Backport f39d2c5566

Prevent subkey binding signature from predating subkey Fixes #419
2024-11-25 13:52:06 +01:00 · 2023-11-30 20:04:22 +01:00 · 2023-11-30 20:04:22 +01:00 · 4f85a29e0c
commit 4f85a29e0c
parent b7e8b56e3d
2 changed files with 12 additions and 3 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java
@ -304,6 +304,16 @@ public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {
    public static PGPKeyPair generateKeyPair(KeySpec spec)
            throws NoSuchAlgorithmException, PGPException,
            InvalidAlgorithmParameterException {
+        Date keyCreationDate = spec.getKeyCreationDate();
+        if (keyCreationDate == null) {
+            keyCreationDate = new Date();
+        }
+        return generateKeyPair(spec, keyCreationDate);
+    }
+
+    public static PGPKeyPair generateKeyPair(KeySpec spec, Date keyCreationDate)
+            throws NoSuchAlgorithmException, PGPException,
+            InvalidAlgorithmParameterException {
        KeyType type = spec.getKeyType();
        KeyPairGenerator certKeyGenerator = KeyPairGenerator.getInstance(type.getName(),
                ProviderFactory.getProvider());
@ -312,8 +322,6 @@ public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {
        // Create raw Key Pair
        KeyPair keyPair = certKeyGenerator.generateKeyPair();

-        Date keyCreationDate = spec.getKeyCreationDate() != null ? spec.getKeyCreationDate() : new Date();
-
        // Form PGP key pair
        PGPKeyPair pgpKeyPair = ImplementationFactory.getInstance()
                .getPGPKeyPair(type.getAlgorithm(), keyPair, keyCreationDate);
--- a/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java
@ -290,6 +290,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
            @Override
            public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
                SignatureSubpacketsHelper.applyFrom(keySpec.getSubpackets(), (SignatureSubpackets) hashedSubpackets);
+                hashedSubpackets.setSignatureCreationTime(referenceTime);
            }
        };

@ -307,7 +308,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
            @Nullable SelfSignatureSubpackets.Callback subpacketsCallback,
            @Nonnull SecretKeyRingProtector secretKeyRingProtector)
            throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
-        PGPKeyPair keyPair = KeyRingBuilder.generateKeyPair(keySpec);
+        PGPKeyPair keyPair = KeyRingBuilder.generateKeyPair(keySpec, referenceTime);

        SecretKeyRingProtector subKeyProtector = PasswordBasedSecretKeyRingProtector
                .forKeyId(keyPair.getKeyID(), subkeyPassphrase);