From b67af0edd478192a90e8559bff4eba828d278391 Mon Sep 17 00:00:00 2001
From: Garrett Robinson <garrett.f.robinson@gmail.com>
Date: Fri, 22 Jan 2016 11:03:41 -0800
Subject: [PATCH] Check all signing subkeys when verifying identity

Fixes #11.
---
 app/models/pgpkey.rb | 4 ++++
 lib/decrypt_mails.rb | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/app/models/pgpkey.rb b/app/models/pgpkey.rb
index f94ce37..270cdb5 100644
--- a/app/models/pgpkey.rb
+++ b/app/models/pgpkey.rb
@@ -8,4 +8,8 @@ def public_key
   def metadata
     GPGME::Key.get(self.fpr).to_s
   end
+
+  def subkeys
+    GPGME::Key.get(self.fpr).subkeys
+  end
 end
diff --git a/lib/decrypt_mails.rb b/lib/decrypt_mails.rb
index 5d6d317..0dfe42b 100644
--- a/lib/decrypt_mails.rb
+++ b/lib/decrypt_mails.rb
@@ -36,7 +36,10 @@ def receive_with_encryption(email, options={})
         user = User.find_by_mail sender_email if sender_email.present?
         key = Pgpkey.find_by user_id: user.id
         signatures.each do |s|
-          valid = true if key.fpr == s.fpr
+          key.subkeys.each do |subkey|
+            valid = true if subkey.capability.include? :sign and \
+                            subkey.fpr == s.fpr
+          end
         end if not signatures.empty?
       end