security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

gpg: Improve error message for expired default keys.

Browse Source 
* g10/getkey.c (parse_def_secret_key): Track reason for skipping keys.
--

GnuPG-bug-id: 4704
This commit is contained in:
Werner Koch 2024-01-11 15:54:27 +01:00
parent e65720f286
commit bbad0a2644
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
g10/getkey.c
View File

@ -2009,8 +2009,9 @@ parse_def_secret_key (ctrl_t ctrl)
{ {
gpg_error_t err; gpg_error_t err;
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
KBNODE kb; kbnode_t kb;
KBNODE node; kbnode_t node;
int any_revoked, any_expired, any_disabled;
err = classify_user_id (t->d, &desc, 1); err = classify_user_id (t->d, &desc, 1);
if (err) if (err)
@ -2053,6 +2054,7 @@ parse_def_secret_key (ctrl_t ctrl)
merge_selfsigs (ctrl, kb); merge_selfsigs (ctrl, kb);
any_revoked = any_expired = any_disabled = 0;
err = gpg_error (GPG_ERR_NO_SECKEY); err = gpg_error (GPG_ERR_NO_SECKEY);
node = kb; node = kb;
do do
@ -2062,6 +2064,7 @@ parse_def_secret_key (ctrl_t ctrl)
/* Check if the key is valid. */ /* Check if the key is valid. */
if (pk->flags.revoked) if (pk->flags.revoked)
{ {
any_revoked = 1;
if (DBG_LOOKUP) if (DBG_LOOKUP)
log_debug ("not using %s as default key, %s", log_debug ("not using %s as default key, %s",
keystr_from_pk (pk), "revoked"); keystr_from_pk (pk), "revoked");
@ -2069,6 +2072,7 @@ parse_def_secret_key (ctrl_t ctrl)
} }
if (pk->has_expired) if (pk->has_expired)
{ {
any_expired = 1;
if (DBG_LOOKUP) if (DBG_LOOKUP)
log_debug ("not using %s as default key, %s", log_debug ("not using %s as default key, %s",
keystr_from_pk (pk), "expired"); keystr_from_pk (pk), "expired");
@ -2076,6 +2080,7 @@ parse_def_secret_key (ctrl_t ctrl)
} }
if (pk_is_disabled (pk)) if (pk_is_disabled (pk))
{ {
any_disabled = 1;
if (DBG_LOOKUP) if (DBG_LOOKUP)
log_debug ("not using %s as default key, %s", log_debug ("not using %s as default key, %s",
keystr_from_pk (pk), "disabled"); keystr_from_pk (pk), "disabled");
@ -2096,9 +2101,22 @@ parse_def_secret_key (ctrl_t ctrl)
{ {
if (! warned && ! opt.quiet) if (! warned && ! opt.quiet)
{ {
gpg_err_code_t ec;
/* Try to get a better error than no secret key if we
* only know that the public key is not usable. */
if (any_revoked)
ec = GPG_ERR_CERT_REVOKED;
else if (any_expired)
ec = GPG_ERR_KEY_EXPIRED;
else if (any_disabled)
ec = GPG_ERR_KEY_DISABLED;
else
ec = GPG_ERR_NO_SECKEY;
log_info (_("Warning: not using '%s' as default key: %s\n"), log_info (_("Warning: not using '%s' as default key: %s\n"),
t->d, gpg_strerror (GPG_ERR_NO_SECKEY)); t->d, gpg_strerror (ec));
print_reported_error (err, GPG_ERR_NO_SECKEY); print_reported_error (err, ec);
} }
} }
else else