1 files changed, 14 insertions, 7 deletions

diff --git a/g10/getkey.c b/g10/getkey.c
index c13d96dfb..7eda9384c 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1255,12 +1255,14 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
     p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
     if ( p && n ) {
         /* first octet of the keyflags */   
-        if ( (*p & 3) )
+        if ( (*p & 0x03) )
             uid->help_key_usage |= PUBKEY_USAGE_SIG;
-        if ( (*p & 12) )    
+        if ( (*p & 0x0c) )    
             uid->help_key_usage |= PUBKEY_USAGE_ENC;
         /* Note: we do not set the CERT flag here because it can be assumed
          * that thre is no real policy to set it. */
+        if ( (*p & 0x20) )    
+            uid->help_key_usage |= PUBKEY_USAGE_AUTH;
     }
 
     /* ditto or the key expiration */
@@ -1468,10 +1470,12 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
         p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
         if ( p && n ) {
             /* first octet of the keyflags */   
-            if ( (*p & 3) )
+            if ( (*p & 0x03) )
                 key_usage |= PUBKEY_USAGE_SIG;
-            if ( (*p & 12) )    
+            if ( (*p & 0x0c) )    
                 key_usage |= PUBKEY_USAGE_ENC;
+            if ( (*p & 0x20) )    
+                key_usage |= PUBKEY_USAGE_AUTH;
         }
 
 	p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
@@ -1858,10 +1862,12 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
     p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
     if ( p && n ) {
         /* first octet of the keyflags */   
-        if ( (*p & 3) )
+        if ( (*p & 0x03) )
             key_usage |= PUBKEY_USAGE_SIG;
-        if ( (*p & 12) )    
+        if ( (*p & 0x0c) )    
             key_usage |= PUBKEY_USAGE_ENC;
+        if ( (*p & 0x20) )    
+            key_usage |= PUBKEY_USAGE_AUTH;
     }
     if ( !key_usage ) { /* no key flags at all: get it from the algo */
         key_usage = openpgp_pk_algo_usage ( subpk->pubkey_algo );
@@ -2059,7 +2065,8 @@ premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
                             /* The secret parts are not available so
                                we can't use that key for signing etc.
                                Fix the pubkey usage */
-                            pk->pubkey_usage &= ~PUBKEY_USAGE_SIG;
+                            pk->pubkey_usage &= ~(PUBKEY_USAGE_SIG
+                                                  |PUBKEY_USAGE_AUTH);
                         }
                         /* transfer flag bits 0 and 1 to the pubblock */
                         pub->flag |= (sec->flag &3);