Page MenuHome GnuPG

gpg: avoid deletion of keys not specified by user
AbandonedPublic

Authored by matheusmoreira on Apr 30 2019, 1:40 PM.

Details

Summary
  • g10/delkey.c (should_skip): New.

(do_delete_key): Skip keys other than the exact key specified by user.

When the user tries to delete a specific secret subkey
by using an exact search specification (trailing "!"),
gpg deletes the primary key and all other subkeys as well.

The new should_skip static function allows the key deletion routine
to determine when to skip keys. In this case, keys are skipped when
they are not the exact key specified by the user.

Signed-off-by: Matheus Afonso Martins Moreira <matheus.a.m.moreira@gmail.com>

Test Plan

Given a temporary gpg home with primary and subordinate keys:

$ agent/gpg-agent --daemon --homedir $XDG_RUNTIME_DIR/gnupg-git
$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --default-new-key-algo 'rsa1024/cert+rsa1024/sign' --quick-gen-key test
$ SUBKEY=$(g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git -K --with-subkey-fingerprint --with-colons | awk -F: '/fpr/ { print $10 }' | tail -1)

Deleting just the secret subkey should leave the primary key intact:

$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --yes --delete-secret-keys $SUBKEY!
$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git -K
sec   rsa1024 2019-05-02 [C] [expires: 2021-05-01]
uid           [ultimate] test
ssb#  rsa1024 2019-05-02 [S]

Diff Detail

Repository
rG GnuPG
Lint
Lint Skipped
Unit
Unit Tests Skipped

Event Timeline

matheusmoreira retitled this revision from Improve secret key deletion to Don't delete secret keys not specified by user.Apr 30 2019, 2:02 PM
matheusmoreira edited the summary of this revision. (Show Details)
matheusmoreira retitled this revision from Don't delete secret keys not specified by user to gpg: avoid deletion of keys not specified by user.May 2 2019, 3:41 AM
matheusmoreira edited the summary of this revision. (Show Details)
matheusmoreira edited the test plan for this revision. (Show Details)

A better solution has been commited: cc6069ac6ecd

  • Reuses exact_subkey_match_p instead of defining a new static function
  • Uses keyblock node API
  • Handles exact public key deletion
  • Explains to the user the nature of the operations that are about to be performed
  • Adds documentation