core: Add key capability flags has_encrypt etc.

* src/gpgme.h.in (struct _gpgme_key): Add flags has_encrypt,
has_certify, has_sign, and has_authenticate.
* src/keylist.c (finish_key): Set these flags.
* tests/run-keylist.c (main): Print them.
--

GnuPG-bug-id: 6748
This commit is contained in:
Werner Koch 2023-10-05 14:10:01 +02:00
parent 349a69b5ea
commit b63d203d3b
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
5 changed files with 79 additions and 11 deletions

6
NEWS
View File

@ -5,11 +5,17 @@ Noteworthy changes in version 1.23.0 (unreleased)
* New keylist mode GPGME_KEYLIST_MODE_WITH_V5FPR. [T6705]
* New key capability flags has_*. [T6748]
* qt: Support refreshing keys via WKD. [T6672]
* Interface changes relative to the 1.22.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPGME_KEYLIST_MODE_WITH_V5FPR NEW.
gpgme_key_t EXTENDED: New field has_encrypt.
gpgme_key_t EXTENDED: New field has_sign.
gpgme_key_t EXTENDED: New field has_certify.
gpgme_key_t EXTENDED: New field has_authenticate.
qt: Protocol::wkdRefreshJob NEW.
qt: WKDRefreshJob NEW.

View File

@ -3461,22 +3461,47 @@ listings if the key could not be validated due to missing
certificates or unmatched policies.
@item unsigned int can_encrypt : 1
This is true if the key (ie one of its subkeys) can be used for
encryption.
This is true if the key or one of its subkeys can be used for
encryption and the encryption will likely succeed.
@item unsigned int can_sign : 1
This is true if the key (ie one of its subkeys) can be used to create
data signatures.
This is true if the key or one of its subkeys can be used to create
data signatures and the signing will likely succeed.
@item unsigned int can_certify : 1
This is true if the key (ie one of its subkeys) can be used to create
This is true if the key or one of its subkeys can be used to create
key certificates.
@item unsigned int can_authenticate : 1
@since{0.4.5}
This is true if the key (ie one of its subkeys) can be used for
authentication.
authentication and the authentication will likely succeed.
@item unsigned int has_encrypt : 1
@since{1.23.0}
This is true if the key or one of its subkeys is capable of encryption.
Note that this flag is set even if the key is expired.
@item unsigned int has_sign : 1
@since{1.23.0}
This is true if the key or one of its subkeys is capable of signing.
Note that this flag is set even if the key is expired.
@item unsigned int has_certify : 1
@since{1.23.0}
This is true if the key or one of its subkeys is capable of signing.
Note that this flag is set even if the key is expired.
@item unsigned int has_authenticate : 1
@since{1.23.0}
This is true if the key or one of its subkeys is capable of
authentication. Note that this flag is set even if the key is
expired.
@item unsigned int is_qualified : 1
@since{1.1.0}

View File

@ -800,8 +800,20 @@ struct _gpgme_key
/* True if subkey is qualified for signatures according to German law. */
unsigned int is_qualified : 1;
/* True if key has at least one encryption subkey. */
unsigned int has_encrypt : 1;
/* True if key has at least one signing subkey. */
unsigned int has_sign : 1;
/* True if key has a certification capability. */
unsigned int has_certify : 1;
/* True if key has at least one authentication subkey. */
unsigned int has_authenticate : 1;
/* Internal to GPGME, do not use. */
unsigned int _unused : 17;
unsigned int _unused : 13;
/* Origin of this key. */
unsigned int origin : 5;

View File

@ -563,6 +563,26 @@ static void
finish_key (gpgme_ctx_t ctx, op_data_t opd)
{
gpgme_key_t key = opd->tmp_key;
gpgme_subkey_t subkey;
/* Set the has_foo flags from the subkey capabilities. */
if (key)
{
/* Note that we could have set has_certify always for OpenPGP
* but for X.509 a key is often not allowed to certify and thus
* we better take it from the subkey capabilities. */
for (subkey = key->subkeys; subkey; subkey = subkey->next)
{
if (subkey->can_encrypt)
key->has_encrypt = 1;
if (subkey->can_sign)
key->has_sign = 1;
if (subkey->can_certify)
key->has_certify = 1;
if (subkey->can_authenticate)
key->has_authenticate = 1;
}
}
opd->tmp_key = NULL;
opd->tmp_uid = NULL;

View File

@ -291,11 +291,16 @@ main (int argc, char **argv)
int nsigs;
printf ("keyid : %s\n", key->subkeys?nonnull (key->subkeys->keyid):"?");
printf ("caps : %s%s%s%s\n",
printf ("can_cap : %s%s%s%s\n",
key->can_encrypt? "e":"",
key->can_sign? "s":"",
key->can_certify? "c":"",
key->can_authenticate? "a":"");
printf ("has_cap : %s%s%s%s\n",
key->has_encrypt? "e":"",
key->has_sign? "s":"",
key->has_certify? "c":"",
key->has_authenticate? "a":"");
printf ("flags :%s%s%s%s%s%s%s%s\n",
key->secret? " secret":"",
key->revoked? " revoked":"",