1998-03-05 10:22:13 +01:00
|
|
|
/* keylist.c
|
2004-08-23 19:55:49 +02:00
|
|
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
|
2004-01-21 05:35:32 +01:00
|
|
|
* 2004 Free Software Foundation, Inc.
|
1998-03-05 10:22:13 +01:00
|
|
|
*
|
1998-12-23 13:41:40 +01:00
|
|
|
* This file is part of GnuPG.
|
1998-03-05 10:22:13 +01:00
|
|
|
*
|
1998-12-23 13:41:40 +01:00
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
1998-03-05 10:22:13 +01:00
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
1998-12-23 13:41:40 +01:00
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
1998-03-05 10:22:13 +01:00
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#include <assert.h>
|
|
|
|
|
|
|
|
#include "options.h"
|
|
|
|
#include "packet.h"
|
|
|
|
#include "errors.h"
|
|
|
|
#include "keydb.h"
|
2002-06-29 15:46:34 +02:00
|
|
|
#include "memory.h"
|
|
|
|
#include "photoid.h"
|
1998-03-05 10:22:13 +01:00
|
|
|
#include "util.h"
|
2002-06-29 15:46:34 +02:00
|
|
|
#include "ttyio.h"
|
1998-03-05 10:22:13 +01:00
|
|
|
#include "trustdb.h"
|
1998-03-09 22:44:06 +01:00
|
|
|
#include "main.h"
|
1998-03-05 10:22:13 +01:00
|
|
|
#include "i18n.h"
|
2002-06-29 15:46:34 +02:00
|
|
|
#include "status.h"
|
1998-03-05 10:22:13 +01:00
|
|
|
|
1998-05-29 13:53:54 +02:00
|
|
|
static void list_all(int);
|
1999-01-24 18:16:40 +01:00
|
|
|
static void list_one( STRLIST names, int secret);
|
2004-09-20 20:38:39 +02:00
|
|
|
static void print_card_serialno (PKT_secret_key *sk);
|
1998-03-09 22:44:06 +01:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
struct sig_stats
|
|
|
|
{
|
|
|
|
int inv_sigs;
|
|
|
|
int no_key;
|
|
|
|
int oth_err;
|
|
|
|
};
|
|
|
|
|
|
|
|
static FILE *attrib_fp=NULL;
|
1998-03-05 10:22:13 +01:00
|
|
|
|
|
|
|
/****************
|
1998-03-09 22:44:06 +01:00
|
|
|
* List the keys
|
2000-07-14 19:34:53 +02:00
|
|
|
* If list is NULL, all available keys are listed
|
1998-03-05 10:22:13 +01:00
|
|
|
*/
|
|
|
|
void
|
2000-07-14 19:34:53 +02:00
|
|
|
public_key_list( STRLIST list )
|
1998-03-05 10:22:13 +01:00
|
|
|
{
|
2003-07-22 01:19:15 +02:00
|
|
|
if(opt.with_colons)
|
|
|
|
{
|
|
|
|
byte trust_model,marginals,completes,cert_depth;
|
|
|
|
ulong created,nextcheck;
|
|
|
|
|
|
|
|
read_trust_options(&trust_model,&created,&nextcheck,
|
|
|
|
&marginals,&completes,&cert_depth);
|
|
|
|
|
|
|
|
printf("tru:");
|
|
|
|
|
|
|
|
if(nextcheck && nextcheck <= make_timestamp())
|
|
|
|
printf("o");
|
|
|
|
if(trust_model!=opt.trust_model)
|
|
|
|
printf("t");
|
|
|
|
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
|
|
|
|
{
|
|
|
|
if(marginals!=opt.marginals_needed)
|
|
|
|
printf("m");
|
|
|
|
if(completes!=opt.completes_needed)
|
|
|
|
printf("c");
|
|
|
|
if(cert_depth!=opt.max_cert_depth)
|
|
|
|
printf("d");
|
|
|
|
}
|
|
|
|
|
|
|
|
printf(":%d:%lu:%lu",trust_model,created,nextcheck);
|
|
|
|
|
|
|
|
/* Only show marginals, completes, and cert_depth in the classic
|
|
|
|
or PGP trust models since they are not meaningful
|
|
|
|
otherwise. */
|
|
|
|
|
|
|
|
if(trust_model==TM_PGP || trust_model==TM_CLASSIC)
|
|
|
|
printf(":%d:%d:%d",marginals,completes,cert_depth);
|
|
|
|
|
|
|
|
printf("\n");
|
|
|
|
}
|
|
|
|
|
|
|
|
if( !list )
|
|
|
|
list_all(0);
|
|
|
|
else
|
|
|
|
list_one( list, 0 );
|
1998-05-29 13:53:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
2000-07-14 19:34:53 +02:00
|
|
|
secret_key_list( STRLIST list )
|
1998-05-29 13:53:54 +02:00
|
|
|
{
|
2000-07-14 19:34:53 +02:00
|
|
|
if( !list )
|
1998-05-29 13:53:54 +02:00
|
|
|
list_all(1);
|
2000-07-14 19:34:53 +02:00
|
|
|
else /* List by user id */
|
1999-02-24 11:12:32 +01:00
|
|
|
list_one( list, 1 );
|
1998-03-09 22:44:06 +01:00
|
|
|
}
|
|
|
|
|
2002-10-18 17:41:33 +02:00
|
|
|
void
|
|
|
|
print_seckey_info (PKT_secret_key *sk)
|
|
|
|
{
|
2004-03-06 21:45:44 +01:00
|
|
|
u32 keyid[2];
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
keyid_from_sk (sk, keyid);
|
2004-08-23 19:55:49 +02:00
|
|
|
p=get_user_id_native(keyid);
|
2002-10-18 17:41:33 +02:00
|
|
|
|
2004-10-06 23:50:23 +02:00
|
|
|
tty_printf ("\nsec %4u%c/%s %s %s\n",
|
2004-03-06 21:45:44 +01:00
|
|
|
nbits_from_sk (sk),
|
|
|
|
pubkey_letter (sk->pubkey_algo),
|
|
|
|
keystr(keyid), datestr_from_sk (sk), p);
|
|
|
|
|
|
|
|
m_free (p);
|
2002-10-18 17:41:33 +02:00
|
|
|
}
|
|
|
|
|
2003-10-02 12:20:12 +02:00
|
|
|
/* Print information about the public key. With FP passed as NULL,
|
|
|
|
the tty output interface is used, otherwise output is directted to
|
|
|
|
the given stream. */
|
2002-10-18 17:41:33 +02:00
|
|
|
void
|
2003-10-02 12:20:12 +02:00
|
|
|
print_pubkey_info (FILE *fp, PKT_public_key *pk)
|
2002-10-18 17:41:33 +02:00
|
|
|
{
|
2004-03-06 21:45:44 +01:00
|
|
|
u32 keyid[2];
|
2002-10-18 17:41:33 +02:00
|
|
|
char *p;
|
|
|
|
|
2004-03-06 21:45:44 +01:00
|
|
|
keyid_from_pk (pk, keyid);
|
2004-10-06 23:50:23 +02:00
|
|
|
|
|
|
|
/* If the pk was chosen by a particular user ID, that is the one to
|
|
|
|
print. */
|
|
|
|
if(pk->user_id)
|
|
|
|
p=utf8_to_native(pk->user_id->name,pk->user_id->len,0);
|
|
|
|
else
|
|
|
|
p=get_user_id_native(keyid);
|
2004-03-06 21:45:44 +01:00
|
|
|
|
2003-10-02 12:20:12 +02:00
|
|
|
if (fp)
|
2004-10-06 23:50:23 +02:00
|
|
|
fprintf (fp, "pub %4u%c/%s %s %s\n",
|
2003-10-02 12:20:12 +02:00
|
|
|
nbits_from_pk (pk),
|
|
|
|
pubkey_letter (pk->pubkey_algo),
|
2004-03-06 21:45:44 +01:00
|
|
|
keystr(keyid), datestr_from_pk (pk), p);
|
2003-10-02 12:20:12 +02:00
|
|
|
else
|
2004-10-06 23:50:23 +02:00
|
|
|
tty_printf ("\npub %4u%c/%s %s %s\n",
|
2004-03-06 21:45:44 +01:00
|
|
|
nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
|
|
|
|
keystr(keyid), datestr_from_pk (pk), p);
|
2002-10-18 17:41:33 +02:00
|
|
|
|
|
|
|
m_free (p);
|
|
|
|
}
|
|
|
|
|
2004-10-28 05:14:55 +02:00
|
|
|
/* Flags = 0x01 hashed 0x02 critical */
|
|
|
|
static void
|
|
|
|
status_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
|
|
|
|
{
|
|
|
|
char status[40];
|
|
|
|
|
|
|
|
/* Don't print these. */
|
|
|
|
if(len>256)
|
|
|
|
return;
|
|
|
|
|
|
|
|
sprintf(status,"%d %u %u ",type,flags,len);
|
|
|
|
|
|
|
|
write_status_text_and_buffer(STATUS_SIG_SUBPACKET,status,buf,len,0);
|
|
|
|
}
|
|
|
|
|
2003-06-01 17:36:13 +02:00
|
|
|
/*
|
|
|
|
mode=0 for stdout.
|
|
|
|
mode=1 for log_info + status messages
|
|
|
|
mode=2 for status messages only
|
|
|
|
*/
|
2002-10-18 17:41:33 +02:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
void
|
* mainproc.c (check_sig_and_print), main.h, keylist.c (show_policy,
show_notation): Collapse the old print_notation_data into show_policy()
and show_notation() so there is only one function to print notations and
policy URLs.
* options.h, main.h, g10.c (main), keyedit.c (print_and_check_one_sig),
keylist.c (list_one, list_keyblock_print), pkclist.c (do_edit_ownertrust),
sign.c (mk_notation_and_policy): New "list-options" and "verify-options"
commands. These replace the existing --show-photos/--no-show-photos,
--show-notation/--no-show-notation,
--show-policy-url/--no-show-policy-url, and --show-keyring options. The
new method is more flexible since a user can specify (for example) showing
photos during sig verification, but not in key listings. The old options
are emulated.
2003-06-01 01:23:19 +02:00
|
|
|
show_policy_url(PKT_signature *sig,int indent,int mode)
|
2002-06-29 15:46:34 +02:00
|
|
|
{
|
|
|
|
const byte *p;
|
|
|
|
size_t len;
|
|
|
|
int seq=0,crit;
|
* mainproc.c (check_sig_and_print), main.h, keylist.c (show_policy,
show_notation): Collapse the old print_notation_data into show_policy()
and show_notation() so there is only one function to print notations and
policy URLs.
* options.h, main.h, g10.c (main), keyedit.c (print_and_check_one_sig),
keylist.c (list_one, list_keyblock_print), pkclist.c (do_edit_ownertrust),
sign.c (mk_notation_and_policy): New "list-options" and "verify-options"
commands. These replace the existing --show-photos/--no-show-photos,
--show-notation/--no-show-notation,
--show-policy-url/--no-show-policy-url, and --show-keyring options. The
new method is more flexible since a user can specify (for example) showing
photos during sig verification, but not in key listings. The old options
are emulated.
2003-06-01 01:23:19 +02:00
|
|
|
FILE *fp=mode?log_stream():stdout;
|
2002-06-29 15:46:34 +02:00
|
|
|
|
|
|
|
while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,&len,&seq,&crit)))
|
|
|
|
{
|
2003-06-01 17:36:13 +02:00
|
|
|
if(mode!=2)
|
|
|
|
{
|
|
|
|
int i;
|
2004-05-11 09:43:19 +02:00
|
|
|
const char *str;
|
2003-06-01 17:36:13 +02:00
|
|
|
|
|
|
|
for(i=0;i<indent;i++)
|
|
|
|
putchar(' ');
|
|
|
|
|
|
|
|
if(crit)
|
|
|
|
str=_("Critical signature policy: ");
|
|
|
|
else
|
|
|
|
str=_("Signature policy: ");
|
|
|
|
if(mode)
|
|
|
|
log_info("%s",str);
|
|
|
|
else
|
|
|
|
printf("%s",str);
|
2003-08-31 05:45:41 +02:00
|
|
|
print_utf8_string(fp,p,len);
|
2003-06-01 17:36:13 +02:00
|
|
|
fprintf(fp,"\n");
|
|
|
|
}
|
2002-06-29 15:46:34 +02:00
|
|
|
|
* mainproc.c (check_sig_and_print), main.h, keylist.c (show_policy,
show_notation): Collapse the old print_notation_data into show_policy()
and show_notation() so there is only one function to print notations and
policy URLs.
* options.h, main.h, g10.c (main), keyedit.c (print_and_check_one_sig),
keylist.c (list_one, list_keyblock_print), pkclist.c (do_edit_ownertrust),
sign.c (mk_notation_and_policy): New "list-options" and "verify-options"
commands. These replace the existing --show-photos/--no-show-photos,
--show-notation/--no-show-notation,
--show-policy-url/--no-show-policy-url, and --show-keyring options. The
new method is more flexible since a user can specify (for example) showing
photos during sig verification, but not in key listings. The old options
are emulated.
