 3 comments

If an ARC key specifies the hash type as SHA256 (i.e. h=sha256) then OpenARC will fail to verify the signature. Whilst the presence of a particular hash type is detected, the type is not set and it defaults to sha1.

abeverley avatar Feb 03 '24 21:02 abeverley

Thanks @flowerysong I really appreciate the quick feedback. I've added a couple of additional commits - would you mind taking a look now please?

abeverley avatar Feb 04 '24 12:02 abeverley

LGTM. I've integrated this and the other outstanding PRs that looked reasonable into the main branch at https://github.com/flowerysong/OpenARC.

I'm on vacation for the rest of the week so I don't have time to test this branch right now, but I hope to have a chance next week to set up some rudimentary CI.

flowerysong avatar Feb 06 '24 18:02 flowerysong

I've integrated this and the other outstanding PRs that looked reasonable into the main branch at https://github.com/flowerysong/OpenARC.

Brilliant. Just to mention (for people's general interest) that I personally have been using the openarc package in Debian Experimental. It already includes a few existing PRs, and then I've added in #168 and #167. Seems to work well.

abeverley avatar Feb 06 '24 18:02 abeverley