mirror of git://git.gnupg.org/gnupg.git
gpg: Lazily evaluate --default-key.
* g10/gpg.c (main): If --encrypt-to-default-key is specified, don't add --default-key's value to REMUSR here... * g10/pkclist.c (build_pk_list): ... do it here. * tests/openpgp/Makefile.am (TESTS): Add default-key.test. * tests/openpgp/default-key.test: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
This commit is contained in:
Neal H. Walfield
parent
ffe0b7a6dd
commit
dc52995d85
21
g10/gpg.c
21
g10/gpg.c
|
|
@ -4281,8 +4281,6 @@ main (int argc, char **argv)
|
|||
}
|
||||
|
||||
{
|
||||
int have_def_secret_key = opt.def_secret_key != NULL;
|
||||
|
||||
rc = check_user_ids (&locusr, 1, 1);
|
||||
if (rc)
|
||||
g10_exit (1);
|
||||
|
|
@ -4292,25 +4290,6 @@ main (int argc, char **argv)
|
|||
rc = check_user_ids (&opt.def_secret_key, 1, 0);
|
||||
if (rc)
|
||||
g10_exit (1);
|
||||
|
||||
if (opt.encrypt_to_default_key)
|
||||
{
|
||||
const char *default_key = parse_def_secret_key (ctrl);
|
||||
if (default_key)
|
||||
{
|
||||
sl = add_to_strlist2 (&remusr, default_key, utf8_strings);
|
||||
sl->flags = ((oEncryptToDefaultKey << PK_LIST_SHIFT)
|
||||
| PK_LIST_ENCRYPT_TO);
|
||||
if (opt.encrypt_to_default_key == 2)
|
||||
sl->flags |= PK_LIST_CONFIG;
|
||||
}
|
||||
else if (have_def_secret_key)
|
||||
log_info (_("option '%s' given, but no valid default keys given\n"),
|
||||
"--encrypt-to-default-key");
|
||||
else
|
||||
log_info (_("option '%s' given, but option '%s' not given\n"),
|
||||
"--encrypt-to-default-key", "--default-key");
|
||||
}
|
||||
}
|
||||
|
||||
/* The command dispatcher. */
|
||||
|
|
|
|||
|
|
@ -914,6 +914,53 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
|
|||
else
|
||||
remusr = rcpts;
|
||||
|
||||
if (opt.encrypt_to_default_key)
|
||||
{
|
||||
static int warned;
|
||||
|
||||
const char *default_key = parse_def_secret_key (ctrl);
|
||||
if (default_key)
|
||||
{
|
||||
PK_LIST r = xmalloc_clear (sizeof *r);
|
||||
|
||||
r->pk = xmalloc_clear (sizeof *r->pk);
|
||||
r->pk->req_usage = PUBKEY_USAGE_ENC;
|
||||
|
||||
rc = get_pubkey_byname (ctrl, NULL, r->pk, default_key,
|
||||
NULL, NULL, 0, 1);
|
||||
if (rc)
|
||||
{
|
||||
xfree (r->pk);
|
||||
xfree (r);
|
||||
|
||||
log_error (_("Can't encrypt to '%s'.\n"), default_key);
|
||||
if (!opt.quiet)
|
||||
log_info (_("(check argument of option '%s')\n"),
|
||||
"--default-key");
|
||||
}
|
||||
else
|
||||
{
|
||||
r->next = pk_list;
|
||||
r->flags = 0;
|
||||
pk_list = r;
|
||||
}
|
||||
}
|
||||
else if (opt.def_secret_key)
|
||||
{
|
||||
if (! warned)
|
||||
log_info (_("option '%s' given, but no valid default keys given\n"),
|
||||
"--encrypt-to-default-key");
|
||||
warned = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (! warned)
|
||||
log_info (_("option '%s' given, but option '%s' not given\n"),
|
||||
"--encrypt-to-default-key", "--default-key");
|
||||
warned = 1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Check whether there are any recipients in the list and build the
|
||||
* list of the encrypt-to ones (we always trust them). */
|
||||
for ( rov = remusr; rov; rov = rov->next )
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ TESTS = version.test mds.test \
|
|||
multisig.test verify.test armor.test \
|
||||
import.test ecc.test 4gb-packet.test \
|
||||
$(sqlite3_dependent_tests) \
|
||||
gpgtar.test use-exact-key.test \
|
||||
gpgtar.test use-exact-key.test default-key.test \
|
||||
finish.test
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,73 @@
|
|||
#!/bin/sh
|
||||
|
||||
. $srcdir/defs.inc || exit 3
|
||||
|
||||
#set -x
|
||||
|
||||
# Make sure $srcdir is set.
|
||||
if test "x$srcdir" = x
|
||||
then
|
||||
echo srcdir environment variable not set!
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Import the sample key
|
||||
#
|
||||
# pub 1024R/8BC90111 2015-12-02
|
||||
# Key fingerprint = E657 FB60 7BB4 F21C 90BB 6651 BC06 7AF2 8BC9 0111
|
||||
# uid [ultimate] Barrett Brown <barrett@example.org>
|
||||
# sub 1024R/3E880CFF 2015-12-02 (encryption)
|
||||
# sub 1024R/F5F77B83 2015-12-02 (signing)
|
||||
# sub 1024R/45117079 2015-12-02 (encryption)
|
||||
# sub 1024R/1EA97479 2015-12-02 (signing)
|
||||
info "Importing public key."
|
||||
if $GPG --import $srcdir/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc
|
||||
then
|
||||
:
|
||||
else
|
||||
error "$k: import failed"
|
||||
fi
|
||||
|
||||
# By default, the most recent, valid signing subkey (1EA97479).
|
||||
for x in 8BC90111 3E880CFF F5F77B83 45117079 1EA97479
|
||||
do
|
||||
info
|
||||
info "Trying --default-key $x"
|
||||
|
||||
if ! echo | $GPG --default-key "$x" -s | $GPG --verify --status-fd=1 \
|
||||
| grep -q 'VALIDSIG 5FBA84ACE02DCB17DA3DFF6BBCA43C441EA97479'
|
||||
then
|
||||
echo | $GPG --default-key "$x" -s | $GPG --verify --status-fd=2
|
||||
error "Unexpected key used for signing (not the signing subkey, specified \"$x\")."
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
# By default, the most recent, valid encryption subkey (45117079).
|
||||
for x in 8BC90111 3E880CFF F5F77B83 45117079 1EA97479
|
||||
do
|
||||
info
|
||||
info "Trying --default-key $x --encrypt-to-default-key"
|
||||
|
||||
# We need another recipient, because --encrypt-to-default-key is
|
||||
# not considered a recipient and gpg doesn't encrypt without any
|
||||
# recipients.
|
||||
#
|
||||
# Note: it doesn't matter whether we specify the primary key or
|
||||
# a subkey: the newest encryption subkey will be used.
|
||||
if ! echo | $GPG --trust-model=always \
|
||||
--default-key "$x" --encrypt-to-default-key \
|
||||
-r 439F02CA -e \
|
||||
| $GPG --list-packets \
|
||||
| grep -q "keyid[ ][A-F0-9]*45117079"
|
||||
then
|
||||
echo | $GPG --trust-model=always \
|
||||
--default-key "$x" --encrypt-to-default-key \
|
||||
-r 439F02CA -e \
|
||||
| $GPG --list-packets 1>&2
|
||||
error "Unexpected key used for signing (specified \"$x\")."
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
exit 0
|
||||
Loading…
Reference in New Issue