Changes to PGPSignatureSubpacketGenerator

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Changes to PGPSignatureSubpacketGenerator

Paul Schaub-2
Hey there!

I'm trying to implement a method that changes the expiration date of an
OpenPGP key. Ideally I want to mimic GnuPGs behavior and preserve the
signature subpackets of the latest self-signature in the new signature.

Implementing this turns out to be quite tricky with BCs current API for
adding signature subpackets. There is no straight forward way to copy
subpackets from one signature to the new signature builder with the
option to change one or two subpackets.

For that reason I decided to propose the following change to the
PGPSignatureSubpacketGenerator:

Add a constructor that takes an existing PGPSignatureSubpacketVector as
an argument and preserves its subpackets.

Prevent multiple items of certain subpacket types to be added (it
doesn't make sense to have more than one SignatureCreationTime for
example. The spec (rfc4880) is very vague on whether or not multiple
packets of one type are allowed in a signature or not, so I made some
decisions by gut instict.

Allow to overwrite existing subpackets before generating the new
PGPSignatureSubpacketVector.

I implemented those changes in https://github.com/bcgit/bc-java/pull/848

Please let me know, if you are happy with those changes or if you'd like
to see a different solution.

Happy Hacking
Paul