mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-07 23:27:48 +02:00
gpg: Fix --default-key checks.
* g10/getkey.c (parse_def_secret_key): Don't just check if a secret
key is available for the public key, also consider subkeys. Also
check that the key has the signing capability, is not revoked, is not
expired and is not disabled. Print a warning if there was a least one
value passed to --default-key and all were ignored.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e16d7168
This commit is contained in:
parent
d40975cbe8
commit
e573e6188d
62
g10/getkey.c
62
g10/getkey.c
|
@ -1168,6 +1168,7 @@ parse_def_secret_key (ctrl_t ctrl)
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
KEYDB_SEARCH_DESC desc;
|
KEYDB_SEARCH_DESC desc;
|
||||||
KBNODE kb;
|
KBNODE kb;
|
||||||
|
KBNODE node;
|
||||||
|
|
||||||
err = classify_user_id (t->d, &desc, 1);
|
err = classify_user_id (t->d, &desc, 1);
|
||||||
if (err)
|
if (err)
|
||||||
|
@ -1208,16 +1209,71 @@ parse_def_secret_key (ctrl_t ctrl)
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
err = agent_probe_secret_key (ctrl, kb->pkt->pkt.public_key);
|
merge_selfsigs (kb);
|
||||||
|
|
||||||
|
err = gpg_error (GPG_ERR_NO_SECKEY);
|
||||||
|
node = kb;
|
||||||
|
do
|
||||||
|
{
|
||||||
|
PKT_public_key *pk = node->pkt->pkt.public_key;
|
||||||
|
|
||||||
|
/* Check that the key has the signing capability. */
|
||||||
|
if (! (pk->pubkey_usage & PUBKEY_USAGE_SIG))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
/* Check if the key is valid. */
|
||||||
|
if (pk->flags.revoked)
|
||||||
|
{
|
||||||
|
if (DBG_LOOKUP)
|
||||||
|
log_debug (_("not using %s as default key, %s"), "revoked");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (pk->has_expired)
|
||||||
|
{
|
||||||
|
if (DBG_LOOKUP)
|
||||||
|
log_debug (_("not using %s as default key, %s"), "expired");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (pk_is_disabled (pk))
|
||||||
|
{
|
||||||
|
if (DBG_LOOKUP)
|
||||||
|
log_debug (_("not using %s as default key, %s"), "disabled");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
err = agent_probe_secret_key (ctrl, pk);
|
||||||
|
if (! err)
|
||||||
|
/* This is a valid key. */
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
while ((node = find_next_kbnode (node, PKT_PUBLIC_SUBKEY)));
|
||||||
|
|
||||||
release_kbnode (kb);
|
release_kbnode (kb);
|
||||||
if (! err)
|
if (err)
|
||||||
|
{
|
||||||
|
if (! warned && ! opt.quiet)
|
||||||
|
{
|
||||||
|
if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)
|
||||||
|
log_info (_("Warning: not using '%s' as default key: %s.\n"),
|
||||||
|
t->d, gpg_strerror (err));
|
||||||
|
else
|
||||||
|
log_info (_("Warning: not using '%s' as default key: no secret key available: %s\n"),
|
||||||
|
t->d, gpg_strerror (err));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
if (! warned)
|
if (! warned)
|
||||||
log_info (_("using \"%s\" as default secret key\n"), t->d);
|
log_info (_("using \"%s\" as default secret key for signing\n"),
|
||||||
|
t->d);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (! warned && opt.def_secret_key && ! t)
|
||||||
|
log_info (_("all values passed to '%s' ignored.\n"),
|
||||||
|
"--default-key");
|
||||||
|
|
||||||
warned = 1;
|
warned = 1;
|
||||||
|
|
||||||
if (hd)
|
if (hd)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user