From b3ea683ac97d0f60ce4a17f1cf18ca11a95b4b2a Mon Sep 17 00:00:00 2001 From: David Shaw Date: Thu, 27 Oct 2005 16:23:59 +0000 Subject: [PATCH] * keyedit.c (menu_addrevoker), getkey.c (finish_lookup): Fix problem with adding a cert-only designated revoker. Code was looking for a key with sign ability, and not cert ability. Noted by Timo Schulz. --- g10/ChangeLog | 7 +++++++ g10/getkey.c | 2 +- g10/keyedit.c | 8 +++++--- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index db07564d2..8dd57c7f6 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,10 @@ +2005-10-27 David Shaw + + * keyedit.c (menu_addrevoker), getkey.c (finish_lookup): Fix + problem with adding a cert-only designated revoker. Code was + looking for a key with sign ability, and not cert ability. Noted + by Timo Schulz. + 2005-10-27 Werner Koch * gpg.c [__CYGWIN__]: Set default driver to winscard.dll. diff --git a/g10/getkey.c b/g10/getkey.c index 2dde1bb51..35e74f1d5 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2345,7 +2345,7 @@ finish_lookup (GETKEY_CTX ctx) KBNODE k; KBNODE foundk = NULL; PKT_user_id *foundu = NULL; -#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC) +#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT) unsigned int req_usage = ( ctx->req_usage & USAGE_MASK ); /* Request the primary if we're certifying another key, and also if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7 diff --git a/g10/keyedit.c b/g10/keyedit.c index 55fc685c0..1e07b1d41 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -3380,9 +3380,11 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive ) goto fail; } - /* Note that I'm requesting SIG here and not CERT. We're making - a certification, but it is okay to be a subkey. */ - revoker_pk->req_usage=PUBKEY_USAGE_SIG; + /* Note that I'm requesting CERT here, which usually implies + primary keys only, but some casual testing shows that PGP and + GnuPG both can handle a designated revokation from a + subkey. */ + revoker_pk->req_usage=PUBKEY_USAGE_CERT; rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL,1); if(rc) {