out-of-key UIDs [was: ADK's]
Werner Koch
wk at gnupg.org
Thu May 4 13:01:20 CEST 2023
On Thu, 4 May 2023 09:43, Ineiev said:
> This is another issue ADK might handle differently---if gpg skipped
> validation of the donor keys (where ADK subkeys come from),
The ADSK shall work very similar to --encrypt-to - that is it is only
used if there is already an encryption key. That is why it is named
ADS(ub)K(ey) and not just ADK(ey) - the ADSK is always in your keyblock.
In gnupg/g10/pkclist.c:find_and_check_key at line 921 we got the regular
encryption key and add it to our list of keys. Right after that we scan
that keyblock for an ADSK (i.e. PUBKEY_USAGE_RENC) and add that one too.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230504/c2463ff2/attachment.sig>
More information about the Gnupg-users
mailing list