When selecting the best matching key --locate-key should also consider subkeys and prefer a key which has a valid encryption subkey. Test case as of today is dewey at the domain test.gnupg.org which has an ed25519 key with two expired subkeys as well as an rsa1024 key with valid subkey. Get it from WKD.
Description
Description
Related Objects
Related Objects
- Mentioned Here
- T4713: Bug in get_best_pubkey_byname
Event Timeline
Comment Actions
To fix this we also need to fix our key selection test (key-selection.scm) which is can't cope with all combinations. The tests are run with a faked time of 2004-01-01 on all subsets of this ordered list of keys
- no encryption-capable subkey, created: 2003-11-30, expires: 2006-11-29
- encryption-capable subkey, created: 2000-12-31, expired: 2001-12-31
- encryption-capable subkey, created: 2001-12-31, expires: 2006-12-30
- encryption-capable subkey, created: 2002-12-31, expires: 2005-12-30
- encryption-capable subkeys, last created: 2003-05-31, expires: 2005-05-30
and assume that the first key from each subset is the desired one.