Closed bemasc closed 8 years ago
I don't know if this is directly related, but I found a bug yesterday in the wrapper to e2e. In the declaration for mye2e.prototype.importKey, there's this call:
pgp.importKey(
function(str, continuation) {
continuation(passphrase);
}, keyStr).addCallback(resolve).addErrback(reject);
The problem is that the function gets 'undefined' for its second arg (continuation
) and should (I'm still debugging a key import right now, so there's more work to be done here) actually just return e2e.async.Result.toResult(passphrase)
.
Perhaps that's part of the problem?
I think it likely is, it looks like the different ways of doing async/promises aren't playing nicely. Switching verifyDecrypt to import more like signEncrypt (that is directly use the pgp context object) still passes the existing unit/integration tests, though doesn't pass the new tests Ben added.
A note - it's very tempting (and perhaps necessary) to use the various e2e.async
calls to try to ensure synchronous behavior, but from what I've read in their documentation/comments it may be pretty brittle to depend on (that is they may change things).
The more I trace into e2e.async
(and goog.async
), the more confusing and hard-to-trace this whole thing is. I agree that we should avoid touching it.
Binary signing is currently broken. I have a partial fix here: https://github.com/freedomjs/freedom-pgp-e2e/compare/bemasc-sign. However, verifying signatures from previously unknown users still fails. I don't understand why, but after tracing through the failing case, it appears to be because
e2e.openpgp.KeyRing.prototype.getKeyBlockById
is returningnull
. This suggests that the call toimportKey
inverifyDecrypt
is not having the intended effect.