2003-06-01 01:23:19 +02:00
|
|
|
if(mode)
|
2003-06-01 17:36:13 +02:00
|
|
|
write_status_buffer ( STATUS_POLICY_URL, p, len, 0 );
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2003-06-01 17:36:13 +02:00
|
|
|
/*
|
|
|
|
mode=0 for stdout.
|
|
|
|
mode=1 for log_info + status messages
|
|
|
|
mode=2 for status messages only
|
|
|
|
*/
|
* parse-packet.c (parse_signature): No need to reserve 8 bytes for the
unhashed signature cache any longer.
* misc.c (pct_expando): Add two new expandos - signer's fingerprint (%g),
and signer's primary fingerprint (%p).
* Makefile.am: Include W32LIBS where appropriate.
* g10.c (main): Add --rfc2440 alias for --openpgp since in a few months,
they won't be the same thing.
* keyserver.c (parse_keyserver_uri): Accept "http" as an alias for "hkp",
since it is occasionally written that way. (keyserver_spawn): Use
ascii_isspace to avoid locale issues.
* keygen.c (ask_user_id): Make --allow-freeform-uid apply to the email
field as well as the name field, and allow mixing fields when it is set.
* options.skel: Use subkeys.pgp.net as the default keyserver.
* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.
* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we have
struct sigaction. This is for Forte c89 on Solaris which seems to define
only the function call half of the two pairs by default.
(pause_on_sigusr): Typo. (do_block): If we can't use sigprocmask() and
sigset_t, try to get the number of signals from NSIG as well as MAXSIG,
and if we can't, fail with an explanation.
* signal.c, tdbio.c: Comment out the transaction code. It was not used in
this version, and was causing some build problems on quasi-posix platforms
(Solaris and Forte c89).
* keylist.c (list_keyblock_colon): Don't include validity values when
listing secret keys since they can be incorrect and/or misleading. This
is a temporary kludge, and will be handled properly in 1.9/2.0.
* mainproc.c (check_sig_and_print): Only show the "key available from"
preferred keyserver line if the key is not currently present.
* keyedit.c (sign_uids): Do not sign expired uids without --expert (same
behavior as revoked uids). Do not allow signing a user ID without a
self-signature. --expert overrides. Add additional prompt to the
signature level question. (menu_expire): When changing expiration dates,
don't replace selfsigs on revoked uids since this would effectively
unrevoke them. There is also no point in replacing expired selfsigs.
This is bug #181
* g10.c (add_notation_data): Make sure that only ascii is passed to
iscntrl. Noted by Christian Biere.
* getkey.c (classify_user_id2): Replaced isspace by spacep
* keygen.c (ask_user_id): Ditto. (get_parameter_algo): Ditto.
* keyedit.c (keyedit_menu): Ditto.
* tdbdump.c (import_ownertrust): Ditto. s/isxdigit/hexdigitp/.
* revoke.c (ask_revocation_reason):
* keyserver.c (keyserver_spawn): Dito.
2003-07-10 16:30:07 +02:00
|
|
|
/* TODO: use this */
|
2003-06-05 04:06:12 +02:00
|
|
|
void
|
|
|
|
show_keyserver_url(PKT_signature *sig,int indent,int mode)
|
|
|
|
{
|
|
|
|
const byte *p;
|
|
|
|
size_t len;
|
|
|
|
int seq=0,crit;
|
|
|
|
FILE *fp=mode?log_stream():stdout;
|
|
|
|
|
|
|
|
while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&len,&seq,&crit)))
|
|
|
|
{
|
|
|
|
if(mode!=2)
|
|
|
|
{
|
|
|
|
int i;
|
2004-05-11 09:43:19 +02:00
|
|
|
const char *str;
|
2003-06-05 04:06:12 +02:00
|
|
|
|
|
|
|
for(i=0;i<indent;i++)
|
|
|
|
putchar(' ');
|
|
|
|
|
|
|
|
if(crit)
|
|
|
|
str=_("Critical preferred keyserver: ");
|
|
|
|
else
|
|
|
|
str=_("Preferred keyserver: ");
|
|
|
|
if(mode)
|
|
|
|
log_info("%s",str);
|
|
|
|
else
|
|
|
|
printf("%s",str);
|
2003-08-31 05:45:41 +02:00
|
|
|
print_utf8_string(fp,p,len);
|
2003-06-05 04:06:12 +02:00
|
|
|
fprintf(fp,"\n");
|
|
|
|
}
|
|
|
|
|
2004-10-28 05:14:55 +02:00
|
|
|
if(mode)
|
|
|
|
status_one_subpacket(SIGSUBPKT_PREF_KS,len,(crit?0x02:0)|0x01,p);
|
2003-06-05 04:06:12 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
mode=0 for stdout.
|
|
|
|
mode=1 for log_info + status messages
|
|
|
|
mode=2 for status messages only
|
2004-04-29 05:42:54 +02:00
|
|
|
|
2004-05-05 04:40:27 +02:00
|
|
|
which bits:
|
|
|
|
1 == standard notations
|
|
|
|
2 == user notations
|
2003-06-05 04:06:12 +02:00
|
|
|
*/
|
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
void
|
2004-04-29 05:42:54 +02:00
|
|
|
show_notation(PKT_signature *sig,int indent,int mode,int which)
|
2002-06-29 15:46:34 +02:00
|
|
|
{
|
|
|
|
const byte *p;
|
|
|
|
size_t len;
|
|
|
|
int seq=0,crit;
|
* mainproc.c (check_sig_and_print), main.h, keylist.c (show_policy,
show_notation): Collapse the old print_notation_data into show_policy()
and show_notation() so there is only one function to print notations and
policy URLs.
* options.h, main.h, g10.c (main), keyedit.c (print_and_check_one_sig),
keylist.c (list_one, list_keyblock_print), pkclist.c (do_edit_ownertrust),
sign.c (mk_notation_and_policy): New "list-options" and "verify-options"
commands. These replace the existing --show-photos/--no-show-photos,
--show-notation/--no-show-notation,
--show-policy-url/--no-show-policy-url, and --show-keyring options. The
new method is more flexible since a user can specify (for example) showing
photos during sig verification, but not in key listings. The old options
are emulated.
2003-06-01 01:23:19 +02:00
|
|
|
FILE *fp=mode?log_stream():stdout;
|
2002-06-29 15:46:34 +02:00
|
|
|
|
2004-05-05 04:40:27 +02:00
|
|
|
if(which==0)
|
|
|
|
which=3;
|
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
/* There may be multiple notations in the same sig. */
|
|
|
|
|
|
|
|
while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq,&crit)))
|
|
|
|
if(len>=8)
|
|
|
|
{
|
2003-06-01 17:36:13 +02:00
|
|
|
int n1,n2;
|
2002-06-29 15:46:34 +02:00
|
|
|
|
|
|
|
n1=(p[4]<<8)|p[5];
|
|
|
|
n2=(p[6]<<8)|p[7];
|
|
|
|
|
|
|
|
if(8+n1+n2!=len)
|
|
|
|
{
|
|
|
|
log_info(_("WARNING: invalid notation data found\n"));
|
2004-04-29 05:42:54 +02:00
|
|
|
continue;
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
|
|
|
|
2003-06-01 17:36:13 +02:00
|
|
|
if(mode!=2)
|
|
|
|
{
|
2004-05-05 04:40:27 +02:00
|
|
|
int has_at=!!memchr(p+8,'@',n1);
|
2003-06-01 17:36:13 +02:00
|
|
|
|
2004-05-05 04:40:27 +02:00
|
|
|
if((which&1 && !has_at) || (which&2 && has_at))
|
|
|
|
{
|
|
|
|
int i;
|
2004-05-11 09:43:19 +02:00
|
|
|
const char *str;
|
2003-06-01 17:36:13 +02:00
|
|
|
|
2004-05-05 04:40:27 +02:00
|
|
|
for(i=0;i<indent;i++)
|
|
|
|
putchar(' ');
|
2003-06-01 17:36:13 +02:00
|
|
|
|
2004-05-05 04:40:27 +02:00
|
|
|
/* This is UTF8 */
|
|
|
|
if(crit)
|
|
|
|
str=_("Critical signature notation: ");
|
|
|
|
else
|
|
|
|
str=_("Signature notation: ");
|
|
|
|
if(mode)
|
|
|
|
log_info("%s",str);
|
|
|
|
else
|
|
|
|
printf("%s",str);
|
|
|
|
print_utf8_string(fp,p+8,n1);
|
|
|
|
fprintf(fp,"=");
|
2003-06-01 17:36:13 +02:00
|
|
|
|
2004-05-05 04:40:27 +02:00
|
|
|
if(*p&0x80)
|
|
|
|
print_utf8_string(fp,p+8+n1,n2);
|
|
|
|
else
|
|
|
|
fprintf(fp,"[ %s ]",_("not human readable"));
|
|
|
|
|
|
|
|
fprintf(fp,"\n");
|
|
|
|
}
|
2003-06-01 17:36:13 +02:00
|
|
|
}
|
2002-06-29 15:46:34 +02:00
|
|
|
|
* mainproc.c (check_sig_and_print), main.h, keylist.c (show_policy,
show_notation): Collapse the old print_notation_data into show_policy()
and show_notation() so there is only one function to print notations and
policy URLs.
* options.h, main.h, g10.c (main), keyedit.c (print_and_check_one_sig),
keylist.c (list_one, list_keyblock_print), pkclist.c (do_edit_ownertrust),
sign.c (mk_notation_and_policy): New "list-options" and "verify-options"
commands. These replace the existing --show-photos/--no-show-photos,
--show-notation/--no-show-notation,
--show-policy-url/--no-show-policy-url, and --show-keyring options. The
new method is more flexible since a user can specify (for example) showing
photos during sig verification, but not in key listings. The old options
are emulated.
2003-06-01 01:23:19 +02:00
|
|
|
if(mode)
|
|
|
|
{
|
|
|
|
write_status_buffer ( STATUS_NOTATION_NAME, p+8 , n1, 0 );
|
|
|
|
write_status_buffer ( STATUS_NOTATION_DATA, p+8+n1, n2, 50 );
|
|
|
|
}
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
log_info(_("WARNING: invalid notation data found\n"));
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
print_signature_stats(struct sig_stats *s)
|
|
|
|
{
|
|
|
|
if( s->inv_sigs == 1 )
|
|
|
|
tty_printf(_("1 bad signature\n") );
|
|
|
|
else if( s->inv_sigs )
|
|
|
|
tty_printf(_("%d bad signatures\n"), s->inv_sigs );
|
|
|
|
if( s->no_key == 1 )
|
|
|
|
tty_printf(_("1 signature not checked due to a missing key\n") );
|
|
|
|
else if( s->no_key )
|
|
|
|
tty_printf(_("%d signatures not checked due to missing keys\n"),s->no_key);
|
|
|
|
if( s->oth_err == 1 )
|
|
|
|
tty_printf(_("1 signature not checked due to an error\n") );
|
|
|
|
else if( s->oth_err )
|
|
|
|
tty_printf(_("%d signatures not checked due to errors\n"), s->oth_err );
|
|
|
|
}
|
1998-03-09 22:44:06 +01:00
|
|
|
|
|
|
|
static void
|
1998-05-29 13:53:54 +02:00
|
|
|
list_all( int secret )
|
1998-03-09 22:44:06 +01:00
|
|
|
{
|
2002-06-29 15:46:34 +02:00
|
|
|
KEYDB_HANDLE hd;
|
1998-10-21 19:34:36 +02:00
|
|
|
KBNODE keyblock = NULL;
|
|
|
|
int rc=0;
|
2002-06-29 15:46:34 +02:00
|
|
|
const char *lastresname, *resname;
|
|
|
|
struct sig_stats stats;
|
|
|
|
|
|
|
|
memset(&stats,0,sizeof(stats));
|
1998-10-21 19:34:36 +02:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
hd = keydb_new (secret);
|
|
|
|
if (!hd)
|
|
|
|
rc = G10ERR_GENERAL;
|
|
|
|
else
|
|
|
|
rc = keydb_search_first (hd);
|
1998-10-21 19:34:36 +02:00
|
|
|
if( rc ) {
|
|
|
|
if( rc != -1 )
|
2002-06-29 15:46:34 +02:00
|
|
|
log_error("keydb_search_first failed: %s\n", g10_errstr(rc) );
|
1998-10-21 19:34:36 +02:00
|
|
|
goto leave;
|
|
|
|
}
|
1998-03-09 22:44:06 +01:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
lastresname = NULL;
|
|
|
|
do {
|
|
|
|
rc = keydb_get_keyblock (hd, &keyblock);
|
|
|
|
if (rc) {
|
|
|
|
log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
|
|
|
|
goto leave;
|
|
|
|
}
|
2003-05-31 06:06:06 +02:00
|
|
|
if(!opt.with_colons)
|
|
|
|
{
|
|
|
|
resname = keydb_get_resource_name (hd);
|
|
|
|
if (lastresname != resname )
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
printf("%s\n", resname );
|
|
|
|
for(i=strlen(resname); i; i-- )
|
|
|
|
putchar('-');
|
|
|
|
putchar('\n');
|
|
|
|
lastresname = resname;
|
|
|
|
}
|
|
|
|
}
|
2002-06-29 15:46:34 +02:00
|
|
|
merge_keys_and_selfsig( keyblock );
|
|
|
|
list_keyblock( keyblock, secret, opt.fingerprint,
|
|
|
|
opt.check_sigs?&stats:NULL);
|
|
|
|
release_kbnode( keyblock );
|
|
|
|
keyblock = NULL;
|
|
|
|
} while (!(rc = keydb_search_next (hd)));
|
1998-10-21 19:34:36 +02:00
|
|
|
if( rc && rc != -1 )
|
2002-06-29 15:46:34 +02:00
|
|
|
log_error ("keydb_search_next failed: %s\n", g10_errstr(rc));
|
1998-10-21 19:34:36 +02:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
if(opt.check_sigs && !opt.with_colons)
|
|
|
|
print_signature_stats(&stats);
|
1998-03-09 22:44:06 +01:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
leave:
|
|
|
|
release_kbnode (keyblock);
|
|
|
|
keydb_release (hd);
|
2000-07-25 17:38:12 +02:00
|
|
|
}
|
|
|
|
|
1998-10-21 19:34:36 +02:00
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
static void
|
1999-01-24 18:16:40 +01:00
|
|
|
list_one( STRLIST names, int secret )
|
1998-03-09 22:44:06 +01:00
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
KBNODE keyblock = NULL;
|
1999-01-24 18:16:40 +01:00
|
|
|
GETKEY_CTX ctx;
|
2002-06-29 15:46:34 +02:00
|
|
|
const char *resname;
|
2004-05-11 09:43:19 +02:00
|
|
|
const char *keyring_str = _("Keyring");
|
2002-06-29 15:46:34 +02:00
|
|
|
int i;
|
|
|
|
struct sig_stats stats;
|
1998-03-09 22:44:06 +01:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
memset(&stats,0,sizeof(stats));
|
|
|
|
|
|
|
|
/* fixme: using the bynames function has the disadvantage that we
|
|
|
|
* don't know wether one of the names given was not found. OTOH,
|
|
|
|
* this function has the advantage to list the names in the
|
|
|
|
* sequence as defined by the keyDB and does not duplicate
|
|
|
|
* outputs. A solution could be do test whether all given have
|
|
|
|
* been listed (this needs a way to use the keyDB search
|
|
|
|
* functions) or to have the search function return indicators for
|
|
|
|
* found names. Yet another way is to use the keydb search
|
|
|
|
* facilities directly. */
|
1998-11-08 18:23:14 +01:00
|
|
|
if( secret ) {
|
1999-01-24 18:16:40 +01:00
|
|
|
rc = get_seckey_bynames( &ctx, NULL, names, &keyblock );
|
1998-11-08 18:23:14 +01:00
|
|
|
if( rc ) {
|
2002-06-29 15:46:34 +02:00
|
|
|
log_error("error reading key: %s\n", g10_errstr(rc) );
|
1999-01-24 18:16:40 +01:00
|
|
|
get_seckey_end( ctx );
|
1998-11-08 18:23:14 +01:00
|
|
|
return;
|
|
|
|
}
|
1999-01-24 18:16:40 +01:00
|
|
|
do {
|
* mainproc.c (check_sig_and_print), main.h, keylist.c (show_policy,
show_notation): Collapse the old print_notation_data into show_policy()
and show_notation() so there is only one function to print notations and
policy URLs.
