mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
gpg: Do not allow to accidently set the RENC usage.
* g10/keygen.c (print_key_flags): Print "RENC" if set. (ask_key_flags_with_mask): Remove RENC from the possible set of usages. Add a direct way to set it iff the key is encryption capable. -- This could be done by using "set your own capabilities" for an RSA key. In fact it was always set in this case. GnuPG-bug-id: 7072
This commit is contained in:
parent
03d53c88cc
commit
c5d7a332c8
15
g10/keygen.c
15
g10/keygen.c
@ -2177,6 +2177,9 @@ print_key_flags(int flags)
|
|||||||
|
|
||||||
if(flags&PUBKEY_USAGE_AUTH)
|
if(flags&PUBKEY_USAGE_AUTH)
|
||||||
tty_printf("%s ",_("Authenticate"));
|
tty_printf("%s ",_("Authenticate"));
|
||||||
|
|
||||||
|
if(flags&PUBKEY_USAGE_RENC)
|
||||||
|
tty_printf("%s ", "RENC");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -2209,10 +2212,14 @@ ask_key_flags_with_mask (int algo, int subkey, unsigned int current,
|
|||||||
togglers = "11223300";
|
togglers = "11223300";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* restrict the mask to the actual useful bits. */
|
||||||
|
|
||||||
/* Mask the possible usage flags. This is for example used for a
|
/* Mask the possible usage flags. This is for example used for a
|
||||||
* card based key. For ECDH we need to allows additional usages if
|
* card based key. For ECDH we need to allows additional usages if
|
||||||
* they are provided. */
|
* they are provided. RENC is not directly poissible here but see
|
||||||
|
* below for a workaround. */
|
||||||
possible = (openpgp_pk_algo_usage (algo) & mask);
|
possible = (openpgp_pk_algo_usage (algo) & mask);
|
||||||
|
possible &= ~PUBKEY_USAGE_RENC;
|
||||||
if (algo == PUBKEY_ALGO_ECDH)
|
if (algo == PUBKEY_ALGO_ECDH)
|
||||||
possible |= (current & (PUBKEY_USAGE_ENC
|
possible |= (current & (PUBKEY_USAGE_ENC
|
||||||
|PUBKEY_USAGE_CERT
|
|PUBKEY_USAGE_CERT
|
||||||
@ -2281,6 +2288,12 @@ ask_key_flags_with_mask (int algo, int subkey, unsigned int current,
|
|||||||
want to experiment with a cert-only primary key. */
|
want to experiment with a cert-only primary key. */
|
||||||
current |= PUBKEY_USAGE_CERT;
|
current |= PUBKEY_USAGE_CERT;
|
||||||
}
|
}
|
||||||
|
else if ((*s == 'r' || *s == 'R') && (possible&PUBKEY_USAGE_ENC))
|
||||||
|
{
|
||||||
|
/* Allow to set RENC or an encryption capable key.
|
||||||
|
* This is on purpose not shown in the menu. */
|
||||||
|
current |= PUBKEY_USAGE_RENC;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user