From 8f40c6df5108f30dc424e4d802f49f3392738724 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Tue, 6 Oct 2015 15:06:36 +0200
Subject: use only primary and mutually bound subkeys for fingerprint
 verification

---
 .../org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java  | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java
index 18a27dd96..6f1e78ce6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java
@@ -154,8 +154,13 @@ public abstract class CanonicalizedKeyRing extends KeyRing {
         return getRing().getEncoded();
     }
 
-    public boolean containsSubkey(String expectedFingerprint) {
+    /// Returns true iff the keyring contains a primary key or mutually bound subkey with the expected fingerprint
+    public boolean containsBoundSubkey(String expectedFingerprint) {
         for (CanonicalizedPublicKey key : publicKeyIterator()) {
+            boolean isMasterOrMutuallyBound = key.isMasterKey() || key.canSign();
+            if (!isMasterOrMutuallyBound) {
+                continue;
+            }
             if (KeyFormattingUtils.convertFingerprintToHex(
                     key.getFingerprint()).equalsIgnoreCase(expectedFingerprint)) {
                 return true;
-- 
cgit v1.2.3