cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new keys are cross-certified

Browse Source
This commit is contained in:
Ashley Hughes
2014-01-13 14:36:30 +00:00
parent 92aa5b36bb
commit 71fd7574ec
2 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
View File

@@ -289,6 +289,8 @@ public class PgpKeyOperation {
updateProgress(R.string.progress_certifying_master_key, 20, 100);
//TODO: if we are editing a key, keep old certs, don't remake certs we don't have to.
for (String userId : userIds) {
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
masterPublicKey.getAlgorithm(), HashAlgorithmTags.SHA1)
@@ -302,8 +304,6 @@ public class PgpKeyOperation {
masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, certification);
}
// TODO: cross-certify the master key with every sub key (APG 1)
PGPKeyPair masterKeyPair = new PGPKeyPair(masterPublicKey, masterPrivateKey);
PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
@@ -374,13 +374,21 @@ public class PgpKeyOperation {
usageId = keysUsages.get(i);
canSign = (usageId == Id.choice.usage.sign_only || usageId == Id.choice.usage.sign_and_encrypt);
canEncrypt = (usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt);
if (canSign) {
if (canSign) { //TODO: ensure signing times are the same, like gpg
keyFlags |= KeyFlags.SIGN_DATA;
//cross-certify signing keys
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
subKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1)
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
sGen.init(PGPSignature.PRIMARYKEY_BINDING, subPrivateKey);
PGPSignature certification = sGen.generateCertification(masterPublicKey, subPublicKey);
unhashedPacketsGen.setEmbeddedSignature(false, certification);
}
if (canEncrypt) {
keyFlags |= KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE;
}
hashedPacketsGen.setKeyFlags(true, keyFlags);
hashedPacketsGen.setKeyFlags(false, keyFlags);
// TODO: this doesn't work quite right yet (APG 1)
// if (keyEditor.getExpiryDate() != null) {