report_signature() in decrypt.rs calls verify_detached_bytes() without consulting is_revoked(). After decrypting a sign-then-encrypt or RPGV message, no warning is shown if the sender key is revoked. Fix: check is_revoked() in report_signature() for CLI, and in the GUI post-decrypt verify flow.
report_signature() in decrypt.rs calls verify_detached_bytes() without consulting is_revoked(). After decrypting a sign-then-encrypt or RPGV message, no warning is shown if the sender key is revoked. Fix: check is_revoked() in report_signature() for CLI, and in the GUI post-decrypt verify flow.