[issue197] key selector allows selection of clientAuth keys for
encryption
Bernhard Herzog
aegypten-issues at intevation.de
Wed May 12 19:14:31 CEST 2004
New submission from Bernhard Herzog <bh at intevation.de>:
The keyselector used in kmail tries to only allow keys usable for a given
purpose. This doesn't work properly for certificates which have an
extendedKeyUsage that only contains clientAuth. The attached file contains such
a certificate. KMail lets the user select this certificate as an encryption
certificate even though it correctly disallows certificates that don't have
keyEncipherment in their keyUsage for instance.
When the a mail is sent and is to be encrypted with the attached certificate
gpgsm correctly rejects it.
----------
assignedto: marc
files: aegyptentest9-client-auth.pem
messages: 960
nosy: bh, marc
priority: bug
status: unread
title: key selector allows selection of clientAuth keys for encryption
topic: KMail
______________________________________________________
Aegypten issue tracker <aegypten-issues at intevation.de>
<https://intevation.de/roundup/aegypten/issue197>
______________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aegyptentest9-client-auth.pem
Type: application/octet-stream
Size: 3975 bytes
Desc: not available
Url : /pipermail/attachments/20040512/d4626ec1/aegyptentest9-client-auth.exe
More information about the Gpa-dev
mailing list