mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-23 03:17:58 +01:00
Remove support for processing compressed detached signatures
Signatures are indistinguishable from randomness, so there is no point in compressing them, apart from attempting to exploit flaws in compression algorithms. Thanks to @DemiMarie for pointing this out Fixes #286
This commit is contained in:
parent
d3f412873b
commit
49d65788b4
2 changed files with 1 additions and 26 deletions
|
@ -17,7 +17,6 @@ import org.bouncycastle.bcpg.sig.IssuerKeyID;
|
|||
import org.bouncycastle.bcpg.sig.KeyExpirationTime;
|
||||
import org.bouncycastle.bcpg.sig.RevocationReason;
|
||||
import org.bouncycastle.bcpg.sig.SignatureExpirationTime;
|
||||
import org.bouncycastle.openpgp.PGPCompressedData;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPObjectFactory;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
|
@ -232,7 +231,7 @@ public final class SignatureUtils {
|
|||
|
||||
/**
|
||||
* Read and return {@link PGPSignature PGPSignatures}.
|
||||
* This method can deal with signatures that may be armored, compressed and may contain marker packets.
|
||||
* This method can deal with signatures that may be binary, armored and may contain marker packets.
|
||||
*
|
||||
* @param inputStream input stream
|
||||
* @param maxIterations number of loop iterations until reading is aborted
|
||||
|
@ -248,11 +247,6 @@ public final class SignatureUtils {
|
|||
int i = 0;
|
||||
Object nextObject;
|
||||
while (i++ < maxIterations && (nextObject = objectFactory.nextObject()) != null) {
|
||||
if (nextObject instanceof PGPCompressedData) {
|
||||
PGPCompressedData compressedData = (PGPCompressedData) nextObject;
|
||||
objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(compressedData.getDataStream());
|
||||
}
|
||||
|
||||
if (nextObject instanceof PGPSignatureList) {
|
||||
PGPSignatureList signatureList = (PGPSignatureList) nextObject;
|
||||
for (PGPSignature s : signatureList) {
|
||||
|
|
|
@ -12,28 +12,9 @@ import java.util.List;
|
|||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.pgpainless.key.util.KeyIdUtil;
|
||||
|
||||
public class SignatureUtilsTest {
|
||||
|
||||
@Test
|
||||
public void readSignaturesFromCompressedData() throws PGPException, IOException {
|
||||
String compressed = "-----BEGIN PGP MESSAGE-----\n" +
|
||||
"Version: PGPainless\n" +
|
||||
"\n" +
|
||||
"owHrKGVhEOZiYGNlSoxcsJtBkVMg3OzZZKnz5jxiiiz+aTG+h46kcR9zinOECZ/o\n" +
|
||||
"YmTYsKve/opb3v/o8J0qq1/MFFBhP9jfEq+/avK6qPMrlh70Zfinu96c+cncX9GK\n" +
|
||||
"B4ui3fUfbUo8tFrVTIRn7kROq69H77hd6cCw9susVdls1as1gNYunnp5V8Qp+wX3\n" +
|
||||
"+jUnwoRB1p4SfPk412lb/cSmShb211fOX07h0JxVH1JXsc/vi2mi5ieG/2Xxb5tk\n" +
|
||||
"LE+r7WwruxSaeXLuLsOmXTPZD0/VtvlqO89RYjsA\n" +
|
||||
"=yZ18\n" +
|
||||
"-----END PGP MESSAGE-----";
|
||||
List<PGPSignature> signatures = SignatureUtils.readSignatures(compressed);
|
||||
assertEquals(2, signatures.size());
|
||||
assertEquals(KeyIdUtil.fromLongKeyId("5736E6931ACF370C"), signatures.get(0).getKeyID());
|
||||
assertEquals(KeyIdUtil.fromLongKeyId("F49AAA6B067BAB28"), signatures.get(1).getKeyID());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void noIssuerResultsInKeyId0() throws PGPException, IOException {
|
||||
String sig = "-----BEGIN PGP SIGNATURE-----\n" +
|
||||
|
|
Loading…
Reference in a new issue