From c0abae5cc366eb4fc0ed89cbf44e4d2ab8aa7893 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Sun, 28 Sep 2014 03:53:14 +0200
Subject: only check for primary binding certificate if key algorithm even
 supports signing

---
 .../keychain/pgp/UncachedKeyRing.java              | 24 ++++++++++++++--------
 1 file changed, 15 insertions(+), 9 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
index 99a0ef94e..0e9377890 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
@@ -618,17 +618,23 @@ public class UncachedKeyRing {
 
                     boolean needsPrimaryBinding = false;
 
-                    // if this certificate says it allows signing for the key
-                    if (zert.getHashedSubPackets() != null &&
-                            zert.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.KEY_FLAGS)) {
-                        int flags = ((KeyFlags) zert.getHashedSubPackets()
-                                .getSubpacket(SignatureSubpacketTags.KEY_FLAGS)).getFlags();
-                        if ((flags & PGPKeyFlags.CAN_SIGN) == PGPKeyFlags.CAN_SIGN) {
+                    // If the algorithm is even suitable for signing
+                    if (key.getAlgorithm() != PublicKeyAlgorithmTags.ELGAMAL_ENCRYPT
+                            && key.getAlgorithm() != PublicKeyAlgorithmTags.RSA_ENCRYPT) {
+
+                        // If this certificate says it allows signing for the key
+                        if (zert.getHashedSubPackets() != null &&
+                                zert.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.KEY_FLAGS)) {
+                            int flags = ((KeyFlags) zert.getHashedSubPackets()
+                                    .getSubpacket(SignatureSubpacketTags.KEY_FLAGS)).getFlags();
+                            if ((flags & PGPKeyFlags.CAN_SIGN) == PGPKeyFlags.CAN_SIGN) {
+                                needsPrimaryBinding = true;
+                            }
+                        } else {
+                            // If there are no key flags, we STILL require this because the key can sign!
                             needsPrimaryBinding = true;
                         }
-                    } else {
-                        // If there are no key flags, we STILL require this because the key can sign!
-                        needsPrimaryBinding = true;
+
                     }
 
                     // If this key can sign, it MUST have a primary key binding certificate
-- 
cgit v1.2.3