1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-26 14:22:05 +01:00

Direct-Key signatures are calculated over the signee only, not the signer plus signee

This commit is contained in:
Paul Schaub 2023-06-06 11:00:44 +02:00
parent a25ea542d6
commit d65a26fbf5
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 4 additions and 8 deletions

View file

@ -43,11 +43,7 @@ public class ThirdPartyDirectKeySignatureBuilder extends AbstractSignatureBuilde
public PGPSignature build(PGPPublicKey key) throws PGPException { public PGPSignature build(PGPPublicKey key) throws PGPException {
PGPSignatureGenerator signatureGenerator = buildAndInitSignatureGenerator(); PGPSignatureGenerator signatureGenerator = buildAndInitSignatureGenerator();
if (key.getKeyID() != publicSigningKey.getKeyID()) { return signatureGenerator.generateCertification(key);
return signatureGenerator.generateCertification(publicSigningKey, key);
} else {
return signatureGenerator.generateCertification(key);
}
} }
@Override @Override

View file

@ -539,10 +539,10 @@ public abstract class SignatureValidator {
try { try {
signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signer); signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signer);
boolean valid; boolean valid;
if (signer.getKeyID() != signee.getKeyID()) { if (signer.getKeyID() == signee.getKeyID() || signature.getSignatureType() == PGPSignature.DIRECT_KEY) {
valid = signature.verifyCertification(signer, signee);
} else {
valid = signature.verifyCertification(signee); valid = signature.verifyCertification(signee);
} else {
valid = signature.verifyCertification(signer, signee);
} }
if (!valid) { if (!valid) {
throw new SignatureValidationException("Signature is not correct."); throw new SignatureValidationException("Signature is not correct.");