Skip to content

Commit

Permalink
Resign keys and relax flag requirements
Browse files Browse the repository at this point in the history
  • Loading branch information
@wussler @lubux
wussler authored and lubux committed Oct 1, 2024
1 parent bf6a1f7 commit c98f742
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 3 deletions.
10 changes: 7 additions & 3 deletions openpgp/forwarding.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@ func (e *Entity) NewForwardingEntity(
now := config.Now()
i := e.PrimaryIdentity()
if e.PrimaryKey.KeyExpired(i.SelfSignature, now) || // primary key has expired
i.SelfSignature == nil || // user ID has no self-signature
i.SelfSignature.SigExpired(now) || // user ID self-signature has expired
e.Revoked(now) || // primary key has been revoked
i.Revoked(now) { // user ID has been revoked
Expand Down Expand Up @@ -70,8 +69,7 @@ func (e *Entity) NewForwardingEntity(
// Handle all forwarder subkeys
for _, forwarderSubKey := range e.Subkeys {
// Filter flags
if !forwarderSubKey.Sig.FlagsValid || forwarderSubKey.Sig.FlagCertify || forwarderSubKey.Sig.FlagSign ||
forwarderSubKey.Sig.FlagAuthenticate || forwarderSubKey.Sig.FlagGroupKey {
if !forwarderSubKey.PublicKey.PubKeyAlgo.CanEncrypt() {
continue
}

Expand Down Expand Up @@ -152,6 +150,12 @@ func (e *Entity) NewForwardingEntity(
// 0x40 - This key may be used for forwarded communications.
forwardeeSubKey.Sig.FlagForward = true

// Re-sign subkey binding signature
err = forwardeeSubKey.Sig.SignKey(forwardeeSubKey.PublicKey, forwardeeKey.PrivateKey, config)
if err != nil {
return nil, nil, err
}

// Append each valid instance to the list
instances = append(instances, instance)
}
Expand Down
22 changes: 22 additions & 0 deletions openpgp/forwarding_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@ func TestForwardingFull(t *testing.T) {
t.Fatal(err)
}

charlesEntity = serializeAndParseForwardeeKey(t, charlesEntity)

if len(instances) != 1 {
t.Fatalf("invalid number of instances, expected 1 got %d", len(instances))
}
Expand Down Expand Up @@ -147,6 +149,8 @@ func TestForwardingFull(t *testing.T) {
t.Fatal(err)
}

danielEntity = serializeAndParseForwardeeKey(t, danielEntity)

secondTransformed := transformTestMessage(t, transformed, secondForwardInstances[0])

// Decrypt forwarded message for Charles
Expand Down Expand Up @@ -203,3 +207,21 @@ Loop:

return transformed
}

func serializeAndParseForwardeeKey(t *testing.T, key *Entity) *Entity {
serializedEntity := bytes.NewBuffer(nil)
err := key.SerializePrivateWithoutSigning(serializedEntity, nil)
if err != nil {
t.Fatalf("Error in serializing forwardee key: %s", err)
}
el, err := ReadKeyRing(serializedEntity)
if err != nil {
t.Fatalf("Error in reading forwardee key: %s", err)
}

if len(el) != 1 {
t.Fatalf("Wrong number of entities in parsing, expected 1, got %d", len(el))
}

return el[0]
}

0 comments on commit c98f742

Please sign in to comment.