security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Do not allow to accidently set the RENC usage. 

* g10/keygen.c (print_key_flags): Print "RENC" if set.
(ask_key_flags_with_mask): Remove RENC from the possible set of
usages.  Add a direct way to set it iff the key is encryption capable.
--

This could be done by using "set your own capabilities" for an RSA
key.  In fact it was always set in this case.

GnuPG-bug-id: 7072
This commit is contained in:
Werner Koch 2024-04-04 16:39:14 +02:00
parent 72c5c70871
commit 1f31dc6200
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
g10/keygen.c
View File

@ -1859,6 +1859,9 @@ print_key_flags(int flags)
if(flags&PUBKEY_USAGE_AUTH)
tty_printf("%s ",_("Authenticate"));
if(flags&PUBKEY_USAGE_RENC)
tty_printf("%s ", "RENC");
}
@ -1892,8 +1895,11 @@ ask_key_flags_with_mask (int algo, int subkey, unsigned int current,
}
/* Mask the possible usage flags. This is for example used for a
* card based key. */
* card based key. For ECDH we need to allows additional usages if
* they are provided. RENC is not directly poissible here but see
* below for a workaround. */
possible = (openpgp_pk_algo_usage (algo) & mask);
possible &= ~PUBKEY_USAGE_RENC;
/* However, only primary keys may certify. */
if (subkey)
@ -1956,6 +1962,12 @@ ask_key_flags_with_mask (int algo, int subkey, unsigned int current,
want to experiment with a cert-only primary key. */
current |= PUBKEY_USAGE_CERT;
}
else if ((*s == 'r' || *s == 'R') && (possible&PUBKEY_USAGE_ENC))
{
/* Allow to set RENC or an encryption capable key.
* This is on purpose not shown in the menu. */
current |= PUBKEY_USAGE_RENC;
}
}
break;
}