1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Commit Graph

10326 Commits

Author SHA1 Message Date
Werner Koch
41a8824436
kbx: Make sure the tables are joined in a select.
* kbx/backend-sqlite.c (run_select_statement): Join the tables.
--

For whatever reasons that part was missing or got lost before
committing.
2020-01-07 17:12:25 +01:00
Werner Koch
c0625c15c1
scd: Minor fix for readibility.
* scd/command.c (open_card_with_request): Use NULL instead of
APPTYPE_NULL.
--

Using the enum is wrong because a string is expected.  However it did
harm anything because the value of the enum is 0 and thus equivalent
to NULL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-03 11:43:55 +01:00
Werner Koch
f4da1455c7
kbx: Initial support for an SQLite backend
* kbx/backend-sqlite.c: New.
* kbx/Makefile.am (keyboxd_SOURCES): Add it.
(keyboxd_CFLAGS, keyboxd_LDADD): Add SQLite flags.
* kbx/backend.h (enum database_types): Add DB_TYPE_SQLITE.
(be_sqlite_local_t): New typedef.
(struct db_request_part_s): Add field besqlite.
* kbx/backend-support.c (strdbtype): Add string for DB_TYPE_SQLITE.
(be_generic_release_backend): Support SQLite.
(be_release_request): Ditto.
(be_find_request_part): Ditto.
(is_x509_blob): Rename to ...
(be_is_x509_blob): this and make global.
* kbx/frontend.c (kbxd_set_database): Detect ".db" suffix and use that
for SQLite.
(kbxd_search): Support SQLite
(kbxd_store): Ditto.
(kbxd_delete): Ditto.
* kbx/frontend.h (kbxd_store_modes): Move to ...
* kbx/keyboxd.h (enum kbxd_store_modes): here.
* kbx/keyboxd.c (main): USe pubring.db for now.  This is a temporary
hack.

* kbx/backend-kbx.c (be_kbx_delete): Remove unused var cert.
--

Take care: This is not finished and in particular filling the database
takes quite long.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-02 14:21:12 +01:00
Werner Koch
a230bac339
Update wk's signing key
--
The expiration time of that smartcard based key has been prolonged
by 2 years.
2020-01-01 19:05:16 +01:00
Werner Koch
59d49e4a0a
gpg: Fix output of --with-secret if a pattern is given.
* g10/keylist.c (list_one): Probe for a secret key in --with-secret
mode.
--

In contrast to list_all(), list_one() did not tests for a secret key
and took MARK_TRUSTED verbatim as an indication for "secret key
available".

GnuPG-bug: 4061
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-23 12:40:44 +01:00
Werner Koch
cc531cc210
doc: Typ fix in comment
--
2019-12-23 12:40:43 +01:00
Werner Koch
8a556c23a2
kbx: Change keyboxd to work only with one database.
* kbx/frontend.c (the_database): New var.
(db_desc_t): Remove.
(kbxd_add_resource): Renamed to ...
(kbxd_set_database): this.  Simplify.
(kbxd_search): Change to use only one database.
(kbxd_store): Ditto.
(kbxd_delete): Ditto.
--

The original implementation was way to complicated and would have only
brought back the problems deciding which database to use for each key.
The new scheme used one configured database and only that.  That
database needs to be set right at the start.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-23 12:40:43 +01:00
NIIBE Yutaka
b2a2df174b scd: Enhance KEYINFO command to limit listing with capability.
* scd/app-common.h: Add CAPABILITY argument to the WITH_KEYGRIP.
(app_do_with_keygrip): Likewise.
* scd/app-openpgp.c (send_keyinfo_if_available): New.
(do_with_keygrip): Support listing with CAPABILITY.
* scd/app-piv.c (do_with_keygrip): Likewise.
* scd/app.c (maybe_switch_app): Supply the argument.
(app_do_with_keygrip): Add CAPABILITY argument.
* scd/command.c (cmd_pksign, cmd_pkauth): Supply the argument.
(cmd_pkdecrypt): Likewise.
(cmd_keyinfo): Support listing with CAPABILITY.

