gpg: New option --default-new-key-adsk and "addadsk" for edit-key.

* g10/free-packet.c (copy_public_key): Factor some code out to ...
(copy_public_key_basics): new.
* keygen.c (keygen_add_key_flags_and_expire): Rewrite and make public.
* g10/keyedit.c (enum cmdids): Add cmdADDADSK.
(keyedit_menu): Add command "addadsk".
(menu_addadsk): New.

* g10/options.h (opt): Add field def_new_key_adsks.
* g10/gpg.c (oDefaultNewKeyADSK): New.
(opts): Add --default-new-key-adsk.
(main): Parse option.
* g10/keyedit.c (menu_addadsk): Factor some code out to ...
(append_adsk_to_key): new.  Add compliance check.
* g10/keygen.c (pADSK): New.
(para_data_s): Add adsk to the union.
(release_parameter_list): Free the adsk.
(prepare_adsk): New.
(get_parameter_adsk): New.
(get_parameter_revkey): Remove unneeded arg key and change callers.
(proc_parameter_file): Prepare adsk parameter from the configured
fingerprints.
(do_generate_keypair): Create adsk.
--

GnuPG-bug-id: 6882
(cherry picked from commit ed118e2ed5)
and modified to adjust to other code changes

g10/sign.c

@@ -49,10 +49,6 @@
 #define LF "\n"
 #endif
 
-/* Bitflags to convey hints on what kind of signayire is created.  */
-#define SIGNHINT_KEYSIG  1
-#define SIGNHINT_SELFSIG 2
-
 
 /* Hack */
 static int recipient_digest_algo=0;
@@ -355,7 +351,10 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
   byte *dp;
   char *hexgrip;
 
-  if (pksk->timestamp > sig->timestamp )
+  /* An ADSK key commonly has a creation date older than the primary
+   * key.  For example because the ADSK is used as an archive key for
+   * a group of users.  */
+  if (pksk->timestamp > sig->timestamp && !(signhints & SIGNHINT_ADSK))
     {
       ulong d = pksk->timestamp - sig->timestamp;
       log_info (ngettext("key %s was created %lu second"
@@ -864,7 +863,7 @@ write_signature_packets (ctrl_t ctrl,
 
       if (sig->version >= 4)
         {
-          build_sig_subpkt_from_sig (sig, pk);
+          build_sig_subpkt_from_sig (sig, pk, 0);
           mk_notation_policy_etc (sig, NULL, pk);
           if (opt.flags.include_key_block && IS_SIG (sig))
             err = mk_sig_subpkt_key_block (ctrl, sig, pk);
@@ -1687,6 +1686,8 @@ make_keysig_packet (ctrl_t ctrl,
       {
 	/* hash the subkey binding/backsig/revocation */
 	hash_public_key( md, subpk );
+        if ((subpk->pubkey_usage & PUBKEY_USAGE_RENC))
+          signhints |= SIGNHINT_ADSK;
       }
     else if( sigclass != 0x1F && sigclass != 0x20 )
       {
@@ -1709,7 +1710,7 @@ make_keysig_packet (ctrl_t ctrl,
       sig->expiredate=sig->timestamp+duration;
     sig->sig_class = sigclass;
 
-    build_sig_subpkt_from_sig (sig, pksk);
+    build_sig_subpkt_from_sig (sig, pksk, signhints);
     mk_notation_policy_etc (sig, pk, pksk);
 
     /* Crucial that the call to mksubpkt comes LAST before the calls
@@ -1759,7 +1760,7 @@ update_keysig_packet (ctrl_t ctrl,
     int digest_algo;
     gcry_md_hd_t md;
     u32 pk_keyid[2], pksk_keyid[2];
-    unsigned int signhints;
+    unsigned int signhints = 0;
 
     if ((!orig_sig || !pk || !pksk)
 	|| (orig_sig->sig_class >= 0x10 && orig_sig->sig_class <= 0x13 && !uid)
@@ -1820,6 +1821,12 @@ update_keysig_packet (ctrl_t ctrl,
         }
     }
 
+    /* Detect an ADSK key binding signature.  */
+    if ((sig->sig_class == 0x18
+         || sig->sig_class == 0x19 || sig->sig_class == 0x28)
+        && (pk->pubkey_usage & PUBKEY_USAGE_RENC))
+      signhints |= SIGNHINT_ADSK;
+
     /* Note that already expired sigs will remain expired (with a
        duration of 1) since build-packet.c:build_sig_subpkt_from_sig
        detects this case. */
@@ -1828,7 +1835,7 @@ update_keysig_packet (ctrl_t ctrl,
        automagically lower any sig expiration dates to correctly
        correspond to the differences in the timestamps (i.e. the
        duration will shrink).  */
-    build_sig_subpkt_from_sig (sig, pksk);
+    build_sig_subpkt_from_sig (sig, pksk, signhints);
 
     if (mksubpkt)
       rc = (*mksubpkt)(sig, opaque);