Notes about criticality

author: Dominik Schürmann <dominik@dominikschuermann.de> 2014-08-19 15:23:37 +0200
committer: Dominik Schürmann <dominik@dominikschuermann.de> 2014-08-19 15:23:37 +0200
commit: 8d668d170c41959897aa78e2f0acc9fac7168d36 (patch)
tree: 019e5da6eab924c16c689334c6bc75ec3ac82f78 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
parent: 68cce5c0c85aea44257f294369a0abe316dd2347 (diff)
download: open-keychain-8d668d170c41959897aa78e2f0acc9fac7168d36.tar.gz
open-keychain-8d668d170c41959897aa78e2f0acc9fac7168d36.tar.bz2
open-keychain-8d668d170c41959897aa78e2f0acc9fac7168d36.zip
1 files changed, 15 insertions, 2 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 6228b36ac..b4e21cc0e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -914,13 +914,26 @@ public class PgpKeyOperation {
 
         PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
         {
-            hashedPacketsGen.setSignatureCreationTime(true, new Date());
+            /*
+             * From RFC about critical subpackets:
+             * If a subpacket is encountered that is
+             * marked critical but is unknown to the evaluating software, the
+             * evaluator SHOULD consider the signature to be in error.
+             * An evaluator may "recognize" a subpacket, but not implement it.  The
+             * purpose of the critical bit is to allow the signer to tell an
+             * evaluator that it would prefer a new, unknown feature to generate an
+             * error than be ignored.
+             */
+            /* non-critical subpackets: */
             hashedPacketsGen.setPreferredSymmetricAlgorithms(false, PREFERRED_SYMMETRIC_ALGORITHMS);
             hashedPacketsGen.setPreferredHashAlgorithms(false, PREFERRED_HASH_ALGORITHMS);
             hashedPacketsGen.setPreferredCompressionAlgorithms(false, PREFERRED_COMPRESSION_ALGORITHMS);
+            hashedPacketsGen.setPrimaryUserID(false, primary);
+
+            /* critical subpackets: */
+            hashedPacketsGen.setSignatureCreationTime(true, new Date());
             // Request that senders add the MDC to the message (authenticate unsigned messages)
             hashedPacketsGen.setFeature(true, Features.FEATURE_MODIFICATION_DETECTION);
-            hashedPacketsGen.setPrimaryUserID(false, primary);
             hashedPacketsGen.setKeyFlags(true, flags);
             if (expiry > 0) {
                 hashedPacketsGen.setKeyExpirationTime(
author	Dominik Schürmann <dominik@dominikschuermann.de>	2014-08-19 15:23:37 +0200
committer	Dominik Schürmann <dominik@dominikschuermann.de>	2014-08-19 15:23:37 +0200
commit	8d668d170c41959897aa78e2f0acc9fac7168d36 (patch)
tree	019e5da6eab924c16c689334c6bc75ec3ac82f78 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
parent	68cce5c0c85aea44257f294369a0abe316dd2347 (diff)
download	open-keychain-8d668d170c41959897aa78e2f0acc9fac7168d36.tar.gz open-keychain-8d668d170c41959897aa78e2f0acc9fac7168d36.tar.bz2 open-keychain-8d668d170c41959897aa78e2f0acc9fac7168d36.zip