From e6d33a6833c3b8728c89c2fab218f513d0759834 Mon Sep 17 00:00:00 2001
From: Andrew Engelbrecht <sudoman@ninthfloor.org>
Date: Tue, 22 Sep 2015 08:17:27 -0400
Subject: [PATCH] check keys for revocation status

don't use them as encryption targets if they are revoked.
---
 edward | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/edward b/edward
index 36c2f05..8cffbcb 100755
--- a/edward
+++ b/edward
@@ -150,8 +150,7 @@ class GPGData (object):
     verify the signature on a block of text.
 
     'key_cannot_encrypt' is set to True if pubkeys or sigs' keys in the payload
-    piece are not capable of encryption. This could happen if a key is revoked
-    or expired, for instance.
+    piece are not capable of encryption, are revoked or expired, for instance.
 
     'keys' is a list of fingerprints of keys obtained in public key blocks.
     """
@@ -929,7 +928,7 @@ def get_key_from_fp (replyinfo_obj, gpgme_ctx):
             except gpgme.GpgmeError:
                 continue
 
-            if encrypt_to_key.can_encrypt == True:
+            if encrypt_to_key.can_encrypt == True and encrypt_to_key.revoked == False:
                 replyinfo_obj.encrypt_to_key = encrypt_to_key
                 replyinfo_obj.have_reply_key = True
                 replyinfo_obj.key_can_encrypt = True
@@ -1060,7 +1059,7 @@ def add_gpg_key (key_block, gpgme_ctx):
         except:
             pass
 
-        if key_obj.can_encrypt == True:
+        if key_obj.can_encrypt == True and key_obj.revoked == False:
             key_fingerprints += [fingerprint]
             key_cannot_encrypt = False
 
@@ -1203,7 +1202,7 @@ def get_signature_fp (sigs, gpgme_ctx):
                     sigkey_missing = True
                     continue
 
-            if key_obj.can_encrypt == True:
+            if key_obj.can_encrypt == True and key_obj.revoked == False:
                 fingerprints += [sig.fpr]
                 key_cannot_encrypt = False
                 sigkey_missing = False
-- 
2.25.1