From 814a37cc2640dc8afc71dc4338516211ece8a32d Mon Sep 17 00:00:00 2001 From: Kunal Mehta Date: Thu, 12 Oct 2023 15:50:05 -0400 Subject: [PATCH] redwood: Correctly check for secret key material We were not checking if any subkeys had secret key material too, which is_tsk() checks for us. Fixes #6988. --- redwood/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/redwood/src/lib.rs b/redwood/src/lib.rs index 03abe47074..9f38e34737 100644 --- a/redwood/src/lib.rs +++ b/redwood/src/lib.rs @@ -105,7 +105,7 @@ pub fn is_valid_public_key(input: &str) -> Result { // We don't need the keys, just need to check there's at least one and no error keys::keys_from_cert(POLICY, &cert)?; // And there is no secret key material - if cert.keys().secret().next().is_some() { + if cert.is_tsk() { return Err(Error::HasSecretKeyMaterial); } Ok(cert.fingerprint().to_string())