The created key was searched with FindKey(), that operates on the class
scope ::Context. The latter does not use loopback pinentry. Even though,
the created key was found, the passphrase for the created key being
cached in gpg-agent.
Using a workaround that validates passphrase for a secret key.
With GnuPG 2.2.23 and GpgME 1.1.15, a secret key can be exported when the right
passphrase is provided. With a bad passphrase, application crashes.
See https://dev.gnupg.org/T5151
Application may validate a passphrase before invoking engine. Until it is
hopefully fixed in upstream and available in mainstream.
If no subkey is found (wrong fpr) or not provided, the expiry time of
the key is set instead.
setExpire() allows to expire all subkeys at once. Not implemented here.
Requires GPGME >= 1.15.0.
Certified user identities in keys can be revoked using the same popup
for certification.
Requires GnuPG 2.2.24 (not available in distro's repository, not fully
tested to date).
Requests the passphrase with a popup.
As from GPGME 1.15.0, the loopback pinentry is functional when exporting secret keys. It works fine when the exact passphrase is provided. If it's a wrong passphrase, GPGME does not generate an ::Error, but the app crashes with 'free(): double free detected in tcache 2'.
Hence, this patch cannot be committed to master.
Status : dangerous
Result : works and works not
Reason : a wrong passphrase means a crash
The email parameter must have a valid email address format here, else
GPGME will refuse to create the identity. This is not the case when
creating a key, where any string is accepted.
Correct format :
name <email> (comment)
Was :
name <email> comment
Though the 'comment' part was visible with the cli gpg app, it was not
shown in kleopatra and in K7.
Result : fails.
Reason : loopback passphrase provider is never called.
With default pinentry mode, the passphrase is requested normally
and the private key is exported. But this can't be done on a web server.
Enclosed in #ifdef DEVTIME.
Created key must always be looked for as it is not assigned to the
passed in null key.
Delete local context and loopback passphrase provider.
Parameter expires was ignored in CreateKeyWithEngineDefaultAlgo.
In-place editing with a popup if user is allowed in app config file.
User must of course manage at least a private key. User identities of
target key may be selectively chosen. Optionally, certification may be
exportable and non-revocable.
