PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-16 17:32:06 +01:00
Code Issues Releases Wiki Activity

Direct-Key signatures are calculated over the signee only, not the signer plus signee

Browse source
This commit is contained in:
Paul Schaub 2023-06-06 11:00:44 +02:00
parent 48a323441a
commit a0a3d59cec
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 4 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pgpainless-core/src/main/java/org/pgpainless/signature/builder/ThirdPartyDirectKeySignatureBuilder.java
View file

@ -43,12 +43,8 @@ public class ThirdPartyDirectKeySignatureBuilder extends AbstractSignatureBuilde
public PGPSignature build(PGPPublicKey key) throws PGPException { public PGPSignature build(PGPPublicKey key) throws PGPException {
PGPSignatureGenerator signatureGenerator = buildAndInitSignatureGenerator(); PGPSignatureGenerator signatureGenerator = buildAndInitSignatureGenerator();
if (key.getKeyID() != publicSigningKey.getKeyID()) {
return signatureGenerator.generateCertification(publicSigningKey, key);
} else {
return signatureGenerator.generateCertification(key); return signatureGenerator.generateCertification(key);
} }
}
@Override @Override
protected boolean isValidSignatureType(SignatureType type) { protected boolean isValidSignatureType(SignatureType type) {

6
pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java
View file

@ -535,10 +535,10 @@ public abstract class SignatureValidator {
try { try {
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signer); signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signer);
boolean valid; boolean valid;
if (signer.getKeyID() != signee.getKeyID()) { if (signer.getKeyID() == signee.getKeyID() || signature.getSignatureType() == PGPSignature.DIRECT_KEY) {
valid = signature.verifyCertification(signer, signee);
} else {
valid = signature.verifyCertification(signee); valid = signature.verifyCertification(signee);
} else {
valid = signature.verifyCertification(signer, signee);
} }
if (!valid) { if (!valid) {
throw new SignatureValidationException("Signature is not correct."); throw new SignatureValidationException("Signature is not correct.");