1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-25 13:52:06 +01:00
Prevent subkey binding signature from predating subkey
Fixes #419
This commit is contained in:
Paul Schaub 2023-11-30 20:04:22 +01:00
parent b7e8b56e3d
commit 4f85a29e0c
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 12 additions and 3 deletions

View file

@ -304,6 +304,16 @@ public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {
public static PGPKeyPair generateKeyPair(KeySpec spec)
throws NoSuchAlgorithmException, PGPException,
InvalidAlgorithmParameterException {
Date keyCreationDate = spec.getKeyCreationDate();
if (keyCreationDate == null) {
keyCreationDate = new Date();
}
return generateKeyPair(spec, keyCreationDate);
}
public static PGPKeyPair generateKeyPair(KeySpec spec, Date keyCreationDate)
throws NoSuchAlgorithmException, PGPException,
InvalidAlgorithmParameterException {
KeyType type = spec.getKeyType();
KeyPairGenerator certKeyGenerator = KeyPairGenerator.getInstance(type.getName(),
ProviderFactory.getProvider());
@ -312,8 +322,6 @@ public class KeyRingBuilder implements KeyRingBuilderInterface<KeyRingBuilder> {
// Create raw Key Pair
KeyPair keyPair = certKeyGenerator.generateKeyPair();
Date keyCreationDate = spec.getKeyCreationDate() != null ? spec.getKeyCreationDate() : new Date();
// Form PGP key pair
PGPKeyPair pgpKeyPair = ImplementationFactory.getInstance()
.getPGPKeyPair(type.getAlgorithm(), keyPair, keyCreationDate);

View file

@ -290,6 +290,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
@Override
public void modifyHashedSubpackets(SelfSignatureSubpackets hashedSubpackets) {
SignatureSubpacketsHelper.applyFrom(keySpec.getSubpackets(), (SignatureSubpackets) hashedSubpackets);
hashedSubpackets.setSignatureCreationTime(referenceTime);
}
};
@ -307,7 +308,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
@Nullable SelfSignatureSubpackets.Callback subpacketsCallback,
@Nonnull SecretKeyRingProtector secretKeyRingProtector)
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException {
PGPKeyPair keyPair = KeyRingBuilder.generateKeyPair(keySpec);
PGPKeyPair keyPair = KeyRingBuilder.generateKeyPair(keySpec, referenceTime);
SecretKeyRingProtector subKeyProtector = PasswordBasedSecretKeyRingProtector
.forKeyId(keyPair.getKeyID(), subkeyPassphrase);