1 files changed, 45 insertions, 31 deletions

diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index adccc5ba3..fab456bf8 100644
--- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -386,8 +386,10 @@ public class PgpKeyOperation {
                     user attributes
          */
 
-        for (PGPSecretKey dKey : saveParcel.deletedKeys) {
-            mKR = PGPSecretKeyRing.removeSecretKey(mKR, dKey);
+        if (saveParcel.deletedKeys != null) {
+            for (PGPSecretKey dKey : saveParcel.deletedKeys) {
+                mKR = PGPSecretKeyRing.removeSecretKey(mKR, dKey);
+            }
         }
 
         masterKey = mKR.getSecretKey();
@@ -409,6 +411,31 @@ public class PgpKeyOperation {
 
         int user_id_index = 0;
         boolean anyIDChanged = false;
+
+        PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
+        PGPSignatureSubpacketGenerator unhashedPacketsGen = new PGPSignatureSubpacketGenerator();
+
+        hashedPacketsGen.setKeyFlags(true, usageId);
+
+        hashedPacketsGen.setPreferredSymmetricAlgorithms(true, PREFERRED_SYMMETRIC_ALGORITHMS);
+        hashedPacketsGen.setPreferredHashAlgorithms(true, PREFERRED_HASH_ALGORITHMS);
+        hashedPacketsGen.setPreferredCompressionAlgorithms(true, PREFERRED_COMPRESSION_ALGORITHMS);
+
+        if (saveParcel.keysExpiryDates.get(0) != null) {
+            GregorianCalendar creationDate = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
+            creationDate.setTime(masterPublicKey.getCreationTime());
+            GregorianCalendar expiryDate = saveParcel.keysExpiryDates.get(0);
+            //note that the below, (a/c) - (b/c) is *not* the same as (a - b) /c
+            //here we purposefully ignore partial days in each date - long type has no fractional part!
+            long numDays = (expiryDate.getTimeInMillis() / 86400000) - (creationDate.getTimeInMillis() / 86400000);
+            if (numDays <= 0)
+                throw new PgpGeneralException(mContext.getString(R.string.error_expiry_must_come_after_creation));
+            hashedPacketsGen.setKeyExpirationTime(false, numDays * 86400);
+        } else {
+            hashedPacketsGen.setKeyExpirationTime(false, 0); //do this explicitly, although since we're rebuilding,
+            //this happens anyway
+        }
+
         if (saveParcel.primaryIDChanged) {
             anyIDChanged = true;
             ArrayList<Pair<String, PGPSignature>> sigList = new ArrayList<Pair<String, PGPSignature>>();
@@ -427,11 +454,16 @@ public class PgpKeyOperation {
                     PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
 
                     sGen.init(PGPSignature.POSITIVE_CERTIFICATION, masterPrivateKey);
-
+                    if (user_id_index == 0) {
+                        sGen.setHashedSubpackets(hashedPacketsGen.generate());
+                        sGen.setUnhashedSubpackets(unhashedPacketsGen.generate());
+                    }
                     PGPSignature certification = sGen.generateCertification(userId, masterPublicKey);
                     sigList.add(new Pair<String, PGPSignature>(userId, certification));
                 }
-                masterPublicKey = PGPPublicKey.removeCertification(masterPublicKey, orig_id);
+                if (!orig_id.equals("")) {
+                    masterPublicKey = PGPPublicKey.removeCertification(masterPublicKey, orig_id);
+                }
                 user_id_index++;
             }
             for (Pair<String, PGPSignature> to_add : sigList) {
@@ -448,9 +480,14 @@ public class PgpKeyOperation {
                     PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
 
                     sGen.init(PGPSignature.POSITIVE_CERTIFICATION, masterPrivateKey);
-
+                    if (user_id_index == 0) {
+                        sGen.setHashedSubpackets(hashedPacketsGen.generate());
+                        sGen.setUnhashedSubpackets(unhashedPacketsGen.generate());
+                    }
                     PGPSignature certification = sGen.generateCertification(userId, masterPublicKey);
-                    masterPublicKey = PGPPublicKey.removeCertification(masterPublicKey, orig_id);
+                    if (!orig_id.equals("")) {
+                        masterPublicKey = PGPPublicKey.removeCertification(masterPublicKey, orig_id);
+                    }
                     masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, certification);
                 }
                 user_id_index++;
@@ -465,30 +502,6 @@ public class PgpKeyOperation {
 
         PGPKeyPair masterKeyPair = new PGPKeyPair(masterPublicKey, masterPrivateKey);
 
-        PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
-        PGPSignatureSubpacketGenerator unhashedPacketsGen = new PGPSignatureSubpacketGenerator();
-
-        hashedPacketsGen.setKeyFlags(true, usageId);
-
-        hashedPacketsGen.setPreferredSymmetricAlgorithms(true, PREFERRED_SYMMETRIC_ALGORITHMS);
-        hashedPacketsGen.setPreferredHashAlgorithms(true, PREFERRED_HASH_ALGORITHMS);
-        hashedPacketsGen.setPreferredCompressionAlgorithms(true, PREFERRED_COMPRESSION_ALGORITHMS);
-
-        if (saveParcel.keysExpiryDates.get(0) != null) {
-            GregorianCalendar creationDate = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
-            creationDate.setTime(masterPublicKey.getCreationTime());
-            GregorianCalendar expiryDate = saveParcel.keysExpiryDates.get(0);
-            //note that the below, (a/c) - (b/c) is *not* the same as (a - b) /c
-            //here we purposefully ignore partial days in each date - long type has no fractional part!
-            long numDays = (expiryDate.getTimeInMillis() / 86400000) - (creationDate.getTimeInMillis() / 86400000);
-            if (numDays <= 0)
-                throw new PgpGeneralException(mContext.getString(R.string.error_expiry_must_come_after_creation));
-            hashedPacketsGen.setKeyExpirationTime(false, numDays * 86400);
-        } else {
-            hashedPacketsGen.setKeyExpirationTime(false, 0); //do this explicitly, although since we're rebuilding,
-                                                             //this happens anyway
-        }
-
         updateProgress(R.string.progress_building_master_key, 30, 100);
 
         // define hashing and signing algos
@@ -503,11 +516,12 @@ public class PgpKeyOperation {
                 .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
                         saveParcel.oldPassPhrase.toCharArray());
 
+        //this generates one more signature than necessary...
         PGPKeyRingGenerator keyGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION,
                 masterKeyPair, mainUserId, sha1Calc, hashedPacketsGen.generate(),
                 unhashedPacketsGen.generate(), certificationSignerBuilder, keyEncryptor);
 
-        for (int i = 0; i < saveParcel.keys.size(); ++i) {
+        for (int i = 1; i < saveParcel.keys.size(); ++i) {
             updateProgress(40 + 50 * i/ saveParcel.keys.size(), 100);
             if (saveParcel.moddedKeys[i]) {
                 PGPSecretKey subKey = saveParcel.keys.get(i);