OpenPGP.js's message signature verification can be spoofed
A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using openpgp.verify) and signed-and-encrypted messages (using openpgp.decrypt with verificationKeys) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature …