* keygen.c (ask_algo): Remove ability to generate Elgamal sign+encrypt

keys. * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey): Disallow use of sign+encrypt Elgamal keys.
2025-07-02 22:46:30 +02:00 · 2003-11-27 13:53:34 +00:00 · 2003-11-27 13:53:34 +00:00 · 973c868961
commit 973c868961
parent d3e5200206
3 changed files with 26 additions and 23 deletions
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1677,6 +1677,11 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
        if ( x ) /* mask it down to the actual allowed usage */
            key_usage &= x; 
    }
+
+    /* Type 20 Elgamal keys are not usable. */
+    if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
+      key_usage=0;
+
    pk->pubkey_usage = key_usage;

    if ( !key_expire_seen ) {
@ -1893,6 +1898,13 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
        if ( x ) /* mask it down to the actual allowed usage */
            key_usage &= x; 
    }
+
+    /* Type 20 Elgamal subkeys or any subkey on a type 20 primary are
+       not usable. */
+    if(mainpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL
+       || subpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
+      key_usage=0;
+
    subpk->pubkey_usage = key_usage;
    
    p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);