-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
packet.Config.Time should return time with 999999999 nsec #240
base: main
Are you sure you want to change the base?
Conversation
Currently verifySignature accepts seconds for verification, but internally it uses time.Time for comparison. That means if we created openpgp.Entity with default time field, test can fail with "key expired" error because PublicKey.KeyExpired will think that key creation happened before verifyTime when in reality we just lost the nsec precision. Signed-off-by: Dmitriy Matrenichev <[email protected]>
Relevant test added that covers both this and #231 |
Hello 👋 Timestamps in OpenPGP only have second precision. I assume that if you'd serialize and parse the key before using it, this issue would go away - which implies that the fix should be something else, i.e. round down the current time when generating keys (and signatures). Though, that would probably need to be done in go-crypto, not gopenpgp. |
Both and Make no requirements about passed and creation time having second prevision. We can use Trunc there, but is it correct way? |
The thing is that both |
openpgp.Entity.EncryptionKey is public method which accepts non-truncated time. I suppose there are also other ways to pass nsec time to |
@twiss ProtonMail/go-crypto#168 like this? |
Currently verifySignature accepts seconds for verification, but internally it uses time.Time for comparison. That means if we created openpgp.Entity with default time field, test can fail with "key expired" error because PublicKey.KeyExpired will think that key creation happened before verifyTime when in reality we just lost the nsec precision.