diff --git a/src/key/factory.js b/src/key/factory.js index 7a150aaf..8d609415 100644 --- a/src/key/factory.js +++ b/src/key/factory.js @@ -188,18 +188,12 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, conf const packetlist = new PacketList(); packetlist.push(secretKeyPacket); - await Promise.all(options.userIDs.map(async function(userID, index) { - function createPreferredAlgos(algos, preferredAlgo) { - return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)]; - } - - const userIDPacket = UserIDPacket.fromObject(userID); - const dataToSign = {}; - dataToSign.userID = userIDPacket; - dataToSign.key = secretKeyPacket; + function createPreferredAlgos(algos, preferredAlgo) { + return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)]; + } + function getKeySignatureProperties() { const signatureProperties = {}; - signatureProperties.signatureType = enums.signature.certGeneric; signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData]; signatureProperties.preferredSymmetricAlgorithms = createPreferredAlgos([ // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support) @@ -223,9 +217,6 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, conf enums.compression.zip, enums.compression.uncompressed ], config.preferredCompressionAlgorithm); - if (index === 0) { - signatureProperties.isPrimaryUserID = true; - } // integrity protection always enabled signatureProperties.features = [0]; signatureProperties.features[0] |= enums.features.modificationDetection; @@ -236,6 +227,32 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, conf signatureProperties.keyExpirationTime = options.keyExpirationTime; signatureProperties.keyNeverExpires = false; } + return signatureProperties; + } + + if (secretKeyPacket.version === 6) { // add direct key signature with key prefs + const dataToSign = { + key: secretKeyPacket + }; + + const signatureProperties = getKeySignatureProperties(); + signatureProperties.signatureType = enums.signature.key; + + const signaturePacket = await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); + packetlist.push(signaturePacket); + } + + await Promise.all(options.userIDs.map(async function(userID, index) { + const userIDPacket = UserIDPacket.fromObject(userID); + const dataToSign = { + userID: userIDPacket, + key: secretKeyPacket + }; + const signatureProperties = secretKeyPacket.version !== 6 ? getKeySignatureProperties() : {}; + signatureProperties.signatureType = enums.signature.certGeneric; + if (index === 0) { + signatureProperties.isPrimaryUserID = true; + } const signaturePacket = await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config); diff --git a/test/general/config.js b/test/general/config.js index 73363792..e522097a 100644 --- a/test/general/config.js +++ b/test/general/config.js @@ -146,7 +146,7 @@ n9/quqtmyOtYOA6gXNCw0Fal3iANKBmsPmYI const key2 = await openpgp.readKey({ armoredKey: privateKeyArmored2 }); expect(key2.keyPacket.version).to.equal(6); expect(privateKeyArmored2.indexOf(openpgp.config.commentString) > 0).to.be.true; - expect(key2.users[0].selfCertifications[0].preferredHashAlgorithms[0]).to.equal(config.preferredHashAlgorithm); + expect(key2.directSignatures[0].preferredHashAlgorithms[0]).to.equal(config.preferredHashAlgorithm); } finally { openpgp.config.v6Keys = v6KeysVal; openpgp.config.preferredHashAlgorithm = preferredHashAlgorithmVal;