From 8c50ba96a5434aeefbf44e0d034072dfc6669521 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Mon, 14 Dec 2020 16:37:33 +0100
Subject: openpgp: Change general purpose keys to have a signing subkey.

  - Certificates with a primary key that is not signing capable, and a
    subkey that is, are strictly more secure than ones that combine
    signing and certification capabilities in the primary key.

  - If the owner of a certificate with a signing-capable primary key
    can be tricked into creating a binary signature over carefully
    chosen attacker-controlled data, this signature can be repurposed
    to bind arbitrary attacker-controlled components to the
    certificate using a chosen-prefix collision attack on the hash
    function (see e.g.  "SHA-1 is a Shambles" for a similar attack).

  - Having a separate signing-subkey mitigates the attack, because
    signatures by the signing subkey cannot bind components to the
    certificate.
---
 openpgp/src/cert/amalgamation/key/iter.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'openpgp/src/cert/amalgamation/key/iter.rs')

diff --git a/openpgp/src/cert/amalgamation/key/iter.rs b/openpgp/src/cert/amalgamation/key/iter.rs
index 0601c2f0..53a72f79 100644
--- a/openpgp/src/cert/amalgamation/key/iter.rs
+++ b/openpgp/src/cert/amalgamation/key/iter.rs
@@ -434,7 +434,7 @@ impl<'a, P, R> KeyAmalgamationIter<'a, P, R>
     ///     // Use it.
     /// #   i += 1;
     /// }
-    /// # assert_eq!(i, 2);
+    /// # assert_eq!(i, 3);
     /// # Ok(()) }
     /// ```
     pub fn supported(mut self) -> Self {
@@ -1553,7 +1553,7 @@ impl<'a, P, R> ValidKeyAmalgamationIter<'a, P, R>
     ///     // Use it.
     /// #   i += 1;
     /// }
-    /// # assert_eq!(i, 2);
+    /// # assert_eq!(i, 3);
     /// # Ok(()) }
     /// ```
     pub fn supported(mut self) -> Self {
-- 
cgit v1.2.3