mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-05 03:55:58 +01:00
Direct-Key signatures are calculated over the signee only, not the signer plus signee
This commit is contained in:
parent
48a323441a
commit
a0a3d59cec
2 changed files with 4 additions and 8 deletions
|
@ -43,11 +43,7 @@ public class ThirdPartyDirectKeySignatureBuilder extends AbstractSignatureBuilde
|
|||
|
||||
public PGPSignature build(PGPPublicKey key) throws PGPException {
|
||||
PGPSignatureGenerator signatureGenerator = buildAndInitSignatureGenerator();
|
||||
if (key.getKeyID() != publicSigningKey.getKeyID()) {
|
||||
return signatureGenerator.generateCertification(publicSigningKey, key);
|
||||
} else {
|
||||
return signatureGenerator.generateCertification(key);
|
||||
}
|
||||
return signatureGenerator.generateCertification(key);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -535,10 +535,10 @@ public abstract class SignatureValidator {
|
|||
try {
|
||||
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signer);
|
||||
boolean valid;
|
||||
if (signer.getKeyID() != signee.getKeyID()) {
|
||||
valid = signature.verifyCertification(signer, signee);
|
||||
} else {
|
||||
if (signer.getKeyID() == signee.getKeyID() || signature.getSignatureType() == PGPSignature.DIRECT_KEY) {
|
||||
valid = signature.verifyCertification(signee);
|
||||
} else {
|
||||
valid = signature.verifyCertification(signer, signee);
|
||||
}
|
||||
if (!valid) {
|
||||
throw new SignatureValidationException("Signature is not correct.");
|
||||
|
|
Loading…
Reference in a new issue