openpgp: Change general purpose keys to have a signing subkey.

- Certificates with a primary key that is not signing capable, and a subkey that is, are strictly more secure than ones that combine signing and certification capabilities in the primary key. - If the owner of a certificate with a signing-capable primary key can be tricked into creating a binary signature over carefully chosen attacker-controlled data, this signature can be repurposed to bind arbitrary attacker-controlled components to the certificate using a chosen-prefix collision attack on the hash function (see e.g. "SHA-1 is a Shambles" for a similar attack). - Having a separate signing-subkey mitigates the attack, because signatures by the signing subkey cannot bind components to the certificate.
author: Justus Winter <justus@sequoia-pgp.org> 2020-12-14 16:37:33 +0100
committer: Justus Winter <justus@sequoia-pgp.org> 2020-12-14 16:37:33 +0100
commit: 8c50ba96a5434aeefbf44e0d034072dfc6669521 (patch)
tree: 7c6a5d31c22dac12fa97c4545de873a3605c7b2e /openpgp/src/cert/builder.rs
parent: 7e57122f0bd6db27c6e2f0c7deac1333256e5146 (diff)
1 files changed, 12 insertions, 6 deletions
diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs
index 15d0a350..627bd4f0 100644
--- a/openpgp/src/cert/builder.rs
+++ b/openpgp/src/cert/builder.rs
@@ -233,9 +233,10 @@ impl CertBuilder<'_> {
     /// Generates a general-purpose certificate.
     ///
     /// The returned builder is set to generate a certificate with a
-    /// certification- and signature-capable primary key, and an
-    /// encryption-capable subkey.  The subkey is marked as being
-    /// appropriate for both data in transit and data at rest.
+    /// certification-capable primary key, a signing-capable subkye,
+    /// and an encryption-capable subkey.  The encryption subkey is
+    /// marked as being appropriate for both data in transit and data
+    /// at rest.
     ///
     /// # Examples
     ///
@@ -248,7 +249,7 @@ impl CertBuilder<'_> {
     ///     CertBuilder::general_purpose(None,
     ///                                  Some("Alice Lovelace <alice@example.org>"))
     ///         .generate()?;
-    /// # assert_eq!(cert.keys().count(), 2);
+    /// # assert_eq!(cert.keys().count(), 3);
     /// # assert_eq!(cert.userids().count(), 1);
     /// # Ok(())
     /// # }
@@ -262,14 +263,19 @@ impl CertBuilder<'_> {
             ciphersuite: ciphersuite.into().unwrap_or(Default::default()),
             primary: KeyBlueprint {
                 flags: KeyFlags::empty()
-                    .set_certification()
-                    .set_signing(),
+                    .set_certification(),
                 validity: Some(time::Duration::new(3 * 52 * 7 * 24 * 60 * 60, 0)),
                 ciphersuite: None,
             },
             subkeys: vec![
                 KeyBlueprint {
                     flags: KeyFlags::empty()
+                        .set_signing(),
+                    validity: None,
+                    ciphersuite: None,
+                },
+                KeyBlueprint {
+                    flags: KeyFlags::empty()
                         .set_transport_encryption()
                         .set_storage_encryption(),
                     validity: None,
author	Justus Winter <justus@sequoia-pgp.org>	2020-12-14 16:37:33 +0100
committer	Justus Winter <justus@sequoia-pgp.org>	2020-12-14 16:37:33 +0100
commit	8c50ba96a5434aeefbf44e0d034072dfc6669521 (patch)
tree	7c6a5d31c22dac12fa97c4545de873a3605c7b2e /openpgp/src/cert/builder.rs
parent	7e57122f0bd6db27c6e2f0c7deac1333256e5146 (diff)