From 8fb10a1bf93875cedb0dae16249bdfc5f2352570 Mon Sep 17 00:00:00 2001 From: "B. Petersen" Date: Wed, 24 May 2017 23:26:43 +0200 Subject: [PATCH] Fix key generation issues: Primary key can 'sign+cert', subkey can 'encrypt'. No hash/algo/encryption preferences for subkeys. Reorder hash preferences. Disable bzip2 preference (don't know if this will be supported by Delta Chat for now). --- libs/netpgp/src/keyring.c | 2 +- libs/netpgp/src/signature.c | 8 ++++---- src/mre2ee_driver_openssl.c | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/libs/netpgp/src/keyring.c b/libs/netpgp/src/keyring.c index c6a27d58..11b13da5 100644 --- a/libs/netpgp/src/keyring.c +++ b/libs/netpgp/src/keyring.c @@ -862,7 +862,7 @@ pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, const uint8_t *useri pgp_add_key_expiration_time(sig, key_expiry); pgp_add_issuer_keyid(sig, skey->pubkeyid); pgp_add_primary_userid(sig, 1); - pgp_add_key_flags(sig, PGP_KEYFLAG_SIGN_DATA|PGP_KEYFLAG_ENC_COMM); + pgp_add_key_flags(sig, PGP_KEYFLAG_SIGN_DATA|PGP_KEYFLAG_CERT_KEYS); // Edit for Autocrypt/Delta Chat: our primary key should be able to SIGN+CERTIFY (original was SIGN+ENC_COMM) (maybe we should create a copy of this functions to be future-save on netpgp-updates) pgp_add_key_prefs(sig); pgp_add_key_features(sig); diff --git a/libs/netpgp/src/signature.c b/libs/netpgp/src/signature.c index 4a8ec2cb..d806c88c 100644 --- a/libs/netpgp/src/signature.c +++ b/libs/netpgp/src/signature.c @@ -921,15 +921,15 @@ pgp_add_key_prefs(pgp_create_sig_t *sig) /* Hash algo prefs */ pgp_write_ss_header(sig->output, 6, PGP_PTAG_SS_PREFERRED_HASH) && pgp_write_scalar(sig->output, PGP_HASH_SHA256, 1) && - pgp_write_scalar(sig->output, PGP_HASH_SHA1, 1) && pgp_write_scalar(sig->output, PGP_HASH_SHA384, 1) && pgp_write_scalar(sig->output, PGP_HASH_SHA512, 1) && pgp_write_scalar(sig->output, PGP_HASH_SHA224, 1) && + pgp_write_scalar(sig->output, PGP_HASH_SHA1, 1) && // Edit for Autocrypt/Delta Chat: due to the weak SHA1, it should not be preferred /* Compression algo prefs */ - pgp_write_ss_header(sig->output, 3, PGP_PTAG_SS_PREF_COMPRESS) && - pgp_write_scalar(sig->output, PGP_C_ZLIB, 1) && - pgp_write_scalar(sig->output, PGP_C_BZIP2, 1); + pgp_write_ss_header(sig->output, 2/*1+number of following items*/, PGP_PTAG_SS_PREF_COMPRESS) && + pgp_write_scalar(sig->output, PGP_C_ZLIB, 1) /*&& -- not sure if Delta Chat will support bzip2 on all platforms, however, this is not that important as typical files are compressed themselves and text is not that big + pgp_write_scalar(sig->output, PGP_C_BZIP2, 1) -- if you re-enable this, do not forget to modifiy the header count*/; } unsigned diff --git a/src/mre2ee_driver_openssl.c b/src/mre2ee_driver_openssl.c index 8ac1736c..c6a8b771 100644 --- a/src/mre2ee_driver_openssl.c +++ b/src/mre2ee_driver_openssl.c @@ -163,9 +163,9 @@ int mre2ee_driver_create_keypair(mrmailbox_t* mailbox, const char* addr, mrkey_t pgp_add_creation_time(sig, time(NULL)); pgp_add_key_expiration_time(sig, 0); pgp_add_issuer_keyid(sig, seckey.pubkeyid); - pgp_add_primary_userid(sig, 1); - pgp_add_key_flags(sig, PGP_KEYFLAG_SIGN_DATA|PGP_KEYFLAG_ENC_COMM); - pgp_add_key_prefs(sig); + //pgp_add_primary_userid(sig, 1); -- seems not be needed for "ubkey Binding Signature" + pgp_add_key_flags(sig, PGP_KEYFLAG_ENC_STORAGE|PGP_KEYFLAG_ENC_COMM); + //pgp_add_key_prefs(sig); -- algo/hash/compression preferences seems not to be required for subkeys pgp_add_key_features(sig); pgp_end_hashed_subpkts(sig);