From 6a11e39d76cb6cc1a992f078be57c5e7b08f6ab6 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sun, 1 Aug 2021 15:53:51 +0200 Subject: [PATCH] Add issuer-fingerprint to message signatures --- .../encryption_signing/SigningOptions.java | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/pgpainless-core/src/main/java/org/pgpainless/encryption_signing/SigningOptions.java b/pgpainless-core/src/main/java/org/pgpainless/encryption_signing/SigningOptions.java index 8f19ad4b..ec82cba0 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/encryption_signing/SigningOptions.java +++ b/pgpainless-core/src/main/java/org/pgpainless/encryption_signing/SigningOptions.java @@ -29,6 +29,7 @@ import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.openpgp.PGPSignatureGenerator; +import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator; import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder; import org.pgpainless.PGPainless; import org.pgpainless.algorithm.DocumentSignatureType; @@ -266,7 +267,7 @@ public final class SigningOptions { boolean detached) throws PGPException { SubkeyIdentifier signingKeyIdentifier = new SubkeyIdentifier(secretKey, signingSubkey.getKeyID()); - PGPSignatureGenerator generator = createSignatureGenerator(signingSubkey, hashAlgorithm, signatureType); + PGPSignatureGenerator generator = createSignatureGenerator(secretKey.getSecretKey(signingSubkey.getKeyID()), signingSubkey, hashAlgorithm, signatureType); SigningMethod signingMethod = detached ? SigningMethod.detachedSignature(generator) : SigningMethod.inlineSignature(generator); signingMethods.put(signingKeyIdentifier, signingMethod); } @@ -302,7 +303,8 @@ public final class SigningOptions { return algorithm; } - private PGPSignatureGenerator createSignatureGenerator(PGPPrivateKey privateKey, + private PGPSignatureGenerator createSignatureGenerator(PGPSecretKey secretKey, + PGPPrivateKey privateKey, HashAlgorithm hashAlgorithm, DocumentSignatureType signatureType) throws PGPException { @@ -310,11 +312,19 @@ public final class SigningOptions { PGPContentSignerBuilder signerBuilder = ImplementationFactory.getInstance() .getPGPContentSignerBuilder(publicKeyAlgorithm, hashAlgorithm.getAlgorithmId()); PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(signerBuilder); + signatureGenerator.setUnhashedSubpackets(unhashedSubpackets(secretKey).generate()); signatureGenerator.init(signatureType.getSignatureType().getCode(), privateKey); return signatureGenerator; } + private PGPSignatureSubpacketGenerator unhashedSubpackets(PGPSecretKey key) { + PGPSignatureSubpacketGenerator generator = new PGPSignatureSubpacketGenerator(); + generator.setIssuerKeyID(false, key.getKeyID()); + generator.setIssuerFingerprint(false, key); + return generator; + } + /** * Return a map of key-ids and signing methods. * For internal use.