diff options
| author | Werner Koch <wk@gnupg.org> | 2020-03-13 17:14:34 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2020-03-13 17:14:34 +0100 |
| commit | 6a4443c8425fd548020553b22d5a16ffad98371f (patch) | |
| tree | 75da2b6c4ce956ef3923abef180ba079a40d770e /g10/keydb.h | |
| parent | gpg: New option --include-key-block. (diff) | |
| download | gnupg2-6a4443c8425fd548020553b22d5a16ffad98371f.tar.xz gnupg2-6a4443c8425fd548020553b22d5a16ffad98371f.zip | |
gpg: Make use of the included key block in a signature.
* g10/import.c (read_key_from_file): Rename to ...
(read_key_from_file_or_buffer): this and add new parameters. Adjust
callers.
(import_included_key_block): New.
* g10/packet.h (PKT_signature): Add field flags.key_block.
* g10/parse-packet.c (parse_signature): Set that flags.
* g10/sig-check.c (check_signature2): Add parm forced_pk and change
all callers.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Try the included key block if no key is
available.
--
This is is the second part to support the new Key Block subpacket.
The idea is that after having received a signed mail, it is instantly
possible to reply encrypted - without the need for any centralized
infrastructure.
There is one case where this does not work: A signed mail is received
using a specified signer ID (e.g. using gpg --sender option) and the
key block with only that user ID is thus imported. The next time a
mail is received using the same key but with a different user ID; the
signatures checks out using the key imported the last time. However,
the new user id is not imported. Now when trying to reply to that
last mail, no key will be found. We need to see whether we can update
a key in such a case.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10/keydb.h')
| -rw-r--r-- | g10/keydb.h | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/g10/keydb.h b/g10/keydb.h index 96b22eef2..75d3cd0d5 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -328,7 +328,8 @@ void getkey_disable_caches(void); /* Return the public key used for signature SIG and store it at PK. */ gpg_error_t get_pubkey_for_sig (ctrl_t ctrl, - PKT_public_key *pk, PKT_signature *sig); + PKT_public_key *pk, PKT_signature *sig, + PKT_public_key *forced_pk); /* Return the public key with the key id KEYID and store it at PK. */ int get_pubkey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid); @@ -385,6 +386,11 @@ gpg_error_t get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode, gpg_error_t get_pubkey_fromfile (ctrl_t ctrl, PKT_public_key *pk, const char *fname); +/* Get a public key from a buffer. */ +gpg_error_t get_pubkey_from_buffer (ctrl_t ctrl, PKT_public_key *pkbuf, + const void *buffer, size_t buflen, + u32 *want_keyid, kbnode_t *r_keyblock); + /* Return the public key with the key id KEYID iff the secret key is * available and store it at PK. */ gpg_error_t get_seckey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid); |