A question about the DirectKeySignature example?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

A question about the DirectKeySignature example?

Lou Wynn


When I read the signPublicKey() function of the org.bouncycastle.openpgp.examples.DirectKeySignature example, I'm confused about the signing process that doesn't seem to include the given public key, keyToBeSigned. The source code the function is as follows:

    private static byte[] signPublicKey(PGPSecretKey secretKey, String secretKeyPass,
            PGPPublicKey keyToBeSigned, String notationName, String notationValue)
            throws Exception {
        PGPPrivateKey pgpPrivKey = secretKey
                .extractPrivateKey(new JcePBESecretKeyDecryptorBuilder().setProvider("BC")

        PGPSignatureGenerator sGen = new PGPSignatureGenerator(
                new JcaPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(),

        sGen.init(PGPSignature.DIRECT_KEY, pgpPrivKey);

        PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();

        boolean isHumanReadable = true;

        spGen.setNotationData(true, isHumanReadable, notationName, notationValue);

        PGPSignatureSubpacketVector packetVector = spGen.generate();


        return PGPPublicKey.addCertification(keyToBeSigned, sGen.generate()).getEncoded();

The keyToBeSigned variable is only used in the last statement as the first parameter of the addCertification function, and the function simply adds the second parameter into the keySigs list of the public key. Namely, the public key itself is not involved in computing the signature.

I would expect that something like the updateWithPublicKey() function should be called to include the public key as part of the signature data, but this function is private in the PGPSignatureGenerator. According to RFC 4880 Section 5.2.4, When a signature is made over a key, the body of the key packet should be included. It makes sense because without including the key in the above signature, the signed notation can be attached to any public key.

Did I miss anything here, or is this a problematic example?