bcgit · vanitasvitae · May 13, 2025 · May 14, 2025 · May 14, 2025
diff --git a/pg/src/main/java/org/bouncycastle/bcpg/SignaturePacket.java b/pg/src/main/java/org/bouncycastle/bcpg/SignaturePacket.java
@@ -353,7 +353,22 @@ public SignaturePacket(
         byte[]                  fingerPrint,
         MPInteger[]             signature)
     {
-        super(SIGNATURE);
+        this(version, false, signatureType, keyID, keyAlgorithm, hashAlgorithm, hashedData, unhashedData, fingerPrint, signature);
+    }
+
+    public SignaturePacket(
+            int                     version,
+            boolean                 hasNewPacketFormat,
+            int                     signatureType,
+            long                    keyID,
+            int                     keyAlgorithm,
+            int                     hashAlgorithm,
+            SignatureSubpacket[]    hashedData,
+            SignatureSubpacket[]    unhashedDa
8000
ta,
+            byte[]                  fingerPrint,
+            MPInteger[]             signature)
+    {
+        super(SIGNATURE, hasNewPacketFormat);
 
         this.version = version;
         this.signatureType = signatureType;
@@ -383,7 +398,7 @@ public SignaturePacket(
             byte[]                  signatureEncoding,
             byte[]                  salt)
     {
-        super(SIGNATURE);
+        super(SIGNATURE, true);
 
         this.version = version;
         this.signatureType = signatureType;
@@ -413,7 +428,7 @@ public SignaturePacket(
         MPInteger[] signature,
         byte[] salt)
     {
-        super(SIGNATURE);
+        super(SIGNATURE, true);
 
         this.version = version;
         this.signatureType = signatureType;

diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java
@@ -198,7 +198,7 @@ public class PGPSignature
      */
     public static final int THIRD_PARTY_CONFIRMATION = 0x50;
 
-    private final SignaturePacket sigPck;
+    final SignaturePacket sigPck;
     private final TrustPacket trustPck;
 
     private volatile PGPContentVerifier verifier;
@@ -1034,6 +1034,8 @@ public static PGPSignature join(PGPSignature sig1, PGPSignature sig2)
         SignatureSubpacket[] unhashed = (SignatureSubpacket[])merged.toArray(new SignatureSubpacket[0]);
         return new PGPSignature(
             new SignaturePacket(
+                sig1.getVersion(),
+                sig1.sigPck.hasNewPacketFormat(),
                 sig1.getSignatureType(),
                 sig1.getKeyID(),
                 sig1.getKeyAlgorithm(),

diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java
@@ -1,11 +1,14 @@
 package org.bouncycastle.openpgp;
 
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
 
+import org.bouncycastle.bcpg.BCPGOutputStream;
+import org.bouncycastle.bcpg.PacketFormat;
 import org.bouncycastle.bcpg.SignatureSubpacket;
 import org.bouncycastle.bcpg.SignatureSubpacketTags;
 import org.bouncycastle.bcpg.sig.EmbeddedSignature;
@@ -445,9 +448,16 @@ public void setEmbeddedSignature(boolean isCritical, PGPSignature pgpSignature)
     public void addEmbeddedSignature(boolean isCritical, PGPSignature pgpSignature)
         throws IOException
     {
-        byte[] sig = pgpSignature.getEncoded();
+        // Encode the signature forcing legacy packet format, such that we consistently cut off the proper amount
+        // of header bytes
+        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+        BCPGOutputStream pOut = new BCPGOutputStream(bOut, PacketFormat.LEGACY);
+        pgpSignature.encode(pOut);
+        pOut.close();
+        byte[] sig = bOut.toByteArray();
         byte[] data;
 
+        // Cut off the header bytes
         if (sig.length - 1 > 256)
         {
             data = new byte[sig.length - 3];