1 From: Simon Arlott <simon@arlott.org>
2 Date: Sun, 5 Feb 2017 16:31:35 -0500
3 Subject: g10: Skip signing keys where no secret key is available.
5 * g10/getkey.c (finish_lookup): When requiring PUBKEY_USAGE_SIG, skip
6 over keys where no signing key is available.
10 This should only be relevant when gpg is required to choose which key
11 to sign with -- if verifying signatures, we already know which subkey
12 to look at, and indeed gpg doesn't seem to have a problem with this.
15 https://bugs.gnupg.org/gnupg/file793/sign-fix.patch
17 I (dkg) have reviewed and tested it with missing local keys, and it
18 makes sense to me as the default behavior. If the user has the secret
19 key for a signing-capable subkey available and the command is --sign,
22 If the user has explicitly specified a subkey that happens to be
23 missing (e.g. with the trailing ! for --default-key 0x${FPR}!) then
24 this does not override that behavior (the signature will still fail).
29 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
31 g10/getkey.c | 7 +++++++
32 1 file changed, 7 insertions(+)
34 diff --git a/g10/getkey.c b/g10/getkey.c
35 index 961d7de..bb31dfb 100644
38 @@ -3529,6 +3529,13 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
42 + if ((req_usage & PUBKEY_USAGE_SIG) && agent_probe_secret_key (NULL, pk))
45 + log_debug ("\tno secret key for signing\n");
50 log_debug ("\tsubkey might be fine\n");
51 /* In case a key has a timestamp of 0 set, we make sure