diff options
author | defanor <defanor@uberspace.net> | 2021-02-07 18:47:46 +0300 |
---|---|---|
committer | defanor <defanor@uberspace.net> | 2021-02-07 18:47:46 +0300 |
commit | 8828545f084a5b295ed73a7c8b1655e440f39b71 (patch) | |
tree | dada2fc7ca52523869926eb208e1da9dea106132 | |
parent | 110d11fac989d27d72486e4eb7cca46b28f46ce2 (diff) |
Only attempt to sign messages with available secret keys
-rw-r--r-- | src/rexmpp_openpgp.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/rexmpp_openpgp.c b/src/rexmpp_openpgp.c index 3c584d5..a87df67 100644 --- a/src/rexmpp_openpgp.c +++ b/src/rexmpp_openpgp.c @@ -635,7 +635,16 @@ char *rexmpp_openpgp_encrypt_sign (rexmpp_t *s, /* Add own keys for encryption and signing. */ rexmpp_openpgp_add_keys(s, s->initial_jid.bare, &keys, &nkeys, &allocated); for (i = 0; i < nkeys; i++) { - gpgme_signers_add(s->pgp_ctx, keys[i]); + /* Check that the key can be used to sign data, and that we have + the secret key. */ + if (keys[i]->can_sign) { + gpgme_key_t sec_key; + err = gpgme_get_key(s->pgp_ctx, keys[i]->subkeys->fpr, &sec_key, 1); + gpgme_key_release(sec_key); + if (gpg_err_code(err) == GPG_ERR_NO_ERROR) { + gpgme_signers_add(s->pgp_ctx, keys[i]); + } + } } /* Add recipients' keys for encryption. */ for (i = 0; recipients[i] != NULL; i++) { |