From 9e48a064e55e5ee61bc8caf6d7d0979c398aa4cd Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Fri, 7 Jul 2023 13:57:59 +0200 Subject: openpgp: Better support early v4 certificates. - If there is no key flags subpacket. Match on the key role and algorithm and synthesize one. We do this to better support very early v4 certificates, where either the binding signature is a v3 signature and cannot contain subpackets, or it is a v4 signature, but the key's capabilities were implied by the public key algorithm. - We only match on public key algorithms used at the time. --- openpgp/src/cert.rs | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'openpgp/src/cert.rs') diff --git a/openpgp/src/cert.rs b/openpgp/src/cert.rs index 0170b0e8..f1f233da 100644 --- a/openpgp/src/cert.rs +++ b/openpgp/src/cert.rs @@ -7267,12 +7267,23 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= let vcert = c.with_policy(&np, None)?; assert_eq!(vcert.keys().subkeys().count(), 1); - // XXX: Unfortunately, it being a v3 signature, the subkey has - // no keyflags, limiting its usefulness for now. + // A v3 signature has no subpackets, so there are no key + // flags. But, we then consider the key role and public key + // algorithm. + assert_eq!(vcert.keys().for_signing().count(), 1); + assert_eq!(vcert.keys().for_transport_encryption().count(), 1); // The subkey is interesting because it is bound using a v3 // signature. assert_eq!(c.keys().subkeys().with_policy(&np, None).count(), 1); + + // A v3 signature has no subpackets, so there are no key + // flags. But, we then consider the key role and public key + // algorithm. + assert_eq!(c.keys().with_policy(&np, None).for_signing().count(), 1); + assert_eq!(c.keys().with_policy(&np, None) + .for_transport_encryption().count(), 1); + Ok(()) } } -- cgit v1.2.3