Commit f840a014 authored by Ingo Klöcker's avatar Ingo Klöcker
Browse files

Add helpers for checking properties of keys

GnuPG-bug-id: 5843
parent d09dad58
Pipeline #201179 passed with stage
in 3 minutes and 6 seconds
......@@ -12,6 +12,9 @@
#include <QByteArray>
#include <gpgme.h>
#include <algorithm>
#include <iterator>
......@@ -33,8 +36,21 @@ bool Kleo::isRevokedOrExpired(const GpgME::UserID &userId)
bool Kleo::canCreateCertifications(const GpgME::Key &key)
// Key::hasSecret() is also true for offline keys (i.e. keys with a secret key stub that are not stored on a card),
// but those keys cannot be used for certifications; therefore, we check whether the primary subkey has a proper secret key
// or whether its secret key is stored on a card, so that gpg can ask for the card.
return key.canCertify() && (key.subkey(0).isSecret() || key.subkey(0).isCardKey());
return key.canCertify() && canBeUsedForSecretKeyOperations(key);
bool Kleo::canBeUsedForSecretKeyOperations(const GpgME::Key &key)
#if GPGME_VERSION_NUMBER >= 0x011102 // 1.17.2
// we need to check the primary subkey because Key::hasSecret() is also true if just the secret key stub of an offline key is available
return key.subkey(0).isSecret();
// older versions of GpgME did not always set the secret flag for card keys
return key.subkey(0).isSecret() || key.subkey(0).isCardKey();
bool Kleo::isSecretKeyStoredInKeyRing(const GpgME::Key &key)
return key.subkey(0).isSecret() && !key.subkey(0).isCardKey();
......@@ -33,10 +33,23 @@ bool isRevokedOrExpired(const GpgME::UserID &userId);
* Returns true if \p key can be used to certify user IDs, i.e. if the key
* has the required capability and if the secret key of the (primary)
* certification subkey is available in the keyring or on a smart card.
bool canCreateCertifications(const GpgME::Key &key);
* Returns true if \p key can be used for operations requiring the secret key,
* i.e. if the secret key of the primary key pair is available in the keyring
* or on a smart card.
* \note Key::hasSecret() also returns true if a secret key stub, e.g. of an
* offline key, is available in the keyring.
bool canCreateCertifications(const GpgME::Key &key);
bool canBeUsedForSecretKeyOperations(const GpgME::Key &key);
* Returns true if the secret key of the primary key pair of \p key is stored
* in the keyring.
bool isSecretKeyStoredInKeyRing(const GpgME::Key &key);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment