Crypt::OpenPGP does not use encryption subkey, ignores key usage about crypt-openpgp HOT 7 OPEN

Specifically, I'd expected Crypt::OpenPGP to encrypt to the non-revoked encryption subkey whose expiry time is the furthest in the future.

from crypt-openpgp.

Is there any chance support for key usage could be implemented?

Patches are very welcome at the very least!

from crypt-openpgp.

For what it's worth, I think this bug stems from these lines:

my @valid = $pkg->all_props;
my %valid = map { $_ => 1 } @valid;

which map the key usage to the whether or not the key should be used according to subroutines like can_encrypt().

Since it appears that the Mozillians are too nice to say anything about it, this bug is blocking Mozilla bug 790487, which is causing the email report mechanism for security-critical bugs at Mozilla to not function correctly. Since I'm not a Mozillian, I don't mind pointing being the asshole who points out that you're fucking their shit up.

from crypt-openpgp.

FWIW, this is not entirely correct. The test e-mail gets sent successfully and to the right address, just other mails are an issue.

from crypt-openpgp.

Another FYI update - we assumed this was a partial bug related to this, but the most "recent" version of the securemail extension (https://github.com/bugzilla/extensions-SecureMail) solved our issues.

from crypt-openpgp.

This is still a problem. I just received an email from bugzilla.mozilla.org encrypted using my primary public key. Has anyone looked at this? Is Isis' suggestion regarding what's causing this wrong or was it ignored?

Thanks.

from crypt-openpgp.

AFAICS Crypt::OpenPGP considers RSA keys encryption-capable without looking at the relevant binding signature's key flags subpacket:

 % git grep can_encrypt
lib/Crypt/OpenPGP/Certificate.pm:sub can_encrypt { $_[0]->{key}->can_encrypt }
lib/Crypt/OpenPGP/Certificate.pm:=head2 $cert->can_encrypt
lib/Crypt/OpenPGP/Key.pm:sub can_encrypt { 0 }
lib/Crypt/OpenPGP/Key.pm:=head2 $key->can_encrypt
lib/Crypt/OpenPGP/Key/Public/ElGamal.pm:sub can_encrypt { 1 }
lib/Crypt/OpenPGP/Key/Public/RSA.pm:sub can_encrypt { 1 }
lib/Crypt/OpenPGP/Key/Secret/ElGamal.pm:*can_encrypt = \&Crypt::OpenPGP::Key::Public::ElGamal::can_encrypt;
lib/Crypt/OpenPGP/Key/Secret/RSA.pm:*can_encrypt = \&Crypt::OpenPGP::Key::Public::RSA::can_encrypt;
lib/Crypt/OpenPGP/KeyBlock.pm:        return $key if $key->can_encrypt;

from crypt-openpgp.