Verification fails when using the `KeyPair` returned by `generate_encrypted_keypair`

jedisct1 / rust-minisign

A pure Rust implementation of the Minisign signature tool.

Other

92 stars 15 forks source link

Verification fails when using the `KeyPair` returned by `generate_encrypted_keypair` #3

Closed Laegluin closed 4 years ago

Laegluin commented 5 years ago

When using the key pair struct returned by KeyPair::generate_encrypted_keypair to create a signature, verification using the public key fails with PError { kind: Verify, err: "Could not verify signature with the provided public key ID: 2265E6986983A09D" }.

When converting the secret key to a string and then loading it again first, signature creation and validation works as expected.

See this gist for short example: https://gist.github.com/Laegluin/b07abe10bfabb01b16903c9e1b5aef50

jedisct1 commented 5 years ago

The reason is that the keypair is encrypted. All traces of the original secret key are wiped from memory. Signing is not possible without the password.

Instead of generate_encrypted_keypair(), you can use generate_unencrypted_keypair() to create a password-less key pair, that can be immediately used.

jedisct1 commented 5 years ago

Granted, the fact that both functions return the same structure is a bit confusing. Maybe different types should be used.

Laegluin commented 5 years ago

Thanks a lot, I expected there was a reason I just didn't see.

Granted, the fact that both functions return the same structure is a bit confusing. Maybe different types should be used.

Yeah, that would be really helpful. I assume that's not a whole lot of work, but I'll gladly help if you need it :)