gpg: Allow the use of an ADSK subkey as ADSK subkey.

* g10/packet.h (PKT_public_key): Increased size of req_usage to 16. * g10/getkey.c (key_byname): Set allow_adsk in the context if ir was requested via req_usage. (finish_lookup): Allow RENC usage matching. * g10/keyedit.c (append_adsk_to_key): Adjust the assert. * g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey. -- If an ADSK is to be added it may happen that an ADSK subkey is found first and this should then be used even that it does not have the E usage. However, it used to have that E usage when it was added. While testing this I found another pecularity: If you do gpg -k ADSK_SUBKEY_FPR without the '!' suffix and no corresponding encryption subkey is dound, you will get an unusabe key error. I hesitate to fix that due to possible side-effects. GnuPG-bug-id: 6882 Backported-from-master: d30e345692 Note that we still use the NO_AKL and not the newer TRY_LDAP in 2.2. We may want to backport that change as well.
2025-07-03 22:56:33 +02:00 · 2024-10-31 15:11:55 +01:00 · 2024-10-31 15:11:55 +01:00 · 6c58694a88
commit 6c58694a88
parent 2ca38bee7a
4 changed files with 15 additions and 9 deletions
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -4757,8 +4757,8 @@ append_adsk_to_key (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *adsk)

  /* Prepare and append the adsk.  */
  keyid_from_pk (main_pk, adsk->main_keyid); /* Fixup main keyid.  */
-  log_assert ((adsk->pubkey_usage & PUBKEY_USAGE_ENC));
-  adsk->pubkey_usage = PUBKEY_USAGE_RENC;    /* 'e' -> 'r'         */
+  log_assert ((adsk->pubkey_usage & PUBKEY_USAGE_XENC_MASK));
+  adsk->pubkey_usage = PUBKEY_USAGE_RENC;    /* 'e' or 'r' -> 'r'  */
  pkt = xtrycalloc (1, sizeof *pkt);
  if (!pkt)
    {