diff options
| author | Neal H. Walfield <neal@pep.foundation> | 2020-03-01 15:35:46 +0100 |
|---|---|---|
| committer | Neal H. Walfield <neal@pep.foundation> | 2020-03-01 15:43:13 +0100 |
| commit | a0848510549173e181d44ee827ed2a859c95fbbf (patch) | |
| tree | 98162ccc309051d9831c868c733ebe8bd57748c8 /autocrypt | |
| parent | 0dce6d0698f71728b0721ae25e911e2a2ca76c0b (diff) | |
autocrypt: When creating an Autocrypt header, use valid data.
- When creating an Autocrypt header, make sure the components are
valid according to the policy and not revoked, and include the
current valid binding signature, not the newest one, whose
creation time may be in the future.
Diffstat (limited to 'autocrypt')
| -rw-r--r-- | autocrypt/src/lib.rs | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/autocrypt/src/lib.rs b/autocrypt/src/lib.rs index e2b8ef55..1aa84cc0 100644 --- a/autocrypt/src/lib.rs +++ b/autocrypt/src/lib.rs @@ -37,6 +37,7 @@ use openpgp::serialize::stream::{ }; use openpgp::crypto::Password; use openpgp::policy::Policy; +use openpgp::types::RevocationStatus; mod cert; pub use cert::cert_builder; @@ -111,24 +112,21 @@ impl AutocryptHeader { let mut acc = Vec::new(); // The primary key and the most recent selfsig. - let primary = cert.primary_key(); + let primary = cert.primary_key().with_policy(policy, None)?; acc.push(primary.key().clone().into()); primary.self_signatures().iter().take(1) .for_each(|s| acc.push(s.clone().into())); // The subkeys and the most recent selfsig. - for skb in cert.keys().subkeys() { + for skb in cert.keys().with_policy(policy, None).subkeys() { // Skip if revoked. - if ! skb.self_revocations().is_empty() - || ! skb.other_revocations().is_empty() - { + if let RevocationStatus::Revoked(_) = skb.revoked() { continue; } let k = skb.key().clone(); acc.push(k.into()); - skb.self_signatures().iter().take(1) - .for_each(|s| acc.push(s.clone().into())); + acc.push(skb.binding_signature().clone().into()); } // The UserIDs matching ADDR. |