modifyKey: preserve master key flags

2025-01-11 21:48:17 -05:00 · 2014-07-11 02:49:51 +02:00 · 2014-07-11 02:49:51 +02:00 · 38ee6203ad
commit 38ee6203ad
parent dce2df4113
1 changed files with 22 additions and 5 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@ -200,7 +200,7 @@ public class PgpKeyOperation {
            PGPSecretKeyRing sKR = new PGPSecretKeyRing(
                    masterSecretKey.getEncoded(), new JcaKeyFingerprintCalculator());

-            return internal(sKR, masterSecretKey, saveParcel, "", log, indent);
+            return internal(sKR, masterSecretKey, add.mFlags, saveParcel, "", log, indent);

        } catch (PGPException e) {
            Log.e(Constants.TAG, "pgp error encoding key", e);
@ -262,11 +262,16 @@ public class PgpKeyOperation {
            return null;
        }

-        return internal(sKR, masterSecretKey, saveParcel, passphrase, log, indent);
+        // read masterKeyFlags, and use the same as before.
+        // since this is the master key, this contains at least CERTIFY_OTHER
+        int masterKeyFlags = readMasterKeyFlags(masterSecretKey.getPublicKey());
+
+        return internal(sKR, masterSecretKey, masterKeyFlags, saveParcel, passphrase, log, indent);

    }

    private UncachedKeyRing internal(PGPSecretKeyRing sKR, PGPSecretKey masterSecretKey,
+                                     int masterKeyFlags,
                                     SaveKeyringParcel saveParcel, String passphrase,
                                     OperationLog log, int indent) {

@ -323,8 +328,8 @@ public class PgpKeyOperation {
                        && userId.equals(saveParcel.changePrimaryUserId);
                // generate and add new certificate
                PGPSignature cert = generateUserIdSignature(masterPrivateKey,
-                        masterPublicKey, userId, isPrimary);
-                modifiedPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, cert);
+                        masterPublicKey, userId, isPrimary, masterKeyFlags);
+                modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, userId, cert);
            }

            // 2b. Add revocations for revoked user ids
@ -551,7 +556,7 @@ public class PgpKeyOperation {
    }

    private static PGPSignature generateUserIdSignature(
-            PGPPrivateKey masterPrivateKey, PGPPublicKey pKey, String userId, boolean primary)
+            PGPPrivateKey masterPrivateKey, PGPPublicKey pKey, String userId, boolean primary, int flags)
            throws IOException, PGPException, SignatureException {
        PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
                pKey.getAlgorithm(), PGPUtil.SHA1)
@ -563,6 +568,7 @@ public class PgpKeyOperation {
        subHashedPacketsGen.setPreferredHashAlgorithms(true, PREFERRED_HASH_ALGORITHMS);
        subHashedPacketsGen.setPreferredCompressionAlgorithms(true, PREFERRED_COMPRESSION_ALGORITHMS);
        subHashedPacketsGen.setPrimaryUserID(false, primary);
+        subHashedPacketsGen.setKeyFlags(false, flags);
        sGen.setHashedSubpackets(subHashedPacketsGen.generate());
        sGen.init(PGPSignature.POSITIVE_CERTIFICATION, masterPrivateKey);
        return sGen.generateCertification(userId, pKey);
@ -670,4 +676,15 @@ public class PgpKeyOperation {

    }

+    private static int readMasterKeyFlags(PGPPublicKey masterKey) {
+        int flags = KeyFlags.CERTIFY_OTHER;
+        for(PGPSignature sig : new IterableIterator<PGPSignature>(masterKey.getSignatures())) {
+            if (!sig.hasSubpackets()) {
+                continue;
+            }
+            flags |= sig.getHashedSubPackets().getKeyFlags();
+        }
+        return flags;
+    }
+
 }