kbpgp
kbpgp copied to clipboard
keybase
Verify detached signature
Can you give an example on how to verify detached signature in case the signature and the clear text message is sent separately?
Yea im looking for info on how to do this too, all i want to do is verify inbound message to my app.
Start with this example. If you have a static buffer with your file data, then the only extra parameter is that buffer, which can be passed in as data:
kbpgp.unbox { armored, data, keyring }, (err) ->
console.log err
If you're streaming data, you can pass data_fn instead of data. Here's a data_fn if you were just reading a buffer piecemeal. Kbpgp will pass data_fn a "hasher" to hash on each new piece of data, and also a callback, to signal an error and/or the EOF:
buffer = new Buffer (i ^ 0xff for i in [0...1000000])
p = 0
chunksize = 0x2000
data_fn = (hasher, cb) ->
if p < buffer.length
end = Math.min(buffer.length, p + chunksize)
hasher buffer[p...end]
p = end
cb null, false
else
cb null, true
kbpgp.unbox { armored, data_fn, keyring }, (err) ->
console.log err
Sorry im not sure what you mean by 'your file data' do you mean the signed message as below:
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.0.8
Comment: https://keybase.io/crypto
wsBcBAABCgAGBQJVgtAoAAoJEBkCaVTgSQ4vkEIH/AjEt5eP7zSFTW6ANEMTIVo0
91u5/3+ZuOg7C7c9WQfUm6GqswzIPhXalCC5wFMrpbPwaOhNMCXyROZe2gtC8jrR
rjAlZ/+FjnOIi1YnvVB2kWXo95CjJHWdwz4PaFBRe8CBJx+j2LE5s+Uht5PlaFpT
sG+YznO2qZJS0dUESEpFJIVvxZNupF4ppSvNdYJu5SucGE4+Pq55P/rPBX98gWh4
PlQsfDfWjeupumrngNu5cb7IHV5AjjEfyf5pqUKdXBFDV7qlC/x0taI+dC6sz4Mn
4gOfCze3gOayjR02BYgN3VaPZf/1Q81RtSSvMruBQ7rj761i7XpOwjqpH8joo1I=
=A8kT
-----END PGP SIGNATURE-----
No, pass that as armored in my above example. Pass the other blob of data as data.