From 358ab7d7e44314acc4659809e6f7a3e8b78b532b Mon Sep 17 00:00:00 2001
From: Ashley Hughes <spirit.returned@gmail.com>
Date: Thu, 30 Jan 2014 09:50:56 +0000
Subject: binding signatures have the same creation time

---
 .../java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java  | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'OpenPGP-Keychain/src/main/java')

diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 8a7dc9fa4..eed0ed256 100644
--- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -379,14 +379,19 @@ public class PgpKeyOperation {
             usageId = keysUsages.get(i);
             canSign = (usageId == Id.choice.usage.sign_only || usageId == Id.choice.usage.sign_and_encrypt);
             canEncrypt = (usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt);
-            if (canSign) { // TODO: ensure signing times are the same, like gpg
+            if (canSign) {
+                Date todayDate = new Date(); //both sig times the same
                 keyFlags |= KeyFlags.SIGN_DATA;
                 // cross-certify signing keys
+                hashedPacketsGen.setSignatureCreationTime(false, todayDate); //set outer creation time
+                PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator();
+                subHashedPacketsGen.setSignatureCreationTime(false, todayDate); //set inner creation time
                 PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
                         subPublicKey.getAlgorithm(), PGPUtil.SHA1)
                         .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
                 PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
                 sGen.init(PGPSignature.PRIMARYKEY_BINDING, subPrivateKey);
+                sGen.setHashedSubpackets(subHashedPacketsGen.generate());
                 PGPSignature certification = sGen.generateCertification(masterPublicKey,
                         subPublicKey);
                 unhashedPacketsGen.setEmbeddedSignature(false, certification);
-- 
cgit v1.2.3