[PATCH] Improve handling of no corresponding public key for a private key
NIIBE Yutaka
gniibe at fsij.org
Mon May 18 04:27:45 CEST 2015
Hello,
This is a fix for the issue 1422: https://bugs.gnupg.org/gnupg/issue1422
Here is my scenario to reproduce the bug.
(1) With --gen-key, generate DSA+Elgamal key
(2) make a encrypted file using (1)
(3) make a copy of .gnupg/secring.gpg
(4) With --edit-key, delkey Elgamal subkey
(5) With --export, make public key file
(6) With --delete-secret-key, delete the key generated by (1)
(7) Restore .gnupg/secring.gpg by the copy of (3)
(8) Import DSA only public key of (5)
Now, it has secret subkey, but no corresponding public key.
(8) Try to decrypt encrypted file of (2)
It asks the passphrase, then input it, then, it stops with:
gpg: Ohhhh jeeee: no decrypt() for 17
It's Debian GnuPG 1.4.18-7 in stable. I think that it is better to
check availability of public key for the private subkey.
The function get_seckey should not return the public key of primary
key when it is asked for the public key of subkey.
Here is a patch. Tested in GnuPG 1.4. I think that this could be
also applied to 2.0.
diff --git a/g10/getkey.c b/g10/getkey.c
index d5d1135..fc3c179 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -498,7 +498,19 @@ get_seckey( PKT_secret_key *sk, u32 *keyid )
ctx.req_usage = sk->req_usage;
rc = lookup( &ctx, &kb, 1 );
if ( !rc ) {
+ u32 skid[2];
+
sk_from_block ( &ctx, sk, kb );
+ keyid_from_sk ( sk, skid );
+ /*
+ * Make sure it's exact match of keyid.
+ * If not, it's secret subkey with no public key.
+ */
+ if (!(keyid[0] == skid[0] && keyid[1] == skid[1])) {
+ log_error (_("key %s: secret key without public key"
+ " - skipped\n"), keystr(keyid));
+ rc = G10ERR_NO_PUBKEY;
+ }
}
get_seckey_end( &ctx );
release_kbnode ( kb );
--
More information about the Gnupg-devel
mailing list