* options.h, main.h, g10.c (main), keyedit.c (print_and_check_one_sig),
keylist.c (list_one, list_keyblock_print), pkclist.c (do_edit_ownertrust),
sign.c (mk_notation_and_policy): New "list-options" and "verify-options"
commands. These replace the existing --show-photos/--no-show-photos,
--show-notation/--no-show-notation,
--show-policy-url/--no-show-policy-url, and --show-keyring options. The
new method is more flexible since a user can specify (for example) showing
photos during sig verification, but not in key listings. The old options
are emulated.
2003-06-01 01:23:19 +02:00
|
|
|
if ((opt.list_options&LIST_SHOW_KEYRING) && !opt.with_colons) {
|
2002-06-29 15:46:34 +02:00
|
|
|
resname = keydb_get_resource_name (get_ctx_handle(ctx));
|
|
|
|
printf("%s: %s\n", keyring_str, resname);
|
|
|
|
for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )
|
|
|
|
putchar('-');
|
|
|
|
putchar('\n');
|
|
|
|
}
|
2002-08-22 19:47:42 +02:00
|
|
|
list_keyblock( keyblock, 1, opt.fingerprint, NULL );
|
1999-01-24 18:16:40 +01:00
|
|
|
release_kbnode( keyblock );
|
|
|
|
} while( !get_seckey_next( ctx, NULL, &keyblock ) );
|
|
|
|
get_seckey_end( ctx );
|
1998-11-08 18:23:14 +01:00
|
|
|
}
|
|
|
|
else {
|
1999-01-24 18:16:40 +01:00
|
|
|
rc = get_pubkey_bynames( &ctx, NULL, names, &keyblock );
|
1998-11-08 18:23:14 +01:00
|
|
|
if( rc ) {
|
2002-06-29 15:46:34 +02:00
|
|
|
log_error("error reading key: %s\n", g10_errstr(rc) );
|
1998-11-08 18:23:14 +01:00
|
|
|
get_pubkey_end( ctx );
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
do {
|
* mainproc.c (check_sig_and_print), main.h, keylist.c (show_policy,
show_notation): Collapse the old print_notation_data into show_policy()
and show_notation() so there is only one function to print notations and
policy URLs.
* options.h, main.h, g10.c (main), keyedit.c (print_and_check_one_sig),
keylist.c (list_one, list_keyblock_print), pkclist.c (do_edit_ownertrust),
sign.c (mk_notation_and_policy): New "list-options" and "verify-options"
commands. These replace the existing --show-photos/--no-show-photos,
--show-notation/--no-show-notation,
--show-policy-url/--no-show-policy-url, and --show-keyring options. The
new method is more flexible since a user can specify (for example) showing
photos during sig verification, but not in key listings. The old options
are emulated.
2003-06-01 01:23:19 +02:00
|
|
|
if ((opt.list_options&LIST_SHOW_KEYRING) && !opt.with_colons) {
|
2002-06-29 15:46:34 +02:00
|
|
|
resname = keydb_get_resource_name (get_ctx_handle(ctx));
|
|
|
|
printf("%s: %s\n", keyring_str, resname);
|
|
|
|
for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )
|
|
|
|
putchar('-');
|
|
|
|
putchar('\n');
|
|
|
|
}
|
|
|
|
list_keyblock( keyblock, 0, opt.fingerprint,
|
|
|
|
opt.check_sigs?&stats:NULL );
|
1998-11-08 18:23:14 +01:00
|
|
|
release_kbnode( keyblock );
|
|
|
|
} while( !get_pubkey_next( ctx, NULL, &keyblock ) );
|
|
|
|
get_pubkey_end( ctx );
|
1998-03-09 22:44:06 +01:00
|
|
|
}
|
2002-06-29 15:46:34 +02:00
|
|
|
|
|
|
|
if(opt.check_sigs && !opt.with_colons)
|
|
|
|
print_signature_stats(&stats);
|
1998-10-21 19:34:36 +02:00
|
|
|
}
|
1998-03-09 22:44:06 +01:00
|
|
|
|
1999-06-08 13:41:46 +02:00
|
|
|
static void
|
2004-03-06 18:12:44 +01:00
|
|
|
print_key_data( PKT_public_key *pk )
|
1999-06-08 13:41:46 +02:00
|
|
|
{
|
2000-07-14 19:34:53 +02:00
|
|
|
int n = pk ? pubkey_get_npkey( pk->pubkey_algo ) : 0;
|
1999-06-08 13:41:46 +02:00
|
|
|
int i;
|
|
|
|
|
|
|
|
for(i=0; i < n; i++ ) {
|
2002-06-29 15:46:34 +02:00
|
|
|
printf("pkd:%d:%u:", i, mpi_get_nbits( pk->pkey[i] ) );
|
1999-06-08 13:41:46 +02:00
|
|
|
mpi_print(stdout, pk->pkey[i], 1 );
|
|
|
|
putchar(':');
|
|
|
|
putchar('\n');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
static void
|
|
|
|
print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
|
|
|
|
{
|
2002-10-08 00:19:11 +02:00
|
|
|
if(pk || (sk && sk->protect.s2k.mode!=1001))
|
|
|
|
{
|
|
|
|
unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage;
|
2002-06-29 15:46:34 +02:00
|
|
|
|
2002-10-08 00:19:11 +02:00
|
|
|
if ( use & PUBKEY_USAGE_ENC )
|
2002-06-29 15:46:34 +02:00
|
|
|
putchar ('e');
|
2002-10-08 00:19:11 +02:00
|
|
|
|
|
|
|
if ( use & PUBKEY_USAGE_SIG )
|
|
|
|
{
|
|
|
|
putchar ('s');
|
|
|
|
if( pk? pk->is_primary : sk->is_primary )
|
|
|
|
putchar ('c');
|
|
|
|
}
|
2003-09-30 10:00:08 +02:00
|
|
|
|
|
|
|
if ( (use & PUBKEY_USAGE_AUTH) )
|
|
|
|
putchar ('a');
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
2002-10-08 00:19:11 +02:00
|
|
|
|
* trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename
is_disabled to cache_disabled_value, which now takes a pk and not just the
keyid. This is for speed since there is no need to re-fetch a key when we
already have that key handy. Cache the result of the check so we don't
need to hit the trustdb more than once.
* getkey.c (skip_disabled): New function to get a pk and call is_disabled
on it. (key_byname): Use it here.
* packet.h, getkey.c (skip_disabled), keylist.c (print_capabilities): New
"pk_is_disabled" macro to retrieve the cached disabled value if available,
and fill it in via cache_disabled_value if not available.
* trustdb.c (get_validity): Cache the disabled value since we have it
handy and it might be useful later.
* parse-packet.c (parse_key): Clear disabled flag when parsing a new key.
Just in case someone forgets to clear the whole key.
* getkey.c (merge_selfsigs_main): Add an "if all else fails" path for
setting a single user ID primary when there are multiple set primaries all
at the same second, or no primaries set and the most recent user IDs are
at the same second, or no signed user IDs at all. This is arbitrary, but
deterministic.
* exec.h, photoid.h: Add copyright message.
* keylist.c (list_keyblock_print): Don't dump attribs for
revoked/expired/etc uids for non-colon key listings. This is for
consistency with --show-photos.
* main.h, keylist.c (dump_attribs), mainproc.c (check_sig_and_print): Dump
attribs if --attrib-fd is set when verifying signatures.
* g10.c (main): New --gnupg option to disable the various --openpgp,
--pgpX, etc. options. This is the same as --no-XXXX for those options.
* revoke.c (ask_revocation_reason): Clear old reason if user elects to
repeat question. This is bug 153.
* keyedit.c (sign_uids): Show keyid of the key making the signature.
2003-05-21 18:42:22 +02:00
|
|
|
if ( keyblock ) { /* figure out the usable capabilities */
|
2002-06-29 15:46:34 +02:00
|
|
|
KBNODE k;
|
2003-09-30 10:00:08 +02:00
|
|
|
int enc=0, sign=0, cert=0, auth=0, disabled=0;
|
2002-06-29 15:46:34 +02:00
|
|
|
|
|
|
|
for (k=keyblock; k; k = k->next ) {
|
|
|
|
if ( k->pkt->pkttype == PKT_PUBLIC_KEY
|
|
|
|
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
|
|
|
|
pk = k->pkt->pkt.public_key;
|
2003-01-06 22:01:44 +01:00
|
|
|
|
* trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename
is_disabled to cache_disabled_value, which now takes a pk and not just the
keyid. This is for speed since there is no need to re-fetch a key when we
already have that key handy. Cache the result of the check so we don't
need to hit the trustdb more than once.
* getkey.c (skip_disabled): New function to get a pk and call is_disabled
on it. (key_byname): Use it here.
* packet.h, getkey.c (skip_disabled), keylist.c (print_capabilities): New
"pk_is_disabled" macro to retrieve the cached disabled value if available,
and fill it in via cache_disabled_value if not available.
* trustdb.c (get_validity): Cache the disabled value since we have it
handy and it might be useful later.
* parse-packet.c (parse_key): Clear disabled flag when parsing a new key.
Just in case someone forgets to clear the whole key.
* getkey.c (merge_selfsigs_main): Add an "if all else fails" path for
setting a single user ID primary when there are multiple set primaries all
at the same second, or no primaries set and the most recent user IDs are
at the same second, or no signed user IDs at all. This is arbitrary, but
deterministic.
* exec.h, photoid.h: Add copyright message.
* keylist.c (list_keyblock_print): Don't dump attribs for
revoked/expired/etc uids for non-colon key listings. This is for
consistency with --show-photos.
* main.h, keylist.c (dump_attribs), mainproc.c (check_sig_and_print): Dump
attribs if --attrib-fd is set when verifying signatures.
* g10.c (main): New --gnupg option to disable the various --openpgp,
--pgpX, etc. options. This is the same as --no-XXXX for those options.
* revoke.c (ask_revocation_reason): Clear old reason if user elects to
repeat question. This is bug 153.
* keyedit.c (sign_uids): Show keyid of the key making the signature.
