don't set critical bit for empty revocation reason subpacket

2017-04-20 10:54:34 +02:00
parent 93010e3926
commit 005f93a4f3
1 changed files with 3 additions and 3 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -1549,9 +1549,9 @@ public class PgpKeyOperation {

        throws IOException, PGPException, SignatureException {
        PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator();
-        // we use the tag NO_REASON since gnupg does not care about the tag while verifying
-        // signatures with a revoked key, the warning is the same
-        subHashedPacketsGen.setRevocationReason(true, RevocationReasonTags.NO_REASON, "");
+        // GnuPG adds an empty NO_REASON revocation reason packet, so we do the same
+        // see https://lists.gnupg.org/pipermail/gnupg-devel/2017-April/032779.html
+        subHashedPacketsGen.setRevocationReason(false, RevocationReasonTags.NO_REASON, "");
        subHashedPacketsGen.setSignatureCreationTime(true, creationTime);
        sGen.setHashedSubpackets(subHashedPacketsGen.generate());
        sGen.init(PGPSignature.CERTIFICATION_REVOCATION, masterPrivateKey);