gpgme: detect missing primary key

Tobias Mueller muelli at cryptobitch.de
Mon May 21 18:32:07 CEST 2018


Hi,

I've actually found it now while digging through the gpgme code.
src/keylist.c has a parse_sec_field15 function which essentially does
this:

  else if (*field == '#')
    {
      subkey->secret = 0;
      key->secret = 1;
    }


And indeed, this is the check to perform:

In [10]: k = list(ctx.keylist(secret=True))[0]

In [11]: k.secret
Out[11]: 1

In [12]: k.can_certify
Out[12]: 1

In [13]: k.subkeys[0].can_certify
Out[13]: 1

In [14]: k.subkeys[0].secret
Out[14]: 0


Cheers,
  Tobi

On Mon, 2018-05-21 at 15:17 +0200, Tobias Mueller wrote:
> Hi,
> 
> I am using gpgme and I want to detect when the actual key for signing
> some other key is not present, e.g. after having followed https://wiki
> .d
> ebian.org/Subkeys.
> 
> gpg --list-secret-keys shows
> 
> sec#  rsa2048 2018-02-13 [SC]
>       D6951AD1A148A16C1B1FFACABA64A52A51061371
> uid           [ unknown] foobar <foo at bar>
> ssb   rsa2048 2018-02-13 [E]
> ssb   rsa2048 2018-02-13 [S]
> 
> 
> presumingly the "sec#" indicates the missing primary key.
> 
> With gpgme I get this:
> 
> In [4]: list(ctx.keylist(secret=True))
> Out[4]: [Key(can_authenticate=0, can_certify=1, can_encrypt=1,
> can_sign=1, chain_id=None, disabled=0, expired=0,
> fpr='D6951AD1A148A16C1B1FFACABA64A52A51061371', invalid=0,
> is_qualified=0, issuer_name=None, issuer_serial=None, keylist_mode=1,
> owner_trust=0, protocol=0, revoked=0, secret=1,
> subkeys=[SubKey(can_authenticate=0, can_certify=1, can_encrypt=0,
> can_sign=1, card_number=None, curve=None, disabled=0, expired=0,
> expires=0, fpr='D6951AD1A148A16C1B1FFACABA64A52A51061371', invalid=0,
> is_cardkey=0, is_qualified=0,
> keygrip='39B99ED24E2D2AC200A296712B1A6D756C4ABC3C',
> keyid='BA64A52A51061371', length=2048, pubkey_algo=1, revoked=0,
> secret=0, timestamp=1518519237), SubKey(can_authenticate=0,
> can_certify=0, can_encrypt=1, can_sign=0, card_number=None,
> curve=None,
> disabled=0, expired=0, expires=0,
> fpr='0192F548677FE38FE46B095E5A531CC30D4F7810', invalid=0,
> is_cardkey=0,
> is_qualified=0, keygrip='14CDE4A9EC7F2716AAB134247CA778321F343E73',
> keyid='5A531CC30D4F7810', length=2048, pubkey_algo=1, revoked=0,
> secret=1, timestamp=1518519237), SubKey(can_authenticate=0,
> can_certify=0, can_encrypt=0, can_sign=1, card_number=None,
> curve=None,
> disabled=0, expired=0, expires=0,
> fpr='D04938AFB2DCD015AFD79C12B9B9338F1984FBE1', invalid=0,
> is_cardkey=0,
> is_qualified=0, keygrip='51A932F25B04A04C2C75014D58028D4C51451576',
> keyid='B9B9338F1984FBE1', length=2048, pubkey_algo=1, revoked=0,
> secret=1, timestamp=1518519280)], uids=[UID(address='foo at bar',
> comment='', email='foo at bar', invalid=0, name='foobar', revoked=0,
> signatures=[], tofu=[], uid='foobar <foo at bar>', validity=0)])]
> 
> 
> Nothing seems to indicate the missing primary key.
> Unless I am missing something.
> 
> How would I detect the above mentioned scenario?
> 
> I've quickly grepped through gpgme and in keylist.c I can only find
> "sec" being parsed, not "sec#".
> 
> 
> Cheers,
>   Tobi
> 
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel



More information about the Gnupg-devel mailing list