Only attempt to sign messages with available secret keys

author: defanor <defanor@uberspace.net> 2021-02-07 18:47:46 +0300
committer: defanor <defanor@uberspace.net> 2021-02-07 18:47:46 +0300
commit: 8828545f084a5b295ed73a7c8b1655e440f39b71 (patch)
tree: dada2fc7ca52523869926eb208e1da9dea106132
parent: 110d11fac989d27d72486e4eb7cca46b28f46ce2 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/src/rexmpp_openpgp.c b/src/rexmpp_openpgp.c
index 3c584d5..a87df67 100644
--- a/src/rexmpp_openpgp.c
+++ b/src/rexmpp_openpgp.c
@@ -635,7 +635,16 @@ char *rexmpp_openpgp_encrypt_sign (rexmpp_t *s,
   /* Add own keys for encryption and signing. */
   rexmpp_openpgp_add_keys(s, s->initial_jid.bare, &keys, &nkeys, &allocated);
   for (i = 0; i < nkeys; i++) {
-    gpgme_signers_add(s->pgp_ctx, keys[i]);
+    /* Check that the key can be used to sign data, and that we have
+       the secret key. */
+    if (keys[i]->can_sign) {
+      gpgme_key_t sec_key;
+      err = gpgme_get_key(s->pgp_ctx, keys[i]->subkeys->fpr, &sec_key, 1);
+      gpgme_key_release(sec_key);
+      if (gpg_err_code(err) == GPG_ERR_NO_ERROR) {
+        gpgme_signers_add(s->pgp_ctx, keys[i]);
+      }
+    }
   }
   /* Add recipients' keys for encryption. */
   for (i = 0; recipients[i] != NULL; i++) {
author	defanor <defanor@uberspace.net>	2021-02-07 18:47:46 +0300
committer	defanor <defanor@uberspace.net>	2021-02-07 18:47:46 +0300
commit	8828545f084a5b295ed73a7c8b1655e440f39b71 (patch)
tree	dada2fc7ca52523869926eb208e1da9dea106132
parent	110d11fac989d27d72486e4eb7cca46b28f46ce2 (diff)