const validateSignature = async (version, filename) => { console.log(`> validating signature for ${filename}`) const filepath = `${cachePath}/${version}/${filename}` const ctMessage = await fs.readFileAsync(`${filepath}`, 'utf8') const ctSignature = await fs.readFileAsync(`${filepath}.asc`, 'utf8') const ctPubKey = pubKey const options = { message: await openpgp.cleartext.readArmored(ctSignature), publicKeys: (await openpgp.key.readArmored(ctPubKey)).keys } const valid = await openpgp.verify(options) if (typeof valid.signatures === 'undefined' && typeof valid.signatures[0] === 'undefined') { throw new Error('Invalid Signature') } if (valid.signatures[0].valid === false) { throw new Error('PGP Signature is not valid') } }
return Promise.resolve().then(()=>{ let options = { message: openpgp.cleartext.readArmored(armoredText), // parse armored message publicKeys: openpgp.key.readArmored(keyText).keys // for verification }; return openpgp.verify(options).then((verified)=>{ return {options, verified}; }); return { text: options.message.text, valid: verified.signatures[0].valid, error };