From 06fbb33ab3b0d5bbfaa31501a78ab53b5da706b1 Mon Sep 17 00:00:00 2001 From: link2xt Date: Fri, 27 Mar 2026 23:26:42 +0100 Subject: [PATCH] fix: only encrypt to subkeys that are marked for encryption Comment about expiration dates is removed, we will take expiration dates into account when we start merging subkeys. --- src/pgp.rs | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/pgp.rs b/src/pgp.rs index 2b10da1a3..542e98b53 100644 --- a/src/pgp.rs +++ b/src/pgp.rs @@ -84,12 +84,14 @@ pub(crate) fn create_keypair(addr: EmailAddress) -> Result { /// Selects a subkey of the public key to use for encryption. /// /// Returns `None` if the public key cannot be used for encryption. -/// -/// TODO: take key flags and expiration dates into account fn select_pk_for_encryption(key: &SignedPublicKey) -> Option<&SignedPublicSubKey> { - key.public_subkeys - .iter() - .find(|subkey| subkey.algorithm().can_encrypt()) + key.public_subkeys.iter().find(|subkey| { + subkey.algorithm().can_encrypt() + && subkey + .signatures + .iter() + .any(|signature| signature.key_flags().encrypt_comms()) + }) } /// Version of SEIPD packet to use.