Browse Source
Include full IssuerFingerprint in GPG signature
Update dependency to Bouncy Castle to 1.65. Add the IssuerFingerprint as a hashed sub-packet in the signature. If added unhashed, GPG ignores it. Bug: 553206 Change-Id: I6807e8e2385e6ec5790f388e4753a44aa9474ebb Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>tags/v5.8.0.202006091008-r
Thomas Wolf
4 years ago
2 changed files with 17 additions and 11 deletions
+ 11
- 11
org.eclipse.jgit/META-INF/MANIFEST.MF
View File
| @@ -162,17 +162,17 @@ Import-Package: com.googlecode.javaewah;version="[1.1.6,2.0.0)", | |||
| com.jcraft.jsch;version="[0.1.37,0.2.0)", | |||
| javax.crypto, | |||
| javax.net.ssl, | |||
| org.bouncycastle;version="[1.61.0,2.0.0)", | |||
| org.bouncycastle.bcpg;version="[1.61.0,2.0.0)", | |||
| org.bouncycastle.gpg;version="[1.61.0,2.0.0)", | |||
| org.bouncycastle.gpg.keybox;version="[1.61.0,2.0.0)", | |||
| org.bouncycastle.gpg.keybox.jcajce;version="[1.61.0,2.0.0)", | |||
| org.bouncycastle.jce.provider;version="[1.61.0,2.0.0)", | |||
| org.bouncycastle.openpgp;version="[1.61.0,2.0.0)", | |||
| org.bouncycastle.openpgp.jcajce;version="[1.61.0,2.0.0)", | |||
| org.bouncycastle.openpgp.operator;version="[1.61.0,2.0.0)", | |||
| org.bouncycastle.openpgp.operator.jcajce;version="[1.61.0,2.0.0)", | |||
| org.bouncycastle.util.encoders;version="[1.61.0,2.0.0)", | |||
| org.bouncycastle;version="[1.65.0,2.0.0)", | |||
| org.bouncycastle.bcpg;version="[1.65.0,2.0.0)", | |||
| org.bouncycastle.gpg;version="[1.65.0,2.0.0)", | |||
| org.bouncycastle.gpg.keybox;version="[1.65.0,2.0.0)", | |||
| org.bouncycastle.gpg.keybox.jcajce;version="[1.65.0,2.0.0)", | |||
| org.bouncycastle.jce.provider;version="[1.65.0,2.0.0)", | |||
| org.bouncycastle.openpgp;version="[1.65.0,2.0.0)", | |||
| org.bouncycastle.openpgp.jcajce;version="[1.65.0,2.0.0)", | |||
| org.bouncycastle.openpgp.operator;version="[1.65.0,2.0.0)", | |||
| org.bouncycastle.openpgp.operator.jcajce;version="[1.65.0,2.0.0)", | |||
| org.bouncycastle.util.encoders;version="[1.65.0,2.0.0)", | |||
| org.slf4j;version="[1.7.0,2.0.0)", | |||
| org.xml.sax, | |||
| org.xml.sax.helpers | |||
+ 6
- 0
org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java
View File
| @@ -25,6 +25,7 @@ import org.bouncycastle.openpgp.PGPPrivateKey; | |||
| import org.bouncycastle.openpgp.PGPSecretKey; | |||
| import org.bouncycastle.openpgp.PGPSignature; | |||
| import org.bouncycastle.openpgp.PGPSignatureGenerator; | |||
| import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator; | |||
| import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder; | |||
| import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder; | |||
| import org.eclipse.jgit.annotations.NonNull; | |||
| @@ -117,6 +118,11 @@ public class BouncyCastleGpgSigner extends GpgSigner { | |||
| HashAlgorithmTags.SHA256).setProvider( | |||
| BouncyCastleProvider.PROVIDER_NAME)); | |||
| signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey); | |||
| PGPSignatureSubpacketGenerator subpacketGenerator = new PGPSignatureSubpacketGenerator(); | |||
| subpacketGenerator.setIssuerFingerprint(false, | |||
| secretKey.getPublicKey()); | |||
| signatureGenerator | |||
| .setHashedSubpackets(subpacketGenerator.generate()); | |||
| ByteArrayOutputStream buffer = new ByteArrayOutputStream(); | |||
| try (BCPGOutputStream out = new BCPGOutputStream( | |||
| new ArmoredOutputStream(buffer))) { | |||
Loading…