diff options
Diffstat (limited to 'g10/sign.c')
| -rw-r--r-- | g10/sign.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/g10/sign.c b/g10/sign.c index 017d6800c..9c9b92440 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -266,6 +266,12 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, return G10ERR_TIME_CONFLICT; } + /* For safety, only allow revocation sigs from Elgamal + sign+encrypt keys. Note that this allows for Elgamal + designated revocations as well, but that's arguably a good + thing. */ + if(sk->pubkey_algo==PUBKEY_ALGO_ELGAMAL && sig->sig_class!=0x20) + return G10ERR_UNU_SECKEY; print_pubkey_algo_note(sk->pubkey_algo); |