Skip to content

Commit

Permalink
PpgPublicKeyParser: Warn about uncertified subkeys
Browse files Browse the repository at this point in the history 
The Tor and the Electrum developer's subkeys are signed by their master
keys. The PpgPublicKeyParser enforces this behavior. Unfortunately,
this is not true for all Bitcoin Core developers. One example where this
happens is when we try to verify the key with the fingerprint
`0x57FF9BDBCC301009`.
  • Loading branch information
@alvasw
alvasw committed Jul 22, 2024
1 parent 8b32afd commit fe24691
Showing 1 changed file with 16 additions and 7 deletions.
23 changes: 16 additions & 7 deletions build-logic/gradle-tasks/src/main/kotlin/bisq/gradle/tasks/signature/PpgPublicKeyParser.kt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package bisq.gradle.tasks.signature

import org.bouncycastle.openpgp.PGPException
import org.bouncycastle.openpgp.PGPPublicKey
import org.bouncycastle.openpgp.PGPPublicKeyRing
import org.bouncycastle.openpgp.PGPUtil
Expand All @@ -9,6 +10,7 @@ import org.bouncycastle.util.encoders.Hex
import org.gradle.api.GradleException
import java.io.ByteArrayInputStream
import java.net.URL
import java.security.InvalidKeyException

class PpgPublicKeyParser(
private val primaryKeyFingerprint: String,
Expand Down Expand Up @@ -76,14 +78,21 @@ class PpgPublicKeyParser(
subKeys.forEach { subKey ->
var hasValidSignature = false
subKey.keySignatures.forEach { signature ->
signature.init(
JcaPGPContentVerifierBuilderProvider().setProvider("BC"),
masterKey!!
)
val isSubKeySignedByMasterKey = signature.verifyCertification(masterKey!!, subKey)
try {
signature.init(
JcaPGPContentVerifierBuilderProvider().setProvider("BC"),
masterKey!!
)
val isSubKeySignedByMasterKey = signature.verifyCertification(masterKey!!, subKey)

if (isSubKeySignedByMasterKey) {
hasValidSignature = true
if (isSubKeySignedByMasterKey) {
hasValidSignature = true
}
} catch (e: PGPException) {
if (e.underlyingException is InvalidKeyException) {
println("Warning: Can't verify subkey `${subKey.keyID}` with masterkey `${masterKey!!.keyID}`.")
hasValidSignature = true
}
}
}

Expand Down

0 comments on commit fe24691

Please sign in to comment.