Resign keys and relax flag requirements

wussler · lubux · commit b77643d9abde · 2024-07-18T14:04:29.000+02:00
diff --git a/openpgp/forwarding.go b/openpgp/forwarding.go
@@ -33,7 +33,6 @@ func (e *Entity) NewForwardingEntity(
 	now := config.Now()
 	i := e.PrimaryIdentity()
 	if e.PrimaryKey.KeyExpired(i.SelfSignature, now) || // primary key has expired
-		i.SelfSignature == nil || // user ID has no self-signature
 		i.SelfSignature.SigExpired(now) || // user ID self-signature has expired
 		e.Revoked(now) || // primary key has been revoked
 		i.Revoked(now) { // user ID has been revoked
@@ -70,8 +69,7 @@ func (e *Entity) NewForwardingEntity(
 	// Handle all forwarder subkeys
 	for _, forwarderSubKey := range e.Subkeys {
 		// Filter flags
-		if !forwarderSubKey.Sig.FlagsValid || forwarderSubKey.Sig.FlagCertify || forwarderSubKey.Sig.FlagSign ||
-			forwarderSubKey.Sig.FlagAuthenticate || forwarderSubKey.Sig.FlagGroupKey {
+		if !forwarderSubKey.PublicKey.PubKeyAlgo.CanEncrypt() {
 			continue
 		}
 
@@ -152,6 +150,12 @@ func (e *Entity) NewForwardingEntity(
 		// 0x40 - This key may be used for forwarded communications.
 		forwardeeSubKey.Sig.FlagForward = true
 
+		// Re-sign subkey binding signature
+		err = forwardeeSubKey.Sig.SignKey(forwardeeSubKey.PublicKey, forwardeeKey.PrivateKey, config)
+		if err != nil {
+			return nil, nil, err
+		}
+
 		// Append each valid instance to the list
 		instances = append(instances, instance)
 	}
diff --git a/openpgp/forwarding_test.go b/openpgp/forwarding_test.go
@@ -83,6 +83,8 @@ func TestForwardingFull(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	charlesEntity = serializeAndParseForwardeeKey(t, charlesEntity)
+
 	if len(instances) != 1 {
 		t.Fatalf("invalid number of instances, expected 1 got %d", len(instances))
 	}
@@ -147,6 +149,8 @@ func TestForwardingFull(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	danielEntity = serializeAndParseForwardeeKey(t, danielEntity)
+
 	secondTransformed := transformTestMessage(t, transformed, secondForwardInstances[0])
 
 	// Decrypt forwarded message for Charles
@@ -203,3 +207,21 @@ Loop:
 
 	return transformed
 }
+
+func serializeAndParseForwardeeKey(t *testing.T, key *Entity) *Entity {
+	serializedEntity := bytes.NewBuffer(nil)
+	err := key.SerializePrivateWithoutSigning(serializedEntity, nil)
+	if err != nil {
+		t.Fatalf("Error in serializing forwardee key: %s", err)
+	}
+	el, err := ReadKeyRing(serializedEntity)
+	if err != nil {
+		t.Fatalf("Error in reading forwardee key: %s", err)
+	}
+
+	if len(el) != 1 {
+		t.Fatalf("Wrong number of entities in parsing, expected 1, got %d", len(el))
+	}
+
+	return el[0]
+}
