* keyedit.c (menu_addrevoker), getkey.c (finish_lookup): Fix problem with
authorDavid Shaw <dshaw@jabberwocky.com>
Thu, 27 Oct 2005 16:23:59 +0000 (16:23 +0000)
committerDavid Shaw <dshaw@jabberwocky.com>
Thu, 27 Oct 2005 16:23:59 +0000 (16:23 +0000)
adding a cert-only designated revoker.  Code was looking for a key with
sign ability, and not cert ability.  Noted by Timo Schulz.

g10/ChangeLog
g10/getkey.c
g10/keyedit.c

index db07564..8dd57c7 100644 (file)
@@ -1,3 +1,10 @@
+2005-10-27  David Shaw  <dshaw@jabberwocky.com>
+
+       * keyedit.c (menu_addrevoker), getkey.c (finish_lookup): Fix
+       problem with adding a cert-only designated revoker.  Code was
+       looking for a key with sign ability, and not cert ability.  Noted
+       by Timo Schulz.
+
 2005-10-27  Werner Koch  <wk@g10code.com>
 
        * gpg.c [__CYGWIN__]: Set default driver to winscard.dll.
index 2dde1bb..35e74f1 100644 (file)
@@ -2345,7 +2345,7 @@ finish_lookup (GETKEY_CTX ctx)
     KBNODE k;
     KBNODE foundk = NULL;
     PKT_user_id *foundu = NULL;
-#define USAGE_MASK  (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC)
+#define USAGE_MASK  (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
     unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
     /* Request the primary if we're certifying another key, and also
        if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
index 55fc685..1e07b1d 100644 (file)
@@ -3380,9 +3380,11 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
          goto fail;
        }
 
-      /* Note that I'm requesting SIG here and not CERT.  We're making
-        a certification, but it is okay to be a subkey. */
-      revoker_pk->req_usage=PUBKEY_USAGE_SIG;
+      /* Note that I'm requesting CERT here, which usually implies
+        primary keys only, but some casual testing shows that PGP and
+        GnuPG both can handle a designated revokation from a
+        subkey. */
+      revoker_pk->req_usage=PUBKEY_USAGE_CERT;
       rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL,1);
       if(rc)
        {