gpg: Choose key from inserted card over a non-inserted card

* g10/call-agent.c (agent_probe_secret_key): Do not return an error but 0. * g10/getkey.c (finish_lookup): Improve the selection of secret keys. -- GnuPG-bug-id: 6831
2024-01-02 10:13:16 +01:00 · 2024-01-02 10:13:16 +01:00 · 4c04143d81
parent 591a53d716
commit 4c04143d81
2 changed files with 17 additions and 3 deletions
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@ -2226,7 +2226,14 @@ keyinfo_status_cb (void *opaque, const char *line)


 /* Ask the agent whether a secret key for the given public key is
-   available.  Returns 0 if not available.  Bigger value is preferred.  */
+ * available.  Returns 0 if not available.  Bigger value is preferred.
+ * Will never return a value less than 0.   Defined return values are:
+ *  0 := No key or error
+ *  1 := Key available
+ *  2 := Key available on a smartcard
+ *  3 := Key available and passphrase cached
+ *  4 := Key available on current smartcard
+ */
 int
 agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
 {
@ -2240,11 +2247,11 @@ agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)

  err = start_agent (ctrl, 0);
  if (err)
-    return err;
+    return 0;

  err = hexkeygrip_from_pk (pk, &hexgrip);
  if (err)
-    return err;
+    return 0;

  snprintf (line, sizeof line, "KEYINFO %s", hexgrip);
  xfree (hexgrip);
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -3772,6 +3772,13 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
                  continue;
                }

+              if (secret_key_avail < last_secret_key_avail)
+                {
+                  if (DBG_LOOKUP)
+                    log_debug ("\tskipping secret key with lower avail\n");
+                  continue;
+                }
+
              if (secret_key_avail > last_secret_key_avail)
                {
                  /* Use this key.  */