Currently, mutt uses the OpenPGP key algorithm to determine the

capabilities of the key.  For example, in mutt, a key of type 1 (RSA)
can both encrypt & sign.  This is not correct as per OpenPGP, however,
where the capabilities of the key are determined by both the algorithm
and key capability flags that are set on the key.  This can lead to
user confusion when their RSA encrypt-only or sign-only key is listed
for both signing and encryption in mutt.

GnuPG lists these flags in key listings, so it is easy to take
advantage of them.  Here is a patch to use the flags, as well as
provide the flags in pgpring.  Note that the pgp+pgpring users won't
see any change since the flags there are based on the key algorithm as
they are now, but the GnuPG users will see an improvement.

1 files changed, 10 insertions, 5 deletions

diff --git a/gnupgparse.c b/gnupgparse.c
index 3d8e1691..47532c9b 100644
--- a/gnupgparse.c
+++ b/gnupgparse.c
@@ -211,8 +211,6 @@ static pgp_key_t parse_pub_line (char *buf, int *is_subkey, pgp_key_t k)
 	  k->numalg = atoi (p);
 	  k->algorithm = pgp_pkalgbytype (atoi (p));
 	}
-
-	k->flags |= pgp_get_abilities (atoi (p));
 	break;
       }
       case 5:			/* 16 hex digits with the long keyid. */
@@ -285,13 +283,20 @@ static pgp_key_t parse_pub_line (char *buf, int *is_subkey, pgp_key_t k)
 	
 	while(*p)
 	  {
-	    if(*p=='D')
+	    switch(*p++)
 	      {
+	      case 'D':
 		flags |= KEYFLAG_DISABLED;
 		break;
-	      }
 
-	    p++;
+	      case 'e':
+		flags |= KEYFLAG_CANENCRYPT;
+		break;
+
+	      case 's':
+		flags |= KEYFLAG_CANSIGN;
+		break;
+	      }
 	  }
 
         if (!is_uid && !(*is_subkey && option (OPTPGPIGNORESUB)))