On Thu, 4 May 2023 09:43, Ineiev said: > This is another issue ADK might handle differently---if gpg skipped > validation of the donor keys (where ADK subkeys come from),
The ADSK shall work very similar to --encrypt-to - that is it is only used if there is already an encryption key. That is why it is named ADS(ub)K(ey) and not just ADK(ey) - the ADSK is always in your keyblock. In gnupg/g10/pkclist.c:find_and_check_key at line 921 we got the regular encryption key and add it to our list of keys. Right after that we scan that keyblock for an ADSK (i.e. PUBKEY_USAGE_RENC) and add that one too. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
