1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00
Werner Koch 43b23aa82b
gpg: Avoid importing secret keys if the keyblock is not valid.
* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
new field TAG.
* g10/kbnode.c (alloc_node): Change accordingly.
* g10/import.c (import_one): Add arg r_valid.
(sec_to_pub_keyblock): Set tags.
(resync_sec_with_pub_keyblock): New.
(import_secret_one): Change return code to gpg_error_t.   Return an
error code if sec_to_pub_keyblock failed.  Resync secret keyblock.
--

When importing an invalid secret key ring for example without key
binding signatures or no UIDs, gpg used to let gpg-agent store the
secret keys anyway.  This is clearly a bug because the diagnostics
before claimed that for example the subkeys have been skipped.
Importing the secret key parameters then anyway is surprising in
particular because a gpg -k does not show the key.  After importing
the public key the secret keys suddenly showed up.

This changes the behaviour of
GnuPG-bug-id: 4392
to me more consistent but is not a solution to the actual bug.

Caution: The ecc.scm test now fails because two of the sample keys
         don't have binding signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f799e9728bcadb3d4148a47848c78c5647860ea4)
2019-03-18 13:16:35 +01:00
..
2016-07-25 12:50:35 +02:00
2009-01-13 14:01:56 +00:00
2016-07-19 16:38:21 +02:00
2016-07-19 16:38:21 +02:00
2016-07-19 16:38:21 +02:00

no-creation-time.gpg   A key with a zero creation time.
ecc-sample-1-pub.asc   A NIST P-256 ECC sample key.
ecc-sample-1-sec.asc   Ditto, but the secret keyblock.
ecc-sample-2-pub.asc   A NIST P-384 ECC sample key.
ecc-sample-2-sec.asc   Ditto, but the secret keyblock.
ecc-sample-3-pub.asc   A NIST P-521 ECC sample key.
ecc-sample-3-sec.asc   Ditto, but the secret keyblock.
eddsa-sample-1-pub.asc An Ed25519 sample key.
eddsa-sample-1-sec.asc Ditto, but as protected secret keyblock.
dda252ebb8ebe1af-1.asc rsa4096 key 1
dda252ebb8ebe1af-2.asc rsa4096 key 2 with a long keyid collision.
whats-new-in-2.1.asc   Collection of sample keys.
e2e-p256-1-clr.asc     Google End-end-End test key (no protection)
e2e-p256-1-prt.asc     Ditto, but protected with passphrase "a".
E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection)
pgp-desktop-skr.asc    Secret key with subkeys w/o signatures
rsa-rsa-sample-1.asc   RSA+RSA sample key (no passphrase)
ed25519-cv25519-sample-1.asc  Ed25519+CV25519 sample key (no passphrase)
silent-running.asc     Collection of sample secret keys (no passphrases)
rsa-primary-auth-only.pub.asc  rsa2408 primary only, usage: cert,auth
rsa-primary-auth-only.sec.asc  Ditto but the secret keyblock.


Notes:

- pgp-desktop-skr.asc is a secret keyblock without the uid and subkey
  binding signatures.  When exporting a secret key from PGP desktop
  such a file is created which is then directly followed by a separate
  armored public key block.  To create such a sample concatenate
  pgp-desktop-skr.asc and E657FB607BB4F21C90BB6651BC067AF28BC90111.asc
- ecc-sample-2-sec.asc and ecc-sample-3-sec.asc do not have and
  binding signatures either.  ecc-sample-1-sec.asc has them, though.