out-of-key UIDs [was: ADK's]

Werner Koch wk at gnupg.org
Thu May 4 13:01:20 CEST 2023

On Thu,  4 May 2023 09:43, Ineiev said:

> This is another issue ADK might handle differently---if gpg skipped
> validation of the donor keys (where ADK subkeys come from),

The ADSK shall work very similar to --encrypt-to - that is it is only
used if there is already an encryption key.  That is why it is named
ADS(ub)K(ey) and not just ADK(ey) - the ADSK is always in your keyblock.

In gnupg/g10/pkclist.c:find_and_check_key at line 921 we got the regular
encryption key and add it to our list of keys.  Right after that we scan
that keyblock for an ADSK (i.e. PUBKEY_USAGE_RENC) and add that one too.



The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230504/c2463ff2/attachment.sig>

More information about the Gnupg-users mailing list