gpgsm not listing key usage caps "esc" in regular output?

Werner Koch wk at gnupg.org
Fri Oct 31 14:55:12 CET 2008


On Fri, 31 Oct 2008 09:50, bernhard at intevation.de said:
> It seems that gpgsm will not add "key usage" if a key has "esc"
> capabilities. Is this a defect? Seems like it.

This is on purpose:

  err = ksba_cert_get_key_usage (cert, &use);
  if (gpg_err_code (err) == GPG_ERR_NO_DATA)
    {
      es_putc ('e', fp);
      es_putc ('s', fp);
      es_putc ('c', fp);
      es_putc ('E', fp);
      es_putc ('S', fp);
      es_putc ('C', fp);
      return;
    }

The reason is that programs using the colon interface take decisions
based on the key capabilities.  We don't want them to know how to interpret
X.509 and thus we do this for them by telling that the certifciate maybe
used for all purposes.

A key listing without --with-colons is intended to be human readable
and thus we print what we actually have, like:

>     key usage: digitalSignature nonRepudiation keyEncipherment

In the above case we don't print anything because there are no key usage
flags at all.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-devel mailing list