import openpgp

elastic · Dec 4, 2024 · 1036d0d · 1036d0d
1 parent ea056c4
commit 1036d0d
Showing 1 changed file with 10 additions and 9 deletions.
diff --git a/x-pack/plugins/fleet/server/services/epm/packages/package_verification.ts b/x-pack/plugins/fleet/server/services/epm/packages/package_verification.ts
@@ -7,7 +7,8 @@
 
 import { readFile } from 'fs/promises';
 
-import * as openpgp from 'openpgp';
+import type { Key } from 'openpgp';
+import { readKey, readSignature, createMessage, verify } from 'openpgp';
 import type { Logger } from '@kbn/logging';
 
 import type { PackageVerificationResult } from '../../../types';
@@ -22,7 +23,7 @@ interface VerificationResult {
   keyId: string;
 }
 
-let cachedKey: openpgp.Key | undefined | null = null;
+let cachedKey: Key | undefined | null = null;
 
 export async function getGpgKeyIdOrUndefined(): Promise<string | undefined> {
   const key = await getGpgKeyOrUndefined();
@@ -32,14 +33,14 @@ export async function getGpgKeyIdOrUndefined(): Promise<string | undefined> {
   return key.getKeyID().toHex();
 }
 
-export async function getGpgKeyOrUndefined(): Promise<openpgp.Key | undefined> {
+export async function getGpgKeyOrUndefined(): Promise<Key | undefined> {
   if (cachedKey !== null) return cachedKey;
 
   cachedKey = await _readGpgKey();
   return cachedKey;
 }
 
-export async function _readGpgKey(): Promise<openpgp.Key | undefined> {
+export async function _readGpgKey(): Promise<Key | undefined> {
   const config = appContextService.getConfig();
   const logger = appContextService.getLogger();
   const gpgKeyPath = config?.packageVerification?.gpgKeyPath;
@@ -57,7 +58,7 @@ export async function _readGpgKey(): Promise<openpgp.Key | undefined> {
   }
   let key;
   try {
-    key = await openpgp.readKey({
+    key = await readKey({
       armoredKey: buffer.toString(),
     });
   } catch (e) {
@@ -115,18 +116,18 @@ async function _verifyPackageSignature({
 }: {
   pkgArchiveBuffer: Buffer;
   pkgArchiveSignature: string;
-  verificationKey: openpgp.Key;
+  verificationKey: Key;
   logger: Logger;
 }): Promise<VerificationResult> {
-  const signature = await openpgp.readSignature({
+  const signature = await readSignature({
     armoredSignature: pkgArchiveSignature,
   });
 
-  const message = await openpgp.createMessage({
+  const message = await createMessage({
     binary: pkgArchiveBuffer,
   });
 
-  const verificationResult = await openpgp.verify({
+  const verificationResult = await verify({
     verificationKeys: verificationKey,
     signature,
     message,