PGPainless/pgpainless
PGPainless
/
pgpainless
mirror of https://github.com/pgpainless/pgpainless.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Direct-Key signatures are calculated over the signee only, not the signer plus signee

This commit is contained in:
Paul Schaub 2023-06-06 11:00:44 +02:00
parent 0fdafdf956
commit 7769ff8173
Signed by: vanitasvitae
GPG Key ID: 62BEE9264BF17311
2 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pgpainless-core/src/main/java/org/pgpainless/signature/builder/ThirdPartyDirectKeySignatureBuilder.java
View File

@ -43,11 +43,7 @@ public class ThirdPartyDirectKeySignatureBuilder extends AbstractSignatureBuilde
public PGPSignature build(PGPPublicKey key) throws PGPException { public PGPSignature build(PGPPublicKey key) throws PGPException {
PGPSignatureGenerator signatureGenerator = buildAndInitSignatureGenerator(); PGPSignatureGenerator signatureGenerator = buildAndInitSignatureGenerator();
if (key.getKeyID() != publicSigningKey.getKeyID()) { return signatureGenerator.generateCertification(key);
return signatureGenerator.generateCertification(publicSigningKey, key);
} else {
return signatureGenerator.generateCertification(key);
}
} }
@Override @Override

6
pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java
View File

@ -546,10 +546,10 @@ public abstract class SignatureValidator {
try { try {
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signer); signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signer);
boolean valid; boolean valid;
if (signer.getKeyID() != signee.getKeyID()) { if (signer.getKeyID() == signee.getKeyID() || signature.getSignatureType() == PGPSignature.DIRECT_KEY) {
valid = signature.verifyCertification(signer, signee);
} else {
valid = signature.verifyCertification(signee); valid = signature.verifyCertification(signee);
} else {
valid = signature.verifyCertification(signer, signee);
} }
if (!valid) { if (!valid) {
throw new SignatureValidationException("Signature is not correct."); throw new SignatureValidationException("Signature is not correct.");