mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-12-25 00:18:51 -05:00
only check for primary binding certificate if key algorithm even supports signing
This commit is contained in:
parent
4782d22e26
commit
c0abae5cc3
@ -618,17 +618,23 @@ public class UncachedKeyRing {
|
|||||||
|
|
||||||
boolean needsPrimaryBinding = false;
|
boolean needsPrimaryBinding = false;
|
||||||
|
|
||||||
// if this certificate says it allows signing for the key
|
// If the algorithm is even suitable for signing
|
||||||
if (zert.getHashedSubPackets() != null &&
|
if (key.getAlgorithm() != PublicKeyAlgorithmTags.ELGAMAL_ENCRYPT
|
||||||
zert.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.KEY_FLAGS)) {
|
&& key.getAlgorithm() != PublicKeyAlgorithmTags.RSA_ENCRYPT) {
|
||||||
int flags = ((KeyFlags) zert.getHashedSubPackets()
|
|
||||||
.getSubpacket(SignatureSubpacketTags.KEY_FLAGS)).getFlags();
|
// If this certificate says it allows signing for the key
|
||||||
if ((flags & PGPKeyFlags.CAN_SIGN) == PGPKeyFlags.CAN_SIGN) {
|
if (zert.getHashedSubPackets() != null &&
|
||||||
|
zert.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.KEY_FLAGS)) {
|
||||||
|
int flags = ((KeyFlags) zert.getHashedSubPackets()
|
||||||
|
.getSubpacket(SignatureSubpacketTags.KEY_FLAGS)).getFlags();
|
||||||
|
if ((flags & PGPKeyFlags.CAN_SIGN) == PGPKeyFlags.CAN_SIGN) {
|
||||||
|
needsPrimaryBinding = true;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// If there are no key flags, we STILL require this because the key can sign!
|
||||||
needsPrimaryBinding = true;
|
needsPrimaryBinding = true;
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
// If there are no key flags, we STILL require this because the key can sign!
|
|
||||||
needsPrimaryBinding = true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// If this key can sign, it MUST have a primary key binding certificate
|
// If this key can sign, it MUST have a primary key binding certificate
|
||||||
|
Loading…
Reference in New Issue
Block a user