diff options
| author | Werner Koch <wk@gnupg.org> | 2023-05-25 16:43:37 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2023-05-25 16:43:44 +0200 |
| commit | 9f2f7a51b2430056168363828722afc6c7488946 (patch) | |
| tree | 463ad4f56832eadc2b58dcf000aaf67d21a83266 | |
| parent | gpg: Fix searching for the ADSK key when adding an ADSK. (diff) | |
| download | gnupg2-9f2f7a51b2430056168363828722afc6c7488946.tar.xz gnupg2-9f2f7a51b2430056168363828722afc6c7488946.zip | |
gpg: Skip keys found via ADSKs.
* g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK.
* g10/getkey.c (finish_lookup): Skip ADKS keys.
--
If a key is searched by fingerprint or keyid and it happens that this
is an ADSK (subkey with the RENC usage), we need to skip this key
because it is not the key we actually want to encrypt to. The actual
ADSK key is taken later by looking at all subkeys of the actual
selected key.
This is related to
GnuPG-bug-id: 6504
| -rw-r--r-- | g10/encrypt.c | 6 | ||||
| -rw-r--r-- | g10/getkey.c | 37 |
2 files changed, 28 insertions, 15 deletions
diff --git a/g10/encrypt.c b/g10/encrypt.c index 687b4344e..ff1c6be85 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -1171,6 +1171,12 @@ write_pubkey_enc (ctrl_t ctrl, if ( opt.verbose ) { char *ustr = get_user_id_string_native (ctrl, enc->keyid); + if ((pk->pubkey_usage & PUBKEY_USAGE_RENC)) + { + char *tmpustr = xstrconcat (ustr, " [ADSK]", NULL); + xfree (ustr); + ustr = tmpustr; + } log_info (_("%s/%s.%s encrypted for: \"%s\"\n"), openpgp_pk_algo_name (enc->pubkey_algo), openpgp_cipher_algo_name (dek->algo), diff --git a/g10/getkey.c b/g10/getkey.c index 68d7ee61d..21ffd5cfa 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3640,24 +3640,31 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact, log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY); /* For an exact match mark the primary or subkey that matched the - low-level search criteria. */ - if (want_exact) + * low-level search criteria. Use this loop also to sort our keys + * found using an ADSK fingerprint. */ + for (k = keyblock; k; k = k->next) { - for (k = keyblock; k; k = k->next) - { - if ((k->flag & 1)) - { - log_assert (k->pkt->pkttype == PKT_PUBLIC_KEY - || k->pkt->pkttype == PKT_PUBLIC_SUBKEY); - foundk = k; + if ((k->flag & 1) && (k->pkt->pkttype == PKT_PUBLIC_KEY + || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)) + { + if (want_exact) + { + if (DBG_LOOKUP) + log_debug ("finish_lookup: exact search requested and found\n"); + foundk = k; pk = k->pkt->pkt.public_key; pk->flags.exact = 1; - break; - } - } - if (DBG_LOOKUP) - log_debug ("finish_lookup: exact search requested: %sfound\n", - foundk? "":"not "); + break; + } + else if ((k->pkt->pkt.public_key->pubkey_usage == PUBKEY_USAGE_RENC)) + { + if (DBG_LOOKUP) + log_debug ("finish_lookup: found via ADSK - not selected\n"); + if (r_flags) + *r_flags |= LOOKUP_NOT_SELECTED; + return NULL; /* Not found. */ + } + } } /* Get the user id that matched that low-level search criteria. */ |