* pubkey-enc.c (get_session_key): With hidden recipients or try a given

passphrase against all secret keys rather than trying all secret keys in turn. Don't if --try-all-secrets or --status-fd is enabled. * passphrase.c (passphrase_to_dek): Mode 1 means do a regular passphrase query, but don't prompt with the key info. * seckey-cert.c (do_check, check_secret_key): A negative ask count means to enable passphrase mode 1. * keydb.h, getkey.c (enum_secret_keys): Add flag to include secret-parts-missing keys (or not) in the list.
2025-07-02 22:46:30 +02:00 · 2002-11-06 16:58:28 +00:00 · 2002-11-06 16:58:28 +00:00 · 3cb4118b6c
commit 3cb4118b6c
parent ec0d9a416e
6 changed files with 57 additions and 13 deletions
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@ -935,7 +935,8 @@ passphrase_clear_cache ( u32 *keyid, int algo )
 /****************
 * Get a passphrase for the secret key with KEYID, display TEXT
 * if the user needs to enter the passphrase.
- * mode 0 = standard, 2 = create new passphrase
+ * mode 0 = standard, 1 = same but don't show key info,
+ *      2 = create new passphrase
 * Returns: a DEK with a session key; caller must free
 *	    or NULL if the passphrase was not correctly repeated.
 *	    (only for mode 2)
@ -996,7 +997,7 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
 	}
    }

-    if( keyid && !opt.batch && !next_pw ) {
+    if( keyid && !opt.batch && !next_pw && mode!=1 ) {
 	PKT_public_key *pk = m_alloc_clear( sizeof *pk );
 	size_t n;
 	char *p;