2003-05-21 18:42:22 +02:00
|
|
|
if(pk->is_primary)
|
|
|
|
disabled=pk_is_disabled(pk);
|
2003-01-06 22:01:44 +01:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
if ( pk->is_valid && !pk->is_revoked && !pk->has_expired ) {
|
|
|
|
if ( pk->pubkey_usage & PUBKEY_USAGE_ENC )
|
|
|
|
enc = 1;
|
|
|
|
if ( pk->pubkey_usage & PUBKEY_USAGE_SIG )
|
2002-10-03 21:20:37 +02:00
|
|
|
{
|
|
|
|
sign = 1;
|
|
|
|
if(pk->is_primary)
|
|
|
|
cert = 1;
|
|
|
|
}
|
2003-09-30 10:00:08 +02:00
|
|
|
if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
|
|
|
|
auth = 1;
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
else if ( k->pkt->pkttype == PKT_SECRET_KEY
|
|
|
|
|| k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
|
|
|
|
sk = k->pkt->pkt.secret_key;
|
2002-10-03 21:20:37 +02:00
|
|
|
if ( sk->is_valid && !sk->is_revoked && !sk->has_expired
|
|
|
|
&& sk->protect.s2k.mode!=1001 ) {
|
2002-06-29 15:46:34 +02:00
|
|
|
if ( sk->pubkey_usage & PUBKEY_USAGE_ENC )
|
|
|
|
enc = 1;
|
|
|
|
if ( sk->pubkey_usage & PUBKEY_USAGE_SIG )
|
2002-10-03 21:20:37 +02:00
|
|
|
{
|
|
|
|
sign = 1;
|
|
|
|
if(sk->is_primary)
|
|
|
|
cert = 1;
|
|
|
|
}
|
2003-09-30 10:00:08 +02:00
|
|
|
if ( (sk->pubkey_usage & PUBKEY_USAGE_AUTH) )
|
|
|
|
auth = 1;
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (enc)
|
|
|
|
putchar ('E');
|
|
|
|
if (sign)
|
|
|
|
putchar ('S');
|
|
|
|
if (cert)
|
|
|
|
putchar ('C');
|
2003-09-30 10:00:08 +02:00
|
|
|
if (auth)
|
|
|
|
putchar ('A');
|
2003-01-06 22:01:44 +01:00
|
|
|
if (disabled)
|
|
|
|
putchar ('D');
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
2003-01-06 22:01:44 +01:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
putchar(':');
|
|
|
|
}
|
|
|
|
|
2004-09-12 17:27:38 +02:00
|
|
|
/* Flags = 0x01 hashed 0x02 critical */
|
|
|
|
static void
|
|
|
|
print_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
|
|
|
|
{
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
printf("spk:%d:%u:%u:",type,flags,len);
|
|
|
|
|
|
|
|
for(i=0;i<len;i++)
|
|
|
|
{
|
|
|
|
/* printable ascii other than : and % */
|
|
|
|
if(buf[i]>=32 && buf[i]<=126 && buf[i]!=':' && buf[i]!='%')
|
|
|
|
printf("%c",buf[i]);
|
|
|
|
else
|
|
|
|
printf("%%%02X",buf[i]);
|
|
|
|
}
|
|
|
|
|
|
|
|
printf("\n");
|
|
|
|
}
|
|
|
|
|
2004-09-13 14:31:25 +02:00
|
|
|
void
|
2004-09-12 17:27:38 +02:00
|
|
|
print_subpackets_colon(PKT_signature *sig)
|
|
|
|
{
|
|
|
|
byte *i;
|
|
|
|
|
|
|
|
assert(opt.show_subpackets);
|
|
|
|
|
|
|
|
for(i=opt.show_subpackets;*i;i++)
|
|
|
|
{
|
|
|
|
const byte *p;
|
|
|
|
size_t len;
|
|
|
|
int seq,crit;
|
|
|
|
|
|
|
|
seq=0;
|
|
|
|
|
|
|
|
while((p=enum_sig_subpkt(sig->hashed,*i,&len,&seq,&crit)))
|
|
|
|
print_one_subpacket(*i,len,0x01|(crit?0x02:0),p);
|
|
|
|
|
|
|
|
seq=0;
|
|
|
|
|
|
|
|
while((p=enum_sig_subpkt(sig->unhashed,*i,&len,&seq,&crit)))
|
|
|
|
print_one_subpacket(*i,len,0x00|(crit?0x02:0),p);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
* trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename
is_disabled to cache_disabled_value, which now takes a pk and not just the
keyid. This is for speed since there is no need to re-fetch a key when we
already have that key handy. Cache the result of the check so we don't
need to hit the trustdb more than once.
* getkey.c (skip_disabled): New function to get a pk and call is_disabled
on it. (key_byname): Use it here.
* packet.h, getkey.c (skip_disabled), keylist.c (print_capabilities): New
"pk_is_disabled" macro to retrieve the cached disabled value if available,
and fill it in via cache_disabled_value if not available.
* trustdb.c (get_validity): Cache the disabled value since we have it
handy and it might be useful later.
* parse-packet.c (parse_key): Clear disabled flag when parsing a new key.
Just in case someone forgets to clear the whole key.
* getkey.c (merge_selfsigs_main): Add an "if all else fails" path for
setting a single user ID primary when there are multiple set primaries all
at the same second, or no primaries set and the most recent user IDs are
at the same second, or no signed user IDs at all. This is arbitrary, but
deterministic.
* exec.h, photoid.h: Add copyright message.
* keylist.c (list_keyblock_print): Don't dump attribs for
revoked/expired/etc uids for non-colon key listings. This is for
consistency with --show-photos.
* main.h, keylist.c (dump_attribs), mainproc.c (check_sig_and_print): Dump
attribs if --attrib-fd is set when verifying signatures.
* g10.c (main): New --gnupg option to disable the various --openpgp,
--pgpX, etc. options. This is the same as --no-XXXX for those options.
* revoke.c (ask_revocation_reason): Clear old reason if user elects to
repeat question. This is bug 153.
* keyedit.c (sign_uids): Show keyid of the key making the signature.
2003-05-21 18:42:22 +02:00
|
|
|
void
|
|
|
|
dump_attribs(const PKT_user_id *uid,PKT_public_key *pk,PKT_secret_key *sk)
|
2002-06-29 15:46:34 +02:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if(!attrib_fp)
|
* trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename
is_disabled to cache_disabled_value, which now takes a pk and not just the
keyid. This is for speed since there is no need to re-fetch a key when we
already have that key handy. Cache the result of the check so we don't
need to hit the trustdb more than once.
* getkey.c (skip_disabled): New function to get a pk and call is_disabled
on it. (key_byname): Use it here.
* packet.h, getkey.c (skip_disabled), keylist.c (print_capabilities): New
"pk_is_disabled" macro to retrieve the cached disabled value if available,
and fill it in via cache_disabled_value if not available.
* trustdb.c (get_validity): Cache the disabled value since we have it
handy and it might be useful later.
* parse-packet.c (parse_key): Clear disabled flag when parsing a new key.
Just in case someone forgets to clear the whole key.
* getkey.c (merge_selfsigs_main): Add an "if all else fails" path for
setting a single user ID primary when there are multiple set primaries all
at the same second, or no primaries set and the most recent user IDs are
at the same second, or no signed user IDs at all. This is arbitrary, but
deterministic.
* exec.h, photoid.h: Add copyright message.
* keylist.c (list_keyblock_print): Don't dump attribs for
revoked/expired/etc uids for non-colon key listings. This is for
consistency with --show-photos.
* main.h, keylist.c (dump_attribs), mainproc.c (check_sig_and_print): Dump
attribs if --attrib-fd is set when verifying signatures.
* g10.c (main): New --gnupg option to disable the various --openpgp,
--pgpX, etc. options. This is the same as --no-XXXX for those options.
* revoke.c (ask_revocation_reason): Clear old reason if user elects to
repeat question. This is bug 153.
* keyedit.c (sign_uids): Show keyid of the key making the signature.
2003-05-21 18:42:22 +02:00
|
|
|
return;
|
2002-06-29 15:46:34 +02:00
|
|
|
|
|
|
|
for(i=0;i<uid->numattribs;i++)
|
|
|
|
{
|
|
|
|
if(is_status_enabled())
|
|
|
|
{
|
|
|
|
byte array[MAX_FINGERPRINT_LEN], *p;
|
|
|
|
char buf[(MAX_FINGERPRINT_LEN*2)+90];
|
|
|
|
size_t j,n;
|
|
|
|
|
|
|
|
if(pk)
|
|
|
|
fingerprint_from_pk( pk, array, &n );
|
|
|
|
else if(sk)
|
|
|
|
fingerprint_from_sk( sk, array, &n );
|
|
|
|
else
|
|
|
|
BUG();
|
|
|
|
|
|
|
|
p = array;
|
|
|
|
for(j=0; j < n ; j++, p++ )
|
|
|
|
sprintf(buf+2*j, "%02X", *p );
|
|
|
|
|
|
|
|
sprintf(buf+strlen(buf)," %lu %u %u %u %lu %lu %u",
|
2002-07-01 18:47:22 +02:00
|
|
|
(ulong)uid->attribs[i].len,uid->attribs[i].type,i+1,
|
2002-06-29 15:46:34 +02:00
|
|
|
uid->numattribs,(ulong)uid->created,(ulong)uid->expiredate,
|
|
|
|
((uid->is_primary?0x01:0)|
|
|
|
|
(uid->is_revoked?0x02:0)|
|
|
|
|
(uid->is_expired?0x04:0)));
|
|
|
|
write_status_text(STATUS_ATTRIBUTE,buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
fwrite(uid->attribs[i].data,uid->attribs[i].len,1,attrib_fp);
|
|
|
|
}
|
|
|
|
}
|
1998-03-19 16:27:29 +01:00
|
|
|
|
1998-10-21 19:34:36 +02:00
|
|
|
static void
|
2002-06-29 15:46:34 +02:00
|
|
|
list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
|
1998-10-21 19:34:36 +02:00
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
KBNODE kbctx;
|
|
|
|
KBNODE node;
|
|
|
|
PKT_public_key *pk;
|
|
|
|
PKT_secret_key *sk;
|
2002-06-29 15:46:34 +02:00
|
|
|
struct sig_stats *stats=opaque;
|
2003-09-25 06:03:11 +02:00
|
|
|
int skip_sigs=0;
|
1998-10-21 19:34:36 +02:00
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
/* get the keyid from the keyblock */
|
1998-06-29 14:30:57 +02:00
|
|
|
node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
|
1998-03-09 22:44:06 +01:00
|
|
|
if( !node ) {
|
1998-05-29 13:53:54 +02:00
|
|
|
log_error("Oops; key lost!\n");
|
1999-02-10 17:22:40 +01:00
|
|
|
dump_kbnode( keyblock );
|
1998-10-21 19:34:36 +02:00
|
|
|
return;
|
1998-03-09 22:44:06 +01:00
|
|
|
}
|
|
|
|
|
2003-06-03 19:47:58 +02:00
|
|
|
if( secret )
|
|
|
|
{
|
1998-06-29 14:30:57 +02:00
|
|
|
pk = NULL;
|
|
|
|
sk = node->pkt->pkt.secret_key;
|
2003-06-03 19:47:58 +02:00
|
|
|
|
2004-07-16 16:30:55 +02:00
|
|
|
printf("sec%c %4u%c/%s %s",(sk->protect.s2k.mode==1001)?'#':
|
2004-03-03 06:47:51 +01:00
|
|
|
(sk->protect.s2k.mode==1002)?'>':' ',
|
|
|
|
nbits_from_sk( sk ),pubkey_letter( sk->pubkey_algo ),
|
2004-07-16 16:30:55 +02:00
|
|
|
keystr_from_sk(sk),datestr_from_sk( sk ));
|
2003-06-03 19:47:58 +02:00
|
|
|
|
2004-07-16 16:30:55 +02:00
|
|
|
if(sk->has_expired)
|
2004-10-06 21:51:45 +02:00
|
|
|
{
|
|
|
|
printf(" [");
|
|
|
|
printf(_("expired: %s"),expirestr_from_sk(sk));
|
|
|
|
printf("]");
|
|
|
|
}
|
2004-07-16 16:30:55 +02:00
|
|
|
else if(sk->expiredate )
|
2004-10-06 21:51:45 +02:00
|
|
|
{
|
|
|
|
printf(" [");
|
|
|
|
printf(_("expires: %s"),expirestr_from_sk(sk));
|
|
|
|
printf("]");
|
|
|
|
}
|
2004-07-16 16:30:55 +02:00
|
|
|
|
|
|
|
printf("\n");
|
2003-06-03 19:47:58 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
1998-06-29 14:30:57 +02:00
|
|
|
pk = node->pkt->pkt.public_key;
|
|
|
|
sk = NULL;
|
2003-06-03 19:47:58 +02:00
|
|
|
|
2003-09-30 17:30:39 +02:00
|
|
|
check_trustdb_stale();
|
2003-06-03 19:47:58 +02:00
|
|
|
|
2004-07-16 16:30:55 +02:00
|
|
|
printf("pub %4u%c/%s %s",
|
2004-03-03 06:47:51 +01:00
|
|
|
nbits_from_pk(pk),pubkey_letter(pk->pubkey_algo),
|
2004-07-16 16:30:55 +02:00
|
|
|
keystr_from_pk(pk),datestr_from_pk( pk ));
|
2003-06-03 19:47:58 +02:00
|
|
|
|
|
|
|
/* We didn't include this before in the key listing, but there
|
|
|
|
is room in the new format, so why not? */
|
2004-07-16 16:30:55 +02:00
|
|
|
|
|
|
|
if(pk->is_revoked)
|
2004-10-06 21:51:45 +02:00
|
|
|
{
|
|
|
|
printf(" [");
|
|
|
|
printf(_("revoked: %s"),revokestr_from_pk(pk));
|
|
|
|
printf("]");
|
|
|
|
}
|
2004-07-16 16:30:55 +02:00
|
|
|
else if(pk->has_expired)
|
2004-10-06 21:51:45 +02:00
|
|
|
{
|
|
|
|
printf(" [");
|
|
|
|
printf(_("expired: %s)"),expirestr_from_pk(pk));
|
|
|
|
printf("]");
|
|
|
|
}
|
2004-07-16 16:30:55 +02:00
|
|
|
else if(pk->expiredate)
|
2004-10-06 21:51:45 +02:00
|
|
|
{
|
|
|
|
printf(" [");
|
|
|
|
printf(_("expires: %s"),expirestr_from_pk(pk));
|
|
|
|
printf("]");
|
|
|
|
}
|
2003-06-03 19:47:58 +02:00
|
|
|
|
2003-09-30 17:30:39 +02:00
|
|
|
#if 0
|
|
|
|
/* I need to think about this some more. It's easy enough to
|
|
|
|
include, but it looks sort of confusing in the
|
|
|
|
listing... */
|
2003-06-03 19:47:58 +02:00
|
|
|
if(opt.list_options&LIST_SHOW_VALIDITY)
|
2004-07-16 16:30:55 +02:00
|
|
|
{
|
|
|
|
int validity=get_validity(pk,NULL);
|
|
|
|
printf(" [%s]",trust_value_to_string(validity));
|
|
|
|
}
|
2003-09-30 17:30:39 +02:00
|
|
|
#endif
|
2004-07-16 16:30:55 +02:00
|
|
|
|
|
|
|
printf("\n");
|
2003-06-03 19:47:58 +02:00
|
|
|
}
|
2002-06-29 15:46:34 +02:00
|
|
|
|
2004-10-14 22:13:16 +02:00
|
|
|
if( fpr )
|
|
|
|
print_fingerprint( pk, sk, 0 );
|
|
|
|
print_card_serialno (sk);
|
|
|
|
if( opt.with_key_data )
|
|
|
|
print_key_data( pk );
|
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
|
|
|
|
if( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode ) {
|
2003-09-25 06:03:11 +02:00
|
|
|
PKT_user_id *uid=node->pkt->pkt.user_id;
|
2002-06-29 15:46:34 +02:00
|
|
|
|
2003-09-25 06:03:11 +02:00
|
|
|
if((uid->is_expired || uid->is_revoked)
|
|
|
|
&& !(opt.list_options&LIST_SHOW_UNUSABLE_UIDS))
|
|
|
|
{
|
|
|
|
skip_sigs=1;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
skip_sigs=0;
|
|
|
|
|
|
|
|
if(attrib_fp && uid->attrib_data!=NULL)
|
|
|
|
dump_attribs(uid,pk,sk);
|
* trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename
is_disabled to cache_disabled_value, which now takes a pk and not just the
keyid. This is for speed since there is no need to re-fetch a key when we
already have that key handy. Cache the result of the check so we don't
need to hit the trustdb more than once.
