gpg: Support key flags for RENC, TIME, and GROUP.

* g10/packet.h (PUBKEY_USAGE_RENC): New. (PUBKEY_USAGE_TIME): New. (PUBKEY_USAGE_GROUP): New. * g10/getkey.c (parse_key_usage): Set the new key flags. * g10/keyedit.c (show_key_with_all_names_colon): Show the new key flags. * g10/keyid.c (usagestr_from_pk): Ditto * g10/keylist.c (print_capabilities): Ditto. * g10/keygen.c (parse_usagestr): Parse line and set new flags. (quickgen_set_para): Show flags. -- See draft-koch-openpgp-2015-rfc4880bis-00 for the current version. Actually these flags have been in the draft for years now. This patch is a first step to make use of them.
2025-07-02 22:46:30 +02:00 · 2022-09-07 10:34:05 +02:00 · 2022-09-07 10:34:05 +02:00 · 0988e49c45
commit 0988e49c45
parent dc9227ca57
7 changed files with 70 additions and 3 deletions
--- a/doc/DETAILS
+++ b/doc/DETAILS
@ -193,6 +193,9 @@ described here.
    - s :: Sign
    - c :: Certify
    - a :: Authentication
+    - r :: Restricted encryption (subkey only use)
+    - t :: Timestamping
+    - g :: Group key
    - ? :: Unknown capability

    A key may have any combination of them in any order.  In addition
@ -1688,6 +1691,20 @@ Description of some debug flags:
                 calculate a RMD160 hash value from it. This is used
                 as the fingerprint and the low 64 bits are the keyid.

+** gnupg.org notations
+
+  - adsk@gnupg.org :: Additional decryption subkey.  This notation
+                      gives a list of keys an implementation SHOULD
+                      also encrypt to.  The data consists of an array
+                      of eight-octet numbers holding the Key ID of an
+                      encryption subkey.  This notation is only valid
+                      on an encryption subkey (i.e. with first octet
+                      of the key flags 0x04 or 0x08).  Subkeys not on
+                      the same keyblock MUST NOT be considered.  For
+                      interoperability this notation SHOULD NOT be
+                      marked as criticial.  Due to its nature it MUST
+                      NOT be marked as human readable.
+
 ** Simplified revocation certificates
  Revocation certificates consist only of the signature packet;
  "--import" knows how to handle this.  The rationale behind it is to