1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Skip keys found via ADSKs.

* g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK.
* g10/getkey.c (finish_lookup): Skip ADKS keys.
--

If a key is searched by fingerprint or keyid and it happens that this
is an ADSK (subkey with the RENC usage), we need to skip this key
because it is not the key we actually want to encrypt to.  The actual
ADSK key is taken later by looking at all subkeys of the actual
selected key.

This is related to
GnuPG-bug-id: 6504
This commit is contained in:
Werner Koch 2023-05-25 16:43:37 +02:00
parent 14828c75be
commit 9f2f7a51b2
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 28 additions and 15 deletions

View File

@ -1171,6 +1171,12 @@ write_pubkey_enc (ctrl_t ctrl,
if ( opt.verbose ) if ( opt.verbose )
{ {
char *ustr = get_user_id_string_native (ctrl, enc->keyid); char *ustr = get_user_id_string_native (ctrl, enc->keyid);
if ((pk->pubkey_usage & PUBKEY_USAGE_RENC))
{
char *tmpustr = xstrconcat (ustr, " [ADSK]", NULL);
xfree (ustr);
ustr = tmpustr;
}
log_info (_("%s/%s.%s encrypted for: \"%s\"\n"), log_info (_("%s/%s.%s encrypted for: \"%s\"\n"),
openpgp_pk_algo_name (enc->pubkey_algo), openpgp_pk_algo_name (enc->pubkey_algo),
openpgp_cipher_algo_name (dek->algo), openpgp_cipher_algo_name (dek->algo),

View File

@ -3640,24 +3640,31 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY); log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
/* For an exact match mark the primary or subkey that matched the /* For an exact match mark the primary or subkey that matched the
low-level search criteria. */ * low-level search criteria. Use this loop also to sort our keys
if (want_exact) * found using an ADSK fingerprint. */
for (k = keyblock; k; k = k->next)
{ {
for (k = keyblock; k; k = k->next) if ((k->flag & 1) && (k->pkt->pkttype == PKT_PUBLIC_KEY
{ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY))
if ((k->flag & 1)) {
{ if (want_exact)
log_assert (k->pkt->pkttype == PKT_PUBLIC_KEY {
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY); if (DBG_LOOKUP)
foundk = k; log_debug ("finish_lookup: exact search requested and found\n");
foundk = k;
pk = k->pkt->pkt.public_key; pk = k->pkt->pkt.public_key;
pk->flags.exact = 1; pk->flags.exact = 1;
break; break;
} }
} else if ((k->pkt->pkt.public_key->pubkey_usage == PUBKEY_USAGE_RENC))
if (DBG_LOOKUP) {
log_debug ("finish_lookup: exact search requested: %sfound\n", if (DBG_LOOKUP)
foundk? "":"not "); log_debug ("finish_lookup: found via ADSK - not selected\n");
if (r_flags)
*r_flags |= LOOKUP_NOT_SELECTED;
return NULL; /* Not found. */
}
}
} }
/* Get the user id that matched that low-level search criteria. */ /* Get the user id that matched that low-level search criteria. */