--

GnuPG-bug-id: 4784
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-12-19 17:30:59 +09:00
Werner Koch
70cb02c059
Include release information from 2.2.17 to 2.2.19
--
2019-12-09 16:53:44 +01:00
Werner Koch
d246f317c0
sm: Add special case for expired intermediate certificates.
* sm/gpgsm.h (struct server_control_s): Add field 'current_time'.
* sm/certchain.c (find_up_search_by_keyid): Detect a corner case.
Also simplify by using ref-ed cert objects in place of an anyfound
var.
--

See the code for a description of the problem. Tested using the certs
from the bug report and various command lines

  gpgsm --faked-system-time=XXXX --disable-crl-checks \
         -ea -v --debug x509  -r 0x95599828

with XXXX being 20190230T000000 -> target cert too young
with XXXX being 20190330T000000 -> okay
with XXXX being 20190830T000000 -> okay, using the long term cert
with XXXX being 20220330T000000 -> target cert expired

The --disabled-crl-checks option is required because in our a simple
test setting dirmngr does not know about the faked time.

GnuPG-bug-id: 4696
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-06 20:25:56 +01:00
Werner Koch
8a6ecc6ff5
dirmngr: Tell gpg about WKD looks resulting from a cache.
* dirmngr/server.c (proc_wkd_get): Print new NOTE status
"wkd_cached_result".
* g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein
verbose mode.
--

This little patch is helpful to see why a WKD change still does not
work after it has been updated on the server.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-06 20:04:56 +01:00
Werner Koch
1abb39fdaf
gpg: Use AKL for angle bracketed mail address with -r.
* g10/getkey.c (get_pubkey_byname): Extend is_mbox checking.
(get_best_pubkey_byname): Ditto.
--

With this patch it is now possible to use

  gpg -e -r '<foo@example.org>'

and auto key locate will find the key.  Without that a plain mail
address; i.e.

  gpg -e -r 'foo@example.org'

was required.

GnuPG-bug-id: 4726
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-04 14:39:42 +01:00
Werner Koch
d2ff62dbdf
gpg: Change the way v5 fingerprints are printed.
* g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): Increase by one.
* g10/keyid.c (format_hexfingerprint): Change v5 key formatting.
--

The new format are groups of 5 letters to resemble the CW speed
measurement rules.  Many hams are used to such blocks from their CW
lessons.  Note that there is no double blank in the middle as with the
v4 keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-28 12:05:32 +01:00
Werner Koch
7244666926
gpg: Implement insert, update, and delete via keyboxd.
* g10/call-keyboxd.c (struct store_parm_s): New.
(store_inq_cb): New.
(keydb_update_keyblock): Implement the keyboxd part.
(keydb_insert_keyblock): Ditto.
(keydb_delete_keyblock): Ditto.
(keydb_search_reset): Clear ubid flag.  Also use the correct union
member for building the search string.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-28 11:23:32 +01:00
Werner Koch
490e0cd0ba
kbx: Add new command DELETE.
* kbx/kbxserver.c (cmd_delete): New.
* kbx/frontend.c (kbxd_delete): New.
* kbx/backend-kbx.c (be_kbx_delete): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-28 11:19:33 +01:00
Werner Koch
915297705a
kbx: Redefine the UBID which is now the primary fingerprint.
* common/util.h (UBID_LEN): New.  Use it at all places.
* kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item.
* kbx/keybox-dump.c (print_ubib): Remove.
(_keybox_dump_blob): Do not print the now removed ubid flag.
* kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants
for the size of the ubid and grip.
* kbx/keybox-search.c (blob_cmp_ubid): New.
(has_ubid): Make it a simple wrapper around blob_cmp_ubid.
(keybox_get_data): Add arg 'r_ubid'.

* kbx/frontend.h (enum kbxd_store_modes): New.
* kbx/kbxserver.c (cmd_store): Add new option --insert.

* kbx/backend-cache.c (be_cache_initialize): New.
(be_cache_add_resource): Call it here.
* kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'.
(be_kbx_search): Get the UBID from keybox_get_data.
* kbx/backend-support.c (be_fingerprint_from_blob): Replace by ...
(be_ubid_from_blob): new.  Change all callers.

* kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but
use the new cache init function.
(kbxd_store): Replace arg 'only_update' by 'mode'.  Seek using the
ubid.  Take care of the mode.
--

It turned out that using the hash of the entire blob was not helpful.
Thus we redefine the Unique-Blob-ID (UBID) as the primary fingerprint
of the blob.  In case this is a v5 OpenPGP key a left truncated
version of the SHA-256 hash is used; in all other cases the full SHA-1
hash.  Using a SHA-256 hash does not make sense because v4 keys are
and will for some time be the majority of keys and thus padding them
with zeroes won't make any difference.  Even if fingerprint collisions
can eventually be created we will assume that the keys are bogus and
that it does not make sense to store its twin also in our key storage.
We can also easily extend the update code to detect a collision and
reject the update.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-28 11:16:13 +01:00
Werner Koch
f59455d054
dirmngr: Replace no-strict-overflow pragma by wrapv pragma.
* dirmngr/dirmngr.c (time_for_housekeeping_p): Build with --fwrapv.
Replace protecting macro.
--

I once replaced all JNLIB macros by GPGRT macros.  However, I missed
to get this right for the push pragma test and used
GPGRT_GCC_HAVE_PUSH_PRAGMA
instead of the correct
GPGRT_HAVE_PRAGMA_GCC_PUSH
Now after fixing this it turned out that no-strict-overflow is not
anymore supported as oprimize pragma and thus I replaced that too
according to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58454 .

Tested with 32 bit Windows but the real test will be in 2038.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-27 20:21:47 +01:00
Werner Koch
61f41cdce5
gpg: Move a keydb function to another file.
* g10/keydb.c (build_keyblock_image): Move to ...
* g10/build-packet.c (build_keyblock_image): here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-27 11:58:47 +01:00
Werner Koch
264c15c72f
dirmngr: Rework of the LDAP code, part 1.
* dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap.
* dirmngr/http.c (do_parse_uri): Set flag.  Do not error out for a
missing slashes in an http scheme if NO_SCHEME_CHECK is active.
* dirmngr/t-http.c (main): Print new flag.
* dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of
checking the scheme.
* dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using
http_parse_uri.
* dirmngr/t-ldap-parse-uri.c (main): Add option --verbose.
--

This patch merely remove the separate parser for checking for an LDAP
scheme.  It is better to let our generic URI parser handle this.  Also
fixes this bug
       || url[4] == 'i' || url[4] == 'i')
to make the rarely used ldapi scheme case-insensitive.

More changes to the LDAP code are planned.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 13:09:35 +01:00
Werner Koch
1009e4e5f7
dirmngr: Make building with a TLS library mandatory
* configure.ac: Do not build dirmngr if no TLS is available.
* dirmngr/http.c: Remove all uses of the USE_TLS macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
Werner Koch
8fb14d3b3f
doc: Fixed variable naming.
* kbx/keybox.h: Fix naming of arguments.
* scd/ccid-driver.c (print_error) [TEST]: Add missing break.  Note
that this is anyway an impossible case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 11:24:08 +01:00
Werner Koch
c8783b3a20
agent: Improve --debug-pinentry diagnostics
* agent/call-pinentry.c (atfork_cb): Factor code out to ...
(atfork_core): new.
--

We convey certain envvars directly via the environment to Pinentry and
thus they don't show up in the Assuan logging.  Because we better
don't call a logging function in an atfork handle, this patch splits
the code up and uses the same code to display what was done in at fork
after the connection has been established.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-25 11:39:56 +01:00
Werner Koch
c21267e1c7
doc,dirmngr: Clarify --standard-resolver.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-23 20:29:34 +01:00
Werner Koch
50cd1a58f3
wkd: Let --install-key write a template policy file.
* tools/wks-util.c (ensure_policy_file): New.
(wks_cmd_install_key): Call it.
--

GnuPG-bug-id: 4753
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-23 13:49:27 +01:00
NIIBE Yutaka
116dfb2001 po: Apply removal of dirmngr/ldap-wrapper-ce.c.
* po/POTFILES.in: Update.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-11-19 18:46:06 +09:00
Werner Koch
d9c7935188
dirmngr,gpg: Better diagnostic in case of bad TLS certificates.
* doc/DETAILS: Specify new status code "NOTE".
* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
bad TLS certificate.
* g10/call-dirmngr.c (ks_status_cb): Detect this status.
--

