1 files changed, 29 insertions, 10 deletions

diff --git a/g10/gpg.c b/g10/gpg.c
index d4fbecdbe..1d0b9d09e 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -451,6 +451,7 @@ enum cmd_and_opt_values
     oCompatibilityFlags,
     oAddDesigRevoker,
     oAssertSigner,
+    oAssertPubkeyAlgo,
     oKbxBufferSize,
 
     oNoop
@@ -715,6 +716,7 @@ static gpgrt_opt_t opts[] = {
 #endif
   ARGPARSE_s_s (oAddDesigRevoker, "add-desig-revoker", "@"),
   ARGPARSE_s_s (oAssertSigner,    "assert-signer", "@"),
+  ARGPARSE_s_s (oAssertPubkeyAlgo,"assert-pubkey-algo", "@"),
 
   ARGPARSE_header ("Input", N_("Options controlling the input")),
 
@@ -1044,9 +1046,12 @@ static struct compatibility_flags_s compatibility_flags [] =
 
 /* Can be set to true to force gpg to return with EXIT_FAILURE.  */
 int g10_errors_seen = 0;
-/* If opt.assert_signer_list is used and this variabale is not true
+/* If opt.assert_signer_list is used and this variable is not true
  * gpg will be forced to return EXIT_FAILURE.  */
 int assert_signer_true = 0;
+/* If opt.assert_pubkey_algo is used and this variable is not true
+ * gpg will be forced to return EXIT_FAILURE.  */
+int assert_pubkey_algo_false = 0;
 
 
 static int utf8_strings =
@@ -3770,6 +3775,18 @@ main (int argc, char **argv)
             add_to_strlist (&opt.assert_signer_list, pargs.r.ret_str);
 	    break;
 
+          case oAssertPubkeyAlgo:
+            if (!opt.assert_pubkey_algos)
+              opt.assert_pubkey_algos = xstrdup (pargs.r.ret_str);
+            else
+              {
+                char *tmp = opt.assert_pubkey_algos;
+                opt.assert_pubkey_algos = xstrconcat (tmp, ",",
+                                                      pargs.r.ret_str, NULL);
+                xfree (tmp);
+              }
+	    break;
+
           case oKbxBufferSize:
             keybox_set_buffersize (pargs.r.ret_ulong, 0);
             break;
@@ -5472,6 +5489,17 @@ emergency_cleanup (void)
 void
 g10_exit( int rc )
 {
+  if (rc)
+    ;
+  else if (log_get_errorcount(0))
+    rc = 2;
+  else if (g10_errors_seen)
+    rc = 1;
+  else if (opt.assert_signer_list && !assert_signer_true)
+    rc = 1;
+  else if (opt.assert_pubkey_algos && assert_pubkey_algo_false)
+    rc = 1;
+
   /* If we had an error but not printed an error message, do it now.
    * Note that write_status_failure will never print a second failure
    * status line. */
@@ -5496,15 +5524,6 @@ g10_exit( int rc )
   gnupg_block_all_signals ();
   emergency_cleanup ();
 
-  if (rc)
-    ;
-  else if (log_get_errorcount(0))
-    rc = 2;
-  else if (g10_errors_seen)
-    rc = 1;
-  else if (opt.assert_signer_list && !assert_signer_true)
-    rc = 1;
-
   exit (rc);
 }