[PATCH] g10: Skip signing keys where no secret key is available.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Feb 5 22:31:35 CET 2017

From: Simon Arlott <simon at arlott.org>

* g10/getkey.c (finish_lookup): When requiring PUBKEY_USAGE_SIG, skip
over keys where no signing key is available.


This should only be relevant when gpg is required to choose which key
to sign with -- if verifying signatures, we already know which subkey
to look at, and indeed gpg doesn't seem to have a problem with this.

This patch comes from

I (dkg) have reviewed and tested it with missing local keys, and it
makes sense to me as the default behavior.  If the user has the secret
key for a signing-capable subkey available and the command is --sign,
it should be used.

If the user has explicitly specified a subkey that happens to be
missing (e.g. with the trailing ! for --default-key 0x${FPR}!) then
this does not override that behavior (the signature will still fail).

GnuPG-bug-id: 1967
Debian-bug-id: 834922

Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
 g10/getkey.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/g10/getkey.c b/g10/getkey.c
index e39de28ae..d2349ee6c 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3523,6 +3523,13 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
+	  if ((req_usage & PUBKEY_USAGE_SIG) && agent_probe_secret_key (NULL, pk))
+	    {
+	      if (DBG_LOOKUP)
+		log_debug ("\tno secret key for signing\n");
+	      continue;
+	    }
 	  if (DBG_LOOKUP)
 	    log_debug ("\tsubkey might be fine\n");
 	  /* In case a key has a timestamp of 0 set, we make sure

More information about the Gnupg-devel mailing list