See ChangeLog: Thu Sep 14 17:45:11 CEST 2000 Werner Koch

g10/ChangeLog

@@ -1,3 +1,11 @@
+Thu Sep 14 17:45:11 CEST 2000  Werner Koch  <wk@openit.de>
+
+        * parse-packet.c (dump_sig_subpkt): Dump key flags. Print special
+        warning in case of faked ARRs.
+
+        * getkey.c (finsih_lookup): Hack so that for v4 RSA keys the subkey
+        is used for encryption.
+
 Thu Sep 14 14:20:38 CEST 2000  Werner Koch  <wk@openit.de>
 
         * g10.c (main): Default S2K algorithms are now SHA1 and CAST5 - this

g10/getkey.c

@@ -1598,7 +1598,40 @@ finish_lookup( KBNODE keyblock, PKT_public_key *pk, KBNODE k, byte *namehash,
 	merge_one_pk_and_selfsig( keyblock, keyblock, pk );
     }
     else {
-	if( primary && pk->pubkey_usage
+	if( primary && pk->pubkey_usage == PUBKEY_USAGE_ENC
+            && keyblock->pkt->pkt.public_key->version > 3
+            && keyblock->pkt->pkt.public_key->pubkey_algo == PUBKEY_ALGO_RSA
+            && k->pkt->pkttype == PKT_PUBLIC_KEY ) {
+	    /* Ugly hack to support v4 RSA keys.  Here we assume that the
+               primary key should be used only for signing and a subkey
+               should be used for encryption.  So now look for a subkey.
+            */
+            KBNODE save_k = k;
+	    u32 mainkid[2];
+	    u32 cur_time = make_timestamp();
+
+	    keyid_from_pk( keyblock->pkt->pkt.public_key, mainkid );
+
+            for(k = save_k ; k; k = k->next ) {
+                if( k->pkt->pkttype == PKT_PUBLIC_SUBKEY
+                    && !check_pubkey_algo2(
+                        k->pkt->pkt.public_key->pubkey_algo,
+                        pk->pubkey_usage )
+                    && !has_expired( k, mainkid, cur_time )
+                    )
+                    break;
+            }
+	    
+	    if( !k )
+		k = save_k; /* not found: better use the main key instead */
+	    else
+		log_info(_("using secondary key %08lX "
+			   "instead of primary key %08lX\n"),
+		      (ulong)keyid_from_pk( k->pkt->pkt.public_key, NULL),
+		      (ulong)keyid_from_pk( save_k->pkt->pkt.public_key, NULL)
+			);
+	}
+	else if( primary && pk->pubkey_usage
 	    && check_pubkey_algo2( k->pkt->pkt.public_key->pubkey_algo,
 		       pk->pubkey_usage ) == G10ERR_WR_PUBKEY_ALGO ) {
 	    /* if the usage is not correct, try to use a subkey */

g10/parse-packet.c

@@ -702,6 +702,18 @@ dump_sig_subpkt( int hashed, int type, int critical,
     const char *p=NULL;
     int i;
 
+    /* The CERT has warning out with explains how to use GNUPG to
+     * detect the ARRs - we print our old message here when it is a faked
+     * ARR and add an additional notice */
+    if ( type == SIGSUBPKT_ARR && !hashed ) {
+        printf("\tsubpkt %d len %u (additional recipient request)\n"
+               "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically "
+               "encrypt to this key and thereby reveal the plaintext to "
+               "the owner of this ARR key. Detailed info follows:\n",
+               type, (unsigned)length );
+    }
+    
+   
     printf("\t%s%ssubpkt %d len %u (", /*)*/
 	      critical ? "critical ":"",
 	      hashed ? "hashed ":"", type, (unsigned)length );
@@ -808,7 +820,9 @@ dump_sig_subpkt( int hashed, int type, int critical,
 	print_string( stdout, buffer, length, ')' );
 	break;
       case SIGSUBPKT_KEY_FLAGS:
-	p = "key flags";
+        fputs ( "key flags:", stdout );
+        for( i=0; i < length; i++ )
+            printf(" %02X", buffer[i] );
 	break;
       case SIGSUBPKT_SIGNERS_UID:
 	p = "signer's user ID";