diff options
-rw-r--r-- | openpgp/src/packet/signature.rs | 6 | ||||
-rw-r--r-- | openpgp/src/packet/signature/subpacket.rs | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/openpgp/src/packet/signature.rs b/openpgp/src/packet/signature.rs index 9128332d..7021f9a4 100644 --- a/openpgp/src/packet/signature.rs +++ b/openpgp/src/packet/signature.rs @@ -1588,6 +1588,12 @@ impl SignatureBuilder { .set_issuer_fingerprint(signer.public().fingerprint())?; } + // Add a salt to make the signature unpredictable. + let mut salt = [0; 32]; + crate::crypto::random(&mut salt); + self = self.set_notation("salt@notations.sequoia-pgp.org", + salt, None, false)?; + self.sort(); Ok(self) diff --git a/openpgp/src/packet/signature/subpacket.rs b/openpgp/src/packet/signature/subpacket.rs index e747bd05..129c5cb1 100644 --- a/openpgp/src/packet/signature/subpacket.rs +++ b/openpgp/src/packet/signature/subpacket.rs @@ -5369,7 +5369,7 @@ impl signature::SignatureBuilder { /// # .iter() /// # .filter(|sp| sp.tag() == SubpacketTag::NotationData) /// # .count(), - /// # 2); + /// # 3); /// /// // Merge in the new signature. /// let cert = cert.insert_packets(sig)?; @@ -5465,7 +5465,7 @@ impl signature::SignatureBuilder { /// # .iter() /// # .filter(|sp| sp.tag() == SubpacketTag::NotationData) /// # .count(), - /// # 2); + /// # 3); /// /// // Merge in the new signature. /// let cert = cert.insert_packets(sig)?; |