[PATCH] Improve handling of no corresponding public key for a private key

[NIIBE Yutaka]

Hello,

This is a fix for the issue 1422: https://bugs.gnupg.org/gnupg/issue1422

Here is my scenario to reproduce the bug.

(1) With --gen-key, generate DSA+Elgamal key
(2) make a encrypted file using (1)
(3) make a copy of .gnupg/secring.gpg
(4) With --edit-key, delkey Elgamal subkey
(5) With --export, make public key file
(6) With --delete-secret-key, delete the key generated by (1)
(7) Restore .gnupg/secring.gpg by the copy of (3)
(8) Import DSA only public key of (5)

Now, it has secret subkey, but no corresponding public key.

(8) Try to decrypt encrypted file of (2)
    It asks the passphrase, then input it, then, it stops with:

	gpg: Ohhhh jeeee: no decrypt() for 17

It's Debian GnuPG 1.4.18-7 in stable.  I think that it is better to
check availability of public key for the private subkey.

The function get_seckey should not return the public key of primary
key when it is asked for the public key of subkey.

Here is a patch.  Tested in GnuPG 1.4.  I think that this could be
also applied to 2.0.


diff --git a/g10/getkey.c b/g10/getkey.c
index d5d1135..fc3c179 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -498,7 +498,19 @@ get_seckey( PKT_secret_key *sk, u32 *keyid )
     ctx.req_usage = sk->req_usage;
     rc = lookup( &ctx, &kb, 1 );
     if ( !rc ) {
+        u32 skid[2];
+
         sk_from_block ( &ctx, sk, kb );
+        keyid_from_sk ( sk, skid );
+        /*
+         * Make sure it's exact match of keyid.
+         * If not, it's secret subkey with no public key.
+         */
+        if (!(keyid[0] == skid[0] && keyid[1] == skid[1])) {
+          log_error (_("key %s: secret key without public key"
+                       " - skipped\n"), keystr(keyid));
+          rc = G10ERR_NO_PUBKEY;
+        }
     }
     get_seckey_end( &ctx );
     release_kbnode ( kb );
--