diff options
| author | Werner Koch <wk@gnupg.org> | 2024-08-12 14:50:08 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2024-08-12 14:50:08 +0200 |
| commit | 882ab7fef9bf4440900c32d7463469307224f11a (patch) | |
| tree | 9544c758dc3929bd2b5cd0f45d72d072c1f705fb /g10/pubkey-enc.c | |
| parent | agent: When diverting to a card show the name of unsupported algos. (diff) | |
| download | gnupg2-882ab7fef9bf4440900c32d7463469307224f11a.tar.xz gnupg2-882ab7fef9bf4440900c32d7463469307224f11a.zip | |
gpg: Improve decryption diagnostic for an ADSK key.
* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked
for encryption use".
(get_it): Print a note if an ADSK key was used. Use the new
get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--
This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
"oops: public key not found for preference check\n"
due to ADSK keys. The error is mostly harmless but lets gpg return
with an exit code of 2.
Diffstat (limited to 'g10/pubkey-enc.c')
| -rw-r--r-- | g10/pubkey-enc.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 563077803..dced3dfb0 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -143,7 +143,7 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek) else if (opt.try_all_secrets || (k->keyid[0] == keyid[0] && k->keyid[1] == keyid[1])) { - if (!opt.quiet && !(sk->pubkey_usage & PUBKEY_USAGE_ENC)) + if (!opt.quiet && !(sk->pubkey_usage & PUBKEY_USAGE_XENC_MASK)) log_info (_("used key is not marked for encryption use.\n")); } else @@ -156,7 +156,7 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek) if (!opt.quiet && !k->keyid[0] && !k->keyid[1]) { log_info (_("okay, we are the anonymous recipient.\n")); - if (!(sk->pubkey_usage & PUBKEY_USAGE_ENC)) + if (!(sk->pubkey_usage & PUBKEY_USAGE_XENC_MASK)) log_info (_("used key is not marked for encryption use.\n") ); } @@ -443,7 +443,7 @@ get_it (ctrl_t ctrl, { PKT_public_key *pk = NULL; PKT_public_key *mainpk = NULL; - KBNODE pkb = get_pubkeyblock (ctrl, keyid); + KBNODE pkb = get_pubkeyblock_ext (ctrl, keyid, GET_PUBKEYBLOCK_FLAG_ADSK); if (!pkb) { @@ -495,6 +495,13 @@ get_it (ctrl_t ctrl, } } + if (pk && !(pk->pubkey_usage & PUBKEY_USAGE_ENC) + && (pk->pubkey_usage & PUBKEY_USAGE_RENC)) + { + log_info (_("Note: ADSK key has been used for decryption")); + log_printf ("\n"); + } + if (pk && pk->flags.revoked) { log_info (_("Note: key has been revoked")); @@ -512,7 +519,7 @@ get_it (ctrl_t ctrl, /* Note that we do not want to create a trustdb just for * getting the ownertrust: If there is no trustdb there can't - * be ulitmately trusted key anyway and thus the ownertrust + * be an ultimately trusted key anyway and thus the ownertrust * value is irrelevant. */ write_status_printf (STATUS_DECRYPTION_KEY, "%s %s %c", pkhex, mainpkhex, |