See ChangeLog: Wed Apr 7 20:51:39 CEST 1999 Werner Koch
[gnupg.git] / g10 / import.c
index 920aafb..5a739b9 100644 (file)
@@ -765,7 +765,10 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
                }
                delete_kbnode( node ); /* the user-id */
                /* and all following packets up to the next user-id */
-               while( node->next && node->next->pkt->pkttype != PKT_USER_ID ){
+               while( node->next
+                      && node->next->pkt->pkttype != PKT_USER_ID
+                      && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY
+                      && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ){
                    delete_kbnode( node->next );
                    node = node->next;
                }
@@ -796,7 +799,12 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
        else if( node->pkt->pkttype == PKT_SIGNATURE
                 && (p = parse_sig_subpkt2( node->pkt->pkt.signature,
                                            SIGSUBPKT_EXPORTABLE, NULL ))
-                && !*p ) {
+                && !*p
+                && seckey_available( node->pkt->pkt.signature->keyid ) ) {
+           /* here we violate the rfc a bit by still allowing
+            * to import non-exportable signature when we have the
+            * the secret key used to create this signature - it
+            * seems that this makes sense */
            log_info_f(fname, _("key %08lX: non exportable signature "
                                    "(class %02x) - skipped\n"),
                                    (ulong)keyid[1],