Google Git
Sign in
fuchsia / third_party / golang / crypto / 85e1b3f9139abd58575d728a509643924e3b2ebf^! / .
commit85e1b3f9139abd58575d728a509643924e3b2ebf[log] [tgz]
authorAxel Wagner <axel.wagner.hh@googlemail.com>Thu Sep 27 00:02:31 2018 +0200
committerFilippo Valsorda <filippo@golang.org>Thu Oct 25 11:38:41 2018 +0000
tree098e6187206413b7b351b54cbd3ba29b8e0d5058
parent74cb1d3d52f4c01cbfb44c1b50d204462f3124c7 [diff]
openpgp: don't generate PubKeyAlgoRSASignOnly keys

These are deprecated according to RFC4880 and should no longer be
generated: https://tools.ietf.org/html/rfc4880#section-13.5
With that, the notion of a "sign-only" private key doesn't make sense
(as that is a signature property, not a private key property), so remove
it from the comment.

Fixes golang/go#27888

Change-Id: I7d41acd0793b2caf3c0897e580f42375c72d82a8
Reviewed-on: https://go-review.googlesource.com/c/137896
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

diff --git a/openpgp/packet/packet.go b/openpgp/packet/packet.go
index 625bb5a..5af64c5 100644
--- a/openpgp/packet/packet.go
+++ b/openpgp/packet/packet.go

@@ -404,14 +404,16 @@
 type PublicKeyAlgorithm uint8
 
 const (
-	PubKeyAlgoRSA            PublicKeyAlgorithm = 1
-	PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2
-	PubKeyAlgoRSASignOnly    PublicKeyAlgorithm = 3
-	PubKeyAlgoElGamal        PublicKeyAlgorithm = 16
-	PubKeyAlgoDSA            PublicKeyAlgorithm = 17
+	PubKeyAlgoRSA     PublicKeyAlgorithm = 1
+	PubKeyAlgoElGamal PublicKeyAlgorithm = 16
+	PubKeyAlgoDSA     PublicKeyAlgorithm = 17
 	// RFC 6637, Section 5.
 	PubKeyAlgoECDH  PublicKeyAlgorithm = 18
 	PubKeyAlgoECDSA PublicKeyAlgorithm = 19
+
+	// Deprecated in RFC 4880, Section 13.5. Use key flags instead.
+	PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2
+	PubKeyAlgoRSASignOnly    PublicKeyAlgorithm = 3
 )
 
 // CanEncrypt returns true if it's possible to encrypt a message to a public

diff --git a/openpgp/packet/private_key.go b/openpgp/packet/private_key.go
index 87fc461..bd31cce 100644
--- a/openpgp/packet/private_key.go
+++ b/openpgp/packet/private_key.go

@@ -64,7 +64,7 @@
 	return pk
 }
 
-// NewSignerPrivateKey creates a sign-only PrivateKey from a crypto.Signer that
+// NewSignerPrivateKey creates a PrivateKey from a crypto.Signer that
 // implements RSA or ECDSA.
 func NewSignerPrivateKey(currentTime time.Time, signer crypto.Signer) *PrivateKey {
 	pk := new(PrivateKey)
@@ -73,10 +73,8 @@
 	switch pubkey := signer.Public().(type) {
 	case *rsa.PublicKey:
 		pk.PublicKey = *NewRSAPublicKey(currentTime, pubkey)
-		pk.PubKeyAlgo = PubKeyAlgoRSASignOnly
 	case rsa.PublicKey:
 		pk.PublicKey = *NewRSAPublicKey(currentTime, &pubkey)
-		pk.PubKeyAlgo = PubKeyAlgoRSASignOnly
 	case *ecdsa.PublicKey:
 		pk.PublicKey = *NewECDSAPublicKey(currentTime, pubkey)
 	case ecdsa.PublicKey:

diff --git a/openpgp/packet/private_key_test.go b/openpgp/packet/private_key_test.go
index 794d746..cc08b48 100644
--- a/openpgp/packet/private_key_test.go
+++ b/openpgp/packet/private_key_test.go

@@ -172,12 +172,8 @@
 
 	priv := NewSignerPrivateKey(time.Now(), &rsaSigner{rsaPriv})
 
-	if priv.PubKeyAlgo != PubKeyAlgoRSASignOnly {
-		t.Fatal("NewSignerPrivateKey should have made a sign-only RSA private key")
-	}
-
 	sig := &Signature{
-		PubKeyAlgo: PubKeyAlgoRSASignOnly,
+		PubKeyAlgo: PubKeyAlgoRSA,
 		Hash:       crypto.SHA256,
 	}
 	msg := []byte("Hello World!")