From 4f85a29e0ca126826692cfc1c4d1777d3e7fa5c4 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 30 Nov 2023 20:04:22 +0100 Subject: [PATCH] Backport f39d2c5566a30515a3879eae465ddfb113e37738 Prevent subkey binding signature from predating subkey Fixes #419 --- .../pgpainless/key/generation/KeyRingBuilder.java | 12 ++++++++++-- .../secretkeyring/SecretKeyRingEditor.java | 3 ++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java index 208c17b6..346837c7 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java @@ -304,6 +304,16 @@ public class KeyRingBuilder implements KeyRingBuilderInterface { public static PGPKeyPair generateKeyPair(KeySpec spec) throws NoSuchAlgorithmException, PGPException, InvalidAlgorithmParameterException { + Date keyCreationDate = spec.getKeyCreationDate(); + if (keyCreationDate == null) { + keyCreationDate = new Date(); + } + return generateKeyPair(spec, keyCreationDate); + } + + public static PGPKeyPair generateKeyPair(KeySpec spec, Date keyCreationDate) + throws NoSuchAlgorithmException, PGPException, + InvalidAlgorithmParameterException { KeyType type = spec.getKeyType(); KeyPairGenerator certKeyGenerator = KeyPairGenerator.getInstance(type.getName(), ProviderFactory.getProvider()); @@ -312,8 +322,6 @@ public class KeyRingBuilder implements KeyRingBuilderInterface { // Create raw Key Pair KeyPair keyPair = certKeyGenerator.generateKeyPair(); - Date keyCreationDate = spec.getKeyCreationDate() != null ? spec.getKeyCreationDate() : new Date(); - // Form PGP key pair PGPKeyPair pgpKeyPair = ImplementationFactory.getInstance() .getPGPKeyPair(type.getAlgorithm(), keyPair, keyCreationDate); diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java b/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java index 663c6e41..a6f30435 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java @@ -290,6 +290,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface { @Override public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) { SignatureSubpacketsHelper.applyFrom(keySpec.getSubpackets(), (SignatureSubpackets) hashedSubpackets); + hashedSubpackets.setSignatureCreationTime(referenceTime); } }; @@ -307,7 +308,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface { @Nullable SelfSignatureSubpackets.Callback subpacketsCallback, @Nonnull SecretKeyRingProtector secretKeyRingProtector) throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException { - PGPKeyPair keyPair = KeyRingBuilder.generateKeyPair(keySpec); + PGPKeyPair keyPair = KeyRingBuilder.generateKeyPair(keySpec, referenceTime); SecretKeyRingProtector subKeyProtector = PasswordBasedSecretKeyRingProtector .forKeyId(keyPair.getKeyID(), subkeyPassphrase);