diff options
| author | Dominik Schürmann <dominik@dominikschuermann.de> | 2014-01-14 21:19:56 +0100 |
|---|---|---|
| committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2014-01-14 21:19:56 +0100 |
| commit | 7cde5c89d02e8891be3d1910de87705cb178ec58 (patch) | |
| tree | 1091d1a3a60d55a5c07aa016a50021066aefc83b /OpenPGP-Keychain/src/org | |
| parent | 59217ec9baa12b8a0dc26f8ff40877226ead167e (diff) | |
| parent | 7544d189d08e2d2213d3ec8686d617c007030092 (diff) | |
| download | open-keychain-7cde5c89d02e8891be3d1910de87705cb178ec58.tar.gz open-keychain-7cde5c89d02e8891be3d1910de87705cb178ec58.tar.bz2 open-keychain-7cde5c89d02e8891be3d1910de87705cb178ec58.zip | |
Merge branch 'master' of github.com:dschuermann/openpgp-keychain
Diffstat (limited to 'OpenPGP-Keychain/src/org')
| -rw-r--r-- | OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java index 2cbfed28b..e07c802b7 100644 --- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java +++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java @@ -289,6 +289,8 @@ public class PgpKeyOperation { updateProgress(R.string.progress_certifying_master_key, 20, 100); + //TODO: if we are editing a key, keep old certs, don't remake certs we don't have to. + for (String userId : userIds) { PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder( masterPublicKey.getAlgorithm(), HashAlgorithmTags.SHA1) @@ -302,8 +304,6 @@ public class PgpKeyOperation { masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, certification); } - // TODO: cross-certify the master key with every sub key (APG 1) - PGPKeyPair masterKeyPair = new PGPKeyPair(masterPublicKey, masterPrivateKey); PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator(); @@ -374,13 +374,21 @@ public class PgpKeyOperation { usageId = keysUsages.get(i); canSign = (usageId == Id.choice.usage.sign_only || usageId == Id.choice.usage.sign_and_encrypt); canEncrypt = (usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt); - if (canSign) { + if (canSign) { //TODO: ensure signing times are the same, like gpg keyFlags |= KeyFlags.SIGN_DATA; + //cross-certify signing keys + PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder( + subKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1) + .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); + PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder); + sGen.init(PGPSignature.PRIMARYKEY_BINDING, subPrivateKey); + PGPSignature certification = sGen.generateCertification(masterPublicKey, subPublicKey); + unhashedPacketsGen.setEmbeddedSignature(false, certification); } if (canEncrypt) { keyFlags |= KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE; } - hashedPacketsGen.setKeyFlags(true, keyFlags); + hashedPacketsGen.setKeyFlags(false, keyFlags); // TODO: this doesn't work quite right yet (APG 1) // if (keyEditor.getExpiryDate() != null) { |