decryption: GopenPGPInterface tries to identify decryption key from message metadata

So the system can have multiple private keys, and the caller doesn't need to specify a specific one regardless. Ideally: If there are several matches we could also take into account which keys have already been unlocked (or passthrases saved in keychain). Right now it only grabs the first match.
2026-03-10 22:16:42 +01:00 · 2026-03-10 22:16:42 +01:00 · 39dab8c6c0
commit 39dab8c6c0
parent 510eb8e15e
5 changed files with 75 additions and 14 deletions
--- a/passKitTests/Crypto/PGPAgentTest.swift
+++ b/passKitTests/Crypto/PGPAgentTest.swift
@ -87,6 +87,25 @@ final class PGPAgentTest: XCTestCase {
        }
    }

+    func testMultiKeysSelectMatchingPrivateKeyToDecrypt() throws {
+        keychain.removeAllContent()
+        try importKeys(RSA2048_RSA4096.publicKeys, RSA2048_RSA4096.privateKeys)
+        try pgpAgent.initKeys()
+        try [
+            (true, true),
+            (true, false),
+            (false, true),
+            (false, false),
+        ].forEach { encryptInArmored, decryptFromArmored in
+            passKit.Defaults.encryptInArmored = encryptInArmored
+            let encryptedData = try pgpAgent.encrypt(plainData: testData, keyID: RSA2048.fingerprint)
+            passKit.Defaults.encryptInArmored = decryptFromArmored
+            // Note: not specifying the keyID to decrypt, so that the agent needs to find the matching private key by itself.
+            let decryptedData = try pgpAgent.decrypt(encryptedData: encryptedData, requestPGPKeyPassphrase: requestPGPKeyPassphrase)
+            XCTAssertEqual(decryptedData, testData)
+        }
+    }
+
    func testNoPrivateKey() throws {
        try KeyFileManager(keyType: PGPKey.PUBLIC, keyPath: "", keyHandler: keychain.add).importKey(from: RSA2048.publicKey)
        XCTAssertFalse(pgpAgent.isPrepared)