[BUG/Gpgme] checking message with a revoked key

Marcus Brinkmann marcus.brinkmann at ruhr-uni-bochum.de
Fri May 21 01:05:51 CEST 2004 

At Thu, 20 May 2004 17:24:00 +0200,
Albrecht Dreß wrote:
> fd 33: got `[GNUPG:] REVKEYSIG 9C280BBF3D7D41E3 Atom Smasher  

Yow, that one is not handled at all right now!

> From this, gpgme returns 0x7000096 == source gpgme, error "invalid crypto  
> engine". This is grossly misleading, the result should be something like  
> "key revoked" (like key expired, see GPG_ERR_KEY_EXPIRED; IMHO such an  
> error should be added to gpg-error).

The invalid engine is caused by a VALIDSIG without starting a
signature (as REVKEYSIG was not recognized).  Can you try the below
patch if it helps?  It's totally untested (didn't even try to compile
it).

BTW, the CERT_REVOKED error code in the patch is probably bogus.  From
a quick glance, I agree with you that a KEY_REVOKED error code is
needed in gpg-error.

> Furthermore, it would be great if I could still get the output stream  
> (input was '2440 encoded) from gpgme to display the human-readable message  
> content alongside with the more meaningful error message.

That might be a side error of the invalid engine.  Please first check
the below patch, that might already be all you need.

Thanks,
Marcus

2004-05-21  Marcus Brinkmann  <marcus at g10code.de>

	* gpgme.h (gpgme_status_code_t): Add GPGME_STATUS_REVKEYSIG.
	* verify.c (_gpgme_verify_status_handler): Add handling of
	GPGME_STATUS_REVKEYSIG.
	(parse_trust): Likewise.

Index: gpgme.h
===================================================================
RCS file: /cvs/gnupg/gpgme/gpgme/gpgme.h,v
retrieving revision 1.143
diff -u -r1.143 gpgme.h
--- gpgme.h	29 Apr 2004 21:50:38 -0000	1.143
+++ gpgme.h	20 May 2004 23:00:48 -0000
@@ -388,7 +388,8 @@
     GPGME_STATUS_EXPKEYSIG,
     GPGME_STATUS_TRUNCATED,
     GPGME_STATUS_ERROR,
-    GPGME_STATUS_NEWSIG
+    GPGME_STATUS_NEWSIG,
+    GPGME_STATUS_REVKEYSIG
   }
 gpgme_status_code_t;
 
Index: verify.c
===================================================================
RCS file: /cvs/gnupg/gpgme/gpgme/verify.c,v
retrieving revision 1.65
diff -u -r1.65 verify.c
--- verify.c	15 Apr 2004 15:58:08 -0000	1.65
+++ verify.c	20 May 2004 23:00:32 -0000
@@ -223,6 +223,10 @@
       sig->status = gpg_error (GPG_ERR_BAD_SIGNATURE);
       break;
 
+    case GPGME_STATUS_REVKEYSIG:
+      sig->status = gpg_error (GPG_ERR_CERT_REVOKED);
+      break;
+
     case GPGME_STATUS_ERRSIG:
       if (end)
 	{
@@ -531,6 +535,7 @@
     case GPGME_STATUS_EXPKEYSIG:
     case GPGME_STATUS_BADSIG:
     case GPGME_STATUS_ERRSIG:
+    case GPGME_STATUS_REVKEYSIG:
       if (sig && !opd->did_prepare_new_sig)
 	calc_sig_summary (sig);
       opd->only_newsig_seen = 0;

More information about the Gnupg-devel mailing list