Page MenuHome GnuPG
Create Task
Maniphest T5965

gpgme: Inconsistent secret subkey flag when listing keys with different modes
Closed, ResolvedPublic
Actions

Description

When doing a key listing of X.509 certificates, then for card keys the secret flag of the (first) subkey is set.
When doing a secret key listing for OpenPGP certificates, then the secret flag is set for card keys.
When doing a public key listing with secret for OpenPGP certificates, then the secret flag is not set for card keys.

My guess is, that this is a bug in the key listing "with secret" mode. If I understand correctly, then the flag is supposed to indicate that the secret key is available for usage, e.g. for signing or decryption, either locally in the secret key ring or on a card that can be requested if needed.

A possible fix of the inconsistency between the result of "list secret OpenPGP keys" and "list public OpenPGP keys with secret key information" would be

diff --git a/src/keylist.c b/src/keylist.c
index 05267e6c..a003179e 100644
--- a/src/keylist.c
+++ b/src/keylist.c
@@ -423,6 +423,7 @@ parse_sec_field15 (gpgme_key_t key, gpgme_subkey_t subkey, char *field)
     {
       /* Fields starts with a hex digit; thus it is a serial number.  */
       key->secret = 1;
+      subkey->secret = 1;
       subkey->is_cardkey = 1;
       subkey->card_number = strdup (field);
       if (!subkey->card_number)

Revisions and Commits

rM GPGME
rMf72cf726ca74 core: Set SECRET flag of subkeys stored on smart cards
rM306fd9c915cb cpp: Output more properties of a subkey
rMe029fd27350f cpp,tests: Actually parse the --with-secret option

Event Timeline

ikloecker created this task.May 5 2022, 4:58 PM
ikloecker added a commit: rMe029fd27350f: cpp,tests: Actually parse the --with-secret option.May 5 2022, 5:26 PM
ikloecker added a commit: rM306fd9c915cb: cpp: Output more properties of a subkey.
ikloecker added projects: Restricted Project, gpgme.May 5 2022, 5:27 PM
werner added a subscriber: werner.May 6 2022, 8:33 AM

No sure, you could also consider the is_cardkey flag to mean that a secret key might be available. FWIW, GPA sets it internal secret key flag based on the type of listing done; thus I see no problem if you want to change the behaviour.

ikloecker added a commit: rMf72cf726ca74: core: Set SECRET flag of subkeys stored on smart cards.May 6 2022, 9:34 AM
ikloecker closed this task as Resolved.May 6 2022, 10:10 AM
ikloecker claimed this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.