diff options
Diffstat (limited to 'verify.go')
| -rw-r--r-- | verify.go | 11 |
1 files changed, 4 insertions, 7 deletions
@@ -31,7 +31,7 @@ func Verify(signatureFileContent string, signedJson []byte, expectedFileName str // Verification is performed using a matching key in allowedPublicKeys. // The signature is checked to be a Blake2b-prehashed Ed25519 Minisign signature with a valid trusted comment. // The file type that is verified is indicated by expectedFileName, which must be one of server_list.json/organization_list.json. -// The trusted comment is checked to be of the form "time<(stamp)>:<timestamp>\tfile:<expectedFileName>", optionally suffixed by something, e.g. "\thashed". +// The trusted comment is checked to be of the form "timestamp:<timestamp>\tfile:<expectedFileName>", optionally suffixed by something, e.g. "\thashed". // The signature is checked to have a timestamp with a value of at least minSignTime, which is a UNIX timestamp without milliseconds; // // The return value will either be (true, nil) on success or (false, err) on failure. @@ -71,13 +71,10 @@ func verifyWithKeys(signatureFileContent string, signedJson []byte, expectedFile var signTime uint64 var sigFileName string // sigFileName cannot have spaces - _, err = fmt.Sscanf(sig.TrustedComment, "trusted comment: time:%d\tfile:%s", &signTime, &sigFileName) + _, err = fmt.Sscanf(sig.TrustedComment, "trusted comment: timestamp:%d\tfile:%s", &signTime, &sigFileName) if err != nil { - _, err = fmt.Sscanf(sig.TrustedComment, "trusted comment: timestamp:%d\tfile:%s", &signTime, &sigFileName) - if err != nil { - return false, VerifyError{ErrInvalidTrustedComment, - fmt.Sprintf("failed to interpret trusted comment (%q)", sig.TrustedComment), err} - } + return false, VerifyError{ErrInvalidTrustedComment, + fmt.Sprintf("failed to interpret trusted comment (%q)", sig.TrustedComment), err} } if sigFileName != expectedFileName { |