go-crypto icon indicating copy to clipboard operation
go-crypto copied to clipboard

Published 20 hours ago verified publisher icon ProtonMail

Fix openpgp.MessageDetails footguns

Open emersion opened this issue 4 years ago • 1 comments

openpgp.MessageDetails is very easy to mis-use.

Ref https://github.com/emersion/go-pgpmail/issues/5

emersion avatar Dec 04 '21 10:12 emersion

Hey :wave: Yeah, I agree. One thing we could do, in a relatively backward-compatible way, is add a new IsVerified property, which would be set to true after the body has been read and the signature has been successfully verified. That would offer a more explicit and indeed less error-prone way to check signature verification. Other suggestions and/or a PR would be welcome :blush:

twiss avatar Dec 23 '21 09:12 twiss