new keys are cross-certified

author: Ashley Hughes <spirit.returned@gmail.com> 2014-01-13 14:36:30 +0000
committer: Ashley Hughes <spirit.returned@gmail.com> 2014-01-13 14:36:30 +0000
commit: 71fd7574ec3e02375524db2d65d10e9781115e5c (patch)
tree: 562bd04442d08de4268495689bbf14c777582c18 /OpenPGP-Keychain/src/org/sufficientlysecure
parent: 92aa5b36bba57e4927f146d49c9f124a37b7b5f9 (diff)
download: open-keychain-71fd7574ec3e02375524db2d65d10e9781115e5c.tar.gz
open-keychain-71fd7574ec3e02375524db2d65d10e9781115e5c.tar.bz2
open-keychain-71fd7574ec3e02375524db2d65d10e9781115e5c.zip
1 files changed, 12 insertions, 4 deletions
diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 2cbfed28b..e07c802b7 100644
--- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -289,6 +289,8 @@ public class PgpKeyOperation {
 
         updateProgress(R.string.progress_certifying_master_key, 20, 100);
 
+        //TODO: if we are editing a key, keep old certs, don't remake certs we don't have to.
+
         for (String userId : userIds) {
             PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
                     masterPublicKey.getAlgorithm(), HashAlgorithmTags.SHA1)
@@ -302,8 +304,6 @@ public class PgpKeyOperation {
             masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, certification);
         }
 
-        // TODO: cross-certify the master key with every sub key (APG 1)
-
         PGPKeyPair masterKeyPair = new PGPKeyPair(masterPublicKey, masterPrivateKey);
 
         PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
@@ -374,13 +374,21 @@ public class PgpKeyOperation {
             usageId = keysUsages.get(i);
             canSign = (usageId == Id.choice.usage.sign_only || usageId == Id.choice.usage.sign_and_encrypt);
             canEncrypt = (usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt);
-            if (canSign) {
+            if (canSign) { //TODO: ensure signing times are the same, like gpg
                 keyFlags |= KeyFlags.SIGN_DATA;
+                //cross-certify signing keys
+                PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
+                    subKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1)
+                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
+                PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
+                sGen.init(PGPSignature.PRIMARYKEY_BINDING, subPrivateKey);
+                PGPSignature certification = sGen.generateCertification(masterPublicKey, subPublicKey);
+                unhashedPacketsGen.setEmbeddedSignature(false, certification);
             }
             if (canEncrypt) {
                 keyFlags |= KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE;
             }
-            hashedPacketsGen.setKeyFlags(true, keyFlags);
+            hashedPacketsGen.setKeyFlags(false, keyFlags);
 
             // TODO: this doesn't work quite right yet (APG 1)
             // if (keyEditor.getExpiryDate() != null) {
author	Ashley Hughes <spirit.returned@gmail.com>	2014-01-13 14:36:30 +0000
committer	Ashley Hughes <spirit.returned@gmail.com>	2014-01-13 14:36:30 +0000
commit	71fd7574ec3e02375524db2d65d10e9781115e5c (patch)
tree	562bd04442d08de4268495689bbf14c777582c18 /OpenPGP-Keychain/src/org/sufficientlysecure
parent	92aa5b36bba57e4927f146d49c9f124a37b7b5f9 (diff)
download	open-keychain-71fd7574ec3e02375524db2d65d10e9781115e5c.tar.gz open-keychain-71fd7574ec3e02375524db2d65d10e9781115e5c.tar.bz2 open-keychain-71fd7574ec3e02375524db2d65d10e9781115e5c.zip