In sq key list, prefer weakly bound user IDs to nothing.

- `sq key list` prefers to show authenticated, and self-signed user IDs. If there are none, it says "no user IDs," which is not very helpful. In this case, prefer self-signed user IDs that are valid under the NULL policy. Note: these will still show up as unauthenticated.
2024-11-19 09:32:28 +01:00 · 2024-11-19 09:32:28 +01:00 · 51039b3341
commit 51039b3341
parent 149254b756
1 changed files with 11 additions and 2 deletions
--- a/src/commands/key/list.rs
+++ b/src/commands/key/list.rs
@ -18,13 +18,14 @@ use sequoia_openpgp::{
 use sequoia_keystore as keystore;
 use keystore::Protection;

-use crate::cli;
 use crate::Convert;
 use crate::PreferredUserID;
-use crate::Sq;
 use crate::Result;
+use crate::Sq;
 use crate::Time;
 use crate::cli::types::cert_designator;
+use crate::cli;
+use crate::common::NULL_POLICY;

 /// Keys may either be grouped into a certificate or be bare.
 ///
@ -410,10 +411,18 @@ pub fn list(sq: Sq, mut cmd: cli::key::list::Command) -> Result<()> {

        // Show the user IDs that can be authenticated or are self signed.
        if let Some(cert) = association.cert() {
+            // If we have any valid self signed user IDs, prefer
+            // those.  Otherwise, fallback to those valid under the
+            // NULL policy.  They won't be considered authenticated,
+            // but at least we'll show something.
            let self_signed: HashSet<UserID> = if let Ok(vc)
                = cert.with_policy(sq.policy, sq.time)
            {
                HashSet::from_iter(vc.userids().map(|ua| ua.userid()).cloned())
+            } else if let Ok(vc)
+                = cert.with_policy(NULL_POLICY, sq.time)
+            {
+                HashSet::from_iter(vc.userids().map(|ua| ua.userid()).cloned())
            } else {
                Default::default()
            };