From d65a26fbf5e937d154d9f59e0074e9314534e449 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Tue, 6 Jun 2023 11:00:44 +0200 Subject: [PATCH] Direct-Key signatures are calculated over the signee only, not the signer plus signee --- .../builder/ThirdPartyDirectKeySignatureBuilder.java | 6 +----- .../pgpainless/signature/consumer/SignatureValidator.java | 6 +++--- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/builder/ThirdPartyDirectKeySignatureBuilder.java b/pgpainless-core/src/main/java/org/pgpainless/signature/builder/ThirdPartyDirectKeySignatureBuilder.java index dd720bce..51a14052 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/builder/ThirdPartyDirectKeySignatureBuilder.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/builder/ThirdPartyDirectKeySignatureBuilder.java @@ -43,11 +43,7 @@ public class ThirdPartyDirectKeySignatureBuilder extends AbstractSignatureBuilde public PGPSignature build(PGPPublicKey key) throws PGPException { PGPSignatureGenerator signatureGenerator = buildAndInitSignatureGenerator(); - if (key.getKeyID() != publicSigningKey.getKeyID()) { - return signatureGenerator.generateCertification(publicSigningKey, key); - } else { - return signatureGenerator.generateCertification(key); - } + return signatureGenerator.generateCertification(key); } @Override diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java index cf0dc1fb..254b5d56 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java @@ -539,10 +539,10 @@ public abstract class SignatureValidator { try { signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signer); boolean valid; - if (signer.getKeyID() != signee.getKeyID()) { - valid = signature.verifyCertification(signer, signee); - } else { + if (signer.getKeyID() == signee.getKeyID() || signature.getSignatureType() == PGPSignature.DIRECT_KEY) { valid = signature.verifyCertification(signee); + } else { + valid = signature.verifyCertification(signer, signee); } if (!valid) { throw new SignatureValidationException("Signature is not correct.");