Bug 733920 – Support "Certify" and "Authenticate" flags

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 733920 - Support "Certify" and "Authenticate" flags


Summary:	Support "Certify" and "Authenticate" flags


Status:	RESOLVED FIXED

Product:	seahorse
Classification:	Applications
Component:	general
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Seahorse Maintainer
QA Contact:	Seahorse Maintainer

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2014-07-29 14:28 UTC by Federico Mena Quintero
Modified:	2014-07-29 20:31 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Add CAN_CERTIFY and CAN_AUTHENTICATE flags (1.61 KB, patch) 2014-07-29 14:35 UTC, Federico Mena Quintero	committed	Details \| Review
Generate "Certificate" and "Authenticate" names for the new flags (1.92 KB, patch) 2014-07-29 14:35 UTC, Federico Mena Quintero	committed	Details \| Review

Description Federico Mena Quintero 2014-07-29 14:28:56 UTC

With the patch from bug #730044, we support showing a PGP subkey's usage, a la "Sign" and "Encrypt".

The following patch adds support for the missing flags from gpgme - "Certify", "Authenticate".  These show up in "gpg --edit-keys" as C and A, respectively.

Comment 1 Federico Mena Quintero 2014-07-29 14:35:06 UTC

Created attachment 281955 [details] [review]
Add CAN_CERTIFY and CAN_AUTHENTICATE flags

Comment 2 Federico Mena Quintero 2014-07-29 14:35:36 UTC

Created attachment 281957 [details] [review]
Generate "Certificate" and "Authenticate" names for the new flags

Comment 3 Federico Mena Quintero 2014-07-29 14:39:58 UTC

I'm not sure if there should be equivalent code in seahorse_gpgme_key_realize(), to set the SEAHORSE_FLAG_CAN_XXX from the gpgme_key's own flags.  If so, that function has this:

		if (self->pv->pubkey->can_encrypt)
			flags |= SEAHORSE_FLAG_CAN_ENCRYPT;
		if (self->pv->seckey && self->pv->pubkey->can_sign)
			flags |= SEAHORSE_FLAG_CAN_SIGN;

Should I just use the self->pv->pubkey->can_XXX flags?  Why does the second one there check for self->pv->seckey?  (Does that mean, *you* can use this key to sign because you have the secret key - and the can_encrypt case doesn't check for the secret key because you just need *their* public key?)

Comment 4 Stef Walter 2014-07-29 20:23:51 UTC

(In reply to comment #3)
> I'm not sure if there should be equivalent code in
> seahorse_gpgme_key_realize(), to set the SEAHORSE_FLAG_CAN_XXX from the
> gpgme_key's own flags.  If so, that function has this:
> 
>         if (self->pv->pubkey->can_encrypt)
>             flags |= SEAHORSE_FLAG_CAN_ENCRYPT;
>         if (self->pv->seckey && self->pv->pubkey->can_sign)
>             flags |= SEAHORSE_FLAG_CAN_SIGN;
> 
> Should I just use the self->pv->pubkey->can_XXX flags? 

I think that until we have a need for those flags in the SeahorsePgpKey, we can not propagate them for now.

> Why does the second one
> there check for self->pv->seckey?  (Does that mean, *you* can use this key to
> sign because you have the secret key - and the can_encrypt case doesn't check
> for the secret key because you just need *their* public key?)

I think we used this for filtering keys that show up in a drop down selector. I think I remember a situation where GPGME marked keys as can_sign even without a secret key. It would have been good to add a comment here :S

Comment 5 Stef Walter 2014-07-29 20:31:34 UTC

Thanks. Merged with a couple formatting tweaks.