diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2022-02-25 15:09:04 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2022-02-28 18:52:57 +0100 |
commit | ce07edd6a614c401d8efc49c58dc75227a19b136 (patch) | |
tree | 79c0f1caac6e9e7798c4e34ed4053eaefd174ff9 | |
parent | 73492eb5417f670d9002a0cb4960e5ddd3b944f0 (diff) |
openpgp: Fix primary key flags handling.
- Previously, we implicitly set the certification flag when we
created subkeys. However, certification is about certifying other
keys and (key, userid)-bindings, it has nothing to do with the
primary key's ability to bind components together.
- By default, the primary key is marked as certification-capable,
but the user should be able to override this, including removing
the certification-capability.
-rw-r--r-- | openpgp/src/cert/builder.rs | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index 43cadc18..c47d1dce 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -1124,7 +1124,8 @@ impl CertBuilder<'_> { /// /// # Examples /// - /// Make the primary key certification and signing capable: + /// Makes the primary key signing-capable but not + /// certification-capable. /// /// ``` /// use sequoia_openpgp as openpgp; @@ -1145,7 +1146,7 @@ impl CertBuilder<'_> { /// // Observe that the primary key's certification capability is /// // set implicitly. /// assert_eq!(cert.with_policy(p, None)?.primary_key().key_flags(), - /// Some(KeyFlags::empty().set_signing().set_certification())); + /// Some(KeyFlags::empty().set_signing())); /// # Ok(()) } /// ``` pub fn set_primary_key_flags(mut self, flags: KeyFlags) -> Self { @@ -1282,7 +1283,7 @@ impl CertBuilder<'_> { /// .generate()?; /// # Ok(()) } /// ``` - pub fn generate(mut self) -> Result<(Cert, Signature)> { + pub fn generate(self) -> Result<(Cert, Signature)> { use crate::Packet; use crate::types::ReasonForRevocation; use std::convert::TryFrom; @@ -1294,11 +1295,6 @@ impl CertBuilder<'_> { time::Duration::new(SIG_BACKDATE_BY, 0) }); - // make sure the primary key can sign subkeys - if !self.subkeys.is_empty() { - self.primary.flags = self.primary.flags.set_certification(); - } - // Generate & self-sign primary key. let (primary, sig, mut signer) = self.primary_key(creation_time)?; @@ -1579,14 +1575,14 @@ mod tests { } #[test] - fn always_certify() { + fn not_always_certify() { let p = &P::new(); let (cert1, _) = CertBuilder::new() .set_cipher_suite(CipherSuite::Cv25519) .set_primary_key_flags(KeyFlags::empty()) .add_transport_encryption_subkey() .generate().unwrap(); - assert!(cert1.primary_key().with_policy(p, None).unwrap().for_certification()); + assert!(! cert1.primary_key().with_policy(p, None).unwrap().for_certification()); assert_eq!(cert1.keys().subkeys().count(), 1); } |