Google Git
Sign in
go / crypto / a8fb68e7206f8c78be19b432c58eb52a6aa34462^! / .
commita8fb68e7206f8c78be19b432c58eb52a6aa34462[log] [tgz]
authorFilippo Valsorda <filippo@golang.org>Mon Jun 11 14:48:21 2018 -0400
committerFilippo Valsorda <filippo@golang.org>Thu Jun 14 22:13:31 2018 +0000
treef0e32734572f4af40d455f2350eac4c1e353a959
parent5cd40a374b80f104c75043e6a04071d3a743ffd9 [diff]
openpgp: restore signing in SerializePrivate

Signing was moved in NewEntity as it makes more sense there, but there
might be code that relies on SerializePrivate to make signatures with
parameters that were modified after NewEntity.

As it used to always sign in SerializePrivate, it shouldn't break
anything to sign in both places.

Fixes golang/go#25463

Change-Id: Ia7f509daf31ac05fedc441225d554f333b288d70
Reviewed-on: https://go-review.googlesource.com/118015
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Yaron de Leeuw <jarondl@google.com>
Reviewed-by: Alexandre Viau <viau.alexandre@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>

diff --git a/openpgp/keys.go b/openpgp/keys.go
index 216b812..a79a8c1 100644
--- a/openpgp/keys.go
+++ b/openpgp/keys.go

@@ -544,10 +544,10 @@
 	return e, nil
 }
 
-// SerializePrivate serializes an Entity, including private key material, to
-// the given Writer. For now, it must only be used on an Entity returned from
-// NewEntity.
-// config is ignored
+// SerializePrivate serializes an Entity, including private key material, but
+// excluding signatures from other entities, to the given Writer.
+// Identities and subkeys are re-signed in case they changed since NewEntry.
+// If config is nil, sensible defaults will be used.
 func (e *Entity) SerializePrivate(w io.Writer, config *packet.Config) (err error) {
 	err = e.PrivateKey.Serialize(w)
 	if err != nil {
@@ -558,6 +558,10 @@
 		if err != nil {
 			return
 		}
+		err = ident.SelfSignature.SignUserId(ident.UserId.Id, e.PrimaryKey, e.PrivateKey, config)
+		if err != nil {
+			return
+		}
 		err = ident.SelfSignature.Serialize(w)
 		if err != nil {
 			return
@@ -568,6 +572,10 @@
 		if err != nil {
 			return
 		}
+		err = subkey.Sig.SignKey(subkey.PublicKey, e.PrivateKey, config)
+		if err != nil {
+			return
+		}
 		err = subkey.Sig.Serialize(w)
 		if err != nil {
 			return
@@ -576,8 +584,8 @@
 	return nil
 }
 
-// Serialize writes the public part of the given Entity to w. (No private
-// key material will be output).
+// Serialize writes the public part of the given Entity to w, including
+// signatures from other entities. No private key material will be output.
 func (e *Entity) Serialize(w io.Writer) error {
 	err := e.PrimaryKey.Serialize(w)
 	if err != nil {