From 4c04143d81370d1a1e6006fada1057461b3d3184 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 2 Jan 2024 10:13:16 +0100
Subject: gpg: Choose key from inserted card over a non-inserted card

* g10/call-agent.c (agent_probe_secret_key): Do not return an error
but 0.
* g10/getkey.c (finish_lookup): Improve the selection of secret keys.
--

GnuPG-bug-id: 6831
---
 g10/getkey.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'g10/getkey.c')

diff --git a/g10/getkey.c b/g10/getkey.c
index 21ffd5cfa..d54edcd7f 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3772,6 +3772,13 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
                   continue;
                 }
 
+              if (secret_key_avail < last_secret_key_avail)
+                {
+                  if (DBG_LOOKUP)
+                    log_debug ("\tskipping secret key with lower avail\n");
+                  continue;
+                }
+
               if (secret_key_avail > last_secret_key_avail)
                 {
                   /* Use this key.  */
-- 
cgit v1.2.3