diff options
| -rw-r--r-- | g10/sig-check.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c index fc6983993..a68e031f6 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -478,8 +478,17 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig, sig->sig_class, pk->pubkey_usage); return rc; } - /* Fixme: Should we also check the signing capability here for data - * signature? */ + + /* For data signatures check that the key has sign usage. */ + if (IS_SIG (sig) && !(pk->pubkey_usage & PUBKEY_USAGE_SIG)) + { + rc = gpg_error (GPG_ERR_WRONG_KEY_USAGE); + if (!opt.quiet) + log_info (_("bad data signature from key %s: %s (0x%02x, 0x%x)\n"), + keystr_from_pk (pk), gpg_strerror (rc), + sig->sig_class, pk->pubkey_usage); + return rc; + } /* Make sure the digest algo is enabled (in case of a detached * signature). */ |