diff options
| author | Kai Michaelis <kai@sequoia-pgp.org> | 2019-01-18 15:08:40 +0100 |
|---|---|---|
| committer | Kai Michaelis <kai@sequoia-pgp.org> | 2019-01-18 15:10:15 +0100 |
| commit | f3d87851bcc4e82f22f49c6ceb9a385fc97eca86 (patch) | |
| tree | db415b2b38c8c240216a3338fee421f65c5cf713 /sqv/src | |
| parent | 37b79c2cca645cac52a5c2ca9cbcd083b78dc40a (diff) | |
sqv: ensure keys are signing capable before verifying sigs
Closes #164
Diffstat (limited to 'sqv/src')
| -rw-r--r-- | sqv/src/sqv.rs | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/sqv/src/sqv.rs b/sqv/src/sqv.rs index ca11d035..fc8a98a3 100644 --- a/sqv/src/sqv.rs +++ b/sqv/src/sqv.rs @@ -214,8 +214,19 @@ fn real_main() -> Result<(), failure::Error> { if let Some(ref tpk) = tpko { // Find the right key. - for (_, _, key) in tpk.keys() { + for (maybe_binding, _, key) in tpk.keys() { + let binding = match maybe_binding { + Some(b) => b, + None => continue, + }; + if issuer == key.keyid() { + if !binding.key_flags().can_sign() { + eprintln!("Cannot check signature, key has no siginig \ + capability"); + continue 'sig_loop; + } + let mut hash = match hashes.get(&sig.hash_algo()) { Some(h) => h.clone(), None => { |