gpg: Allow import of PGP desktop exported secret keys.

* g10/import.c (NODE_TRANSFER_SECKEY): New. (import): Add attic kludge. (transfer_secret_keys): Add arg only_marked. (resync_sec_with_pub_keyblock): Return removed seckeys via new arg r_removedsecs. (import_secret_one): New arg r_secattic. Change to take ownership of arg keyblock. Implement extra secret key import logic. Factor some code out to ... (do_transfer): New. (import_matching_seckeys): New. -- The PGP desktops exported secret keys are really stupid. And they even a have kind of exception in rfc4880 which does not rule that out (section 11.2): [...] Implementations SHOULD include self-signatures on any user IDs and subkeys, as this allows for a complete public key to be automatically extracted from the transferable secret key. Implementations MAY choose to omit the self-signatures, especially if a transferable public key accompanies the transferable secret key. Now if they would only put the public key before the secret key. Anyway we now have a workaround for that ugliness. GnuPG-bug-id: 4392 Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2019-03-18 13:07:14 +01:00 · 2019-03-18 13:07:14 +01:00 · 5205512fc0
commit 5205512fc0
parent f799e9728b
3 changed files with 309 additions and 81 deletions
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -1894,7 +1894,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
 	    node = new_kbnode (pkt);

            /* Transfer it to gpg-agent which handles secret keys.  */
-            err = transfer_secret_keys (ctrl, NULL, node, 1, 1);
+            err = transfer_secret_keys (ctrl, NULL, node, 1, 1, 0);

            /* Treat the pkt as a public key.  */
            pkt->pkttype = PKT_PUBLIC_KEY;