diff options
| author | David Shaw <[email protected]> | 2004-04-16 16:07:07 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2004-04-16 16:07:07 +0000 |
| commit | 4420275b8371251dce0f237b4e3ece7faae30684 (patch) | |
| tree | 882f666f61a21b1e7412df8f3887aa21e8e2b291 /g10/sign.c | |
| parent | * main.h, misc.c (optsep, argsplit, optlen, parse_options): Simplify code (diff) | |
| download | gnupg-4420275b8371251dce0f237b4e3ece7faae30684.tar.gz gnupg-4420275b8371251dce0f237b4e3ece7faae30684.zip | |
* keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, do_generate_keypair,
generate_subkeypair): New is_subkey argument to set whether a generated
key is a subkey. Do not overload the ret_sk. This is some early cleanup
to do backsigs for signing subkeys.
* keygen.c (write_keybinding, do_generate_keypair, generate_subkeypair):
Keep track of the unprotected subkey secret key so we can make a backsig
with it.
* keygen.c (make_backsig): New function to add a backsig to a binding sig
of signing subkeys. Currently disabled. (write_keybinding): Call it here,
for signing subkeys only.
* sign.c (make_keysig_packet): Allow generating 0x19 signatures (same as
0x18 or 0x28, but used for backsigs).
* packet.h, build-packet.c (build_sig_subpkt): Add new SIGSUBPKT_SIGNATURE
type for embedded signatures.
Diffstat (limited to '')
| -rw-r--r-- | g10/sign.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/g10/sign.c b/g10/sign.c index 5260ce3ba..8e995483d 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1245,7 +1245,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, MD_HANDLE md; assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F - || sigclass == 0x20 || sigclass == 0x18 + || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19 || sigclass == 0x30 || sigclass == 0x28 ); if (opt.force_v4_certs) @@ -1284,14 +1284,19 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, md = md_open( digest_algo, 0 ); - /* hash the public key certificate and the user id */ + /* hash the public key certificate */ hash_public_key( md, pk ); - if( sigclass == 0x18 || sigclass == 0x28 ) { /* subkey binding/revocation*/ + + if( sigclass == 0x18 || sigclass == 0x19 || sigclass == 0x28 ) + { + /* hash the subkey binding/backsig/revocation */ hash_public_key( md, subpk ); - } - else if( sigclass != 0x1F && sigclass != 0x20 ) { + } + else if( sigclass != 0x1F && sigclass != 0x20 ) + { + /* hash the user id */ hash_uid (md, sigversion, uid); - } + } /* and make the signature packet */ sig = m_alloc_clear( sizeof *sig ); sig->version = sigversion; @@ -1347,8 +1352,7 @@ update_keysig_packet( PKT_signature **ret_sig, PKT_public_key *subpk, PKT_secret_key *sk, int (*mksubpkt)(PKT_signature *, void *), - void *opaque - ) + void *opaque ) { PKT_signature *sig; int rc=0; |