protonmail: implement attachment signature support#323
Open
alicetulpa wants to merge 1 commit intoemersion:masterfrom
Open
protonmail: implement attachment signature support#323alicetulpa wants to merge 1 commit intoemersion:masterfrom
alicetulpa wants to merge 1 commit intoemersion:masterfrom
Conversation
Previously, attachment encryption did not generate signatures, causing
Proton API error [2011] ('One or more attachments are missing a
signature') when sending emails with attachments.
This commit:
- Passes the signing key to symetricallyEncrypt in Encrypt(), enabling
inline signing of the encrypted attachment data
- Wraps the plaintext writer to tee data into a SHA512 hash, generating
a detached PGP signature on Close()
- Stores the base64-encoded detached signature in att.Signature
- Uploads att.Signature as a 'Signature' form field in CreateAttachment()
Resolves the two TODO comments in attachments.go that noted missing
signature implementation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Sending emails with attachments via hydroxide fails with Proton API error
[2011]: 'One or more attachments are missing a signature'.The
Encrypt()function inprotonmail/attachments.gohad two TODO comments noting that signature support was never implemented — the signing entity was passed asniltosymetricallyEncrypt, and noSignatureform field was uploaded inCreateAttachment().Fix
Encrypt()— Extracts the signing key from the private key entity and passes it tosymetricallyEncryptfor inline signing. Additionally wraps the plaintext writer in anattachmentSignWriterthat tees plaintext into a SHA512 hash, generating a detached PGP signature onClose(), stored base64-encoded inatt.Signature.CreateAttachment()— Uploadsatt.Signatureas aSignatureform field when non-empty.Testing
Tested by sending emails with text file attachments through the patched hydroxide bridge. Emails are accepted by the Proton API and delivered successfully to both ProtonMail and external recipients.