Only check that message signatures are newer than the key

twiss · twiss · commit 8e272e796276 · 2025-02-21T14:50:18.000+01:00
Don't check that binding signatures are newer than the primary key
that created them, as some old keys generated by previous versions
of OpenPGP.js fail this check.
diff --git a/openpgp/v2/keys.go b/openpgp/v2/keys.go
@@ -676,7 +676,7 @@ func (e *Entity) LatestValidDirectSignature(date time.Time, config *packet.Confi
 			if sig.Valid == nil {
 				err := e.PrimaryKey.VerifyDirectKeySignature(sig.Packet)
 				if err == nil {
-					err = checkSignatureDetails(e.PrimaryKey, sig.Packet, date, config)
+					err = checkSignatureDetails(sig.Packet, date, config)
 				}
 				valid := err == nil
 				sig.Valid = &valid
diff --git a/openpgp/v2/read.go b/openpgp/v2/read.go
@@ -732,19 +732,14 @@ func verifyDetachedSignatureReader(keyring KeyRing, signed, signature io.Reader,
 // It checks the following:
 //   - Hash function should not be invalid according to
 //     config.RejectHashAlgorithms.
-//   - Verification key must be older than the signature creation time.
 //   - Check signature notations.
 //   - Signature is not expired (unless a zero time is passed to
 //     explicitly ignore expiration).
-func checkSignatureDetails(pk *packet.PublicKey, signature *packet.Signature, now time.Time, config *packet.Config) error {
+func checkSignatureDetails(signature *packet.Signature, now time.Time, config *packet.Config) error {
 	if config.RejectHashAlgorithm(signature.Hash) {
 		return errors.SignatureError("insecure hash algorithm: " + signature.Hash.String())
 	}
 
-	if pk.CreationTime.Unix() > signature.CreationTime.Unix() {
-		return errors.ErrSignatureOlderThanKey
-	}
-
 	for _, notation := range signature.Notations {
 		if notation.IsCritical && !config.KnownNotation(notation.Name) {
 			return errors.SignatureError("unknown critical notation: " + notation.Name)
@@ -762,30 +757,29 @@ func checkSignatureDetails(pk *packet.PublicKey, signature *packet.Signature, no
 // signature and all relevant binding signatures.
 // In addition, the message signature hash algorithm is checked against
 // config.RejectMessageHashAlgorithms.
+// Finally, the signature must be newer than the verification key.
 func checkMessageSignatureDetails(verifiedKey *Key, signature *packet.Signature, config *packet.Config) error {
 	if config.RejectMessageHashAlgorithm(signature.Hash) {
 		return errors.SignatureError("insecure message hash algorithm: " + signature.Hash.String())
 	}
 
+	if signature.CreationTime.Unix() < verifiedKey.PublicKey.CreationTime.Unix() {
+		return errors.ErrSignatureOlderThanKey
+	}
+
 	sigsToCheck := []*packet.Signature{signature, verifiedKey.PrimarySelfSignature}
 	if !verifiedKey.IsPrimary() {
 		sigsToCheck = append(sigsToCheck, verifiedKey.SelfSignature, verifiedKey.SelfSignature.EmbeddedSignature)
 	}
 	var errs []error
 	for _, sig := range sigsToCheck {
-		var pk *packet.PublicKey
-		if sig == verifiedKey.PrimarySelfSignature || sig == verifiedKey.SelfSignature {
-			pk = verifiedKey.Entity.PrimaryKey
-		} else {
-			pk = verifiedKey.PublicKey
-		}
 		var time time.Time
 		if sig == signature {
 			time = config.Now()
 		} else {
 			time = signature.CreationTime
 		}
-		if err := checkSignatureDetails(pk, sig, time, config); err != nil {
+		if err := checkSignatureDetails(sig, time, config); err != nil {
 			errs = append(errs, err)
 		}
 	}
diff --git a/openpgp/v2/subkeys.go b/openpgp/v2/subkeys.go
@@ -187,7 +187,7 @@ func (s *Subkey) LatestValidBindingSignature(date time.Time, config *packet.Conf
 			if sig.Valid == nil {
 				err := s.Primary.PrimaryKey.VerifyKeySignature(s.PublicKey, sig.Packet)
 				if err == nil {
-					err = checkSignatureDetails(s.Primary.PrimaryKey, sig.Packet, date, config)
+					err = checkSignatureDetails(sig.Packet, date, config)
 				}
 				valid := err == nil
 				sig.Valid = &valid
diff --git a/openpgp/v2/user.go b/openpgp/v2/user.go
@@ -121,7 +121,7 @@ func (i *Identity) Revoked(selfCertification *packet.Signature, date time.Time,
 				// Verify revocation signature (not verified yet).
 				err := i.Primary.PrimaryKey.VerifyUserIdSignature(i.Name, i.Primary.PrimaryKey, revocation.Packet)
 				if err == nil {
-					err = checkSignatureDetails(i.Primary.PrimaryKey, revocation.Packet, date, config)
+					err = checkSignatureDetails(revocation.Packet, date, config)
 				}
 				valid := err == nil
 				revocation.Valid = &valid
@@ -206,7 +206,7 @@ func (i *Identity) LatestValidSelfCertification(date time.Time, config *packet.C
 				// Verify revocation signature (not verified yet).
 				err = i.Primary.PrimaryKey.VerifyUserIdSignature(i.Name, i.Primary.PrimaryKey, sig.Packet)
 				if err == nil {
-					err = checkSignatureDetails(i.Primary.PrimaryKey, sig.Packet, date, config)
+					err = checkSignatureDetails(sig.Packet, date, config)
 				}
 				valid := err == nil
 				sig.Valid = &valid

Original file line number	Diff line number	Diff line change
`@@ -676,7 +676,7 @@ func (e Entity) LatestValidDirectSignature(date time.Time, config packet.Confi`
`676`	`676`	`if sig.Valid == nil {`
`677`	`677`	`err := e.PrimaryKey.VerifyDirectKeySignature(sig.Packet)`
`678`	`678`	`if err == nil {`
`679`		`- err = checkSignatureDetails(e.PrimaryKey, sig.Packet, date, config)`
	`679`	`+ err = checkSignatureDetails(sig.Packet, date, config)`
`680`	`680`	`}`
`681`	`681`	`valid := err == nil`
`682`	`682`	`sig.Valid = &valid`
Original file line number	Diff line number	Diff line change
`@@ -187,7 +187,7 @@ func (s Subkey) LatestValidBindingSignature(date time.Time, config packet.Conf`
`187`	`187`	`if sig.Valid == nil {`
`188`	`188`	`err := s.Primary.PrimaryKey.VerifyKeySignature(s.PublicKey, sig.Packet)`
`189`	`189`	`if err == nil {`
`190`		`- err = checkSignatureDetails(s.Primary.PrimaryKey, sig.Packet, date, config)`
	`190`	`+ err = checkSignatureDetails(sig.Packet, date, config)`
`191`	`191`	`}`
`192`	`192`	`valid := err == nil`
`193`	`193`	`sig.Valid = &valid`