* getkey.c (skip_disabled): New function to get a pk and call is_disabled
on it. (key_byname): Use it here.
* packet.h, getkey.c (skip_disabled), keylist.c (print_capabilities): New
"pk_is_disabled" macro to retrieve the cached disabled value if available,
and fill it in via cache_disabled_value if not available.
* trustdb.c (get_validity): Cache the disabled value since we have it
handy and it might be useful later.
* parse-packet.c (parse_key): Clear disabled flag when parsing a new key.
Just in case someone forgets to clear the whole key.
* getkey.c (merge_selfsigs_main): Add an "if all else fails" path for
setting a single user ID primary when there are multiple set primaries all
at the same second, or no primaries set and the most recent user IDs are
at the same second, or no signed user IDs at all. This is arbitrary, but
deterministic.
* exec.h, photoid.h: Add copyright message.
* keylist.c (list_keyblock_print): Don't dump attribs for
revoked/expired/etc uids for non-colon key listings. This is for
consistency with --show-photos.
* main.h, keylist.c (dump_attribs), mainproc.c (check_sig_and_print): Dump
attribs if --attrib-fd is set when verifying signatures.
* g10.c (main): New --gnupg option to disable the various --openpgp,
--pgpX, etc. options. This is the same as --no-XXXX for those options.
* revoke.c (ask_revocation_reason): Clear old reason if user elects to
repeat question. This is bug 153.
* keyedit.c (sign_uids): Show keyid of the key making the signature.
2003-05-21 18:42:22 +02:00
|
|
|
|
2004-03-03 06:47:51 +01:00
|
|
|
if((uid->is_revoked || uid->is_expired)
|
2004-07-16 16:30:55 +02:00
|
|
|
|| ((opt.list_options&LIST_SHOW_UID_VALIDITY) && pk))
|
2003-06-03 19:47:58 +02:00
|
|
|
{
|
2004-03-03 06:47:51 +01:00
|
|
|
const char *validity;
|
|
|
|
int indent;
|
2003-06-03 19:47:58 +02:00
|
|
|
|
2004-11-24 06:25:03 +01:00
|
|
|
validity=uid_trust_string_fixed(pk,uid);
|
|
|
|
indent=(keystrlen()+9)-atoi(uid_trust_string_fixed(NULL,NULL));
|
2003-06-03 19:47:58 +02:00
|
|
|
|
2004-11-24 06:25:03 +01:00
|
|
|
if(indent<0 || indent>40)
|
2003-06-03 19:47:58 +02:00
|
|
|
indent=0;
|
|
|
|
|
2004-11-24 06:25:03 +01:00
|
|
|
printf("uid%*s%s ",indent,"",validity);
|
2003-06-03 19:47:58 +02:00
|
|
|
}
|
2004-07-16 16:30:55 +02:00
|
|
|
else
|
2004-03-03 06:47:51 +01:00
|
|
|
printf("uid%*s",keystrlen()+10,"");
|
2002-06-29 15:46:34 +02:00
|
|
|
|
2003-09-25 06:03:11 +02:00
|
|
|
print_utf8_string( stdout, uid->name, uid->len );
|
2002-06-29 15:46:34 +02:00
|
|
|
putchar('\n');
|
|
|
|
|
2003-09-25 06:03:11 +02:00
|
|
|
if((opt.list_options&LIST_SHOW_PHOTOS) && uid->attribs!=NULL)
|
|
|
|
show_photos(uid->attribs,uid->numattribs,pk,sk);
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
2004-03-06 18:12:44 +01:00
|
|
|
else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
|
|
|
|
{
|
2002-06-29 15:46:34 +02:00
|
|
|
PKT_public_key *pk2 = node->pkt->pkt.public_key;
|
|
|
|
|
2004-02-11 14:46:23 +01:00
|
|
|
if((pk2->is_revoked || pk2->has_expired)
|
|
|
|
&& !(opt.list_options&LIST_SHOW_UNUSABLE_SUBKEYS))
|
|
|
|
{
|
|
|
|
skip_sigs=1;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
skip_sigs=0;
|
|
|
|
|
2004-03-03 06:47:51 +01:00
|
|
|
printf("sub %4u%c/%s %s",
|
|
|
|
nbits_from_pk( pk2 ),pubkey_letter( pk2->pubkey_algo ),
|
2004-03-06 18:12:44 +01:00
|
|
|
keystr_from_pk(pk2),datestr_from_pk(pk2));
|
2004-02-10 23:42:34 +01:00
|
|
|
if( pk2->is_revoked )
|
2004-10-06 21:51:45 +02:00
|
|
|
{
|
|
|
|
printf(" [");
|
|
|
|
printf(_("revoked: %s"),revokestr_from_pk(pk2));
|
|
|
|
printf("]");
|
|
|
|
}
|
2004-02-11 05:32:52 +01:00
|
|
|
else if( pk2->has_expired )
|
2004-10-06 21:51:45 +02:00
|
|
|
{
|
|
|
|
printf(" [");
|
|
|
|
printf(_("expired: %s"),expirestr_from_pk(pk2));
|
|
|
|
printf("]");
|
|
|
|
}
|
2004-02-11 05:32:52 +01:00
|
|
|
else if( pk2->expiredate )
|
2004-10-06 21:51:45 +02:00
|
|
|
{
|
|
|
|
printf(" [");
|
|
|
|
printf(_("expires: %s"),expirestr_from_pk(pk2));
|
|
|
|
printf("]");
|
|
|
|
}
|
2002-06-29 15:46:34 +02:00
|
|
|
putchar('\n');
|
|
|
|
if( fpr > 1 )
|
2004-03-06 18:12:44 +01:00
|
|
|
print_fingerprint( pk2, NULL, 0 );
|
2002-06-29 15:46:34 +02:00
|
|
|
if( opt.with_key_data )
|
2004-03-06 18:12:44 +01:00
|
|
|
print_key_data( pk2 );
|
|
|
|
}
|
|
|
|
else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
|
|
|
|
{
|
2002-06-29 15:46:34 +02:00
|
|
|
PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
|
|
|
|
|
2004-03-03 06:47:51 +01:00
|
|
|
printf("ssb%c %4u%c/%s %s",
|
2004-05-05 04:40:27 +02:00
|
|
|
(sk2->protect.s2k.mode==1001)?'#':
|
|
|
|
(sk2->protect.s2k.mode==1002)?'>':' ',
|
2004-03-03 06:47:51 +01:00
|
|
|
nbits_from_sk( sk2 ),pubkey_letter( sk2->pubkey_algo ),
|
2004-03-06 18:12:44 +01:00
|
|
|
keystr_from_sk(sk2),datestr_from_sk( sk2 ) );
|
2003-06-03 19:47:58 +02:00
|
|
|
if( sk2->expiredate )
|
2004-10-06 21:51:45 +02:00
|
|
|
{
|
|
|
|
printf(" [");
|
|
|
|
printf(_("expires: %s"),expirestr_from_sk(sk2));
|
|
|
|
printf("]");
|
|
|
|
}
|
2003-06-03 19:47:58 +02:00
|
|
|
putchar('\n');
|
2002-06-29 15:46:34 +02:00
|
|
|
if( fpr > 1 )
|
2004-09-20 20:38:39 +02:00
|
|
|
{
|
|
|
|
print_fingerprint( NULL, sk2, 0 );
|
|
|
|
print_card_serialno (sk2);
|
|
|
|
}
|
2004-03-06 18:12:44 +01:00
|
|
|
}
|
2003-09-25 06:03:11 +02:00
|
|
|
else if( opt.list_sigs
|
|
|
|
&& node->pkt->pkttype == PKT_SIGNATURE
|
|
|
|
&& !skip_sigs ) {
|
2002-06-29 15:46:34 +02:00
|
|
|
PKT_signature *sig = node->pkt->pkt.signature;
|
|
|
|
int sigrc;
|
|
|
|
char *sigstr;
|
|
|
|
|
|
|
|
if( stats ) {
|
|
|
|
/*fflush(stdout);*/
|
|
|
|
rc = check_key_signature( keyblock, node, NULL );
|
|
|
|
switch( rc ) {
|
|
|
|
case 0: sigrc = '!'; break;
|
|
|
|
case G10ERR_BAD_SIGN: stats->inv_sigs++; sigrc = '-'; break;
|
|
|
|
case G10ERR_NO_PUBKEY:
|
|
|
|
case G10ERR_UNU_PUBKEY: stats->no_key++; continue;
|
|
|
|
default: stats->oth_err++; sigrc = '%'; break;
|
|
|
|
}
|
2002-08-20 14:45:57 +02:00
|
|
|
|
|
|
|
/* TODO: Make sure a cached sig record here still has
|
|
|
|
the pk that issued it. See also
|
|
|
|
keyedit.c:print_and_check_one_sig */
|
2000-07-14 19:34:53 +02:00
|
|
|
}
|
|
|
|
else {
|
2002-06-29 15:46:34 +02:00
|
|
|
rc = 0;
|
|
|
|
sigrc = ' ';
|
2000-07-14 19:34:53 +02:00
|
|
|
}
|
2002-06-29 15:46:34 +02:00
|
|
|
|
|
|
|
if( sig->sig_class == 0x20 || sig->sig_class == 0x28
|
|
|
|
|| sig->sig_class == 0x30 )
|
|
|
|
sigstr = "rev";
|
|
|
|
else if( (sig->sig_class&~3) == 0x10 )
|
|
|
|
sigstr = "sig";
|
|
|
|
else if( sig->sig_class == 0x18 )
|
|
|
|
sigstr = "sig";
|
|
|
|
else if( sig->sig_class == 0x1F )
|
|
|
|
sigstr = "sig";
|
|
|
|
else {
|
|
|
|
printf("sig "
|
|
|
|
"[unexpected signature class 0x%02x]\n",sig->sig_class );
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
fputs( sigstr, stdout );
|
2004-03-03 06:47:51 +01:00
|
|
|
printf("%c%c %c%c%c%c%c%c %s %s",
|
2002-06-29 15:46:34 +02:00
|
|
|
sigrc,(sig->sig_class-0x10>0 &&
|
|
|
|
sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
|
|
|
|
sig->flags.exportable?' ':'L',
|
|
|
|
sig->flags.revocable?' ':'R',
|
|
|
|
sig->flags.policy_url?'P':' ',
|
|
|
|
sig->flags.notation?'N':' ',
|
|
|
|
sig->flags.expired?'X':' ',
|
* keyedit.c (print_and_check_one_sig, show_key_and_fingerprint,
menu_addrevoker), keylist.c (list_keyblock_print, print_fingerprint): Show
"T" or the trust depth for trust signatures, and add spaces to some
strings to make room for it.
* packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
parse_signature): Parse trust signature values.
* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Reserve a byte
for the minimum ownertrust value (for use with trust signatures).
2002-10-29 19:00:07 +01:00
|
|
|
(sig->trust_depth>9)?'T':
|
2004-03-03 06:47:51 +01:00
|
|
|
(sig->trust_depth>0)?'0'+sig->trust_depth:' ',
|
|
|
|
keystr(sig->keyid),datestr_from_sig(sig));
|
2003-08-03 04:37:48 +02:00
|
|
|
if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
|
|
|
|
printf(" %s", expirestr_from_sig(sig));
|
|
|
|
printf(" ");
|
2002-06-29 15:46:34 +02:00
|
|
|
if( sigrc == '%' )
|
|
|
|
printf("[%s] ", g10_errstr(rc) );
|
|
|
|
else if( sigrc == '?' )
|
|
|
|
;
|
|
|
|
else if ( !opt.fast_list_mode ) {
|
|
|
|
size_t n;
|
|
|
|
char *p = get_user_id( sig->keyid, &n );
|
|
|
|
print_utf8_string( stdout, p, n );
|
|
|
|
m_free(p);
|
|
|
|
}
|
|
|
|
putchar('\n');
|
|
|
|
|
2003-11-14 06:06:19 +01:00
|
|
|
if(sig->flags.policy_url
|
|
|
|
&& (opt.list_options&LIST_SHOW_POLICY_URLS))
|
* mainproc.c (check_sig_and_print), main.h, keylist.c (show_policy,
show_notation): Collapse the old print_notation_data into show_policy()
and show_notation() so there is only one function to print notations and
policy URLs.
* options.h, main.h, g10.c (main), keyedit.c (print_and_check_one_sig),
keylist.c (list_one, list_keyblock_print), pkclist.c (do_edit_ownertrust),
sign.c (mk_notation_and_policy): New "list-options" and "verify-options"
commands. These replace the existing --show-photos/--no-show-photos,
--show-notation/--no-show-notation,
--show-policy-url/--no-show-policy-url, and --show-keyring options. The
new method is more flexible since a user can specify (for example) showing
photos during sig verification, but not in key listings. The old options
are emulated.
2003-06-01 01:23:19 +02:00
|
|
|
show_policy_url(sig,3,0);
|
2002-06-29 15:46:34 +02:00
|
|
|
|
2004-05-05 04:40:27 +02:00
|
|
|
if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
|
|
|
|
show_notation(sig,3,0,
|
|
|
|
((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
|
|
|
|
((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
|
2002-06-29 15:46:34 +02:00
|
|
|
|
2003-11-14 06:06:19 +01:00
|
|
|
if(sig->flags.pref_ks
|
|
|
|
&& (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
|
2003-08-26 05:56:47 +02:00
|
|
|
show_keyserver_url(sig,3,0);
|
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
/* fixme: check or list other sigs here */
|
|
|
|
}
|
|
|
|
}
|
|
|
|
putchar('\n');
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
KBNODE kbctx;
|
|
|
|
KBNODE node;
|
|
|
|
PKT_public_key *pk;
|
|
|
|
PKT_secret_key *sk;
|
|
|
|
u32 keyid[2];
|
|
|
|
int any=0;
|
|
|
|
int trustletter = 0;
|
|
|
|
int ulti_hack = 0;
|
2003-10-28 10:25:06 +01:00
|
|
|
int i;
|
2002-06-29 15:46:34 +02:00
|
|
|
|
|
|
|
/* get the keyid from the keyblock */
|
|
|
|
node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
|
|
|
|
if( !node ) {
|
|
|
|
log_error("Oops; key lost!\n");
|
|
|
|
dump_kbnode( keyblock );
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if( secret ) {
|
|
|
|
pk = NULL;
|
|
|
|
sk = node->pkt->pkt.secret_key;
|
|
|
|
keyid_from_sk( sk, keyid );
|
* parse-packet.c (parse_signature): No need to reserve 8 bytes for the
unhashed signature cache any longer.
* misc.c (pct_expando): Add two new expandos - signer's fingerprint (%g),
and signer's primary fingerprint (%p).
* Makefile.am: Include W32LIBS where appropriate.
* g10.c (main): Add --rfc2440 alias for --openpgp since in a few months,
they won't be the same thing.
* keyserver.c (parse_keyserver_uri): Accept "http" as an alias for "hkp",
since it is occasionally written that way. (keyserver_spawn): Use
ascii_isspace to avoid locale issues.
* keygen.c (ask_user_id): Make --allow-freeform-uid apply to the email
field as well as the name field, and allow mixing fields when it is set.
* options.skel: Use subkeys.pgp.net as the default keyserver.
* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.
* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we have
struct sigaction. This is for Forte c89 on Solaris which seems to define
only the function call half of the two pairs by default.
(pause_on_sigusr): Typo. (do_block): If we can't use sigprocmask() and
sigset_t, try to get the number of signals from NSIG as well as MAXSIG,
and if we can't, fail with an explanation.
* signal.c, tdbio.c: Comment out the transaction code. It was not used in
this version, and was causing some build problems on quasi-posix platforms
(Solaris and Forte c89).
* keylist.c (list_keyblock_colon): Don't include validity values when
listing secret keys since they can be incorrect and/or misleading. This
is a temporary kludge, and will be handled properly in 1.9/2.0.
* mainproc.c (check_sig_and_print): Only show the "key available from"
preferred keyserver line if the key is not currently present.
* keyedit.c (sign_uids): Do not sign expired uids without --expert (same
behavior as revoked uids). Do not allow signing a user ID without a
self-signature. --expert overrides. Add additional prompt to the
signature level question. (menu_expire): When changing expiration dates,
don't replace selfsigs on revoked uids since this would effectively
unrevoke them. There is also no point in replacing expired selfsigs.
This is bug #181
* g10.c (add_notation_data): Make sure that only ascii is passed to
iscntrl. Noted by Christian Biere.
* getkey.c (classify_user_id2): Replaced isspace by spacep
* keygen.c (ask_user_id): Ditto. (get_parameter_algo): Ditto.
* keyedit.c (keyedit_menu): Ditto.
* tdbdump.c (import_ownertrust): Ditto. s/isxdigit/hexdigitp/.
* revoke.c (ask_revocation_reason):
* keyserver.c (keyserver_spawn): Dito.
2003-07-10 16:30:07 +02:00
|
|
|
printf("sec::%u:%d:%08lX%08lX:%s:%s:::",
|
2002-06-29 15:46:34 +02:00
|
|
|
nbits_from_sk( sk ),
|
|
|
|
sk->pubkey_algo,
|
|
|
|
(ulong)keyid[0],(ulong)keyid[1],
|
|
|
|
colon_datestr_from_sk( sk ),
|
|
|
|
colon_strtime (sk->expiredate)
|
|
|
|
/* fixme: add LID here */ );
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
pk = node->pkt->pkt.public_key;
|
|
|
|
sk = NULL;
|
|
|
|
keyid_from_pk( pk, keyid );
|
|
|
|
fputs( "pub:", stdout );
|
|
|
|
if ( !pk->is_valid )
|
|
|
|
putchar ('i');
|
|
|
|
else if ( pk->is_revoked )
|
|
|
|
putchar ('r');
|
|
|
|
else if ( pk->has_expired )
|
|
|
|
putchar ('e');
|
|
|
|
else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
|
|
|
|
;
|
|
|
|
else {
|
|
|
|
trustletter = get_validity_info ( pk, NULL );
|
|
|
|
if( trustletter == 'u' )
|
|
|
|
ulti_hack = 1;
|
|
|
|
putchar(trustletter);
|
|
|
|
}
|
2004-01-30 17:49:28 +01:00
|
|
|
printf(":%u:%d:%08lX%08lX:%s:%s::",
|
1998-06-29 14:30:57 +02:00
|
|
|
nbits_from_pk( pk ),
|
|
|
|
pk->pubkey_algo,
|
1998-05-29 13:53:54 +02:00
|
|
|
(ulong)keyid[0],(ulong)keyid[1],
|
2002-06-29 15:46:34 +02:00
|
|
|
colon_datestr_from_pk( pk ),
|
|
|
|
colon_strtime (pk->expiredate) );
|
|
|
|
if( !opt.fast_list_mode && !opt.no_expensive_trust_checks )
|
|
|
|
putchar( get_ownertrust_info(pk) );
|
1998-05-29 13:53:54 +02:00
|
|
|
putchar(':');
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (opt.fixed_list_mode) {
|
|
|
|
/* do not merge the first uid with the primary key */
|
|
|
|
putchar(':');
|
|
|
|
putchar(':');
|
|
|
|
print_capabilities (pk, sk, keyblock);
|
2003-10-28 10:25:06 +01:00
|
|
|
if (secret) {
|
|
|
|
putchar(':'); /* End of field 13. */
|
|
|
|
putchar(':'); /* End of field 14. */
|
|
|
|
if (sk->protect.s2k.mode == 1001)
|
|
|
|
putchar('#'); /* Key is just a stub. */
|
|
|
|
else if (sk->protect.s2k.mode == 1002) {
|
|
|
|
/* Key is stored on an external token (card) or handled by
|
|
|
|
the gpg-agent. Print the serial number of that token
|
|
|
|
here. */
|
|
|
|
for (i=0; i < sk->protect.ivlen; i++)
|
|
|
|
printf ("%02X", sk->protect.iv[i]);
|
|
|
|
}
|
|
|
|
putchar(':'); /* End of field 15. */
|
|
|
|
}
|
2002-06-29 15:46:34 +02:00
|
|
|
putchar('\n');
|
|
|
|
if( fpr )
|
|
|
|
print_fingerprint( pk, sk, 0 );
|
|
|
|
if( opt.with_key_data )
|
2004-03-06 18:12:44 +01:00
|
|
|
print_key_data( pk );
|
2002-06-29 15:46:34 +02:00
|
|
|
any = 1;
|
1998-05-29 13:53:54 +02:00
|
|
|
}
|
1998-03-09 22:44:06 +01:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
|
2000-07-14 19:34:53 +02:00
|
|
|
if( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode ) {
|
2003-01-14 19:13:22 +01:00
|
|
|
PKT_user_id *uid=node->pkt->pkt.user_id;
|
2002-06-29 15:46:34 +02:00
|
|
|
if(attrib_fp && node->pkt->pkt.user_id->attrib_data!=NULL)
|
|
|
|
dump_attribs(node->pkt->pkt.user_id,pk,sk);
|
|
|
|
/*
|
|
|
|
* Fixme: We need a is_valid flag here too
|
|
|
|
*/
|
1998-03-09 22:44:06 +01:00
|
|
|
if( any ) {
|
2003-01-14 19:13:22 +01:00
|
|
|
char *str=uid->attrib_data?"uat":"uid";
|
* parse-packet.c (parse_signature): No need to reserve 8 bytes for the
unhashed signature cache any longer.
* misc.c (pct_expando): Add two new expandos - signer's fingerprint (%g),
and signer's primary fingerprint (%p).
* Makefile.am: Include W32LIBS where appropriate.
* g10.c (main): Add --rfc2440 alias for --openpgp since in a few months,
they won't be the same thing.
* keyserver.c (parse_keyserver_uri): Accept "http" as an alias for "hkp",
since it is occasionally written that way. (keyserver_spawn): Use
ascii_isspace to avoid locale issues.
* keygen.c (ask_user_id): Make --allow-freeform-uid apply to the email
field as well as the name field, and allow mixing fields when it is set.
* options.skel: Use subkeys.pgp.net as the default keyserver.
* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.
* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we have
struct sigaction. This is for Forte c89 on Solaris which seems to define
only the function call half of the two pairs by default.
(pause_on_sigusr): Typo. (do_block): If we can't use sigprocmask() and
sigset_t, try to get the number of signals from NSIG as well as MAXSIG,
and if we can't, fail with an explanation.
* signal.c, tdbio.c: Comment out the transaction code. It was not used in
this version, and was causing some build problems on quasi-posix platforms
(Solaris and Forte c89).
* keylist.c (list_keyblock_colon): Don't include validity values when
listing secret keys since they can be incorrect and/or misleading. This
is a temporary kludge, and will be handled properly in 1.9/2.0.
* mainproc.c (check_sig_and_print): Only show the "key available from"
preferred keyserver line if the key is not currently present.
