Singed message is not enforcing signature

[bwbroersma]

Singed message is not enforcing signature, e.g.:

-----BEGIN PGP SIGNED MESSAGE-----
Expires: 2024-01-01T00:00:00.000Z
Contact: https://www.example.org

This currently parses as valid with zero errors.

The issues for signed messages I can see:

• [ ] hash-header not enforced (1*, so should be one or more)
• [ ] no CRLF enforced (after hash-header)
• [x] armor-header (-----BEGIN PGP SIGNATURE-----) not enforced
• [x] no CRLF enforced (after either armor-keys or after the armor-header if no keys)
• [x] no data in signature enforces, no validation on valid base64
• [x] armor-tail (-----END PGP SIGNATURE-----) not explicitly enforced (only needed when armor-header is present, when armor-tail is missing, the error will be no_line_separators, because the last line is {'type': 'pgp_envelope'}, even when empty)
• [x] #54

The current code quite literally is this xkcd PGP :upside_down_face::

[DigitalTrustCenter]

With the new release a pgp formatter checker is added using the PGPy module which checks the OpenPGP message specification in accordance with RFC 4880. Any issue with the PGP message or signature would result in a pgp_data_error. If the message is not a valid pgp message it would result in a pgp_error.

[baknu]

It is not clear to us (@mxsasha, @bwbroersma and me) what the exact difference is between pgp_data_error and pgp_error. Moreover, it is not clear to us how these new error messages relate to signed_format_issue. Could you elaborate?

[DigitalTrustCenter]

We made 2 pgp error distinctions. These were made because the PGPy library also seems to make these distinction. The first and most common will be the pgp_data_error. This means that there is an issue with the message formatting. So, for instance, missing information like the end message or other required fields or unexpected fields within the message. The second error, pgp_error, occurs when there was an issue with the encoded data within the pgp message. So if there was an issue with decoding the data within the pgp armored block.

[baknu]

Thanks for the explanation! Still some additional questions:

• Will each of the points mentioned by @bwbroersma in https://github.com/DigitalTrustCenter/sectxt/issues/56#issue-1808128769 trigger a pgp_data_error or a pgp_error?
• Isn't signed_format_issue (partly) overlapping with pgp_data_error?
• What are the underlying PGPy errors? (see: https://pgpy.readthedocs.io/en/latest/api.html)

[DigitalTrustCenter]

If it is regarding a pgp signed message it will enforce the addition of a valid pgp signature. If it is not present it will throw a pgp_data_error. This includes a pgp signature that is not correctly formatted, so for instance no CRLF (or too many) after the armor header or no armor-tail will also throw a pgp_data_error. It will also validate the base64 data. If this is not valid it will give a pgp_error because it could not decode the pgp message. There is currently no enforcment of the hash-header or the CRLF after the hash header. This is not listed as required in the RFC 4880 which describes the OpenPGP Message Format, but since seems to be a requirement listed in chapter 4 of rfc9116 we will add a check for this with a newer version.

[DigitalTrustCenter]

the signed_format_issue error only checks if the header is at the start of the security.txt. If this is not the case it will not throw a pgp_data_error