1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
gnupg/tests/openpgp/samplekeys
Werner Koch 43b23aa82b
gpg: Avoid importing secret keys if the keyblock is not valid.
* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
new field TAG.
* g10/kbnode.c (alloc_node): Change accordingly.
* g10/import.c (import_one): Add arg r_valid.
(sec_to_pub_keyblock): Set tags.
(resync_sec_with_pub_keyblock): New.
(import_secret_one): Change return code to gpg_error_t.   Return an
error code if sec_to_pub_keyblock failed.  Resync secret keyblock.
--

When importing an invalid secret key ring for example without key
binding signatures or no UIDs, gpg used to let gpg-agent store the
secret keys anyway.  This is clearly a bug because the diagnostics
before claimed that for example the subkeys have been skipped.
Importing the secret key parameters then anyway is surprising in
particular because a gpg -k does not show the key.  After importing
the public key the secret keys suddenly showed up.

This changes the behaviour of
GnuPG-bug-id: 4392
to me more consistent but is not a solution to the actual bug.

Caution: The ecc.scm test now fails because two of the sample keys
         don't have binding signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f799e9728b)
2019-03-18 13:16:35 +01:00
..
authenticate-only.pub.asc tests: Add test for the ssh key export. 2016-11-28 13:48:49 +01:00
authenticate-only.sec.asc tests: Add test for the ssh key export. 2016-11-28 13:48:49 +01:00
dda252ebb8ebe1af-1.asc tests: Add sample keys with colliding long keu ids. 2014-10-13 13:57:00 +02:00
dda252ebb8ebe1af-2.asc tests: Add sample keys with colliding long keu ids. 2014-10-13 13:57:00 +02:00
e2e-p256-1-clr.asc tests: Two new OpenPGP test keys from E2E. 2015-10-05 10:58:00 +02:00
e2e-p256-1-prt.asc tests: Two new OpenPGP test keys from E2E. 2015-10-05 10:58:00 +02:00
E657FB607BB4F21C90BB6651BC067AF28BC90111.asc gpg: Use the matching key if the search description is exact. 2015-12-03 00:00:54 +01:00
ecc-sample-1-pub.asc Sample ECC keys and message do now work. 2011-02-02 15:48:54 +01:00
ecc-sample-1-sec.asc Sample ECC keys and message do now work. 2011-02-02 15:48:54 +01:00
ecc-sample-2-pub.asc Add ECC import regression tests and fixed a regression. 2011-02-10 20:45:37 +01:00
ecc-sample-2-sec.asc Add ECC import regression tests and fixed a regression. 2011-02-10 20:45:37 +01:00
ecc-sample-3-pub.asc Add ECC import regression tests and fixed a regression. 2011-02-10 20:45:37 +01:00
ecc-sample-3-sec.asc Add ECC import regression tests and fixed a regression. 2011-02-10 20:45:37 +01:00
ed25519-cv25519-sample-1.asc tests: Add two more sample keys for OpenPGP. 2016-06-22 11:25:22 +02:00
eddsa-sample-1-pub.asc gpg: Use algorithm id 22 for EdDSA. 2014-09-12 11:31:49 +02:00
eddsa-sample-1-sec.asc gpg: Use algorithm id 22 for EdDSA. 2014-09-12 11:31:49 +02:00
issue2346.gpg g10: Fix key import statistics. 2016-07-25 12:50:35 +02:00
no-creation-time.gpg Add a sample key. 2009-01-13 14:01:56 +00:00
pgp-desktop-skr.asc tests: Add sample secret key w/o binding signatures. 2019-03-18 13:13:35 +01:00
README gpg: Avoid importing secret keys if the keyblock is not valid. 2019-03-18 13:16:35 +01:00
rsa-primary-auth-only.pub.asc gpg: Make --export-ssh-key work for the primary key. 2017-02-14 10:55:13 +01:00
rsa-primary-auth-only.sec.asc gpg: Make --export-ssh-key work for the primary key. 2017-02-14 10:55:13 +01:00
rsa-rsa-sample-1.asc tests: Add two more sample keys for OpenPGP. 2016-06-22 11:25:22 +02:00
silent-running.asc Add another collection of sample keys 2016-06-28 15:53:59 +02:00
ssh-dsa.key tests: Add test for ssh support. 2016-07-19 16:38:21 +02:00
ssh-ecdsa.key tests: Add test for ssh support. 2016-07-19 16:38:21 +02:00
ssh-ed25519.key tests: Add test for ssh support. 2016-07-19 16:38:21 +02:00
ssh-rsa.key tests: Add test for ssh support. 2016-07-19 16:38:21 +02:00
whats-new-in-2.1.asc tests: More OpenPGP test keys 2015-05-16 12:20:02 +02:00

no-creation-time.gpg   A key with a zero creation time.
ecc-sample-1-pub.asc   A NIST P-256 ECC sample key.
ecc-sample-1-sec.asc   Ditto, but the secret keyblock.
ecc-sample-2-pub.asc   A NIST P-384 ECC sample key.
ecc-sample-2-sec.asc   Ditto, but the secret keyblock.
ecc-sample-3-pub.asc   A NIST P-521 ECC sample key.
ecc-sample-3-sec.asc   Ditto, but the secret keyblock.
eddsa-sample-1-pub.asc An Ed25519 sample key.
eddsa-sample-1-sec.asc Ditto, but as protected secret keyblock.
dda252ebb8ebe1af-1.asc rsa4096 key 1
dda252ebb8ebe1af-2.asc rsa4096 key 2 with a long keyid collision.
whats-new-in-2.1.asc   Collection of sample keys.
e2e-p256-1-clr.asc     Google End-end-End test key (no protection)
e2e-p256-1-prt.asc     Ditto, but protected with passphrase "a".
E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection)
pgp-desktop-skr.asc    Secret key with subkeys w/o signatures
rsa-rsa-sample-1.asc   RSA+RSA sample key (no passphrase)
ed25519-cv25519-sample-1.asc  Ed25519+CV25519 sample key (no passphrase)
silent-running.asc     Collection of sample secret keys (no passphrases)
rsa-primary-auth-only.pub.asc  rsa2408 primary only, usage: cert,auth
rsa-primary-auth-only.sec.asc  Ditto but the secret keyblock.


Notes:

- pgp-desktop-skr.asc is a secret keyblock without the uid and subkey
  binding signatures.  When exporting a secret key from PGP desktop
  such a file is created which is then directly followed by a separate
  armored public key block.  To create such a sample concatenate
  pgp-desktop-skr.asc and E657FB607BB4F21C90BB6651BC067AF28BC90111.asc
- ecc-sample-2-sec.asc and ecc-sample-3-sec.asc do not have and
  binding signatures either.  ecc-sample-1-sec.asc has them, though.