* keyedit.c (sign_uids): Do not sign expired uids without --expert (same
behavior as revoked uids). Do not allow signing a user ID without a
self-signature. --expert overrides. Add additional prompt to the
signature level question. (menu_expire): When changing expiration dates,
don't replace selfsigs on revoked uids since this would effectively
unrevoke them. There is also no point in replacing expired selfsigs.
This is bug #181
* g10.c (add_notation_data): Make sure that only ascii is passed to
iscntrl. Noted by Christian Biere.
* getkey.c (classify_user_id2): Replaced isspace by spacep
* keygen.c (ask_user_id): Ditto. (get_parameter_algo): Ditto.
* keyedit.c (keyedit_menu): Ditto.
* tdbdump.c (import_ownertrust): Ditto. s/isxdigit/hexdigitp/.
* revoke.c (ask_revocation_reason):
* keyserver.c (keyserver_spawn): Dito.
2003-07-10 16:30:07 +02:00
|
|
|
/* If we're listing a secret key, leave out the
|
|
|
|
validity values for now. This is handled better in
|
|
|
|
1.9. */
|
|
|
|
if ( sk )
|
|
|
|
printf("%s:::::",str);
|
|
|
|
else if ( uid->is_revoked )
|
2003-01-14 19:13:22 +01:00
|
|
|
printf("%s:r::::",str);
|
|
|
|
else if ( uid->is_expired )
|
|
|
|
printf("%s:e::::",str);
|
* parse-packet.c (parse_signature): No need to reserve 8 bytes for the
unhashed signature cache any longer.
* misc.c (pct_expando): Add two new expandos - signer's fingerprint (%g),
and signer's primary fingerprint (%p).
* Makefile.am: Include W32LIBS where appropriate.
* g10.c (main): Add --rfc2440 alias for --openpgp since in a few months,
they won't be the same thing.
* keyserver.c (parse_keyserver_uri): Accept "http" as an alias for "hkp",
since it is occasionally written that way. (keyserver_spawn): Use
ascii_isspace to avoid locale issues.
* keygen.c (ask_user_id): Make --allow-freeform-uid apply to the email
field as well as the name field, and allow mixing fields when it is set.
* options.skel: Use subkeys.pgp.net as the default keyserver.
* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.
* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we have
struct sigaction. This is for Forte c89 on Solaris which seems to define
only the function call half of the two pairs by default.
(pause_on_sigusr): Typo. (do_block): If we can't use sigprocmask() and
sigset_t, try to get the number of signals from NSIG as well as MAXSIG,
and if we can't, fail with an explanation.
* signal.c, tdbio.c: Comment out the transaction code. It was not used in
this version, and was causing some build problems on quasi-posix platforms
(Solaris and Forte c89).
* keylist.c (list_keyblock_colon): Don't include validity values when
listing secret keys since they can be incorrect and/or misleading. This
is a temporary kludge, and will be handled properly in 1.9/2.0.
* mainproc.c (check_sig_and_print): Only show the "key available from"
preferred keyserver line if the key is not currently present.
* keyedit.c (sign_uids): Do not sign expired uids without --expert (same
behavior as revoked uids). Do not allow signing a user ID without a
self-signature. --expert overrides. Add additional prompt to the
signature level question. (menu_expire): When changing expiration dates,
don't replace selfsigs on revoked uids since this would effectively
unrevoke them. There is also no point in replacing expired selfsigs.
This is bug #181
* g10.c (add_notation_data): Make sure that only ascii is passed to
iscntrl. Noted by Christian Biere.
* getkey.c (classify_user_id2): Replaced isspace by spacep
* keygen.c (ask_user_id): Ditto. (get_parameter_algo): Ditto.
* keyedit.c (keyedit_menu): Ditto.
* tdbdump.c (import_ownertrust): Ditto. s/isxdigit/hexdigitp/.
* revoke.c (ask_revocation_reason):
* keyserver.c (keyserver_spawn): Dito.
2003-07-10 16:30:07 +02:00
|
|
|
else if ( opt.no_expensive_trust_checks )
|
2003-01-14 19:13:22 +01:00
|
|
|
printf("%s:::::",str);
|
2002-06-29 15:46:34 +02:00
|
|
|
else {
|
2002-11-13 14:23:03 +01:00
|
|
|
int uid_validity;
|
1999-03-08 20:50:18 +01:00
|
|
|
|
* armor.c (armor_filter): Comment about PGP's end of line tab problem.
* trustdb.h, trustdb.c (trust_letter): Make static. (get_ownertrust_info,
get_validity_info): Don't mask the trust level twice.
* trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info),
keylist.c (list_keyblock_colon), keyedit.c (show_key_with_all_names_colon,
menu_revuid): Pass a user ID in rather than a namehash, so we only have to
do the hashing in one place.
* packet.h, pkclist.c (build_pk_list), free-packet.c
(release_public_key_parts): Remove unused namehash element for public
keys.
2003-01-11 04:57:00 +01:00
|
|
|
if( pk && !ulti_hack )
|
2003-01-14 19:13:22 +01:00
|
|
|
uid_validity=get_validity_info (pk, uid);
|
1999-03-10 11:27:52 +01:00
|
|
|
else
|
2002-11-13 14:23:03 +01:00
|
|
|
uid_validity = 'u';
|
2003-01-14 19:13:22 +01:00
|
|
|
printf("%s:%c::::",str,uid_validity);
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
2003-01-14 19:13:22 +01:00
|
|
|
|
|
|
|
printf("%s:",colon_strtime(uid->created));
|
|
|
|
printf("%s:",colon_strtime(uid->expiredate));
|
|
|
|
|
|
|
|
namehash_from_uid(uid);
|
|
|
|
|
|
|
|
for(i=0; i < 20; i++ )
|
|
|
|
printf("%02X",uid->namehash[i]);
|
|
|
|
|
|
|
|
printf("::");
|
1999-08-31 17:30:12 +02:00
|
|
|
}
|
2003-01-14 19:13:22 +01:00
|
|
|
if(uid->attrib_data)
|
|
|
|
printf("%u %lu",uid->numattribs,uid->attrib_len);
|
2002-06-29 15:46:34 +02:00
|
|
|
else
|
2003-01-14 19:13:22 +01:00
|
|
|
print_string(stdout,uid->name,uid->len, ':' );
|
2002-06-29 15:46:34 +02:00
|
|
|
putchar(':');
|
|
|
|
if (any)
|
|
|
|
putchar('\n');
|
|
|
|
else {
|
|
|
|
putchar(':');
|
|
|
|
print_capabilities (pk, sk, keyblock);
|
|
|
|
putchar('\n');
|
|
|
|
if( fpr )
|
|
|
|
print_fingerprint( pk, sk, 0 );
|
1999-06-08 13:41:46 +02:00
|
|
|
if( opt.with_key_data )
|
2004-03-06 18:12:44 +01:00
|
|
|
print_key_data( pk );
|
1998-03-09 22:44:06 +01:00
|
|
|
any = 1;
|
|
|
|
}
|
|
|
|
}
|
1998-06-29 14:30:57 +02:00
|
|
|
else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
|
1998-04-02 12:30:03 +02:00
|
|
|
u32 keyid2[2];
|
1998-06-29 14:30:57 +02:00
|
|
|
PKT_public_key *pk2 = node->pkt->pkt.public_key;
|
1998-04-02 12:30:03 +02:00
|
|
|
|
|
|
|
if( !any ) {
|
2002-06-29 15:46:34 +02:00
|
|
|
putchar(':');
|
|
|
|
putchar(':');
|
|
|
|
print_capabilities (pk, sk, keyblock);
|
|
|
|
putchar('\n');
|
|
|
|
if( fpr )
|
|
|
|
print_fingerprint( pk, sk, 0 ); /* of the main key */
|
1998-04-02 12:30:03 +02:00
|
|
|
any = 1;
|
|
|
|
}
|
|
|
|
|
1998-06-29 14:30:57 +02:00
|
|
|
keyid_from_pk( pk2, keyid2 );
|
2002-06-29 15:46:34 +02:00
|
|
|
fputs ("sub:", stdout );
|
|
|
|
if ( !pk2->is_valid )
|
|
|
|
putchar ('i');
|
|
|
|
else if ( pk2->is_revoked )
|
|
|
|
putchar ('r');
|
|
|
|
else if ( pk2->has_expired )
|
|
|
|
putchar ('e');
|
|
|
|
else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
|
|
|
|
;
|
|
|
|
else {
|
2002-11-13 14:23:03 +01:00
|
|
|
/* trustletter should always be defined here */
|
|
|
|
if(trustletter)
|
|
|
|
printf("%c", trustletter );
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
2004-01-30 17:49:28 +01:00
|
|
|
printf(":%u:%d:%08lX%08lX:%s:%s:::::",
|
1998-06-29 14:30:57 +02:00
|
|
|
nbits_from_pk( pk2 ),
|
|
|
|
pk2->pubkey_algo,
|
1998-04-02 12:30:03 +02:00
|
|
|
(ulong)keyid2[0],(ulong)keyid2[1],
|
2002-06-29 15:46:34 +02:00
|
|
|
colon_datestr_from_pk( pk2 ),
|
|
|
|
colon_strtime (pk2->expiredate)
|
1998-04-02 12:30:03 +02:00
|
|
|
/* fixme: add LID and ownertrust here */
|
|
|
|
);
|
2002-06-29 15:46:34 +02:00
|
|
|
print_capabilities (pk2, NULL, NULL);
|
|
|
|
putchar('\n');
|
|
|
|
if( fpr > 1 )
|
|
|
|
print_fingerprint( pk2, NULL, 0 );
|
1999-06-08 13:41:46 +02:00
|
|
|
if( opt.with_key_data )
|
2004-03-06 18:12:44 +01:00
|
|
|
print_key_data( pk2 );
|
1998-04-02 12:30:03 +02:00
|
|
|
}
|
1998-06-29 14:30:57 +02:00
|
|
|
else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
|
1998-05-29 13:53:54 +02:00
|
|
|
u32 keyid2[2];
|
1998-06-29 14:30:57 +02:00
|
|
|
PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
|
1998-05-29 13:53:54 +02:00
|
|
|
|
|
|
|
if( !any ) {
|
2002-06-29 15:46:34 +02:00
|
|
|
putchar(':');
|
|
|
|
putchar(':');
|
|
|
|
print_capabilities (pk, sk, keyblock);
|
1998-05-29 13:53:54 +02:00
|
|
|
putchar('\n');
|
2002-06-29 15:46:34 +02:00
|
|
|
if( fpr )
|
|
|
|
print_fingerprint( pk, sk, 0 ); /* of the main key */
|
1998-05-29 13:53:54 +02:00
|
|
|
any = 1;
|
|
|
|
}
|
|
|
|
|
1998-06-29 14:30:57 +02:00
|
|
|
keyid_from_sk( sk2, keyid2 );
|
2002-06-29 15:46:34 +02:00
|
|
|
printf("ssb::%u:%d:%08lX%08lX:%s:%s:::::",
|
1998-06-29 14:30:57 +02:00
|
|
|
nbits_from_sk( sk2 ),
|
|
|
|
sk2->pubkey_algo,
|
1998-05-29 13:53:54 +02:00
|
|
|
(ulong)keyid2[0],(ulong)keyid2[1],
|
2002-06-29 15:46:34 +02:00
|
|
|
colon_datestr_from_sk( sk2 ),
|
|
|
|
colon_strtime (sk2->expiredate)
|
|
|
|
/* fixme: add LID */ );
|
|
|
|
print_capabilities (NULL, sk2, NULL);
|
2003-10-28 10:25:06 +01:00
|
|
|
if (opt.fixed_list_mode) {
|
|
|
|
/* We print the serial number only in fixed list mode
|
|
|
|
for the primary key so, so avoid questions we print
|
|
|
|
it for subkeys also only in this mode. There is no
|
|
|
|
technical reason, though. */
|
|
|
|
putchar(':'); /* End of field 13. */
|
|
|
|
putchar(':'); /* End of field 14. */
|
|
|
|
if (sk2->protect.s2k.mode == 1001)
|
|
|
|
putchar('#'); /* Key is just a stub. */
|
|
|
|
else if (sk2->protect.s2k.mode == 1002) {
|
|
|
|
/* Key is stored on an external token (card) or handled by
|
|
|
|
the gpg-agent. Print the serial number of that token
|
|
|
|
here. */
|
|
|
|
for (i=0; i < sk2->protect.ivlen; i++)
|
|
|
|
printf ("%02X", sk2->protect.iv[i]);
|
|
|
|
}
|
|
|
|
putchar(':'); /* End of field 15. */
|
|
|
|
}
|
2002-06-29 15:46:34 +02:00
|
|
|
putchar ('\n');
|
|
|
|
if( fpr > 1 )
|
2003-10-28 10:25:06 +01:00
|
|
|
print_fingerprint( NULL, sk2, 0 );
|
1998-05-29 13:53:54 +02:00
|
|
|
}
|
1998-03-09 22:44:06 +01:00
|
|
|
else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
|
|
|
|
