diff --git a/libs/netpgp/src/keyring.c b/libs/netpgp/src/keyring.c index c6a27d58..11b13da5 100644 --- a/libs/netpgp/src/keyring.c +++ b/libs/netpgp/src/keyring.c @@ -862,7 +862,7 @@ pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, const uint8_t *useri pgp_add_key_expiration_time(sig, key_expiry); pgp_add_issuer_keyid(sig, skey->pubkeyid); pgp_add_primary_userid(sig, 1); - pgp_add_key_flags(sig, PGP_KEYFLAG_SIGN_DATA|PGP_KEYFLAG_ENC_COMM); + pgp_add_key_flags(sig, PGP_KEYFLAG_SIGN_DATA|PGP_KEYFLAG_CERT_KEYS); // Edit for Autocrypt/Delta Chat: our primary key should be able to SIGN+CERTIFY (original was SIGN+ENC_COMM) (maybe we should create a copy of this functions to be future-save on netpgp-updates) pgp_add_key_prefs(sig); pgp_add_key_features(sig); diff --git a/libs/netpgp/src/signature.c b/libs/netpgp/src/signature.c index 4a8ec2cb..d806c88c 100644 --- a/libs/netpgp/src/signature.c +++ b/libs/netpgp/src/signature.c @@ -921,15 +921,15 @@ pgp_add_key_prefs(pgp_create_sig_t *sig) /* Hash algo prefs */ pgp_write_ss_header(sig->output, 6, PGP_PTAG_SS_PREFERRED_HASH) && pgp_write_scalar(sig->output, PGP_HASH_SHA256, 1) && - pgp_write_scalar(sig->output, PGP_HASH_SHA1, 1) && pgp_write_scalar(sig->output, PGP_HASH_SHA384, 1) && pgp_write_scalar(sig->output, PGP_HASH_SHA512, 1) && pgp_write_scalar(sig->output, PGP_HASH_SHA224, 1) && + pgp_write_scalar(sig->output, PGP_HASH_SHA1, 1) && // Edit for Autocrypt/Delta Chat: due to the weak SHA1, it should not be preferred /* Compression algo prefs */ - pgp_write_ss_header(sig->output, 3, PGP_PTAG_SS_PREF_COMPRESS) && - pgp_write_scalar(sig->output, PGP_C_ZLIB, 1) && - pgp_write_scalar(sig->output, PGP_C_BZIP2, 1); + pgp_write_ss_header(sig->output, 2/*1+number of following items*/, PGP_PTAG_SS_PREF_COMPRESS) && + pgp_write_scalar(sig->output, PGP_C_ZLIB, 1) /*&& -- not sure if Delta Chat will support bzip2 on all platforms, however, this is not that important as typical files are compressed themselves and text is not that big + pgp_write_scalar(sig->output, PGP_C_BZIP2, 1) -- if you re-enable this, do not forget to modifiy the header count*/; } unsigned diff --git a/src/mre2ee_driver_openssl.c b/src/mre2ee_driver_openssl.c index 8ac1736c..c6a8b771 100644 --- a/src/mre2ee_driver_openssl.c +++ b/src/mre2ee_driver_openssl.c @@ -163,9 +163,9 @@ int mre2ee_driver_create_keypair(mrmailbox_t* mailbox, const char* addr, mrkey_t pgp_add_creation_time(sig, time(NULL)); pgp_add_key_expiration_time(sig, 0); pgp_add_issuer_keyid(sig, seckey.pubkeyid); - pgp_add_primary_userid(sig, 1); - pgp_add_key_flags(sig, PGP_KEYFLAG_SIGN_DATA|PGP_KEYFLAG_ENC_COMM); - pgp_add_key_prefs(sig); + //pgp_add_primary_userid(sig, 1); -- seems not be needed for "ubkey Binding Signature" + pgp_add_key_flags(sig, PGP_KEYFLAG_ENC_STORAGE|PGP_KEYFLAG_ENC_COMM); + //pgp_add_key_prefs(sig); -- algo/hash/compression preferences seems not to be required for subkeys pgp_add_key_features(sig); pgp_end_hashed_subpkts(sig);