ASA-2019-00528 – OpenPGP.js: Message Signature Bypass

During verification of a message signature, OpenPGP.js does not verify that the signature is of type text. An attacker could therefore construct a message that, instead of a text signature, contains a signature of another type. As the input required for the verification process depends on the signature type, an attacker could use a signature with a type that only verifies its subpackets and does not require additional input. An attacker could construct a message that contains a valid “standalone” or “timestamp” signature packet signed by another person. OpenPGP.js would incorrectly assume this message to be signed by that person.