Function: mml-secure-check-sub-key

mml-secure-check-sub-key is a byte-compiled function defined in mml-sec.el.gz.

Signature

(mml-secure-check-sub-key CONTEXT KEY USAGE &optional FINGERPRINT)

Documentation

Check whether in CONTEXT the public KEY has a usable subkey for USAGE.

This is the case if KEY is not disabled, and there is a subkey for USAGE that is neither revoked nor expired. Additionally, if optional FINGERPRINT is present and if it is not the primary key's fingerprint, then the returned subkey must have that FINGERPRINT. FINGERPRINT must consist of hexadecimal digits only (no leading "0x" allowed). If USAGE is not encrypt, then additionally an appropriate secret key must be present in the keyring.

Source Code

;; Defined in /usr/src/emacs/lisp/gnus/mml-sec.el.gz
(defun mml-secure-check-sub-key (context key usage &optional fingerprint)
  "Check whether in CONTEXT the public KEY has a usable subkey for USAGE.
This is the case if KEY is not disabled, and there is a subkey for
USAGE that is neither revoked nor expired.  Additionally, if optional
FINGERPRINT is present and if it is not the primary key's fingerprint, then
the returned subkey must have that FINGERPRINT.  FINGERPRINT must consist of
hexadecimal digits only (no leading \"0x\" allowed).
If USAGE is not `encrypt', then additionally an appropriate secret key must
be present in the keyring."
  ;; Based on mml2015-epg-check-sub-key, extended by
  ;; - check for secret keys if usage is not 'encrypt and
  ;; - check for new argument FINGERPRINT.
  (let* ((subkeys (epg-key-sub-key-list key))
	 (primary (car subkeys))
	 (fpr (epg-sub-key-fingerprint primary)))
    ;; The primary key will be marked as disabled, when the entire
    ;; key is disabled (see 12 Field, Format of colon listings, in
    ;; gnupg/doc/DETAILS)
    (unless (memq 'disabled (epg-sub-key-capability primary))
      (catch 'break
	(dolist (subkey subkeys nil)
	  (if (and (memq usage (epg-sub-key-capability subkey))
		   (not (memq (epg-sub-key-validity subkey)
			      '(revoked expired)))
		   (or (eq 'encrypt usage) ; Encryption works with public key.
		       ;; In contrast, signing requires secret key.
		       (mml-secure-secret-key-exists-p context subkey))
		   (or (not fingerprint)
		       (string-match-p (concat fingerprint "$") fpr)
		       (string-match-p (concat fingerprint "$")
				       (epg-sub-key-fingerprint subkey))))
	      (throw 'break t)))))))