Include full IssuerFingerprint in GPG signature
Update dependency to Bouncy Castle to 1.65. Add the IssuerFingerprint as a hashed sub-packet in the signature. If added unhashed, GPG ignores it. Bug: 553206 Change-Id: I6807e8e2385e6ec5790f388e4753a44aa9474ebb Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
This commit is contained in:
parent
b3f08af880
commit
4d7a16257f
|
@ -162,17 +162,17 @@ Import-Package: com.googlecode.javaewah;version="[1.1.6,2.0.0)",
|
||||||
com.jcraft.jsch;version="[0.1.37,0.2.0)",
|
com.jcraft.jsch;version="[0.1.37,0.2.0)",
|
||||||
javax.crypto,
|
javax.crypto,
|
||||||
javax.net.ssl,
|
javax.net.ssl,
|
||||||
org.bouncycastle;version="[1.61.0,2.0.0)",
|
org.bouncycastle;version="[1.65.0,2.0.0)",
|
||||||
org.bouncycastle.bcpg;version="[1.61.0,2.0.0)",
|
org.bouncycastle.bcpg;version="[1.65.0,2.0.0)",
|
||||||
org.bouncycastle.gpg;version="[1.61.0,2.0.0)",
|
org.bouncycastle.gpg;version="[1.65.0,2.0.0)",
|
||||||
org.bouncycastle.gpg.keybox;version="[1.61.0,2.0.0)",
|
org.bouncycastle.gpg.keybox;version="[1.65.0,2.0.0)",
|
||||||
org.bouncycastle.gpg.keybox.jcajce;version="[1.61.0,2.0.0)",
|
org.bouncycastle.gpg.keybox.jcajce;version="[1.65.0,2.0.0)",
|
||||||
org.bouncycastle.jce.provider;version="[1.61.0,2.0.0)",
|
org.bouncycastle.jce.provider;version="[1.65.0,2.0.0)",
|
||||||
org.bouncycastle.openpgp;version="[1.61.0,2.0.0)",
|
org.bouncycastle.openpgp;version="[1.65.0,2.0.0)",
|
||||||
org.bouncycastle.openpgp.jcajce;version="[1.61.0,2.0.0)",
|
org.bouncycastle.openpgp.jcajce;version="[1.65.0,2.0.0)",
|
||||||
org.bouncycastle.openpgp.operator;version="[1.61.0,2.0.0)",
|
org.bouncycastle.openpgp.operator;version="[1.65.0,2.0.0)",
|
||||||
org.bouncycastle.openpgp.operator.jcajce;version="[1.61.0,2.0.0)",
|
org.bouncycastle.openpgp.operator.jcajce;version="[1.65.0,2.0.0)",
|
||||||
org.bouncycastle.util.encoders;version="[1.61.0,2.0.0)",
|
org.bouncycastle.util.encoders;version="[1.65.0,2.0.0)",
|
||||||
org.slf4j;version="[1.7.0,2.0.0)",
|
org.slf4j;version="[1.7.0,2.0.0)",
|
||||||
org.xml.sax,
|
org.xml.sax,
|
||||||
org.xml.sax.helpers
|
org.xml.sax.helpers
|
||||||
|
|
|
@ -25,6 +25,7 @@
|
||||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.bouncycastle.openpgp.PGPSignatureGenerator;
|
import org.bouncycastle.openpgp.PGPSignatureGenerator;
|
||||||
|
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
|
||||||
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
|
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
|
||||||
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
|
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
|
||||||
import org.eclipse.jgit.annotations.NonNull;
|
import org.eclipse.jgit.annotations.NonNull;
|
||||||
|
@ -117,6 +118,11 @@ public void sign(@NonNull CommitBuilder commit,
|
||||||
HashAlgorithmTags.SHA256).setProvider(
|
HashAlgorithmTags.SHA256).setProvider(
|
||||||
BouncyCastleProvider.PROVIDER_NAME));
|
BouncyCastleProvider.PROVIDER_NAME));
|
||||||
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
|
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
|
||||||
|
PGPSignatureSubpacketGenerator subpacketGenerator = new PGPSignatureSubpacketGenerator();
|
||||||
|
subpacketGenerator.setIssuerFingerprint(false,
|
||||||
|
secretKey.getPublicKey());
|
||||||
|
signatureGenerator
|
||||||
|
.setHashedSubpackets(subpacketGenerator.generate());
|
||||||
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
|
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
|
||||||
try (BCPGOutputStream out = new BCPGOutputStream(
|
try (BCPGOutputStream out = new BCPGOutputStream(
|
||||||
new ArmoredOutputStream(buffer))) {
|
new ArmoredOutputStream(buffer))) {
|
||||||
|
|
Loading…
Reference in New Issue