gpg: Allow import of PGP desktop exported secret keys.

* g10/import.c (NODE_TRANSFER_SECKEY): New. (import): Add attic kludge. (transfer_secret_keys): Add arg only_marked. (resync_sec_with_pub_keyblock): Return removed seckeys via new arg r_removedsecs. (import_secret_one): New arg r_secattic. Change to take ownership of arg keyblock. Implement extra secret key import logic. Factor some code out to ... (do_transfer): New. (import_matching_seckeys): New. -- The PGP desktops exported secret keys are really stupid. And they even a have kind of exception in rfc4880 which does not rule that out (section 11.2): [...] Implementations SHOULD include self-signatures on any user IDs and subkeys, as this allows for a complete public key to be automatically extracted from the transferable secret key. Implementations MAY choose to omit the self-signatures, especially if a transferable public key accompanies the transferable secret key. Now if they would only put the public key before the secret key. Anyway we now have a workaround for that ugliness. GnuPG-bug-id: 4392 Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 5205512fc0)
2025-07-02 22:46:30 +02:00 · 2019-03-18 13:07:14 +01:00 · 2019-03-18 13:07:14 +01:00 · 0e73214dd2
commit 0e73214dd2
parent 43b23aa82b
3 changed files with 309 additions and 81 deletions
--- a/g10/main.h
+++ b/g10/main.h
@ -374,7 +374,8 @@ struct impex_filter_parm_s

 const char *impex_filter_getval (void *cookie, const char *propname);
 gpg_error_t transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
-                                  kbnode_t sec_keyblock, int batch, int force);
+                                  kbnode_t sec_keyblock, int batch, int force,
+                                  int only_marked);

 int collapse_uids( KBNODE *keyblock );