mirror of
https://github.com/gopasspw/gopass.git
synced 2026-05-30 11:18:48 +02:00
Dominik Schulz
bb7ecbbdd2
When encrypting a secret, gopass silently dropped any recipient whose GPG key was expired, revoked, or otherwise unusable. The affected recipient had no indication that newly written secrets were no longer encrypted for them, and the writing user received no warning either. Root cause: useableKeys() in internal/store/leaf/store.go delegates to FindRecipients(), which internally calls KeyList.UseableKeys() and returns only valid fingerprints. The difference between the original recipient list and the filtered result was never surfaced. Fixes: - useableKeys() now checks each recipient individually after the batch FindRecipients call and emits an out.Warningf for any recipient with no useable key, naming that recipient explicitly. - Encrypt() in internal/backend/crypto/gpg/cli/encrypt.go now uses out.Warningf instead of out.Printf for its per-recipient guard, so the severity is correct if that code path is ever reached. - Added TestSetWarnsAboutInvalidRecipient to verify the warning is emitted. - Added docs/adr/A-13-expired-gpg-key-handling.md tracking the remaining work (audit integration, proactive expiry warnings, recovery docs, and committed-vs-local key sync detection). Closes #2885