[PATCH] Create cache item for current key from previous.

Ben Kibbey bjk at luxsci.net
Tue Jul 26 00:17:57 CEST 2016


On Mon, Jul 25, 2016 at 10:22:05AM +0200, Justus Winter wrote:
> Hi :)

Hi

> > Fixes the KEYINFO cache field for a key that previously failed do to not
> > being found in the cache but succeeded when the last_stored_cache_key
> > was tried. Use the last_stored_cache_key cached passphrase for the new
> > cache entry for the current keygrip.

> Thanks, can you please tell me how to reproduce this problem?

Decrypt a message. Do a gpg-agent KEYINFO with the keygrip of the
decryption key and see that it is cached. Sign a new message.  The
signing keygrip is not cached although the decryption key is (as
expected). This is because last_stored_cache_key grip's passphrase is
tried as the signing key passphrase when its' grip is not in the cache,
which in this case is the decryption key grip. The patch sets a signing
key cache entry passphrase to the same as last_stored_cache_key when
unprotect() succeeds.

I can't think of a way to get the initial signing key cache status set
properly before doing sign operation even though last_stored_cache_key
may successfully do a sign operation without asking for a passphrase.
Would need to do at lease one sign before the cache status of KEYINFO is
updated.

-- 
Ben Kibbey



More information about the Gnupg-devel mailing list