From f30900d085f38034708f62f94e46a38f222d4cb7 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Wed, 20 May 2015 12:47:02 +0200
Subject: add user id flags to UserAttribute self signatures

---
 .../keychain/pgp/PgpKeyOperation.java              | 33 +++++++++++++---------
 1 file changed, 20 insertions(+), 13 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 89db378a9..2f771d8f2 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -553,7 +553,8 @@ public class PgpKeyOperation {
                         PGPSignature cert = generateUserAttributeSignature(
                                 getSignatureGenerator(masterSecretKey, cryptoInput),
                                 cryptoInput.getSignatureTime(),
-                                masterPrivateKey, masterPublicKey, vector);
+                                masterPrivateKey, masterPublicKey, vector,
+                                masterKeyFlags, masterKeyExpiry);
                         modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, vector, cert);
                     } catch (NfcInteractionNeeded e) {
                         nfcSignOps.addHash(e.hashToSign, e.hashAlgo);
@@ -1319,11 +1320,9 @@ public class PgpKeyOperation {
 
     }
 
-    private PGPSignature generateUserIdSignature(
-            PGPSignatureGenerator sGen, Date creationTime,
-            PGPPrivateKey masterPrivateKey, PGPPublicKey pKey, String userId, boolean primary,
-            int flags, long expiry)
-            throws IOException, PGPException, SignatureException {
+    private static PGPSignatureSubpacketGenerator generateHashedSelfSigSubpackets(
+            Date creationTime, PGPPublicKey pKey, boolean primary, int flags, long expiry
+    ) {
 
         PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
         {
@@ -1357,6 +1356,17 @@ public class PgpKeyOperation {
             }
         }
 
+        return hashedPacketsGen;
+    }
+
+    private static PGPSignature generateUserIdSignature(
+            PGPSignatureGenerator sGen, Date creationTime,
+            PGPPrivateKey masterPrivateKey, PGPPublicKey pKey, String userId, boolean primary,
+            int flags, long expiry)
+            throws IOException, PGPException, SignatureException {
+
+        PGPSignatureSubpacketGenerator hashedPacketsGen =
+                generateHashedSelfSigSubpackets(creationTime, pKey, primary, flags, expiry);
         sGen.setHashedSubpackets(hashedPacketsGen.generate());
         sGen.init(PGPSignature.POSITIVE_CERTIFICATION, masterPrivateKey);
         return sGen.generateCertification(userId, pKey);
@@ -1365,15 +1375,12 @@ public class PgpKeyOperation {
     private static PGPSignature generateUserAttributeSignature(
             PGPSignatureGenerator sGen, Date creationTime,
             PGPPrivateKey masterPrivateKey, PGPPublicKey pKey,
-            PGPUserAttributeSubpacketVector vector)
+            PGPUserAttributeSubpacketVector vector,
+            int flags, long expiry)
                 throws IOException, PGPException, SignatureException {
 
-        PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
-        {
-            /* critical subpackets: we consider those important for a modern pgp implementation */
-            hashedPacketsGen.setSignatureCreationTime(true, creationTime);
-        }
-
+        PGPSignatureSubpacketGenerator hashedPacketsGen =
+                generateHashedSelfSigSubpackets(creationTime, pKey, false, flags, expiry);
         sGen.setHashedSubpackets(hashedPacketsGen.generate());
         sGen.init(PGPSignature.POSITIVE_CERTIFICATION, masterPrivateKey);
         return sGen.generateCertification(vector, pKey);
-- 
cgit v1.2.3


From 8de0d9e6da63c6755b86c6b9850def057e4bd8c0 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Thu, 28 May 2015 14:41:26 +0200
Subject: create keys with fixed timestamp

---
 .../sufficientlysecure/keychain/pgp/PgpKeyOperation.java   | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 2f771d8f2..991d013ae 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -151,7 +151,7 @@ public class PgpKeyOperation {
     }
 
     /** Creates new secret key. */
-    private PGPKeyPair createKey(SubkeyAdd add, OperationLog log, int indent) {
+    private PGPKeyPair createKey(SubkeyAdd add, Date creationTime, OperationLog log, int indent) {
 
         try {
             // Some safety checks
@@ -249,7 +249,7 @@ public class PgpKeyOperation {
             }
 
             // build new key pair
-            return new JcaPGPKeyPair(algorithm, keyGen.generateKeyPair(), new Date());
+            return new JcaPGPKeyPair(algorithm, keyGen.generateKeyPair(), creationTime);
 
         } catch(NoSuchProviderException | InvalidAlgorithmParameterException e) {
             throw new RuntimeException(e);
@@ -295,8 +295,10 @@ public class PgpKeyOperation {
                 return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
             }
 
+            Date creationTime = new Date();
+
             subProgressPush(10, 30);
-            PGPKeyPair keyPair = createKey(add, log, indent);
+            PGPKeyPair keyPair = createKey(add, creationTime, log, indent);
             subProgressPop();
 
             // return null if this failed (an error will already have been logged by createKey)
@@ -323,8 +325,8 @@ public class PgpKeyOperation {
                     masterSecretKey.getEncoded(), new JcaKeyFingerprintCalculator());
 
             subProgressPush(50, 100);
-            CryptoInputParcel cryptoInput = new CryptoInputParcel(new Date(), new Passphrase(""));
-            return internal(sKR, masterSecretKey, add.mFlags, add.mExpiry, cryptoInput, saveParcel, log);
+            CryptoInputParcel cryptoInput = new CryptoInputParcel(creationTime, new Passphrase(""));
+            return internal(sKR, masterSecretKey, add.mFlags, add.mExpiry, cryptoInput, saveParcel, log, indent);
 
         } catch (PGPException e) {
             log.add(LogType.MSG_CR_ERROR_INTERNAL_PGP, indent);
@@ -900,7 +902,7 @@ public class PgpKeyOperation {
                     (i-1) * (100 / saveParcel.mAddSubKeys.size()),
                     i * (100 / saveParcel.mAddSubKeys.size())
                 );
-                PGPKeyPair keyPair = createKey(add, log, indent);
+                PGPKeyPair keyPair = createKey(add, cryptoInput.getSignatureTime(), log, indent);
                 subProgressPop();
                 if (keyPair == null) {
                     log.add(LogType.MSG_MF_ERROR_PGP, indent +1);
-- 
cgit v1.2.3