diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-09-15 14:17:18 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-09-15 16:27:57 +0200 |
commit | e388a0b127e0ce3f27136bf6e13d758e5a09337f (patch) | |
tree | 5644e61bf447087b0c43a10f40ec7a2030175175 | |
parent | 1855b7cf4aff1432ea19e20d01a795fb79b8cde1 (diff) |
openpgp: Backdate created certificates by a minute.
- If not given an explicit creation time, backdate created
certificates by a minute. This has the advantage that the
certificate can immediately be customized:
In order to reliably override a binding signature, the overriding
binding signature must be newer than the existing signature. If,
however, the existing signature is created `now`, any newer
signature must have a future creation time, and is considered
invalid by Sequoia. To avoid this, we backdate certificate
creation times (and hence binding signature creation times), so
that there is "space" between the creation time and now for
signature updates.
- See #488.
-rw-r--r-- | openpgp/src/cert/builder.rs | 22 | ||||
-rw-r--r-- | openpgp/src/packet/signature/mod.rs | 19 | ||||
-rw-r--r-- | openpgp/src/packet/signature/subpacket.rs | 2 |
3 files changed, 39 insertions, 4 deletions
diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index f5667cd7..c771c1ce 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -278,9 +278,21 @@ impl CertBuilder { /// Sets the creation time. /// - /// If `creation_time` is `None`, the default, this causes the + /// If `creation_time` is not `None`, this causes the /// `CertBuilder` to use that time when [`CertBuilder::generate`] - /// is called. + /// is called. If it is `None`, the default, then the current + /// time minus 60 seconds is used as creation time. Backdating + /// the certificate by a minute has the advantage that the + /// certificate can immediately be customized: + /// + /// In order to reliably override a binding signature, the + /// overriding binding signature must be newer than the existing + /// signature. If, however, the existing signature is created + /// `now`, any newer signature must have a future creation time, + /// and is considered invalid by Sequoia. To avoid this, we + /// backdate certificate creation times (and hence binding + /// signature creation times), so that there is "space" between + /// the creation time and now for signature updates. /// /// Warning: this function takes a [`SystemTime`]. A `SystemTime` /// has a higher resolution, and a larger range than an OpenPGP @@ -942,7 +954,11 @@ impl CertBuilder { use std::convert::TryFrom; let creation_time = - self.creation_time.unwrap_or_else(std::time::SystemTime::now); + self.creation_time.unwrap_or_else(|| { + use crate::packet::signature::SIG_BACKDATE_BY; + time::SystemTime::now() - + time::Duration::new(SIG_BACKDATE_BY, 0) + }); let mut packets = Vec::<Packet>::with_capacity( 1 + 1 + self.subkeys.len() + self.userids.len() diff --git a/openpgp/src/packet/signature/mod.rs b/openpgp/src/packet/signature/mod.rs index f0341a18..dadd69f9 100644 --- a/openpgp/src/packet/signature/mod.rs +++ b/openpgp/src/packet/signature/mod.rs @@ -173,6 +173,25 @@ macro_rules! impl_arbitrary_with_bound { pub mod subpacket; +/// How many seconds to backdate signatures. +/// +/// When creating certificates (more specifically, binding +/// signatures), and when updating binding signatures (creating +/// signatures from templates), we backdate the signatures by this +/// amount if no creation time is explicitly given. Backdating the +/// certificate by a minute has the advantage that the certificate can +/// immediately be customized: +/// +/// In order to reliably override a binding signature, the +/// overriding binding signature must be newer than the existing +/// signature. If, however, the existing signature is created +/// `now`, any newer signature must have a future creation time, +/// and is considered invalid by Sequoia. To avoid this, we +/// backdate certificate creation times (and hence binding +/// signature creation times), so that there is "space" between +/// the creation time and now for signature updates. +pub(crate) const SIG_BACKDATE_BY: u64 = 60; + /// The data stored in a `Signature` packet. /// /// This data structure contains exactly those fields that appear in a diff --git a/openpgp/src/packet/signature/subpacket.rs b/openpgp/src/packet/signature/subpacket.rs index edac6b72..0510acc3 100644 --- a/openpgp/src/packet/signature/subpacket.rs +++ b/openpgp/src/packet/signature/subpacket.rs @@ -2358,7 +2358,7 @@ impl SubpacketAreas { /// /// assert!(sig.key_alive(pk, None).is_ok()); /// // A key is not considered alive prior to its creation time. - /// let the_past = SystemTime::now() - Duration::new(10, 0); + /// let the_past = SystemTime::now() - Duration::new(300, 0); /// assert!(sig.key_alive(pk, the_past).is_err()); /// # Ok(()) } /// ``` |