Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
verify_signed_message was not checking for the validity of the signature. The documentation of python-gnupg is not clear about this, it says that the fiels are set just if the signature is valid. In this case tests/robots/1/signed_message was signed with the correct key but with the wrong digest-algo (SHA256 instead of SHA512) as expressed on the signature. Running gpg --verify tests/robots/1/signed_message returned: gpg: WARNING: signature digest conflict in message gpg: Can't check signature: General error and a non zero error code, but verify_signed_message was not catching this because verified.fingerprint was set even though verified.valid was False. Co-authored-by: jerryfletcher21 <[email protected]>
- Loading branch information