only check for primary binding certificate if key algorithm even supports signing

author: Vincent Breitmoser <valodim@mugenguild.com> 2014-09-28 03:53:14 +0200
committer: Vincent Breitmoser <valodim@mugenguild.com> 2014-09-28 03:53:14 +0200
commit: c0abae5cc366eb4fc0ed89cbf44e4d2ab8aa7893 (patch)
tree: 82bb80202b1c59dad005e8993266d0c812bced1c /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
parent: 4782d22e264481ef53432d08e79565bc4bc7b2c6 (diff)
download: open-keychain-c0abae5cc366eb4fc0ed89cbf44e4d2ab8aa7893.tar.gz
open-keychain-c0abae5cc366eb4fc0ed89cbf44e4d2ab8aa7893.tar.bz2
open-keychain-c0abae5cc366eb4fc0ed89cbf44e4d2ab8aa7893.zip
1 files changed, 15 insertions, 9 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
index 99a0ef94e..0e9377890 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
@@ -618,17 +618,23 @@ public class UncachedKeyRing {
 
                     boolean needsPrimaryBinding = false;
 
-                    // if this certificate says it allows signing for the key
-                    if (zert.getHashedSubPackets() != null &&
-                            zert.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.KEY_FLAGS)) {
-                        int flags = ((KeyFlags) zert.getHashedSubPackets()
-                                .getSubpacket(SignatureSubpacketTags.KEY_FLAGS)).getFlags();
-                        if ((flags & PGPKeyFlags.CAN_SIGN) == PGPKeyFlags.CAN_SIGN) {
+                    // If the algorithm is even suitable for signing
+                    if (key.getAlgorithm() != PublicKeyAlgorithmTags.ELGAMAL_ENCRYPT
+                            && key.getAlgorithm() != PublicKeyAlgorithmTags.RSA_ENCRYPT) {
+
+                        // If this certificate says it allows signing for the key
+                        if (zert.getHashedSubPackets() != null &&
+                                zert.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.KEY_FLAGS)) {
+                            int flags = ((KeyFlags) zert.getHashedSubPackets()
+                                    .getSubpacket(SignatureSubpacketTags.KEY_FLAGS)).getFlags();
+                            if ((flags & PGPKeyFlags.CAN_SIGN) == PGPKeyFlags.CAN_SIGN) {
+                                needsPrimaryBinding = true;
+                            }
+                        } else {
+                            // If there are no key flags, we STILL require this because the key can sign!
                             needsPrimaryBinding = true;
                         }
-                    } else {
-                        // If there are no key flags, we STILL require this because the key can sign!
-                        needsPrimaryBinding = true;
+
                     }
 
                     // If this key can sign, it MUST have a primary key binding certificate
author	Vincent Breitmoser <valodim@mugenguild.com>	2014-09-28 03:53:14 +0200
committer	Vincent Breitmoser <valodim@mugenguild.com>	2014-09-28 03:53:14 +0200
commit	c0abae5cc366eb4fc0ed89cbf44e4d2ab8aa7893 (patch)
tree	82bb80202b1c59dad005e8993266d0c812bced1c /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
parent	4782d22e264481ef53432d08e79565bc4bc7b2c6 (diff)
download	open-keychain-c0abae5cc366eb4fc0ed89cbf44e4d2ab8aa7893.tar.gz open-keychain-c0abae5cc366eb4fc0ed89cbf44e4d2ab8aa7893.tar.bz2 open-keychain-c0abae5cc366eb4fc0ed89cbf44e4d2ab8aa7893.zip