* keygen.c (do_add_key_flags, parse_parameter_usage)

(do_generate_keypair): Add support the proposed AUTH key flag. * getkey.c (fixup_uidnode, merge_selfsigs_main) (merge_selfsigs_subkey, premerge_public_with_secret): Ditto. * keylist.c (print_capabilities): Ditto.
2025-07-02 22:46:30 +02:00 · 2003-09-05 07:40:18 +00:00 · 2003-09-05 07:40:18 +00:00 · 3598504854
commit 3598504854
parent 936250aac9
6 changed files with 49 additions and 17 deletions
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1255,12 +1255,14 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
    p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
    if ( p && n ) {
        /* first octet of the keyflags */   
-        if ( (*p & 3) )
+        if ( (*p & 0x03) )
            uid->help_key_usage |= PUBKEY_USAGE_SIG;
-        if ( (*p & 12) )    
+        if ( (*p & 0x0c) )    
            uid->help_key_usage |= PUBKEY_USAGE_ENC;
        /* Note: we do not set the CERT flag here because it can be assumed
         * that thre is no real policy to set it. */
+        if ( (*p & 0x20) )    
+            uid->help_key_usage |= PUBKEY_USAGE_AUTH;
    }

    /* ditto or the key expiration */
@ -1468,10 +1470,12 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
        p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
        if ( p && n ) {
            /* first octet of the keyflags */   
-            if ( (*p & 3) )
+            if ( (*p & 0x03) )
                key_usage |= PUBKEY_USAGE_SIG;
-            if ( (*p & 12) )    
+            if ( (*p & 0x0c) )    
                key_usage |= PUBKEY_USAGE_ENC;
+            if ( (*p & 0x20) )    
+                key_usage |= PUBKEY_USAGE_AUTH;
        }

 	p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
@ -1858,10 +1862,12 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
    p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
    if ( p && n ) {
        /* first octet of the keyflags */   
-        if ( (*p & 3) )
+        if ( (*p & 0x03) )
            key_usage |= PUBKEY_USAGE_SIG;
-        if ( (*p & 12) )    
+        if ( (*p & 0x0c) )    
            key_usage |= PUBKEY_USAGE_ENC;
+        if ( (*p & 0x20) )    
+            key_usage |= PUBKEY_USAGE_AUTH;
    }
    if ( !key_usage ) { /* no key flags at all: get it from the algo */
        key_usage = openpgp_pk_algo_usage ( subpk->pubkey_algo );
@ -2059,7 +2065,8 @@ premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
                            /* The secret parts are not available so
                               we can't use that key for signing etc.
                               Fix the pubkey usage */
-                            pk->pubkey_usage &= ~PUBKEY_USAGE_SIG;
+                            pk->pubkey_usage &= ~(PUBKEY_USAGE_SIG
+                                                  |PUBKEY_USAGE_AUTH);
                        }
                        /* transfer flag bits 0 and 1 to the pubblock */
                        pub->flag |= (sec->flag &3);