From 976708c3320a557f06587e5f3138ed79f85f1e33 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Mon, 24 Apr 2017 21:11:09 +0200
Subject: [PATCH] non primary keys can never certify

---
 .../keychain/pgp/CanonicalizedPublicKey.java                  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
index a3be4974a..d95cf9a31 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
@@ -90,6 +90,10 @@ public class CanonicalizedPublicKey extends UncachedPublicKey {
     }
 
     public boolean canCertify() {
+        if (!isMasterKey()) {
+            return false;
+        }
+
         // if key flags subpacket is available, honor it!
         if (getKeyUsage() != 0) {
             return (getKeyUsage() & KeyFlags.CERTIFY_OTHER) != 0;