Skip to content

Commit 759f6d1

Browse files
committed
protonmail: fix "invalid or missing message signature" errors
Likely broken by a previous go-crypto upgrade. SHA512 is more portable across all key types.
1 parent 6244c5a commit 759f6d1

1 file changed

Lines changed: 12 additions & 6 deletions

File tree

protonmail/crypto.go

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -139,10 +139,11 @@ func symetricallyEncrypt(ciphertext io.Writer, symKey *packet.EncryptedKey, sign
139139
return nil, err
140140
}
141141

142-
hash := crypto.SHA256
142+
hash := crypto.SHA512
143143

144144
if signer != nil {
145145
ops := &packet.OnePassSignature{
146+
Version: 3,
146147
SigType: packet.SigTypeBinary,
147148
Hash: hash,
148149
PubKeyAlgo: signer.PubKeyAlgo,
@@ -198,12 +199,17 @@ func (s signatureWriter) Write(data []byte) (int, error) {
198199
}
199200

200201
func (s signatureWriter) Close() error {
202+
sigLifetimeSecs := s.config.SigLifetime()
201203
sig := &packet.Signature{
202-
SigType: packet.SigTypeBinary,
203-
PubKeyAlgo: s.signer.PubKeyAlgo,
204-
Hash: s.hashType,
205-
CreationTime: s.config.Now(),
206-
IssuerKeyId: &s.signer.KeyId,
204+
Version: 3,
205+
SigType: packet.SigTypeBinary,
206+
PubKeyAlgo: s.signer.PubKeyAlgo,
207+
Hash: s.hashType,
208+
CreationTime: s.config.Now(),
209+
IssuerKeyId: &s.signer.KeyId,
210+
IssuerFingerprint: s.signer.Fingerprint,
211+
Notations: s.config.Notations(),
212+
SigLifetimeSecs: &sigLifetimeSecs,
207213
}
208214

209215
if err := sig.Sign(s.h, s.signer, s.config); err != nil {

0 commit comments

Comments
 (0)