mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-11-11 11:35:07 -05:00
new keys are cross-certified
This commit is contained in:
parent
92aa5b36bb
commit
71fd7574ec
@ -17,7 +17,6 @@ And don't add newlines before or after p tags because of transifex -->
|
|||||||
<ul>
|
<ul>
|
||||||
<li>K9 Mail integration not published</li>
|
<li>K9 Mail integration not published</li>
|
||||||
<li>Importing existing keys will be stripped of certificates right now</li>
|
<li>Importing existing keys will be stripped of certificates right now</li>
|
||||||
<li>Key cross-certification is NOT supported, so signing with those keys will get a warning when the signature is checked.</li>
|
|
||||||
<li>PGP/MIME in K9 Mail is missing</li>
|
<li>PGP/MIME in K9 Mail is missing</li>
|
||||||
</ul>
|
</ul>
|
||||||
<p>If you want to contribute, fork it and do a pull request on Github: <a href="https://github.com/dschuermann/openpgp-keychain">https://github.com/dschuermann/openpgp-keychain</a></p>
|
<p>If you want to contribute, fork it and do a pull request on Github: <a href="https://github.com/dschuermann/openpgp-keychain">https://github.com/dschuermann/openpgp-keychain</a></p>
|
||||||
@ -25,4 +24,4 @@ And don't add newlines before or after p tags because of transifex -->
|
|||||||
<h2>I found a bug in OpenPGP Keychain!</h2>
|
<h2>I found a bug in OpenPGP Keychain!</h2>
|
||||||
<p>Please report it in the <a href="https://github.com/dschuermann/openpgp-keychain/issues">issue tracker of OpenPGP Keychain</a>.</p>
|
<p>Please report it in the <a href="https://github.com/dschuermann/openpgp-keychain/issues">issue tracker of OpenPGP Keychain</a>.</p>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
@ -289,6 +289,8 @@ public class PgpKeyOperation {
|
|||||||
|
|
||||||
updateProgress(R.string.progress_certifying_master_key, 20, 100);
|
updateProgress(R.string.progress_certifying_master_key, 20, 100);
|
||||||
|
|
||||||
|
//TODO: if we are editing a key, keep old certs, don't remake certs we don't have to.
|
||||||
|
|
||||||
for (String userId : userIds) {
|
for (String userId : userIds) {
|
||||||
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
|
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
|
||||||
masterPublicKey.getAlgorithm(), HashAlgorithmTags.SHA1)
|
masterPublicKey.getAlgorithm(), HashAlgorithmTags.SHA1)
|
||||||
@ -302,8 +304,6 @@ public class PgpKeyOperation {
|
|||||||
masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, certification);
|
masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, certification);
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: cross-certify the master key with every sub key (APG 1)
|
|
||||||
|
|
||||||
PGPKeyPair masterKeyPair = new PGPKeyPair(masterPublicKey, masterPrivateKey);
|
PGPKeyPair masterKeyPair = new PGPKeyPair(masterPublicKey, masterPrivateKey);
|
||||||
|
|
||||||
PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
|
PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
|
||||||
@ -374,13 +374,21 @@ public class PgpKeyOperation {
|
|||||||
usageId = keysUsages.get(i);
|
usageId = keysUsages.get(i);
|
||||||
canSign = (usageId == Id.choice.usage.sign_only || usageId == Id.choice.usage.sign_and_encrypt);
|
canSign = (usageId == Id.choice.usage.sign_only || usageId == Id.choice.usage.sign_and_encrypt);
|
||||||
canEncrypt = (usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt);
|
canEncrypt = (usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt);
|
||||||
if (canSign) {
|
if (canSign) { //TODO: ensure signing times are the same, like gpg
|
||||||
keyFlags |= KeyFlags.SIGN_DATA;
|
keyFlags |= KeyFlags.SIGN_DATA;
|
||||||
|
//cross-certify signing keys
|
||||||
|
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
|
||||||
|
subKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1)
|
||||||
|
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
||||||
|
PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
|
||||||
|
sGen.init(PGPSignature.PRIMARYKEY_BINDING, subPrivateKey);
|
||||||
|
PGPSignature certification = sGen.generateCertification(masterPublicKey, subPublicKey);
|
||||||
|
unhashedPacketsGen.setEmbeddedSignature(false, certification);
|
||||||
}
|
}
|
||||||
if (canEncrypt) {
|
if (canEncrypt) {
|
||||||
keyFlags |= KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE;
|
keyFlags |= KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE;
|
||||||
}
|
}
|
||||||
hashedPacketsGen.setKeyFlags(true, keyFlags);
|
hashedPacketsGen.setKeyFlags(false, keyFlags);
|
||||||
|
|
||||||
// TODO: this doesn't work quite right yet (APG 1)
|
// TODO: this doesn't work quite right yet (APG 1)
|
||||||
// if (keyEditor.getExpiryDate() != null) {
|
// if (keyEditor.getExpiryDate() != null) {
|
||||||
|
Loading…
Reference in New Issue
Block a user