gpg: Do not allow to accidently set the RENC usage.

* g10/keygen.c (print_key_flags): Print "RENC" if set. (ask_key_flags_with_mask): Remove RENC from the possible set of usages. Add a direct way to set it iff the key is encryption capable. -- This could be done by using "set your own capabilities" for an RSA key. In fact it was always set in this case. GnuPG-bug-id: 7072
2024-04-04 16:39:14 +02:00 · 2024-04-04 16:39:14 +02:00 · c5d7a332c8
parent 03d53c88cc
commit c5d7a332c8
1 changed files with 14 additions and 1 deletions
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -2177,6 +2177,9 @@ print_key_flags(int flags)

  if(flags&PUBKEY_USAGE_AUTH)
    tty_printf("%s ",_("Authenticate"));
+
+  if(flags&PUBKEY_USAGE_RENC)
+    tty_printf("%s ", "RENC");
 }


@ -2209,10 +2212,14 @@ ask_key_flags_with_mask (int algo, int subkey, unsigned int current,
      togglers = "11223300";
    }

+  /* restrict the mask to the actual useful bits.  */
+
  /* Mask the possible usage flags.  This is for example used for a
   * card based key.  For ECDH we need to allows additional usages if
-   * they are provided. */
+   * they are provided.  RENC is not directly poissible here but see
+   * below for a workaround. */
  possible = (openpgp_pk_algo_usage (algo) & mask);
+  possible &= ~PUBKEY_USAGE_RENC;
  if (algo == PUBKEY_ALGO_ECDH)
    possible |= (current & (PUBKEY_USAGE_ENC
                            |PUBKEY_USAGE_CERT
@ -2281,6 +2288,12 @@ ask_key_flags_with_mask (int algo, int subkey, unsigned int current,
                     want to experiment with a cert-only primary key.  */
                  current |= PUBKEY_USAGE_CERT;
                }
+              else if ((*s == 'r' || *s == 'R') && (possible&PUBKEY_USAGE_ENC))
+                {
+                  /* Allow to set RENC or an encryption capable key.
+                   * This is on purpose not shown in the menu.  */
+                  current |= PUBKEY_USAGE_RENC;
+                }
            }
          break;
        }