From 005f93a4f30a9505093271554a8e7ab79011ace0 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 20 Apr 2017 10:54:34 +0200
Subject: [PATCH] don't set critical bit for empty revocation reason subpacket

---
 .../sufficientlysecure/keychain/pgp/PgpKeyOperation.java    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index cae4eca08..73fc8c5a7 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -1549,9 +1549,9 @@ public class PgpKeyOperation {
 
         throws IOException, PGPException, SignatureException {
         PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator();
-        // we use the tag NO_REASON since gnupg does not care about the tag while verifying
-        // signatures with a revoked key, the warning is the same
-        subHashedPacketsGen.setRevocationReason(true, RevocationReasonTags.NO_REASON, "");
+        // GnuPG adds an empty NO_REASON revocation reason packet, so we do the same
+        // see https://lists.gnupg.org/pipermail/gnupg-devel/2017-April/032779.html
+        subHashedPacketsGen.setRevocationReason(false, RevocationReasonTags.NO_REASON, "");
         subHashedPacketsGen.setSignatureCreationTime(true, creationTime);
         sGen.setHashedSubpackets(subHashedPacketsGen.generate());
         sGen.init(PGPSignature.CERTIFICATION_REVOCATION, masterPrivateKey);