slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't panic if a key doesn't contain secret key material, skip it.

Browse Source 
- If a key specified using `--recipient-file` does not contain
    secret key material, don't panic, just skip it.

  - It is perfectly reasonable for only a subset of keys in a
    TSK to contain secret key material.
This commit is contained in:
Neal H. Walfield
2024-07-05 13:56:17 +02:00
parent 4d8a870779
commit 87cf671eb2
1 changed files with 2 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/commands/decrypt.rs
View File

@ -109,24 +109,14 @@ impl<'c, 'store, 'rstore> Helper<'c, 'store, 'rstore>
= HashMap::new();
let mut identities: HashMap<KeyID, Fingerprint> = HashMap::new();
for tsk in secrets {
for ka in tsk.keys()
for ka in tsk.keys().secret()
// XXX: Should use the message's creation time that we do not know.
.with_policy(sq.policy, None)
.for_transport_encryption().for_storage_encryption()
{
let id: KeyID = ka.key().fingerprint().into();
let key = ka.key();
keys.insert(
id.clone(),
(
tsk.clone(),
if let Ok(key) = key.parts_as_secret() {
key.clone()
} else {
panic!("Cert does not contain secret keys and private-key-store option has not been set.");
}
)
);
keys.insert(id.clone(), (tsk.clone(), key.clone()));
identities.insert(id.clone(), tsk.fingerprint());
}
}