From: Simon Arlott Date: Sun, 5 Feb 2017 21:31:35 +0000 (-0500) Subject: g10: Skip signing keys where no secret key is available. X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ian/git?a=commitdiff_plain;h=7e6baac4abec207ae0995a39febb962cb757d468;p=gnupg2.git g10: Skip signing keys where no secret key is available. * g10/getkey.c (finish_lookup): When requiring PUBKEY_USAGE_SIG, skip over keys where no signing key is available. -- This should only be relevant when gpg is required to choose which key to sign with -- if verifying signatures, we already know which subkey to look at, and indeed gpg doesn't seem to have a problem with this. This patch comes from https://bugs.gnupg.org/gnupg/file793/sign-fix.patch I (dkg) have reviewed and tested it with missing local keys, and it makes sense to me as the default behavior. If the user has the secret key for a signing-capable subkey available and the command is --sign, it should be used. If the user has explicitly specified a subkey that happens to be missing (e.g. with the trailing ! for --default-key 0x${FPR}!) then this does not override that behavior (the signature will still fail). GnuPG-bug-id: 1967 Debian-bug-id: 834922 Signed-off-by: Daniel Kahn Gillmor Gbp-Pq: Topic skip-missing-signing-keys Gbp-Pq: Name 0076-g10-Skip-signing-keys-where-no-secret-key-is-availab.patch --- diff --git a/g10/getkey.c b/g10/getkey.c index 961d7de..bb31dfb 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3529,6 +3529,13 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact, continue; } + if ((req_usage & PUBKEY_USAGE_SIG) && agent_probe_secret_key (NULL, pk)) + { + if (DBG_LOOKUP) + log_debug ("\tno secret key for signing\n"); + continue; + } + if (DBG_LOOKUP) log_debug ("\tsubkey might be fine\n"); /* In case a key has a timestamp of 0 set, we make sure