1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-05 03:55:58 +01:00

Direct-Key signatures are calculated over the signee only, not the signer plus signee

This commit is contained in:
Paul Schaub 2023-06-06 11:00:44 +02:00
parent 48a323441a
commit a0a3d59cec
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 4 additions and 8 deletions

View file

@ -43,11 +43,7 @@ public class ThirdPartyDirectKeySignatureBuilder extends AbstractSignatureBuilde
public PGPSignature build(PGPPublicKey key) throws PGPException {
PGPSignatureGenerator signatureGenerator = buildAndInitSignatureGenerator();
if (key.getKeyID() != publicSigningKey.getKeyID()) {
return signatureGenerator.generateCertification(publicSigningKey, key);
} else {
return signatureGenerator.generateCertification(key);
}
return signatureGenerator.generateCertification(key);
}
@Override

View file

@ -535,10 +535,10 @@ public abstract class SignatureValidator {
try {
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signer);
boolean valid;
if (signer.getKeyID() != signee.getKeyID()) {
valid = signature.verifyCertification(signer, signee);
} else {
if (signer.getKeyID() == signee.getKeyID() || signature.getSignatureType() == PGPSignature.DIRECT_KEY) {
valid = signature.verifyCertification(signee);
} else {
valid = signature.verifyCertification(signer, signee);
}
if (!valid) {
throw new SignatureValidationException("Signature is not correct.");