OpenPGP.js bug enables encrypted message spoofing

phnx · May 22, 2025, 10:36am

Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed.

Tracked as CVE-2025-47934 (8.7 – high), the vulnerability stems from the openpgp.verify and openpgp.decrypt functions. The advisory posted to the library’s GitHub repo states that a maliciously modified message can be passed to one of these functions and return a result indicating a valid signature without actually being signed.

No word from Proton yet, but given they are the maintainers of OpenPGP.js and almost certainly the largest user of it, I hope they’ll comment soon.

Encounter5729 · May 22, 2025, 10:42am

In the article:

Daniel Huigens, cryptography team lead at Proton and head maintainer of OpenPGP.js, said in the advisory that until they can upgrade, users should scrutinize any ostensibly signed message they receive and verify each signature as a detached one.

For signed-and-encrypted messages, Huigens suggested verifying their legitimacy in two steps. First, call openpgp.decrypt without verificationKeys, and then pass the returned signatures and a new message containing decrypted data to openpgp.verify.

Topic		Replies	Views
A schism in the OpenPGP world General	6	631	March 13, 2025
Breaking Cryptography in the Wild: Rocket.Chat General software	0	135	June 22, 2025
Picocrypt is finally getting a security audit! General	21	1924	December 19, 2024
Reconsider OpenKeychain Tool Suggestions rejected	13	1460	February 12, 2024
PGP practice thread General	19	1613	December 18, 2024

OpenPGP.js bug enables encrypted message spoofing

Related topics