ProtonMail · DmitriyMV · May 12, 2023
diff --git a/crypto/signature.go b/crypto/signature.go
@@ -240,7 +240,7 @@ func verifySignature(
 		}
 	} else {
 		config.Time = func() time.Time {
-			return time.Unix(verifyTime+internal.CreationTimeOffset, 0)
+			return time.Unix(verifyTime+internal.CreationTimeOffset, 999999999)
 		}
 	}
 
@@ -258,7 +258,7 @@ func verifySignature(
 			// Maybe the creation time offset pushed it over the edge
 			// Retry with the actual verification time
 			config.Time = func() time.Time {
-				return time.Unix(verifyTime, 0)
+				return time.Unix(verifyTime, 999999999)
 			}
 
 			seeker, ok := origText.(io.ReadSeeker)

diff --git a/crypto/signature_test.go b/crypto/signature_test.go
@@ -13,6 +13,7 @@ import (
 	"github.com/ProtonMail/go-crypto/openpgp"
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	"github.com/ProtonMail/gopenpgp/v2/constants"
 )
@@ -663,3 +664,33 @@ func Test_verifySignaturExpire(t *testing.T) {
 		t.Fatal(err)
 	}
 }
+
+func TestKeyNotExpired(t *testing.T) {
+	const lifetime = uint32(time.Hour / time.Second)
+
+	cfg := &packet.Config{
+		Algorithm:              packet.PubKeyAlgoEdDSA,
+		DefaultHash:            crypto.SHA256,
+		DefaultCipher:          packet.CipherAES256,
+		DefaultCompressionAlgo: packet.CompressionZLIB,
+		KeyLifetimeSecs:        lifetime,
+		SigLifetimeSecs:        lifetime,
+		Time:                   func() time.Time { return time.Unix(GetUnixTime(), 42) },
+	}
+
+	entity, err := openpgp.NewEntity("John Smith", "Linux", "john.smith@example.com", cfg)
+	require.NoError(t, err)
+	key, err := NewKeyFromEntity(entity)
+	require.NoError(t, err)
+	keyRing, err := NewKeyRing(key)
+	require.NoError(t, err)
+
+	data := []byte("Hello, World!")
+	message := NewPlainMessage(data)
+	signature, err := keyRing.SignDetached(message)
+	require.NoError(t, err)
+
+	sig := NewPGPSignature(signature.GetBinary())
+	err = keyRing.VerifyDetached(message, sig, GetUnixTime())
+	require.NoError(t, err)
+}
diff --git a/crypto/time.go b/crypto/time.go
@@ -43,7 +43,7 @@ func getNow() time.Time {
 		return time.Now()
 	}
 
-	return time.Unix(pgp.latestServerTime, 0)
+	return time.Unix(pgp.latestServerTime, 999999999)
 }
 
 // getTimeGenerator Returns a time generator function.