raise if incorrect password

jshawl · Feb 4, 2024 · 7d738a8 · 7d738a8
1 parent 8def5ed
commit 7d738a8
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/lib/minisign/private_key.rb b/lib/minisign/private_key.rb
@@ -33,11 +33,16 @@ def initialize(str, password = nil)
                          bytes[54..157]
                        end
       @key_id, @secret_key, @public_key, @checksum = key_data(key_data_bytes)
+      assert_keypair_match!
     end
     # rubocop:enable Layout/LineLength
     # rubocop:enable Metrics/AbcSize
     # rubocop:enable Metrics/MethodLength
 
+    def assert_keypair_match!
+      raise 'Wrong password for that key' if @public_key != ed25519_signing_key.verify_key.to_bytes.bytes
+    end
+
     def key_data(bytes)
       [bytes[0..7], bytes[8..39], bytes[40..71], bytes[72..103]]
     end

diff --git a/spec/minisign/private_key_spec.rb b/spec/minisign/private_key_spec.rb
@@ -20,6 +20,12 @@
       end.to raise_error('Missing password for encrypted key')
     end
 
+    it 'raises if the password is incorrect for the private key' do
+      expect do
+        Minisign::PrivateKey.new(File.read('test/minisign.key'), 'not the right password')
+      end.to raise_error('Wrong password for that key')
+    end
+
     it 'parses the cksum_algorithm' do
       expect(@private_key.cksum_algorithm).to eq('B2')
     end