binding signatures have the same creation time

This commit is contained in:
Ashley Hughes 2014-01-30 09:50:56 +00:00
parent 39d24d6d9d
commit 358ab7d7e4

View File

@ -379,14 +379,19 @@ public class PgpKeyOperation {
usageId = keysUsages.get(i); usageId = keysUsages.get(i);
canSign = (usageId == Id.choice.usage.sign_only || usageId == Id.choice.usage.sign_and_encrypt); canSign = (usageId == Id.choice.usage.sign_only || usageId == Id.choice.usage.sign_and_encrypt);
canEncrypt = (usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt); canEncrypt = (usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt);
if (canSign) { // TODO: ensure signing times are the same, like gpg if (canSign) {
Date todayDate = new Date(); //both sig times the same
keyFlags |= KeyFlags.SIGN_DATA; keyFlags |= KeyFlags.SIGN_DATA;
// cross-certify signing keys // cross-certify signing keys
hashedPacketsGen.setSignatureCreationTime(false, todayDate); //set outer creation time
PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator();
subHashedPacketsGen.setSignatureCreationTime(false, todayDate); //set inner creation time
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder( PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
subPublicKey.getAlgorithm(), PGPUtil.SHA1) subPublicKey.getAlgorithm(), PGPUtil.SHA1)
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder); PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
sGen.init(PGPSignature.PRIMARYKEY_BINDING, subPrivateKey); sGen.init(PGPSignature.PRIMARYKEY_BINDING, subPrivateKey);
sGen.setHashedSubpackets(subHashedPacketsGen.generate());
PGPSignature certification = sGen.generateCertification(masterPublicKey, PGPSignature certification = sGen.generateCertification(masterPublicKey,
subPublicKey); subPublicKey);
unhashedPacketsGen.setEmbeddedSignature(false, certification); unhashedPacketsGen.setEmbeddedSignature(false, certification);