gpg: Add experimental support for an issuer fpr.

* common/openpgpdefs.h (SIGSUBPKT_ISSUER_FPR): New. * g10/build-packet.c (build_sig_subpkt_from_sig): Add arg PKSK and insert the issuer fpr if needed. * g10/sign.c (write_signature_packets): Pass signing key. (make_keysig_packet): Ditto. (update_keysig_packet): Ditto. * g10/parse-packet.c (dump_sig_subpkt): Print issuer fpr. (parse_one_sig_subpkt): Detect issuer fpr. (can_handle_critical): Add issuer fpr. * g10/mainproc.c (check_sig_and_print): Try to get key via fingerprint. * g10/gpgv.c (keyserver_import_fprint): New stub. * g10/test-stubs.c (keyserver_import_fprint): New stub. -- This support is enabled with the --rfc4880bis option and intended to test to recently proposed issuer fpr. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2016-06-20 23:58:16 +02:00 · 2016-06-20 23:58:16 +02:00 · 955baf0436
commit 955baf0436
parent ee2d9061d7
8 changed files with 99 additions and 30 deletions
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -1805,19 +1805,26 @@ check_sig_and_print (CTX c, kbnode_t node)
   * favor this over the WKD method (to be tried next), because an
   * arbitrary keyserver is less subject to web bug like
   * monitoring.  */
-  /* if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY */
-  /*     && signature_hash_full_fingerprint (sig) */
-  /*     && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE) */
-  /*     && keyserver_any_configured (c->ctrl)) */
-  /*   { */
-  /*     int res; */
+  if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
+      && opt.flags.rfc4880bis
+      && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
+      && keyserver_any_configured (c->ctrl))
+    {
+      int res;
+      const byte *p;
+      size_t n;

-  /*     glo_ctrl.in_auto_key_retrieve++; */
-  /*     res = keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver ); */
-  /*     glo_ctrl.in_auto_key_retrieve--; */
-  /*     if (!res) */
-  /*       rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); */
-  /*   } */
+      p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
+      if (p && n == 21 && p[0] == 4)
+        {
+          /* v4 packet with a SHA-1 fingerprint.  */
+          glo_ctrl.in_auto_key_retrieve++;
+          res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver);
+          glo_ctrl.in_auto_key_retrieve--;
+          if (!res)
+            rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey );
+        }
+    }

  /* If the above methods didn't work, our next try is to retrieve the
   * key from the WKD. */