gpg: Fix --default-key checks.

* g10/getkey.c (parse_def_secret_key): Don't just check if a secret key is available for the public key, also consider subkeys. Also check that the key has the signing capability, is not revoked, is not expired and is not disabled. Print a warning if there was a least one value passed to --default-key and all were ignored. -- Signed-off-by: Neal H. Walfield <[email protected]> Regression-due-to: e16d7168
author: Neal H. Walfield <[email protected]> 2015-12-14 11:05:29 +0000
committer: Neal H. Walfield <[email protected]> 2015-12-14 12:02:50 +0000
commit: e573e6188dada4d70f6897aa2fda3c3af8c50441 (patch)
tree: f8361bb274744bfc1980a7af772b086b026737ca /g10/getkey.c
parent: scd: Fix regression for generating RSA keys on card. (diff)
download: gnupg-e573e6188dada4d70f6897aa2fda3c3af8c50441.tar.gz
gnupg-e573e6188dada4d70f6897aa2fda3c3af8c50441.zip
1 files changed, 59 insertions, 3 deletions
diff --git a/g10/getkey.c b/g10/getkey.c
index b09d967f0..16986cb94 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1168,6 +1168,7 @@ parse_def_secret_key (ctrl_t ctrl)
       gpg_error_t err;
       KEYDB_SEARCH_DESC desc;
       KBNODE kb;
+      KBNODE node;
 
       err = classify_user_id (t->d, &desc, 1);
       if (err)
@@ -1208,16 +1209,71 @@ parse_def_secret_key (ctrl_t ctrl)
           continue;
         }
 
-      err = agent_probe_secret_key (ctrl, kb->pkt->pkt.public_key);
+      merge_selfsigs (kb);
+
+      err = gpg_error (GPG_ERR_NO_SECKEY);
+      node = kb;
+      do
+        {
+          PKT_public_key *pk = node->pkt->pkt.public_key;
+
+          /* Check that the key has the signing capability.  */
+          if (! (pk->pubkey_usage & PUBKEY_USAGE_SIG))
+            continue;
+
+          /* Check if the key is valid.  */
+          if (pk->flags.revoked)
+            {
+              if (DBG_LOOKUP)
+                log_debug (_("not using %s as default key, %s"), "revoked");
+              continue;
+            }
+          if (pk->has_expired)
+            {
+              if (DBG_LOOKUP)
+                log_debug (_("not using %s as default key, %s"), "expired");
+              continue;
+            }
+          if (pk_is_disabled (pk))
+            {
+              if (DBG_LOOKUP)
+                log_debug (_("not using %s as default key, %s"), "disabled");
+              continue;
+            }
+
+          err = agent_probe_secret_key (ctrl, pk);
+          if (! err)
+            /* This is a valid key.  */
+            break;
+        }
+      while ((node = find_next_kbnode (node, PKT_PUBLIC_SUBKEY)));
+
       release_kbnode (kb);
-      if (! err)
+      if (err)
+        {
+          if (! warned && ! opt.quiet)
+            {
+              if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)
+                log_info (_("Warning: not using '%s' as default key: %s.\n"),
+                          t->d, gpg_strerror (err));
+              else
+                log_info (_("Warning: not using '%s' as default key: no secret key available: %s\n"),
+                          t->d, gpg_strerror (err));
+            }
+        }
+      else
         {
           if (! warned)
-            log_info (_("using \"%s\" as default secret key\n"), t->d);
+            log_info (_("using \"%s\" as default secret key for signing\n"),
+                      t->d);
           break;
         }
     }
 
+  if (! warned && opt.def_secret_key && ! t)
+    log_info (_("all values passed to '%s' ignored.\n"),
+              "--default-key");
+
   warned = 1;
 
   if (hd)
author	Neal H. Walfield <[email protected]>	2015-12-14 11:05:29 +0000
committer	Neal H. Walfield <[email protected]>	2015-12-14 12:02:50 +0000
commit	e573e6188dada4d70f6897aa2fda3c3af8c50441 (patch)
tree	f8361bb274744bfc1980a7af772b086b026737ca /g10/getkey.c
parent	scd: Fix regression for generating RSA keys on card. (diff)
download	gnupg-e573e6188dada4d70f6897aa2fda3c3af8c50441.tar.gz gnupg-e573e6188dada4d70f6897aa2fda3c3af8c50441.zip