certify: sign individual UIDs

direct signing of pubkeys is out for now. not sure how this should be handled, but it's trivial to re-add so leaving this up for discussion for now.
2014-03-15 18:12:44 +01:00
parent a3224687f6
commit 95be228b47
3 changed files with 31 additions and 12 deletions
--- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -408,7 +408,16 @@ public class PgpKeyOperation {
        updateProgress(R.string.progress_done, 100, 100);
    }

-    public PGPPublicKeyRing certifyKey(long masterKeyId, long pubKeyId, String passphrase)
+    /**
+     * Certify the given pubkeyid with the given masterkeyid.
+     *
+     * @param masterKeyId Certifying key, must be available as secret key
+     * @param pubKeyId ID of public key to certify
+     * @param userIds User IDs to certify, must not be null or empty
+     * @param passphrase Passphrase of the secret key
+     * @return A keyring with added certifications
+     */
+    public PGPPublicKeyRing certifyKey(long masterKeyId, long pubKeyId, List<String> userIds, String passphrase)
            throws PgpGeneralException, NoSuchAlgorithmException, NoSuchProviderException,
            PGPException, SignatureException {
        if (passphrase == null) {
@@ -437,7 +446,7 @@ public class PgpKeyOperation {
                        .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);

                signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
-                signatureGenerator.init(PGPSignature.DIRECT_KEY, signaturePrivateKey);
+                signatureGenerator.init(PGPSignature.DEFAULT_CERTIFICATION, signaturePrivateKey);
            }

            { // supply signatureGenerator with a SubpacketVector
@@ -449,8 +458,11 @@ public class PgpKeyOperation {
            // fetch public key ring, add the certification and return it
            PGPPublicKeyRing pubring = ProviderHelper
                    .getPGPPublicKeyRingByKeyId(mContext, pubKeyId);
-            PGPPublicKey signedKey = PGPPublicKey.addCertification(pubring.getPublicKey(pubKeyId),
-                    signatureGenerator.generate());
+            PGPPublicKey signedKey = pubring.getPublicKey(pubKeyId);
+            for(String userId : new IterableIterator<String>(userIds.iterator())) {
+                PGPSignature sig = signatureGenerator.generateCertification(userId, signedKey);
+                signedKey = PGPPublicKey.addCertification(signedKey, userId, sig);
+            }
            pubring = PGPPublicKeyRing.insertPublicKey(pubring, signedKey);

            return pubring;