diff options
| author | Werner Koch <[email protected]> | 2025-05-05 13:52:08 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-05-05 14:01:10 +0000 |
| commit | bfd320abfeaf0c7a16af3057279c77a45bfa961a (patch) | |
| tree | f5d006d0bd9eeb672bafe6c4ec17a5756c66cadf /src/engine-gpg.c | |
| parent | Mark the subkey used to find a key. (diff) | |
| download | gpgme-bfd320abfeaf0c7a16af3057279c77a45bfa961a.tar.gz gpgme-bfd320abfeaf0c7a16af3057279c77a45bfa961a.zip | |
Allow signing using an exactly specified subkey.
* src/engine-gpg.c (append_args_from_signers): Detect exactly
specified keys and apped the '!' suffix.
--
Due to the ABI break which removed long long deprecated functions we
can also risk to introduce a slight semantic change in the way signer
keys are specified. The change is that iff a subkey-fingerprint with
the '!' suffix was used to lookup a signer's key we now use this
specific subkey and not any key gpg considers to be a good signing
subkey. Most people would have considered the old behaviour anyway as
a bug because it differs from what gpg uses at the command line.
GnuPG-bug-id: 3325
Suggested-by: Benjamin Kibbey
Diffstat (limited to 'src/engine-gpg.c')
| -rw-r--r-- | src/engine-gpg.c | 38 |
1 files changed, 30 insertions, 8 deletions
diff --git a/src/engine-gpg.c b/src/engine-gpg.c index c0391d11..eeb09c7b 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2103,17 +2103,39 @@ append_args_from_signers (engine_gpg_t gpg, gpgme_ctx_t ctx /* FIXME */) gpgme_error_t err = 0; int i; gpgme_key_t key; + gpgme_subkey_t subkey; + const char *s; for (i = 0; (key = gpgme_signers_enum (ctx, i)); i++) { - const char *s = key->subkeys ? key->subkeys->keyid : NULL; - if (s) - { - if (!err) - err = add_arg (gpg, "-u"); - if (!err) - err = add_arg (gpg, s); - } + if (key->subkeys) + { + /* First check whether any subkey has the subkey_match set + * and use that one. If that is not the case we use the + * fingerprint of the primary key or if that does not exist + * the keyid. */ + for (subkey = key->subkeys; subkey; subkey = subkey->next) + if (subkey->subkey_match) + break; + if (subkey && subkey->fpr) + { + if (!err) + err = add_arg (gpg, "-u"); + if (!err) + err = add_arg_pfx (gpg, subkey->fpr, "!"); + } + else + { + subkey = key->subkeys; /* Reset to the primary key. */ + if ((s=subkey->fpr) || (s=subkey->keyid)) + { + if (!err) + err = add_arg (gpg, "-u"); + if (!err) + err = add_arg (gpg, s); + } + } + } gpgme_key_unref (key); if (err) break; |