* revoke.c (gen_desig_revoke): Specify in the comment when a designated

revocation is generated. * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey, get_seckey_byname2): Disallow use of sign+encrypt Elgamal keys for anything except revocations. * sign.c (do_sign): Catchall for any Elgamal signatures except revocations.
2025-07-03 22:56:33 +02:00 · 2003-11-29 22:44:05 +00:00 · 2003-11-29 22:44:05 +00:00 · 74e3c5ac7d
commit 74e3c5ac7d
parent dfd8b9d8d3
4 changed files with 35 additions and 3 deletions
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1049,7 +1049,11 @@ get_seckey_byname2( GETKEY_CTX *retctx,
 	ctx.items[0].mode = KEYDB_SEARCH_MODE_FIRST;
 	rc = lookup( &ctx, &kb, 1 );
        if (!rc && sk )
-            sk_from_block ( &ctx, sk, kb );
+	  {
+	    sk_from_block ( &ctx, sk, kb );
+	    if(sk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
+	      rc=G10ERR_UNU_SECKEY;
+	  }
        release_kbnode ( kb );
 	get_seckey_end( &ctx );
    }
@ -1655,6 +1659,11 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
        if ( x ) /* mask it down to the actual allowed usage */
            key_usage &= x; 
    }
+
+    /* Type 20 Elgamal keys are not usable. */
+    if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
+      key_usage=0;
+
    pk->pubkey_usage = key_usage;

    if ( !key_expire_seen ) {
@ -1869,6 +1878,13 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
        if ( x ) /* mask it down to the actual allowed usage */
            key_usage &= x; 
    }
+
+    /* Type 20 Elgamal subkeys or any subkey on a type 20 primary are
+       not usable. */
+    if(mainpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL
+       || subpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
+      key_usage=0;
+
    subpk->pubkey_usage = key_usage;
    
    p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);