diff options
| author | Werner Koch <[email protected]> | 2023-05-25 14:43:37 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2023-05-25 14:54:29 +0000 |
| commit | a391d8f4be4e701e0859c0946b61e7ec8e0d973f (patch) | |
| tree | dbbce63dc165c29138ad2771f816aedba23c8e1f | |
| parent | w32: Add missing manifests and set a requestedExecutionLevel. (diff) | |
| download | gnupg-a391d8f4be4e701e0859c0946b61e7ec8e0d973f.tar.gz gnupg-a391d8f4be4e701e0859c0946b61e7ec8e0d973f.zip | |
gpg: Skip keys found via ADSKs.
* g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK.
* g10/getkey.c (finish_lookup): Skip ADKS keys.
--
If a key is searched by fingerprint or keyid and it happens that this
is an ADSK (subkey with the RENC usage), we need to skip this key
because it is not the key we actually want to encrypt to. The actual
ADSK key is taken later by looking at all subkeys of the actual
selected key.
This is related to
GnuPG-bug-id: 6504
| -rw-r--r-- | g10/encrypt.c | 6 | ||||
| -rw-r--r-- | g10/getkey.c | 34 |
2 files changed, 28 insertions, 12 deletions
diff --git a/g10/encrypt.c b/g10/encrypt.c index d84596939..d8f7e9eae 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -1164,6 +1164,12 @@ write_pubkey_enc (ctrl_t ctrl, if ( opt.verbose ) { char *ustr = get_user_id_string_native (ctrl, enc->keyid); + if ((pk->pubkey_usage & PUBKEY_USAGE_RENC)) + { + char *tmpustr = xstrconcat (ustr, " [ADSK]", NULL); + xfree (ustr); + ustr = tmpustr; + } log_info (_("%s/%s.%s encrypted for: \"%s\"\n"), openpgp_pk_algo_name (enc->pubkey_algo), openpgp_cipher_algo_name (dek->algo), diff --git a/g10/getkey.c b/g10/getkey.c index 7822fd109..a72545a71 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3696,21 +3696,31 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact, log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY); /* For an exact match mark the primary or subkey that matched the - low-level search criteria. */ - if (want_exact) + * low-level search criteria. Use this loop also to sort our keys + * found using an ADSK fingerprint. */ + for (k = keyblock; k; k = k->next) { - for (k = keyblock; k; k = k->next) - { - if ((k->flag & 1)) - { - log_assert (k->pkt->pkttype == PKT_PUBLIC_KEY - || k->pkt->pkttype == PKT_PUBLIC_SUBKEY); - foundk = k; + if ((k->flag & 1) && (k->pkt->pkttype == PKT_PUBLIC_KEY + || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)) + { + if (want_exact) + { + if (DBG_LOOKUP) + log_debug ("finish_lookup: exact search requested and found\n"); + foundk = k; pk = k->pkt->pkt.public_key; pk->flags.exact = 1; - break; - } - } + break; + } + else if ((k->pkt->pkt.public_key->pubkey_usage == PUBKEY_USAGE_RENC)) + { + if (DBG_LOOKUP) + log_debug ("finish_lookup: found via ADSK - not selected\n"); + if (r_flags) + *r_flags |= LOOKUP_NOT_SELECTED; + return NULL; /* Not found. */ + } + } } /* Get the user id that matched that low-level search criteria. */ |