* keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, do_generate_keypair,

generate_subkeypair): New is_subkey argument to set whether a generated key is a subkey. Do not overload the ret_sk. This is some early cleanup to do backsigs for signing subkeys. * keygen.c (write_keybinding, do_generate_keypair, generate_subkeypair): Keep track of the unprotected subkey secret key so we can make a backsig with it. * keygen.c (make_backsig): New function to add a backsig to a binding sig of signing subkeys. Currently disabled. (write_keybinding): Call it here, for signing subkeys only. * sign.c (make_keysig_packet): Allow generating 0x19 signatures (same as 0x18 or 0x28, but used for backsigs). * packet.h, build-packet.c (build_sig_subpkt): Add new SIGSUBPKT_SIGNATURE type for embedded signatures.
2025-07-02 22:46:30 +02:00 · 2004-04-16 16:07:07 +00:00 · 2004-04-16 16:07:07 +00:00 · 4420275b83
commit 4420275b83
parent 0a17966a21
5 changed files with 220 additions and 81 deletions
--- a/g10/sign.c
+++ b/g10/sign.c
@ -1245,7 +1245,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
    MD_HANDLE md;

    assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F
-	    || sigclass == 0x20 || sigclass == 0x18
+	    || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19
 	    || sigclass == 0x30 || sigclass == 0x28 );

    if (opt.force_v4_certs)
@ -1284,14 +1284,19 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,

    md = md_open( digest_algo, 0 );

-    /* hash the public key certificate and the user id */
+    /* hash the public key certificate */
    hash_public_key( md, pk );
-    if( sigclass == 0x18 || sigclass == 0x28 ) { /* subkey binding/revocation*/
+
+    if( sigclass == 0x18 || sigclass == 0x19 || sigclass == 0x28 )
+      {
+	/* hash the subkey binding/backsig/revocation */
 	hash_public_key( md, subpk );
-    }
-    else if( sigclass != 0x1F && sigclass != 0x20 ) {
+      }
+    else if( sigclass != 0x1F && sigclass != 0x20 )
+      {
+	/* hash the user id */
        hash_uid (md, sigversion, uid);
-    }
+      }
    /* and make the signature packet */
    sig = m_alloc_clear( sizeof *sig );
    sig->version = sigversion;
@ -1347,8 +1352,7 @@ update_keysig_packet( PKT_signature **ret_sig,
                      PKT_public_key *subpk,
                      PKT_secret_key *sk,
                      int (*mksubpkt)(PKT_signature *, void *),
-                      void *opaque
-		   )
+                      void *opaque )
 {
    PKT_signature *sig;
    int rc=0;