PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-16 09:22:05 +01:00
Code Issues Releases Wiki Activity

Backport f39d2c5566

Browse source 
Prevent subkey binding signature from predating subkey
Fixes #419
This commit is contained in:
Paul Schaub 2023-11-30 20:04:22 +01:00
parent b7e8b56e3d
commit 4f85a29e0c
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java
View file

@ -304,6 +304,16 @@ public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {
public static PGPKeyPair generateKeyPair(KeySpec spec) public static PGPKeyPair generateKeyPair(KeySpec spec)
throws NoSuchAlgorithmException, PGPException, throws NoSuchAlgorithmException, PGPException,
InvalidAlgorithmParameterException { InvalidAlgorithmParameterException {
Date keyCreationDate = spec.getKeyCreationDate();
if (keyCreationDate == null) {
keyCreationDate = new Date();
}
return generateKeyPair(spec, keyCreationDate);
}
public static PGPKeyPair generateKeyPair(KeySpec spec, Date keyCreationDate)
throws NoSuchAlgorithmException, PGPException,
InvalidAlgorithmParameterException {
KeyType type = spec.getKeyType(); KeyType type = spec.getKeyType();
KeyPairGenerator certKeyGenerator = KeyPairGenerator.getInstance(type.getName(), KeyPairGenerator certKeyGenerator = KeyPairGenerator.getInstance(type.getName(),
ProviderFactory.getProvider()); ProviderFactory.getProvider());
@ -312,8 +322,6 @@ public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {
// Create raw Key Pair // Create raw Key Pair
KeyPair keyPair = certKeyGenerator.generateKeyPair(); KeyPair keyPair = certKeyGenerator.generateKeyPair();
Date keyCreationDate = spec.getKeyCreationDate() != null ? spec.getKeyCreationDate() : new Date();
// Form PGP key pair // Form PGP key pair
PGPKeyPair pgpKeyPair = ImplementationFactory.getInstance() PGPKeyPair pgpKeyPair = ImplementationFactory.getInstance()
.getPGPKeyPair(type.getAlgorithm(), keyPair, keyCreationDate); .getPGPKeyPair(type.getAlgorithm(), keyPair, keyCreationDate);

3
pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java
View file

@ -290,6 +290,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
@Override @Override
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) { public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
SignatureSubpacketsHelper.applyFrom(keySpec.getSubpackets(), (SignatureSubpackets) hashedSubpackets); SignatureSubpacketsHelper.applyFrom(keySpec.getSubpackets(), (SignatureSubpackets) hashedSubpackets);
hashedSubpackets.setSignatureCreationTime(referenceTime);
} }
}; };
@ -307,7 +308,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
@Nullable SelfSignatureSubpackets.Callback subpacketsCallback, @Nullable SelfSignatureSubpackets.Callback subpacketsCallback,
@Nonnull SecretKeyRingProtector secretKeyRingProtector) @Nonnull SecretKeyRingProtector secretKeyRingProtector)
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException { throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
PGPKeyPair keyPair = KeyRingBuilder.generateKeyPair(keySpec); PGPKeyPair keyPair = KeyRingBuilder.generateKeyPair(keySpec, referenceTime);
SecretKeyRingProtector subKeyProtector = PasswordBasedSecretKeyRingProtector SecretKeyRingProtector subKeyProtector = PasswordBasedSecretKeyRingProtector
.forKeyId(keyPair.getKeyID(), subkeyPassphrase); .forKeyId(keyPair.getKeyID(), subkeyPassphrase);