* keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, do_generate_keypair,

generate_subkeypair): New is_subkey argument to set whether a generated
key is a subkey.  Do not overload the ret_sk.  This is some early cleanup
to do backsigs for signing subkeys.

* keygen.c (write_keybinding, do_generate_keypair, generate_subkeypair):
Keep track of the unprotected subkey secret key so we can make a backsig
with it.

* keygen.c (make_backsig): New function to add a backsig to a binding sig
of signing subkeys.  Currently disabled. (write_keybinding): Call it here,
for signing subkeys only.

* sign.c (make_keysig_packet): Allow generating 0x19 signatures (same as
0x18 or 0x28, but used for backsigs).

* packet.h, build-packet.c (build_sig_subpkt): Add new SIGSUBPKT_SIGNATURE
type for embedded signatures.

1 files changed, 5 insertions, 2 deletions

diff --git a/g10/build-packet.c b/g10/build-packet.c
index a7d26542a..57d75758a 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -656,6 +656,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
       case SIGSUBPKT_NOTATION:
       case SIGSUBPKT_POLICY:
       case SIGSUBPKT_REV_KEY:
+      case SIGSUBPKT_SIGNATURE:
 	/* we do allow multiple subpackets */
 	break;
 
@@ -725,18 +726,20 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
     else
 	nlen = 1; /* just a 1 byte length header */
 
-    switch( type ) {
+    switch( type )
+      {
 	/* The issuer being unhashed is a historical oddity.  It
 	   should work equally as well hashed.  Of course, if even an
 	   unhashed issuer is tampered with, it makes it awfully hard
 	   to verify the sig... */
       case SIGSUBPKT_ISSUER:
+      case SIGSUBPKT_SIGNATURE:
         hashed = 0;
         break;
       default: 
         hashed = 1;
         break;
-    }
+      }
 
     if( critical )
 	type |= SIGSUBPKT_FLAG_CRITICAL;