For example a

  gpg -v --locate-external-keys dd9jn@posteo.net

now yields

  gpg: Note: server uses an invalid certificate
  gpg: (further info: bad cert for 'posteo.net': \
                      Hostname does not match the certificate)
  gpg: error retrieving 'dd9jn@posteo.net' via WKD: Wrong name
  gpg: error reading key: Wrong name

(without -v the "further info" line is not shown).  Note that even
after years Posteo is not able to provide a valid certificate for
their .net addresses.  Anyway, this help to show the feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 18:26:55 +01:00
Werner Koch
ae9acb8745
dirmngr: Forward http redirect warnings to gpg.
* dirmngr/http.c: Include dirmngr-status.h
(http_prepare_redirect): Emit WARNING status lines for redirection
problems.
* dirmngr/http.h: Include fwddecl.h.
(struct http_redir_info_s): Add field ctrl.
* dirmngr/ks-engine-hkp.c (send_request): Set it.
* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
--

This should make it easier to diagnose problems with bad WKD servers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 18:24:02 +01:00
Werner Koch
5967cfcc71
dirmngr: Fixed typo in recently added diagnostic.
--
2019-11-18 18:24:01 +01:00
NIIBE Yutaka
1cb9a831f6 scd,ccid: Fix detection of supported readers with pinpad.
* scd/ccid-driver.c (ccid_transceive_secure): When not supported,
return CCID_DRIVER_ERR_NOT_SUPPORTED.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-11-15 15:46:37 +09:00
Werner Koch
12def3a84e
dirmngr: Use IPv4 or IPv6 interface only if available.
* dirmngr/dns-stuff.c (cached_inet_support): New variable.
(dns_stuff_housekeeping): New.
(check_inet_support): New.
* dirmngr/http.c (connect_server): Use only detected interfaces.
* dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache.
--

This currently works only for Windows but that is where users really
ran into problems.  The old workaround was to configure disable-ipv4
or disable-ipv6.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-12 20:35:12 +01:00
Andre Heinecke
40daa0bc0b
dirmngr: Tune down err on missing ldapservers file
* dirmngr/dirmngr.c (parse_ldapservers_file): Tune down error
in case no such file exists.

--
This is hardly an error because by default such a file
does not exist. This caused trouble in support because
people think "Oh the system prints an error".

GnuPG-Bug-Id: T3539
2019-11-12 10:38:41 +01:00
Werner Koch
4c295646ba
dirmngr: Remove cruft from dirmngr_ldap
* configure.ac (USE_LDAPWRAPPER): Remove ac_define and conditional.
* dirmngr/Makefile.am: Remove USE_LDAPWRAPPER and considere true.
* dirmngr/ldap-wrapper-ce.c: Remove.
* dirmngr/ldap-wrapper.c: Remove USE_LDAPWRAPPER stuff. Minor chnages
to debug output.
* dirmngr/dirmngr_ldap.c: Remove USE_LDAPWRAPPER stuff.  Remove
my_ldap macros.
(fetch_ldap) [W32]: Use ldap_sslinit.
--

Note that the ldap_sslinit stuff for Windows has not been tested.

This patch removes the whole wrapper-but-linked business because we do
not need it anymore.  WindowsCE for which we used it is pretty dead.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-11 20:49:04 +01:00
Werner Koch
dd18be979e
gpg: Forbid the creation of SHA-1 third-party key signatures.
* g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New.
(do_sign): Add arg signhints and inhibit SHA-1 signatures.  Change
callers to pass 0.
(complete_sig): Add arg signhints and pass on.
(make_keysig_packet, update_keysig_packet): Set signhints.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-11 11:41:00 +01:00
Werner Koch
eebd43d5b6
dirmngr: Rename an enum value for clarity.
* dirmngr/ldapserver.h: Rename LDAPSERVER_OPT.
--

Using _OPT is not good because it does not describe for what this
configuration group is used.  _SESSION immediately shows the purpose.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-11 09:45:01 +01:00
Werner Koch
6e1c99bc39
gpgsm: Allow sepcification of ldaps servers.
* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
* sm/gpgsm.c (parse_keyserver_line): Parse flags.
* sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.

* dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
* dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.

