diff --git a/app.js b/app.js
index ad748fb..b5bca80 100644
--- a/app.js
+++ b/app.js
@@ -1,20 +1,64 @@
const express = require('express');
+const openpgp = require('openpgp');
const path = require('path');
const fs = require('fs');
const app = express();
+app.use(express.urlencoded({ extended: true }));
app.set('view engine', 'ejs');
app.set('views', path.join(__dirname, 'views'));
app.use(express.static(path.join(__dirname, 'public')));
app.use(express.json());
-const routes = ['/', '/about', '/contact', '/verify', '/status', '/design', '/projects', '/cloud'];
+const PUBKEY = path.join(__dirname, 'src', 'pgp', 'publickey.asc');
+
+const routes = ['/', '/about', '/contact', '/status', '/design', '/projects', '/cloud'];
routes.forEach(route => {
app.get(route, (req, res) => {
res.render(route === '/' ? 'index' : route.slice(1), { req });
});
});
+app.get('/verify', (req, res) => {
+ res.render('verify', { req, verifyResult: null });
+});
+
+app.post('/verify', async (req, res) => {
+ const { pgpMessage } = req.body;
+
+ try {
+ const pubKeyArmored = fs.readFileSync(PUBKEY, 'utf8');
+ const pubKey = await openpgp.readKey({ armoredKey: pubKeyArmored });
+
+ const cleartextMessage = await openpgp.readCleartextMessage({ cleartextMessage: pgpMessage });
+
+ const verifyResult = await openpgp.verify({
+ message: cleartextMessage,
+ verificationKeys: pubKey,
+ });
+
+ const isValid = await verifyResult.signatures[0].verified;
+ let resultMessage;
+
+ if (isValid) {
+ resultMessage = '✅ Signature is valid!';
+ } else {
+ resultMessage = '❌ Signature is invalid or message has been tampered with.';
+ }
+
+ res.render('verify', { req, verifyResult: resultMessage });
+
+ } catch (error) {
+ if (error.message.includes("Could not find signing key")) {
+ console.error('Verification failed: Unknown/invalid signing key');
+ res.render('verify', { req, verifyResult: '❌ Signature is from unknown signer or invalid.' });
+ } else {
+ console.error('Verification failed:', error);
+ res.render('verify', { req, verifyResult: '❌ An error occurred during verification.' });
+ }
+ }
+});
+
const PORT = process.env.PORT || 5566;
app.listen(PORT, () => {
const now = new Date();
diff --git a/views/verify.ejs b/views/verify.ejs
index a3b79c3..bd99075 100644
--- a/views/verify.ejs
+++ b/views/verify.ejs
@@ -22,9 +22,18 @@
Introduction
Did I send you a PGP signed message? Let's check it's actually from me! The form below will verify the message was signed by my key.
Remember, if you have confirmed my key in person, you should always trust that key over this page.
- The key this is being checked against is stored on my server, which can be prone to being hacked. Thus, this is better than nothing, but not the #1 option for verifying a message.
+ The key this is being checked against is stored on my server, which can be prone to being hacked. Thus, this is better than nothing, but not the #1 option for verifying a message. As of now, messages are checked by the server, not locally.
Check Message
- THIS FORM IS NOT CURRENTLY AVAILABLE
+
+ <% if (verifyResult) { %>
+
+ <% } %>
<%- include('shards/footer.ejs') %>
\ No newline at end of file