diff --git a/g10/delkey.c b/g10/delkey.c --- a/g10/delkey.c +++ b/g10/delkey.c @@ -117,7 +117,7 @@ } static int -confirm_deletion(ctrl_t ctrl, PKT_public_key *pk, int secret, int fingerprint) +confirm_deletion(ctrl_t ctrl, PACKET *pkt, int secret, int fingerprint) { int yes = 0; @@ -130,22 +130,28 @@ } if (secret) - print_seckey_info (ctrl, pk); + print_seckey_info (ctrl, pkt->pkt.public_key); else - print_pubkey_info (ctrl, NULL, pk); + print_pubkey_info (ctrl, NULL, pkt->pkt.public_key); tty_printf( "\n" ); yes = cpr_get_answer_is_yes (secret? "delete_key.secret.okay": "delete_key.okay", _("Delete this key from the keyring? (y/N) ")); - if (!cpr_enabled() && secret && yes) + if (!cpr_enabled() && secret) { /* I think it is not required to check a passphrase; if the * user is so stupid as to let others access his secret * keyring (and has no backup) - it is up him to read some * very basic texts about security. */ - yes = cpr_get_answer_is_yes ("delete_key.secret.okay", - _("This is a secret key! - really delete? (y/N) ")); + if (yes) + yes = cpr_get_answer_is_yes ("delete_key.secret.okay", + _("This is a secret key! - really delete? (y/N) ")); + + /* Extra confirmation before deleting the user's primary key. */ + if (yes && pkt->pkttype != PKT_PUBLIC_SUBKEY) + yes = cpr_get_answer_is_yes ("delete_key.secret.primary.okay", + _("This is the primary key! - really delete? (y/N) ")); } return yes; @@ -257,7 +263,7 @@ if (should_skip (&desc, node->pkt->pkt.public_key)) continue; - if (confirm_deletion (ctrl, node->pkt->pkt.public_key, secret, exactmatch)) + if (confirm_deletion (ctrl, node->pkt, secret, exactmatch)) { err = gpg_agent_delete_secret_key (ctrl, node->pkt->pkt.public_key); @@ -293,7 +299,7 @@ } else { - if (confirm_deletion (ctrl, pk, secret, exactmatch)) + if (confirm_deletion (ctrl, node->pkt, secret, exactmatch)) { err = keydb_delete_keyblock (hd); if (err)