From 7e84c6439730ff4a0f1217928b62720d69449b51 Mon Sep 17 00:00:00 2001
From: "\"sudhi@herle.net\"" <"sudhi@herle.net">
Date: Thu, 27 Oct 2016 13:52:17 -0700
Subject: [PATCH] Add a check for incorrect public key.

---
 sigtool.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sigtool.go b/sigtool.go
index 597b58a..98350e4 100644
--- a/sigtool.go
+++ b/sigtool.go
@@ -203,12 +203,13 @@ func verify(s *options.Spec, opt *options.Options) {
     fn := opt.Args[2]
 
     sig, err := sign.ReadSignature(sn)
-    if err != nil { die("%s: Can't read signature %s: %s", Z, sn, err) }
-
+    if err != nil { die("%s: Can't read signature '%s': %s", Z, sn, err) }
 
     pk, err := sign.ReadPublicKey(pn)
     if err != nil { die("%s: %s", Z, err) }
 
+    if !sig.IsPKMatch(pk) { die("Wrong public key '%s' for verifying '%s'", pn, sn) }
+
     ok, err := pk.VerifyFile(fn, sig)
     if err != nil { die("%s: %s", Z, err) }