diff --git a/pg/src/main/java/org/bouncycastle/bcpg/SignaturePacket.java b/pg/src/main/java/org/bouncycastle/bcpg/SignaturePacket.java index de2d3b5ac2..853a22090f 100644 --- a/pg/src/main/java/org/bouncycastle/bcpg/SignaturePacket.java +++ b/pg/src/main/java/org/bouncycastle/bcpg/SignaturePacket.java @@ -353,7 +353,22 @@ public SignaturePacket( byte[] fingerPrint, MPInteger[] signature) { - super(SIGNATURE); + this(version, false, signatureType, keyID, keyAlgorithm, hashAlgorithm, hashedData, unhashedData, fingerPrint, signature); + } + + public SignaturePacket( + int version, + boolean hasNewPacketFormat, + int signatureType, + long keyID, + int keyAlgorithm, + int hashAlgorithm, + SignatureSubpacket[] hashedData, + SignatureSubpacket[] unhashedData, + byte[] fingerPrint, + MPInteger[] signature) + { + super(SIGNATURE, hasNewPacketFormat); this.version = version; this.signatureType = signatureType; @@ -383,7 +398,7 @@ public SignaturePacket( byte[] signatureEncoding, byte[] salt) { - super(SIGNATURE); + super(SIGNATURE, true); this.version = version; this.signatureType = signatureType; @@ -413,7 +428,7 @@ public SignaturePacket( MPInteger[] signature, byte[] salt) { - super(SIGNATURE); + super(SIGNATURE, true); this.version = version; this.signatureType = signatureType; diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java index 68cf06c2b0..0107154a7b 100644 --- a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java +++ b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java @@ -198,7 +198,7 @@ public class PGPSignature */ public static final int THIRD_PARTY_CONFIRMATION = 0x50; - private final SignaturePacket sigPck; + final SignaturePacket sigPck; private final TrustPacket trustPck; private volatile PGPContentVerifier verifier; @@ -1034,6 +1034,8 @@ public static PGPSignature join(PGPSignature sig1, PGPSignature sig2) SignatureSubpacket[] unhashed = (SignatureSubpacket[])merged.toArray(new SignatureSubpacket[0]); return new PGPSignature( new SignaturePacket( + sig1.getVersion(), + sig1.sigPck.hasNewPacketFormat(), sig1.getSignatureType(), sig1.getKeyID(), sig1.getKeyAlgorithm(), diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java index 2d008bd7d3..33087c6c3c 100644 --- a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java +++ b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java @@ -1,11 +1,14 @@ package org.bouncycastle.openpgp; +import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.Date; import java.util.List; +import org.bouncycastle.bcpg.BCPGOutputStream; +import org.bouncycastle.bcpg.PacketFormat; import org.bouncycastle.bcpg.SignatureSubpacket; import org.bouncycastle.bcpg.SignatureSubpacketTags; import org.bouncycastle.bcpg.sig.EmbeddedSignature; @@ -445,9 +448,16 @@ public void setEmbeddedSignature(boolean isCritical, PGPSignature pgpSignature) public void addEmbeddedSignature(boolean isCritical, PGPSignature pgpSignature) throws IOException { - byte[] sig = pgpSignature.getEncoded(); + // Encode the signature forcing legacy packet format, such that we consistently cut off the proper amount + // of header bytes + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + BCPGOutputStream pOut = new BCPGOutputStream(bOut, PacketFormat.LEGACY); + pgpSignature.encode(pOut); + pOut.close(); + byte[] sig = bOut.toByteArray(); byte[] data; + // Cut off the header bytes if (sig.length - 1 > 256) { data = new byte[sig.length - 3];