* keygen.c (make_backsig): New function to add a backsig to a binding sig

of signing subkeys.  Currently disabled. (write_keybinding): Call it here,
for signing subkeys only.

* sign.c (make_keysig_packet): Allow generating 0x19 signatures (same as
0x18 or 0x28, but used for backsigs).

* packet.h, build-packet.c (build_sig_subpkt): Add new SIGSUBPKT_SIGNATURE
type for embedded signatures.

g10/sign.c

@@ -1164,7 +1164,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
     MD_HANDLE md;
 
     assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F
-	    || sigclass == 0x20 || sigclass == 0x18
+	    || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19
 	    || sigclass == 0x30 || sigclass == 0x28 );
 
     if (opt.force_v4_certs)
@@ -1203,14 +1203,19 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
 
     md = md_open( digest_algo, 0 );
 
-    /* hash the public key certificate and the user id */
+    /* hash the public key certificate */
     hash_public_key( md, pk );
-    if( sigclass == 0x18 || sigclass == 0x28 ) { /* subkey binding/revocation*/
+
+    if( sigclass == 0x18 || sigclass == 0x19 || sigclass == 0x28 )
+      {
+	/* hash the subkey binding/backsig/revocation */
 	hash_public_key( md, subpk );
-    }
-    else if( sigclass != 0x1F && sigclass != 0x20 ) {
+      }
+    else if( sigclass != 0x1F && sigclass != 0x20 )
+      {
+	/* hash the user id */
         hash_uid (md, sigversion, uid);
-    }
+      }
     /* and make the signature packet */
     sig = m_alloc_clear( sizeof *sig );
     sig->version = sigversion;
@@ -1266,8 +1271,7 @@ update_keysig_packet( PKT_signature **ret_sig,
                       PKT_public_key *subpk,
                       PKT_secret_key *sk,
                       int (*mksubpkt)(PKT_signature *, void *),
-                      void *opaque
-		   )
+                      void *opaque )
 {
     PKT_signature *sig;
     int rc=0;