gpg: Consider certify keys for revocation signature check.
* g10/getkey.c (get_pubkey_for_sig): Include the certify usage flag when looking up a public key for verifying a signature.
The key lookup (when importing a designated revoker certificate) is
called with req_usage=0 for the issuer of the revocation signature.
After an successful import/revocation the revocation signature is
added to the certificate. Now when the keys are listed (e.g. gpg -k)
the signature is checked again: the function get_pubkey_for_sig is
called but the req_usage is set for signing keys only (cert keys are
skipped). The key used for the successful revocation is not found and
therefore the certificate is not shown as revoked.
- GnuPG-bug-id: T8196
- Fixes-commit: 48978ccb4e20866472ef18436a32744350a65158