Page MenuHome GnuPG

gpgme: Inconsistent secret subkey flag when listing keys with different modes
Closed, ResolvedPublic


When doing a key listing of X.509 certificates, then for card keys the secret flag of the (first) subkey is set.
When doing a secret key listing for OpenPGP certificates, then the secret flag is set for card keys.
When doing a public key listing with secret for OpenPGP certificates, then the secret flag is not set for card keys.

My guess is, that this is a bug in the key listing "with secret" mode. If I understand correctly, then the flag is supposed to indicate that the secret key is available for usage, e.g. for signing or decryption, either locally in the secret key ring or on a card that can be requested if needed.

A possible fix of the inconsistency between the result of "list secret OpenPGP keys" and "list public OpenPGP keys with secret key information" would be

diff --git a/src/keylist.c b/src/keylist.c
index 05267e6c..a003179e 100644
--- a/src/keylist.c
+++ b/src/keylist.c
@@ -423,6 +423,7 @@ parse_sec_field15 (gpgme_key_t key, gpgme_subkey_t subkey, char *field)
       /* Fields starts with a hex digit; thus it is a serial number.  */
       key->secret = 1;
+      subkey->secret = 1;
       subkey->is_cardkey = 1;
       subkey->card_number = strdup (field);
       if (!subkey->card_number)

Event Timeline

No sure, you could also consider the is_cardkey flag to mean that a secret key might be available. FWIW, GPA sets it internal secret key flag based on the type of listing done; thus I see no problem if you want to change the behaviour.

ikloecker claimed this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.