Prevent subkey binding signature from predating subkey

Fixes #419
2024-11-19 02:42:05 +01:00 · 2023-11-30 17:58:10 +01:00 · 2023-11-30 17:58:10 +01:00 · f39d2c5566
commit f39d2c5566
parent 49de608785
4 changed files with 10 additions and 6 deletions
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
@ -246,7 +246,11 @@ class KeyRingBuilder : KeyRingBuilderInterface<KeyRingBuilder> {
        const val MILLIS_IN_YEAR = 1000L * 60 * 60 * 24 * 365

        @JvmStatic
-        fun generateKeyPair(spec: KeySpec): PGPKeyPair {
+        @JvmOverloads
+        fun generateKeyPair(
+            spec: KeySpec,
+            creationTime: Date = spec.keyCreationDate ?: Date()
+        ): PGPKeyPair {
            spec.keyType.let { type ->
                // Create raw Key Pair
                val keyPair =
@ -254,10 +258,9 @@ class KeyRingBuilder : KeyRingBuilderInterface<KeyRingBuilder> {
                        .also { it.initialize(type.algorithmSpec) }
                        .generateKeyPair()

-                val keyCreationDate = spec.keyCreationDate ?: Date()
                // Form PGP Key Pair
                return ImplementationFactory.getInstance()
-                    .getPGPKeyPair(type.algorithm, keyPair, keyCreationDate)
+                    .getPGPKeyPair(type.algorithm, keyPair, creationTime)
            }
        }
    }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeySpec.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeySpec.kt
@ -15,7 +15,7 @@ data class KeySpec(
    val keyType: KeyType,
    val subpacketGenerator: SignatureSubpackets,
    val isInheritedSubPackets: Boolean,
-    val keyCreationDate: Date
+    val keyCreationDate: Date?
 ) {

    val subpackets: PGPSignatureSubpacketVector
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeySpecBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeySpecBuilder.kt
@ -25,7 +25,7 @@ constructor(
    private var preferredHashAlgorithms: Set<HashAlgorithm> = algorithmSuite.hashAlgorithms
    private var preferredSymmetricAlgorithms: Set<SymmetricKeyAlgorithm> =
        algorithmSuite.symmetricKeyAlgorithms
-    private var keyCreationDate = Date()
+    private var keyCreationDate: Date? = null

    constructor(type: KeyType, vararg keyFlags: KeyFlag) : this(type, listOf(*keyFlags))

--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
@ -231,6 +231,7 @@ class SecretKeyRingEditor(
                override fun modifyHashedSubpackets(hashedSubpackets: SelfSignatureSubpackets) {
                    SignatureSubpacketsHelper.applyFrom(
                        keySpec.subpackets, hashedSubpackets as SignatureSubpackets)
+                    hashedSubpackets.setSignatureCreationTime(referenceTime)
                }
            }
        return addSubKey(keySpec, subkeyPassphrase, callback, protector)
@ -242,7 +243,7 @@ class SecretKeyRingEditor(
        callback: SelfSignatureSubpackets.Callback?,
        protector: SecretKeyRingProtector
    ): SecretKeyRingEditorInterface {
-        val keyPair = KeyRingBuilder.generateKeyPair(keySpec)
+        val keyPair = KeyRingBuilder.generateKeyPair(keySpec, referenceTime)
        val subkeyProtector =
            PasswordBasedSecretKeyRingProtector.forKeyId(keyPair.keyID, subkeyPassphrase)
        val keyFlags = KeyFlag.fromBitmask(keySpec.subpackets.keyFlags).toMutableList()