[PATCH GnuPG] RFC: g10: Improve and unify key selection.

Justus Winter justus at g10code.com
Mon Oct 31 16:01:23 CET 2016


Andre Heinecke <aheinecke at intevation.de> writes:
> On Monday 31 October 2016 13:12:16 Justus Winter wrote:
>> When a name resembling a mail address is given to either --locate-key
>> or --recipient, rank the search results and use only the most relevant
>> key.
>
> I would prefer it if this function would also return expired / revoked / 
> validitity never etc. Keys. So in a GUI we could handle this case by informing 
> the user that the key for this user is expired.
>
> Otherwise we would have to check for that case with another keylisting to 
> avoid the problem that a user was able to encrypt to someone yesterday 
> automatically and today it no longer works and the UI just shows "No key for 
> this recipient" when a UI uses locate-keys.

Right, I mis-read the algorithm you posted in the bug report.

>> This also lets us query which key will be used for encryption using
>> --locate-key.  XXX: Is this true?  B/c if we use --recipient, we only
>> consider keys usable for encryption. Otoh, --locate-key has no such
>> constraint.
>
> I think this could be solved by ranking a key that can both encrypt higher 
> then a key that can't encrypt. This would avoid the state where an encrypt key 
> can can't be found because a user has a different primary key with only signing 
> (for whatever weird reason). The primary usecase of this function imo is to 
> look up recipient keys for encryption.

Ok, I'll revise the patch.

Justus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 454 bytes
Desc: not available
URL: </pipermail/attachments/20161031/c7f0f266/attachment.sig>


More information about the Gnupg-devel mailing list