diff options
-rw-r--r-- | g10/keyedit.c | 13 | ||||
-rw-r--r-- | g10/keyedit.h | 3 | ||||
-rw-r--r-- | g10/keygen.c | 9 |
3 files changed, 17 insertions, 8 deletions
diff --git a/g10/keyedit.c b/g10/keyedit.c index 0a5064a25..12e127452 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -5053,11 +5053,13 @@ fail: /* Core function to add an ADSK to the KEYBLOCK. Returns 0 on success - * or an error code. CACHE_NONCE can be used to avoid a second - * Pinetry pop-up for appending the ADSK. */ + * or an error code. If SIGTIMESTAMP is not 0 it is used for the key + * binding signature creation time; if not given the current time is + * used. CACHE_NONCE can be used to avoid a second Pinetry pop-up for + * appending the ADSK. */ gpg_error_t append_adsk_to_key (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *adsk, - const char *cache_nonce) + u32 sigtimestamp, const char *cache_nonce) { gpg_error_t err; PKT_public_key *main_pk; /* The primary key. */ @@ -5102,7 +5104,7 @@ append_adsk_to_key (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *adsk, /* Make the signature. */ err = make_keysig_packet (ctrl, &sig, main_pk, NULL, adsk, main_pk, 0x18, - adsk->timestamp, 0, + sigtimestamp, 0, keygen_add_key_flags_and_expire, adsk, cache_nonce); adsk = NULL; /* (owned by adsknode - avoid double free.) */ if (err) @@ -5150,6 +5152,7 @@ menu_addadsk (ctrl_t ctrl, kbnode_t pub_keyblock, const char *adskfpr) byte fpr[MAX_FINGERPRINT_LEN]; size_t fprlen; kbnode_t node; + u32 sigtimestamp = make_timestamp (); log_assert (pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY); @@ -5251,7 +5254,7 @@ menu_addadsk (ctrl_t ctrl, kbnode_t pub_keyblock, const char *adskfpr) log_assert (node->pkt->pkttype == PKT_PUBLIC_KEY || node->pkt->pkttype == PKT_PUBLIC_SUBKEY); err = append_adsk_to_key (ctrl, pub_keyblock, node->pkt->pkt.public_key, - NULL); + sigtimestamp, NULL); leave: diff --git a/g10/keyedit.h b/g10/keyedit.h index 5d8be078e..d37bcb23b 100644 --- a/g10/keyedit.h +++ b/g10/keyedit.h @@ -61,7 +61,8 @@ void keyedit_quick_update_pref (ctrl_t ctrl, const char *username); void keyedit_quick_set_ownertrust (ctrl_t ctrl, const char *username, const char *value); gpg_error_t append_adsk_to_key (ctrl_t ctrl, kbnode_t keyblock, - PKT_public_key *adsk, const char *cache_nonce); + PKT_public_key *adsk, + u32 sigtimestamp, const char *cache_nonce); void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec); int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp, int rc, kbnode_t keyblock, diff --git a/g10/keygen.c b/g10/keygen.c index 349149b8a..79f4e503b 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1263,6 +1263,7 @@ append_all_default_adsks (ctrl_t ctrl, kbnode_t keyblock) struct para_data_s *para; byte adskfpr[MAX_FINGERPRINT_LEN]; size_t adskfprlen; + u32 sigtimestamp = make_timestamp (); keygen_prepare_new_key_adsks (); for (sl = opt.def_new_key_adsks; sl && !err; sl = sl->next) @@ -1275,7 +1276,10 @@ append_all_default_adsks (ctrl_t ctrl, kbnode_t keyblock) fingerprint_from_pk (para->u.adsk, adskfpr, &adskfprlen); if (!has_key_with_fingerprint (keyblock, adskfpr, adskfprlen)) { - err = append_adsk_to_key (ctrl, keyblock, para->u.adsk, NULL); + /* Fixme: We should use a cache nonce so that only one + * pinentry pops up. */ + err = append_adsk_to_key (ctrl, keyblock, para->u.adsk, + sigtimestamp, NULL); if (!err) any_done = 1; } @@ -6629,7 +6633,8 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, for (idx=0; (adsk = get_parameter_adsk (para, idx)); idx++) { - err = append_adsk_to_key (ctrl, pub_root, adsk, cache_nonce); + err = append_adsk_to_key (ctrl, pub_root, adsk, + signtimestamp, cache_nonce); if (err) break; any_adsk++; |