* dirmngr/dirmngr_ldap.c: New option --tls.
(fetch_ldap): Make use of that option.
--

There was no way to specify an LDAPS server in
dirmngr_ldapserver.socnf or with gpgsm's --keyserver option.  This
patch fixes this.  Eventually we should allow to replace host and port
by a partial URI in the same way ldap_initialize does it.  For backward
compatibility we do not yet do that.

Although the dirmngr code accepts an URL (eg. taken from a
certificate), I can't see how the scheme was ever used.  Thus the
patch also detects an ldaps scheme and uses this.  That part has not
been tested, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-09 11:29:59 +01:00
Werner Koch
2b9d399cf0
doc: Document gpgsm's --keyserver option.
--

Also fix a few related entries.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 17:41:19 +01:00
Werner Koch
eae1ea6f39
doc: Improved description of status PLAINTEXT_LENGTH.
--

GnuPG-bug-id: 4741
2019-11-07 15:45:36 +01:00
Werner Koch
6701a38f8e
gpg: Fix a potential loss of key sigs during import with self-sigs-only.
* g10/import.c (import_one_real): Don't do the final clean in the
merge case.
--

This fixes a regression introduced with self-sigs-only.

GnuPG-bug-id: 4628
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 15:07:25 +01:00
Werner Koch
e624c41dba
gpg: Add option --allow-weak-key-signatures.
* g10/gpg.c (oAllowWeakKeySignatures): New.
(opts): Add --allow-weak-key-signatures.
(main): Set it.
* g10/options.h (struct opt): Add flags.allow_weak_key_signatures.
* g10/misc.c (print_sha1_keysig_rejected_note): New.
* g10/sig-check.c (check_signature_over_key_or_uid): Print note and
act on new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 10:36:17 +01:00
Werner Koch
f4047f5605
gpg: Print rfc4880bis note only in verbose mode.
* g10/gpg.c (main): Change condition for an info diagnostic.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 09:24:38 +01:00
Werner Koch
a1f8ca7eee
doc: Make clear that by default RFC-4880bis features are used.
--
2019-11-07 09:07:30 +01:00
Werner Koch
fd88b8847a
gpg: Remove an unused variable.
* g10/delkey.c (do_delete_key): here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-06 14:47:29 +01:00
Werner Koch
584b65ad7e
gpg: Do not require --batch when using --log-file.
* g10/gpg.c (main): Remove a long standing FIXME.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-06 14:44:50 +01:00
Werner Koch
c6be407251
doc: Document the --unwrap command.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-06 14:43:34 +01:00
NIIBE Yutaka
c6702d77d9 scd,ccid: Fix GEMPC_EZIO handling.
* scd/ccid-driver.c (ccid_transceive_secure): Fix for 08e6:34c2.

Fixes-commit: c933c15d58
GnuPG-bug-id: 4654
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-29 07:57:59 +09:00
NIIBE Yutaka
e2c2b0fb2d gpg: More fix of get_best_pubkey_byname.
* g10/getkey.c (get_best_pubkey_byname): Remove useless req_usage
setting of CTX.

Fixes-commit: f2734381ae
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-17 10:46:34 +09:00
NIIBE Yutaka
286d4c6075 gpg: Fix two other cases in get_best_pubkey_byname.
* g10/getkey.c (pubkey_cmp): Handle a primary key with
PUBKEY_USAGE_ENC, and make sure new key is for encryption.
(get_best_pubkey_byname): Add comment for ranking.

GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-17 09:23:26 +09:00
NIIBE Yutaka
627a990f8e doc: Fix documentation about --locate-keys.
* doc/gpg.texi (--locate-keys): Remove mentioning signing keys.

--

GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-17 08:29:46 +09:00
NIIBE Yutaka
f2734381ae gpg: Fix get_best_pubkey_byname to consider the first match.
* g10/getkey.c (get_best_pubkey_byname): Always use PK0 to search
by get_pubkey_byname.  Add initial call to pubkey_cmp to fill
BEST at first before the loop.

--

Fixes-commit: 44604209c1
GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-16 15:58:26 +09:00
Werner Koch
d1bc12d1b6
gpg: Also delete key-binding signature when deleting a subkey.
* g10/delkey.c (do_delete_key): Simplify and correct subkey deletion.
--

GnuPG-bug-id: 4665, 4457
Fixes-commit: cc6069ac6e
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-10-15 14:30:57 +02:00