diff options
| author | Dominik Schürmann <dominik@dominikschuermann.de> | 2014-08-19 15:23:37 +0200 |
|---|---|---|
| committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2014-08-19 15:23:37 +0200 |
| commit | 8d668d170c41959897aa78e2f0acc9fac7168d36 (patch) | |
| tree | 019e5da6eab924c16c689334c6bc75ec3ac82f78 /OpenKeychain/src | |
| parent | 68cce5c0c85aea44257f294369a0abe316dd2347 (diff) | |
| download | open-keychain-8d668d170c41959897aa78e2f0acc9fac7168d36.tar.gz open-keychain-8d668d170c41959897aa78e2f0acc9fac7168d36.tar.bz2 open-keychain-8d668d170c41959897aa78e2f0acc9fac7168d36.zip | |
Notes about criticality
Diffstat (limited to 'OpenKeychain/src')
| -rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java index 6228b36ac..b4e21cc0e 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java @@ -914,13 +914,26 @@ public class PgpKeyOperation { PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator(); { - hashedPacketsGen.setSignatureCreationTime(true, new Date()); + /* + * From RFC about critical subpackets: + * If a subpacket is encountered that is + * marked critical but is unknown to the evaluating software, the + * evaluator SHOULD consider the signature to be in error. + * An evaluator may "recognize" a subpacket, but not implement it. The + * purpose of the critical bit is to allow the signer to tell an + * evaluator that it would prefer a new, unknown feature to generate an + * error than be ignored. + */ + /* non-critical subpackets: */ hashedPacketsGen.setPreferredSymmetricAlgorithms(false, PREFERRED_SYMMETRIC_ALGORITHMS); hashedPacketsGen.setPreferredHashAlgorithms(false, PREFERRED_HASH_ALGORITHMS); hashedPacketsGen.setPreferredCompressionAlgorithms(false, PREFERRED_COMPRESSION_ALGORITHMS); + hashedPacketsGen.setPrimaryUserID(false, primary); + + /* critical subpackets: */ + hashedPacketsGen.setSignatureCreationTime(true, new Date()); // Request that senders add the MDC to the message (authenticate unsigned messages) hashedPacketsGen.setFeature(true, Features.FEATURE_MODIFICATION_DETECTION); - hashedPacketsGen.setPrimaryUserID(false, primary); hashedPacketsGen.setKeyFlags(true, flags); if (expiry > 0) { hashedPacketsGen.setKeyExpirationTime( |