fix: Pad secret keys with zeros before sending them to NetHSM (!60) · Merge requests · Arch Linux / signstar

Wiktor Kwapisiewicz requested to merge wiktor/70-fix-key-import-fail into main Sep 04, 2024

This fixes a rare bug when importing OpenPGP keys with a scalar part too short. Since OpenPGP does not preserve leading zeros and NetHSM expects leading zeros this caused errors on import when the generated scalar started with a zero value.

Pad the scalars to appropriate size before processing them further. Additionally check for a scalar values that are not compatible with the target curve.

Add a test case that was captured during a flaky test run.

Fixes: #70 (closed)

Admin message

fix: Pad secret keys with zeros before sending them to NetHSM

Merge request reports