New submission from Bernhard Herzog <bh@intevation.de>:
The keyselector used in kmail tries to only allow keys usable for a given
purpose. This doesn't work properly for certificates which have an
extendedKeyUsage that only contains clientAuth. The attached file contains such
a certificate. KMail lets the user select this certificate as an encryption
certificate even though it correctly disallows certificates that don't have
keyEncipherment in their keyUsage for instance.
When the a mail is sent and is to be encrypted with the attached certificate
gpgsm correctly rejects it.
----------
assignedto: marc
files: aegyptentest9-client-auth.pem
messages: 960
nosy: bh, marc
priority: bug
status: unread
title: key selector allows selection of clientAuth keys for encryption
topic: KMail
______________________________________________________
Aegypten issue tracker <aegypten-issues@intevation.de>
<https://intevation.de/roundup/aegypten/issue197>
______________________________________________________
The keyselector used in kmail tries to only allow keys usable for a given
purpose. This doesn't work properly for certificates which have an
extendedKeyUsage that only contains clientAuth. The attached file contains such
a certificate. KMail lets the user select this certificate as an encryption
certificate even though it correctly disallows certificates that don't have
keyEncipherment in their keyUsage for instance.
When the a mail is sent and is to be encrypted with the attached certificate
gpgsm correctly rejects it.
----------
assignedto: marc
files: aegyptentest9-client-auth.pem
messages: 960
nosy: bh, marc
priority: bug
status: unread
title: key selector allows selection of clientAuth keys for encryption
topic: KMail
______________________________________________________
Aegypten issue tracker <aegypten-issues@intevation.de>
<https://intevation.de/roundup/aegypten/issue197>
______________________________________________________
Attached Files:
-
aegyptentest9-client-auth.pem (3.88 KB)