From a286e95f3a3f1feba88c563b92c7227096f69d03 Mon Sep 17 00:00:00 2001
From: Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
Date: Fri, 29 Apr 2011 12:01:52 +0200
Subject: [PATCH] Give sensible error messages when trying to delete secret
 key.

---
 g10/ChangeLog |  6 ++++++
 g10/delkey.c  | 31 ++++++++++++++++++++-----------
 2 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index bd53799b5..f8cc49cb4 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,9 @@
+2011-04-29  Marcus Brinkmann  <marcus@g10code.com>
+
+	* delkey.c (do_delete_key): Access public keyblock even for secret
+	key operations.  But deleting secret key is not supported yet, so
+	give an error.  Limit secret-key-exists error case to public keys.
+
 2011-04-28  Werner Koch  <wk@g10code.com>
 
 	* ecdh.c (pk_ecdh_encrypt_with_shared_point): Remove memory leak
diff --git a/g10/delkey.c b/g10/delkey.c
index 3b47c4049..950af0ee0 100644
--- a/g10/delkey.c
+++ b/g10/delkey.c
@@ -83,7 +83,7 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail )
     }
 
     /* get the keyid from the keyblock */
-    node = find_kbnode( keyblock, secret? PKT_SECRET_KEY:PKT_PUBLIC_KEY );
+    node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
     if( !node ) {
 	log_error("Oops; key not found anymore!\n");
 	rc = G10ERR_GENERAL;
@@ -93,7 +93,7 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail )
     pk = node->pkt->pkt.public_key;
     keyid_from_pk( pk, keyid );
 
-    if (!force)
+    if (!secret && !force)
       {
         if (have_secret_key_with_kid (keyid))
           {
@@ -146,20 +146,29 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail )
 
 
     if( okay ) {
-	rc = keydb_delete_keyblock (hd);
-	if (rc) {
+      if (secret)
+	{
+	  log_error (_("deleting secret key not implemented\n"));
+	  rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); /* FIXME */
+	  goto leave;
+	}
+      else
+	{
+	  rc = keydb_delete_keyblock (hd);
+	  if (rc) {
 	    log_error (_("deleting keyblock failed: %s\n"), g10_errstr(rc) );
 	    goto leave;
+	  }
 	}
 
-	/* Note that the ownertrust being cleared will trigger a
-           revalidation_mark().  This makes sense - only deleting keys
-           that have ownertrust set should trigger this. */
+      /* Note that the ownertrust being cleared will trigger a
+	 revalidation_mark().  This makes sense - only deleting keys
+	 that have ownertrust set should trigger this. */
 
-        if (!secret && pk && clear_ownertrusts (pk)) {
-          if (opt.verbose)
-            log_info (_("ownertrust information cleared\n"));
-        }
+      if (!secret && pk && clear_ownertrusts (pk)) {
+	if (opt.verbose)
+	  log_info (_("ownertrust information cleared\n"));
+      }
     }
 
   leave: