diff options
| author | Werner Koch <[email protected]> | 2020-03-13 16:14:34 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2020-03-13 16:14:34 +0000 |
| commit | 6a4443c8425fd548020553b22d5a16ffad98371f (patch) | |
| tree | 75da2b6c4ce956ef3923abef180ba079a40d770e /g10/packet.h | |
| parent | gpg: New option --include-key-block. (diff) | |
| download | gnupg-6a4443c8425fd548020553b22d5a16ffad98371f.tar.gz gnupg-6a4443c8425fd548020553b22d5a16ffad98371f.zip | |
gpg: Make use of the included key block in a signature.
* g10/import.c (read_key_from_file): Rename to ...
(read_key_from_file_or_buffer): this and add new parameters. Adjust
callers.
(import_included_key_block): New.
* g10/packet.h (PKT_signature): Add field flags.key_block.
* g10/parse-packet.c (parse_signature): Set that flags.
* g10/sig-check.c (check_signature2): Add parm forced_pk and change
all callers.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Try the included key block if no key is
available.
--
This is is the second part to support the new Key Block subpacket.
The idea is that after having received a signed mail, it is instantly
possible to reply encrypted - without the need for any centralized
infrastructure.
There is one case where this does not work: A signed mail is received
using a specified signer ID (e.g. using gpg --sender option) and the
key block with only that user ID is thus imported. The next time a
mail is received using the same key but with a different user ID; the
signatures checks out using the key imported the last time. However,
the new user id is not imported. Now when trying to reply to that
last mail, no key will be found. We need to see whether we can update
a key in such a case.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/packet.h')
| -rw-r--r-- | g10/packet.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/g10/packet.h b/g10/packet.h index db4945237..5c0de577c 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -224,6 +224,7 @@ typedef struct unsigned policy_url:1; /* At least one policy URL is present */ unsigned notation:1; /* At least one notation is present */ unsigned pref_ks:1; /* At least one preferred keyserver is present */ + unsigned key_block:1; /* A key block subpacket is present. */ unsigned expired:1; unsigned pka_tried:1; /* Set if we tried to retrieve the PKA record. */ } flags; @@ -909,10 +910,11 @@ int check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest); * R_PK is not NULL, it is stored at RET_PK.) DIGEST contains a * valid hash context that already includes the signed data. This * function adds the relevant meta-data to the hash before finalizing - * it and verifying the signature. */ + * it and verifying the signature. FOCRED_PK is usually NULL. */ gpg_error_t check_signature2 (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest, const void *extrahash, size_t extrahashlen, + PKT_public_key *forced_pk, u32 *r_expiredate, int *r_expired, int *r_revoked, PKT_public_key **r_pk); |