* keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, do_generate_keypair,

generate_subkeypair): New is_subkey argument to set whether a generated key is a subkey. Do not overload the ret_sk. This is some early cleanup to do backsigs for signing subkeys. * keygen.c (write_keybinding, do_generate_keypair, generate_subkeypair): Keep track of the unprotected subkey secret key so we can make a backsig with it. * keygen.c (make_backsig): New function to add a backsig to a binding sig of signing subkeys. Currently disabled. (write_keybinding): Call it here, for signing subkeys only. * sign.c (make_keysig_packet): Allow generating 0x19 signatures (same as 0x18 or 0x28, but used for backsigs). * packet.h, build-packet.c (build_sig_subpkt): Add new SIGSUBPKT_SIGNATURE type for embedded signatures.
2025-07-14 21:47:19 +02:00 · 2004-04-16 16:07:07 +00:00 · 2004-04-16 16:07:07 +00:00 · 4420275b83
commit 4420275b83
parent 0a17966a21
5 changed files with 220 additions and 81 deletions
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@ -656,6 +656,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
      case SIGSUBPKT_NOTATION:
      case SIGSUBPKT_POLICY:
      case SIGSUBPKT_REV_KEY:
+      case SIGSUBPKT_SIGNATURE:
 	/* we do allow multiple subpackets */
 	break;

@ -725,18 +726,20 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
    else
 	nlen = 1; /* just a 1 byte length header */

-    switch( type ) {
+    switch( type )
+      {
 	/* The issuer being unhashed is a historical oddity.  It
 	   should work equally as well hashed.  Of course, if even an
 	   unhashed issuer is tampered with, it makes it awfully hard
 	   to verify the sig... */
      case SIGSUBPKT_ISSUER:
+      case SIGSUBPKT_SIGNATURE:
        hashed = 0;
        break;
      default: 
        hashed = 1;
        break;
-    }
+      }

    if( critical )
 	type |= SIGSUBPKT_FLAG_CRITICAL;