gpg: Refresh expired keys originating from the WKD.

* g10/getkey.c (getkey_ctx_s): New field found_via_akl. (get_pubkey_byname): Set it. (only_expired_enc_subkeys): New. (get_best_pubkey_byname): Add support to refresh expired keys from the WKD. -- A little drawback of that code is that if the WKD has no update for an expired key each access of the key will trigger a WKD lookup (unless cached by the dirmngr). To avoid this we need to record the last time we have checked for an update but that would in turn require that we update the keyring for each check. We defer this until we have a better key database which allows for fast updates of meta data. Testing the code is currently a bit cumbersome because it requires to update a key in the WKD several times. Eventually we we need a network emulation layer to provide sample data for the regression tests. GnuPG-bug-id: 2917 Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2018-08-28 15:22:35 +02:00 · 2018-08-28 15:22:35 +02:00 · 7f172404bf
commit 7f172404bf
parent db67ccb759
2 changed files with 99 additions and 17 deletions
--- a/g10/import.c
+++ b/g10/import.c
@ -2088,9 +2088,12 @@ import_one (ctrl_t ctrl,
          keydb_release (hd);
          hd = NULL;

-          /* Fixme: we do not track the time we last checked a key for
+          /* FIXME: We do not track the time we last checked a key for
           * updates.  To do this we would need to rewrite even the
-           * keys which have no changes.  */
+           * keys which have no changes.  Adding this would be useful
+           * for the automatic update of expired keys via the WKD in
+           * case the WKD still carries the expired key.  See
+           * get_best_pubkey_byname.  */
          same_key = 1;
          if (is_status_enabled ())
            print_import_ok (pk, 0);