slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

When adopting a key, error out if the key's key flags is empty.

Browse Source 
- When adopting a key using `sq key adopt`, error out if the key's
    key flags are empty.
This commit is contained in:
Neal H. Walfield 2024-09-26 10:52:58 +02:00
parent 5ec89e8abe
commit 33dc4a1b41
No known key found for this signature in database
GPG Key ID: 6863C9AD5B4D22D3
2 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/commands/key/adopt.rs
View File

@ -191,13 +191,17 @@ pub fn adopt(sq: Sq, mut command: cli::key::AdoptCommand) -> Result<()>
builder = builder.set_key_expiration_time(&key, e.timestamp())?;
}
// If there is a valid backsig, recreate it.
let need_backsig = builder
.key_flags()
.map(|kf| kf.for_signing() || kf.for_certification())
.unwrap_or(false);
let key_flags = builder.key_flags().unwrap_or(KeyFlags::empty());
if key_flags.is_empty() {
return Err(anyhow::anyhow!(
"{} has no key capabilities. Pass at least one of \
--can-sign, --can-authenticate, and --can-encrypt to \
adopt this key.",
key.fingerprint()));
};
if need_backsig {
// If we need a valid backsig, create it.
if key_flags.for_signing() || key_flags.for_certification() {
// Derive a signer.
let ka = cert.keys().key_handle(key.fingerprint())
.next()

16
tests/integration/sq_key_adopt.rs
View File

@ -659,12 +659,26 @@ fn adopt_bare() -> Result<()> {
let to_adopt = bare_signing().0;
let cert = sq.key_adopt(
// First, a bare certificate doesn't have any key flags set. Make
// sure `sq key adopt` complains, if we don't specify any (e.g.,
// `--can-encrypt`).
let r = sq.key_adopt_maybe(
&[],
vec![ bare() ],
alice_primary().0,
vec![ to_adopt.clone() ],
&alice2_pgp);
if r.is_ok() {
panic!("sq key adopt succeeded, but should have complained about \
missing key flags");
}
let cert = sq.key_adopt(
&["--can-encrypt", "universal"],
vec![ bare() ],
alice_primary().0,
vec![ to_adopt.clone() ],
&alice2_pgp);
let mut found = false;
for k in cert.keys() {