security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpg: Allow adding of Additional Decryption Subkeys.

Browse source 
* g10/free-packet.c (copy_public_key): Factor some code out to ...
(copy_public_key_basics): new.
* g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints.
* g10/packet.h (PUBKEY_USAGE_RENC): Fix value.
(SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c.
(SIGNHINT_ADSK): New.
(PKT_public_key): Change pubkey_usage from byte to u16.
(PKT_user_id): Cosmetic fix: change help_key_usage from int to u16.
* g10/getkey.c (parse_key_usage): Make public.
* g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in
account.
* g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK.
(make_keysig_packet): Ditto.
(do_sign): No time warp check in ADSK mode.
* g10/sig-check.c (check_signature_metadata_validity): Ditto.
* g10/keygen.c (struct opaque_data_usage_and_pk): Remove.
(write_keybinding): Do not use the removed struct.
(do_add_key_flags): Support PUBKEY_USAGE_RENC and others.
(keygen_add_key_flags_and_expire): Rewrite and make public.
* g10/keyedit.c (enum cmdids): Add cmdADDADSK.
(keyedit_menu): Add command "addadsk".
(menu_addadsk): New.
--

This makes use of a new encryption flag:

  The "restricted encryption key" (2nd,0x04) does not take part in any
  automatic selection of encryption keys.  It is only found on a
  subkey signature (type 0x18), one that refers to the key the flag
  applies to.

Followup patches will add encryption support and a --quick command.

GnuPG-bug-id: 6395
This commit is contained in:
Werner Koch 2023-03-01 17:22:20 +01:00
parent 1aaadede76
commit 3a18378a92
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
13 changed files with 278 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

9
doc/gpg.texi
View file

@ -1067,6 +1067,15 @@ signing.
"sensitive". If a designated revoker is marked as sensitive, it will
not be exported by default (see export-options).
@item addadsk
@opindex keyedit:addadsk
Add an Additional Decryption Subkey. The user is asked to enter the
fingerprint of another encryption subkey. Note that the exact
fingerprint of another key's encryption subkey needs to be entered.
This is because commonly the primary key has no encryption
capability. Use the option @option{--with-subkey-fingerprint} with
a list command to display the subkey fingerprints.
@item passwd
@opindex keyedit:passwd
Change the passphrase of the secret key.