Commit bd71828f authored by Ingo Klöcker's avatar Ingo Klöcker
Browse files

Fix evaluation of NeedSecretKey flag

All commands with NeedSecretKey restriction perform secret key operations,
i.e. they require the secret key of the primary key pair. Therefore, we
need to check the secret flag of the primary subkey.

GnuPG-bug-id: 5956
parent 2914efb4
......@@ -47,7 +47,7 @@ public:
NoRestriction = 0x0000,
NeedSelection = 0x0001,
OnlyOneKey = 0x0002,
NeedSecretKey = 0x0004,
NeedSecretKey = 0x0004, //< command performs secret key operations
MustNotBeSecretKey = 0x0008,
MustBeOpenPGP = 0x0010,
MustBeCMS = 0x0020,
......@@ -759,7 +759,14 @@ Command::Restrictions KeyListController::Private::calculateRestrictionsMask(cons
result |= Command::OnlyOneKey;
if (std::all_of(keys.cbegin(), keys.cend(), std::mem_fn(&Key::hasSecret))) {
#if GPGME_VERSION_NUMBER >= 0x011102 // 1.17.2
// we need to check the primary subkey because Key::hasSecret() is also true if just the secret key stub of an offline key is available
const auto primaryKeyCanBeUsedForSecretKeyOperations = [](const auto &k) { return k.subkey(0).isSecret(); };
// older versions of GpgME did not always set the secret flag for card keys
const auto primaryKeyCanBeUsedForSecretKeyOperations = [](const auto &k) { return k.subkey(0).isSecret() || k.subkey(0).isCardKey(); };
if (std::all_of(keys.cbegin(), keys.cend(), primaryKeyCanBeUsedForSecretKeyOperations)) {
result |= Command::NeedSecretKey;
} else if (!std::any_of(keys.cbegin(), keys.cend(), std::mem_fn(&Key::hasSecret))) {
result |= Command::MustNotBeSecretKey;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment