diff options
| author | David Shaw <[email protected]> | 2007-01-30 21:19:45 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2007-01-30 21:19:45 +0000 |
| commit | e2fdff56fc3dc965ad3fd4b8730024bfe55f8edb (patch) | |
| tree | c56243732bbb7950d005736c02de85e9b6221f41 | |
| parent | * curl-shim.h, curl-shim.c, gpgkeys_hkp.c: Rename curl_escape() to (diff) | |
| download | gnupg-e2fdff56fc3dc965ad3fd4b8730024bfe55f8edb.tar.gz gnupg-e2fdff56fc3dc965ad3fd4b8730024bfe55f8edb.zip | |
* keygen.c (make_backsig, write_direct_sig, write_selfsigs)
(write_keybinding): Have the various selfsigs created during key
generation use the timestamp of their parent key. This helps avoid
leaking information about the performance of the machine where the
keys were generated. Noted by Christian Danner.
| -rw-r--r-- | g10/ChangeLog | 8 | ||||
| -rw-r--r-- | g10/keygen.c | 16 |
2 files changed, 17 insertions, 7 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index d041c28db..25db980aa 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,11 @@ +2007-01-30 David Shaw <[email protected]> + + * keygen.c (make_backsig, write_direct_sig, write_selfsigs) + (write_keybinding): Have the various selfsigs created during key + generation use the timestamp of their parent key. This helps + avoid leaking information about the performance of the machine + where the keys were generated. Noted by Christian Danner. + 2007-01-15 Werner Koch <[email protected]> * parse-packet.c (read_protected_v3_mpi): Make sure to stop diff --git a/g10/keygen.c b/g10/keygen.c index f79eaaaba..2f2eeb426 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1,6 +1,6 @@ /* keygen.c - generate a key pair - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -777,7 +777,8 @@ make_backsig(PKT_signature *sig,PKT_public_key *pk, cache_public_key(sub_pk); - rc=make_keysig_packet(&backsig,pk,NULL,sub_pk,sub_sk,0x19,0,0,0,0,NULL,NULL); + rc=make_keysig_packet(&backsig,pk,NULL,sub_pk,sub_sk,0x19,0,0, + sub_pk->timestamp,0,NULL,NULL); if(rc) log_error("make_keysig_packet failed for backsig: %s\n",g10_errstr(rc)); else @@ -882,7 +883,7 @@ write_direct_sig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk, cache_public_key (pk); /* and make the signature */ - rc = make_keysig_packet(&sig,pk,NULL,NULL,sk,0x1F,0,0,0,0, + rc = make_keysig_packet(&sig,pk,NULL,NULL,sk,0x1F,0,0,pk->timestamp,0, keygen_add_revkey,revkey); if( rc ) { log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) ); @@ -926,8 +927,8 @@ write_selfsigs( KBNODE sec_root, KBNODE pub_root, PKT_secret_key *sk, cache_public_key (pk); /* and make the signature */ - rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0, 0, 0, - keygen_add_std_prefs, pk ); + rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0, + pk->timestamp, 0, keygen_add_std_prefs, pk ); if( rc ) { log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) ); return rc; @@ -981,7 +982,8 @@ write_keybinding( KBNODE root, KBNODE pub_root, /* and make the signature */ oduap.usage = use; oduap.pk = sub_pk; - rc=make_keysig_packet(&sig, pri_pk, NULL, sub_pk, pri_sk, 0x18, 0, 0, 0, 0, + rc=make_keysig_packet(&sig, pri_pk, NULL, sub_pk, pri_sk, 0x18, 0, 0, + sub_pk->timestamp, 0, keygen_add_key_flags_and_expire, &oduap ); if( rc ) { log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) ); |