Home GnuPG
Diffusion GnuPG 6c58694a885b

gpg: Allow the use of an ADSK subkey as ADSK subkey.

Description

gpg: Allow the use of an ADSK subkey as ADSK subkey.

* g10/packet.h (PKT_public_key): Increased size of req_usage to 16.
* g10/getkey.c (key_byname): Set allow_adsk in the context if ir was
requested via req_usage.
(finish_lookup): Allow RENC usage matching.
* g10/keyedit.c (append_adsk_to_key): Adjust the assert.
* g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey.

If an ADSK is to be added it may happen that an ADSK subkey is found
first and this should then be used even that it does not have the E
usage. However, it used to have that E usage when it was added.

While testing this I found another pecularity: If you do

gpg -k ADSK_SUBKEY_FPR

without the '!' suffix and no corresponding encryption subkey is dound,
you will get an unusabe key error. I hesitate to fix that due to
possible side-effects.

Backported-from-master: d30e345692440b9c6677118c1d20b9d17d80f873

Note that we still use the NO_AKL and not the newer TRY_LDAP in 2.2.
We may want to backport that change as well.

Details

Provenance
wernerAuthored on Oct 31 2024, 3:11 PM
Parents
rG2ca38bee7a63: agent: Fix status output for LISTTRUSTED.
Branches
Unknown
Tags
Unknown
Tasks
T6882: Make ADSK configurable for new keys