diff options
| author | Werner Koch <[email protected]> | 2025-08-27 14:04:01 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-08-27 14:04:01 +0000 |
| commit | 1123be6ad659b24318ec3981c501a3ed2fc1960b (patch) | |
| tree | ea2aab92e9b3c9525e867fd00a70b656c4724631 /g10/keyedit.c | |
| parent | gpg: Avoid second Pinentry pop-up for a configured ADSK during keygen. (diff) | |
| download | gnupg-1123be6ad659b24318ec3981c501a3ed2fc1960b.tar.gz gnupg-1123be6ad659b24318ec3981c501a3ed2fc1960b.zip | |
gpg: Change the ADSK key binding time to the current time.
* g10/keyedit.c (append_adsk_to_key): Add arg sigtimestamp and pass
that as signing time to make_keysig_packet.
* g10/keygen.c (append_all_default_adsks): Likewise.
(do_generate_keypair): Likewise.
--
For not anymore known reasons or maybe because I mixed up creation and
binding time the creation date of the ADSK was also used as the time
for the key binding signature. This works but is a bit surprising.
Now we use either the current time or, on key creation, the time
creation time of the primary key as we also do with the other
self-signatures.
GnuPG-bug-id: 6882
Diffstat (limited to 'g10/keyedit.c')
| -rw-r--r-- | g10/keyedit.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/g10/keyedit.c b/g10/keyedit.c index 0a5064a25..12e127452 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -5053,11 +5053,13 @@ fail: /* Core function to add an ADSK to the KEYBLOCK. Returns 0 on success - * or an error code. CACHE_NONCE can be used to avoid a second - * Pinetry pop-up for appending the ADSK. */ + * or an error code. If SIGTIMESTAMP is not 0 it is used for the key + * binding signature creation time; if not given the current time is + * used. CACHE_NONCE can be used to avoid a second Pinetry pop-up for + * appending the ADSK. */ gpg_error_t append_adsk_to_key (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *adsk, - const char *cache_nonce) + u32 sigtimestamp, const char *cache_nonce) { gpg_error_t err; PKT_public_key *main_pk; /* The primary key. */ @@ -5102,7 +5104,7 @@ append_adsk_to_key (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *adsk, /* Make the signature. */ err = make_keysig_packet (ctrl, &sig, main_pk, NULL, adsk, main_pk, 0x18, - adsk->timestamp, 0, + sigtimestamp, 0, keygen_add_key_flags_and_expire, adsk, cache_nonce); adsk = NULL; /* (owned by adsknode - avoid double free.) */ if (err) @@ -5150,6 +5152,7 @@ menu_addadsk (ctrl_t ctrl, kbnode_t pub_keyblock, const char *adskfpr) byte fpr[MAX_FINGERPRINT_LEN]; size_t fprlen; kbnode_t node; + u32 sigtimestamp = make_timestamp (); log_assert (pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY); @@ -5251,7 +5254,7 @@ menu_addadsk (ctrl_t ctrl, kbnode_t pub_keyblock, const char *adskfpr) log_assert (node->pkt->pkttype == PKT_PUBLIC_KEY || node->pkt->pkttype == PKT_PUBLIC_SUBKEY); err = append_adsk_to_key (ctrl, pub_keyblock, node->pkt->pkt.public_key, - NULL); + sigtimestamp, NULL); leave: |