capabilities of the key. For example, in mutt, a key of type 1 (RSA)
can both encrypt & sign. This is not correct as per OpenPGP, however,
where the capabilities of the key are determined by both the algorithm
and key capability flags that are set on the key. This can lead to
user confusion when their RSA encrypt-only or sign-only key is listed
for both signing and encryption in mutt.
GnuPG lists these flags in key listings, so it is easy to take
advantage of them. Here is a patch to use the flags, as well as
provide the flags in pgpring. Note that the pgp+pgpring users won't
see any change since the flags there are based on the key algorithm as
they are now, but the GnuPG users will see an improvement.
k->numalg = atoi (p);
k->algorithm = pgp_pkalgbytype (atoi (p));
}
-
- k->flags |= pgp_get_abilities (atoi (p));
break;
}
case 5: /* 16 hex digits with the long keyid. */
while(*p)
{
- if(*p=='D')
+ switch(*p++)
{
+ case 'D':
flags |= KEYFLAG_DISABLED;
break;
- }
- p++;
+ case 'e':
+ flags |= KEYFLAG_CANENCRYPT;
+ break;
+
+ case 's':
+ flags |= KEYFLAG_CANSIGN;
+ break;
+ }
}
if (!is_uid && !(*is_subkey && option (OPTPGPIGNORESUB)))
print_userid (uid->addr);
printf ("::");
+
+ if(pgp_canencrypt(p->numalg))
+ putchar ('e');
+ if(pgp_cansign(p->numalg))
+ putchar ('s');
if (p->flags & KEYFLAG_DISABLED)
putchar ('D');
printf (":\n");
projects / mutt / commitdiff