Bug report: ECC keys from "Generate PGP Key Pair" operation are invalid · gchq/CyberChef#2267

(0 评论) (0 反应) (1 负责人)JavaScript (34,843 star) (3,944 fork)batch import

bughelp wanted

描述

Describe the bug ECC keys generated by the Generate PGP Key Pair operation are invalid because algorithm and curve type have not been set.

This results in PGP Encrypt operations using such a key failing with an obscure internal kbpgp message as per #1440, #1923.

To Reproduce See #1440 for example

Expected behaviour Key should have subkeys for signing/certification and encryption. See https://github.com/zapu/kbpgp/blob/4f61781c93798c0527f250332f50c47b73e878ca/test/files/cv25519.iced#L239-L249 for a reference example.

Additional context Long term it would probably be better to replace the kbpgp library with a more frequently updated/modern library such as openpgp.js

贡献者指南

技术栈: javascript
领域: securityfrontend
议题类型: bug
难度: 2
预计时间: 1-3 hours
活动状态: blocked
清晰度: clear
前置要求: PGP key generation basicskbpgp library
新手友好度: 60
研究方向: First, examine the Generate PGP Key Pair operation in CyberChef's source code. Look at how key generation parameters are passed to kbpgp. The test file at https://github.com/zapu/kbpgp/blob/4f61781c93798c0527f250332f50c47b73e878ca/test/files/cv25519.iced#L239 L249 shows the correct way to set algorithm and curve. Identify where in the current code the algorithm and curve are missing and add them.