From f799e9728bcadb3d4148a47848c78c5647860ea4 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 15 Mar 2019 19:50:37 +0100 Subject: gpg: Avoid importing secret keys if the keyblock is not valid. * g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by new field TAG. * g10/kbnode.c (alloc_node): Change accordingly. * g10/import.c (import_one): Add arg r_valid. (sec_to_pub_keyblock): Set tags. (resync_sec_with_pub_keyblock): New. (import_secret_one): Change return code to gpg_error_t. Return an error code if sec_to_pub_keyblock failed. Resync secret keyblock. -- When importing an invalid secret key ring for example without key binding signatures or no UIDs, gpg used to let gpg-agent store the secret keys anyway. This is clearly a bug because the diagnostics before claimed that for example the subkeys have been skipped. Importing the secret key parameters then anyway is surprising in particular because a gpg -k does not show the key. After importing the public key the secret keys suddenly showed up. This changes the behaviour of GnuPG-bug-id: 4392 to me more consistent but is not a solution to the actual bug. Caution: The ecc.scm test now fails because two of the sample keys don't have binding signatures. Signed-off-by: Werner Koch --- g10/pubkey-enc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'g10/pubkey-enc.c') diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index e0a6e8ae1..055c39b8f 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -117,7 +117,7 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek) * - On-card keys of an active card * - On-disk keys with protection * - On-card keys from cards which are not plugged it. Here a - * cancel-all button should stop aksing for other cards. + * cancel-all button should stop asking for other cards. * Without any anonymous keys the sorting can be skipped. */ for (k = list; k; k = k->next) -- cgit v1.2.3