PKT_signature *sig = node->pkt->pkt.signature;
|
2003-07-20 02:10:13 +02:00
|
|
|
int sigrc,fprokay=0;
|
2002-06-29 15:46:34 +02:00
|
|
|
char *sigstr;
|
2003-07-20 02:10:13 +02:00
|
|
|
size_t fplen;
|
|
|
|
byte fparray[MAX_FINGERPRINT_LEN];
|
1998-03-09 22:44:06 +01:00
|
|
|
|
|
|
|
if( !any ) { /* no user id, (maybe a revocation follows)*/
|
|
|
|
if( sig->sig_class == 0x20 )
|
2002-06-29 15:46:34 +02:00
|
|
|
fputs("[revoked]:", stdout);
|
1998-05-29 13:53:54 +02:00
|
|
|
else if( sig->sig_class == 0x18 )
|
2002-06-29 15:46:34 +02:00
|
|
|
fputs("[key binding]:", stdout);
|
1999-04-28 13:06:52 +02:00
|
|
|
else if( sig->sig_class == 0x28 )
|
2002-06-29 15:46:34 +02:00
|
|
|
fputs("[subkey revoked]:", stdout);
|
|
|
|
else
|
|
|
|
putchar (':');
|
|
|
|
putchar(':');
|
|
|
|
print_capabilities (pk, sk, keyblock);
|
|
|
|
putchar('\n');
|
|
|
|
if( fpr )
|
|
|
|
print_fingerprint( pk, sk, 0 );
|
1998-03-09 22:44:06 +01:00
|
|
|
any=1;
|
|
|
|
}
|
|
|
|
|
1999-04-28 13:06:52 +02:00
|
|
|
if( sig->sig_class == 0x20 || sig->sig_class == 0x28
|
|
|
|
|| sig->sig_class == 0x30 )
|
2000-07-14 19:34:53 +02:00
|
|
|
sigstr = "rev";
|
1998-03-09 22:44:06 +01:00
|
|
|
else if( (sig->sig_class&~3) == 0x10 )
|
2000-07-14 19:34:53 +02:00
|
|
|
sigstr = "sig";
|
1998-04-02 12:30:03 +02:00
|
|
|
else if( sig->sig_class == 0x18 )
|
2000-07-14 19:34:53 +02:00
|
|
|
sigstr = "sig";
|
2002-09-19 19:13:03 +02:00
|
|
|
else if( sig->sig_class == 0x1F )
|
|
|
|
sigstr = "sig";
|
1998-03-09 22:44:06 +01:00
|
|
|
else {
|
2002-06-29 15:46:34 +02:00
|
|
|
printf ("sig::::::::::%02x%c:\n",
|
|
|
|
sig->sig_class, sig->flags.exportable?'x':'l');
|
1998-03-09 22:44:06 +01:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if( opt.check_sigs ) {
|
2003-07-20 02:10:13 +02:00
|
|
|
PKT_public_key *signer_pk=NULL;
|
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
fflush(stdout);
|
2003-07-20 02:10:13 +02:00
|
|
|
if(opt.no_sig_cache)
|
|
|
|
signer_pk=m_alloc_clear(sizeof(PKT_public_key));
|
|
|
|
|
|
|
|
rc = check_key_signature2( keyblock, node, NULL, signer_pk,
|
2003-07-22 01:19:15 +02:00
|
|
|
NULL, NULL, NULL );
|
1998-03-09 22:44:06 +01:00
|
|
|
switch( rc ) {
|
|
|
|
case 0: sigrc = '!'; break;
|
2002-06-29 15:46:34 +02:00
|
|
|
case G10ERR_BAD_SIGN: sigrc = '-'; break;
|
|
|
|
case G10ERR_NO_PUBKEY:
|
|
|
|
case G10ERR_UNU_PUBKEY: sigrc = '?'; break;
|
1998-03-09 22:44:06 +01:00
|
|
|
default: sigrc = '%'; break;
|
|
|
|
}
|
2003-07-20 02:10:13 +02:00
|
|
|
|
|
|
|
if(opt.no_sig_cache)
|
|
|
|
{
|
|
|
|
if(rc==0)
|
|
|
|
{
|
|
|
|
fingerprint_from_pk (signer_pk, fparray, &fplen);
|
|
|
|
fprokay=1;
|
|
|
|
}
|
|
|
|
free_public_key(signer_pk);
|
|
|
|
}
|
1998-03-09 22:44:06 +01:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
rc = 0;
|
|
|
|
sigrc = ' ';
|
|
|
|
}
|
2002-06-29 15:46:34 +02:00
|
|
|
fputs( sigstr, stdout );
|
|
|
|
putchar(':');
|
|
|
|
if( sigrc != ' ' )
|
|
|
|
putchar(sigrc);
|
2003-01-27 22:49:37 +01:00
|
|
|
printf("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
|
|
|
|
(ulong)sig->keyid[0], (ulong)sig->keyid[1],
|
|
|
|
colon_datestr_from_sig(sig),
|
|
|
|
colon_expirestr_from_sig(sig));
|
|
|
|
|
|
|
|
if(sig->trust_depth || sig->trust_value)
|
|
|
|
printf("%d %d",sig->trust_depth,sig->trust_value);
|
|
|
|
printf(":");
|
|
|
|
|
|
|
|
if(sig->trust_regexp)
|
|
|
|
print_string(stdout,sig->trust_regexp,
|
|
|
|
strlen(sig->trust_regexp),':');
|
|
|
|
printf(":");
|
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
if( sigrc == '%' )
|
2002-06-29 15:46:34 +02:00
|
|
|
printf("[%s] ", g10_errstr(rc) );
|
1998-03-09 22:44:06 +01:00
|
|
|
else if( sigrc == '?' )
|
|
|
|
;
|
2000-07-14 19:34:53 +02:00
|
|
|
else if ( !opt.fast_list_mode ) {
|
1998-03-09 22:44:06 +01:00
|
|
|
size_t n;
|
|
|
|
char *p = get_user_id( sig->keyid, &n );
|
2002-06-29 15:46:34 +02:00
|
|
|
print_string( stdout, p, n, ':' );
|
|
|
|
m_free(p);
|
1998-03-09 22:44:06 +01:00
|
|
|
}
|
2003-07-20 02:10:13 +02:00
|
|
|
printf(":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
|
|
|
|
|
|
|
|
if(opt.no_sig_cache && opt.check_sigs && fprokay)
|
|
|
|
{
|
|
|
|
printf(":");
|
|
|
|
|
|
|
|
for (i=0; i < fplen ; i++ )
|
|
|
|
printf ("%02X", fparray[i] );
|
|
|
|
|
|
|
|
printf(":");
|
|
|
|
}
|
|
|
|
|
|
|
|
printf("\n");
|
|
|
|
|
2004-09-12 17:27:38 +02:00
|
|
|
if(opt.show_subpackets)
|
|
|
|
print_subpackets_colon(sig);
|
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
/* fixme: check or list other sigs here */
|
1998-03-09 22:44:06 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if( !any ) {/* oops, no user id */
|
2002-06-29 15:46:34 +02:00
|
|
|
putchar(':');
|
|
|
|
putchar(':');
|
|
|
|
print_capabilities (pk, sk, keyblock);
|
1998-03-09 22:44:06 +01:00
|
|
|
putchar('\n');
|
|
|
|
}
|
1998-10-21 19:34:36 +02:00
|
|
|
}
|
1998-03-09 22:44:06 +01:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
/*
|
|
|
|
* Reorder the keyblock so that the primary user ID (and not attribute
|
|
|
|
* packet) comes first. Fixme: Replace this by a generic sort
|
|
|
|
* function. */
|
2002-12-04 00:31:48 +01:00
|
|
|
void
|
2002-06-29 15:46:34 +02:00
|
|
|
reorder_keyblock (KBNODE keyblock)
|
|
|
|
{
|
|
|
|
KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
|
|
|
|
KBNODE last, node;
|
|
|
|
|
|
|
|
for (node=keyblock; node; primary0=node, node = node->next) {
|
|
|
|
if( node->pkt->pkttype == PKT_USER_ID &&
|
|
|
|
!node->pkt->pkt.user_id->attrib_data &&
|
|
|
|
node->pkt->pkt.user_id->is_primary ) {
|
|
|
|
primary = primary2 = node;
|
|
|
|
for (node=node->next; node; primary2=node, node = node->next ) {
|
|
|
|
if( node->pkt->pkttype == PKT_USER_ID
|
|
|
|
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|
|
|
|
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ( !primary )
|
|
|
|
return; /* no primary key flag found (should not happen) */
|
1998-03-09 22:44:06 +01:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
for (last=NULL, node=keyblock; node; last = node, node = node->next) {
|
|
|
|
if( node->pkt->pkttype == PKT_USER_ID )
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
assert (node);
|
|
|
|
assert (last); /* the user ID is never the first packet */
|
|
|
|
assert (primary0); /* ditto (this is the node before primary) */
|
|
|
|
if ( node == primary )
|
|
|
|
return; /* already the first one */
|
1998-03-09 22:44:06 +01:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
last->next = primary;
|
|
|
|
primary0->next = primary2->next;
|
|
|
|
primary2->next = node;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque )
|
1998-03-09 22:44:06 +01:00
|
|
|
{
|
2002-06-29 15:46:34 +02:00
|
|
|
reorder_keyblock (keyblock);
|
|
|
|
if (opt.with_colons)
|
|
|
|
list_keyblock_colon (keyblock, secret, fpr );
|
|
|
|
else
|
|
|
|
list_keyblock_print (keyblock, secret, fpr, opaque );
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* standard function to print the finperprint.
|
|
|
|
* mode 0: as used in key listings, opt.with_colons is honored
|
|
|
|
* 1: print using log_info ()
|
|
|
|
* 2: direct use of tty
|
2002-08-19 10:28:00 +02:00
|
|
|
* 3: direct use of tty but only primary key.
|
2002-07-23 20:42:18 +02:00
|
|
|
* modes 1 and 2 will try and print both subkey and primary key fingerprints
|
2002-06-29 15:46:34 +02:00
|
|
|
*/
|
|
|
|
void
|
|
|
|
print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
|
|
|
|
{
|
|
|
|
byte array[MAX_FINGERPRINT_LEN], *p;
|
1998-03-09 22:44:06 +01:00
|
|
|
size_t i, n;
|
2002-06-29 15:46:34 +02:00
|
|
|
FILE *fp;
|
|
|
|
const char *text;
|
2002-07-23 20:42:18 +02:00
|
|
|
int primary=0;
|
|
|
|
|
|
|
|
if(sk)
|
|
|
|
{
|
|
|
|
if(sk->main_keyid[0]==sk->keyid[0] && sk->main_keyid[1]==sk->keyid[1])
|
|
|
|
primary=1;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
if(pk->main_keyid[0]==pk->keyid[0] && pk->main_keyid[1]==pk->keyid[1])
|
|
|
|
primary=1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Just to be safe */
|
|
|
|
if(mode&0x80 && !primary)
|
|
|
|
{
|
|
|
|
log_error("primary key is not really primary!\n");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
mode&=~0x80;
|
|
|
|
|
|
|
|
if(!primary && (mode==1 || mode==2))
|
|
|
|
{
|
|
|
|
if(sk)
|
|
|
|
{
|
|
|
|
PKT_secret_key *primary_sk=m_alloc_clear(sizeof(*primary_sk));
|
|
|
|
get_seckey(primary_sk,sk->main_keyid);
|
|
|
|
print_fingerprint(NULL,primary_sk,mode|0x80);
|
|
|
|
free_secret_key(primary_sk);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
PKT_public_key *primary_pk=m_alloc_clear(sizeof(*primary_pk));
|
|
|
|
get_pubkey(primary_pk,pk->main_keyid);
|
|
|
|
print_fingerprint(primary_pk,NULL,mode|0x80);
|
|
|
|
free_public_key(primary_pk);
|
|
|
|
}
|
|
|
|
}
|
1998-03-09 22:44:06 +01:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
if (mode == 1) {
|
|
|
|
fp = log_stream ();
|
2002-07-23 20:42:18 +02:00
|
|
|
if(primary)
|
|
|
|
text = _("Primary key fingerprint:");
|
|
|
|
else
|
|
|
|
text = _(" Subkey fingerprint:");
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
|
|
|
else if (mode == 2) {
|
|
|
|
fp = NULL; /* use tty */
|
|
|
|
/* Translators: this should fit into 24 bytes to that the fingerprint
|
|
|
|
* data is properly aligned with the user ID */
|
2002-07-23 20:42:18 +02:00
|
|
|
if(primary)
|
|
|
|
text = _(" Primary key fingerprint:");
|
|
|
|
else
|
|
|
|
text = _(" Subkey fingerprint:");
|
1998-03-09 22:44:06 +01:00
|
|
|
}
|
2002-08-19 10:28:00 +02:00
|
|
|
else if (mode == 3) {
|
|
|
|
fp = NULL; /* use tty */
|
* keyedit.c (print_and_check_one_sig, show_key_and_fingerprint,
menu_addrevoker), keylist.c (list_keyblock_print, print_fingerprint): Show
"T" or the trust depth for trust signatures, and add spaces to some
strings to make room for it.
* packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
parse_signature): Parse trust signature values.
* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Reserve a byte
for the minimum ownertrust value (for use with trust signatures).
2002-10-29 19:00:07 +01:00
|
|
|
text = _(" Key fingerprint =");
|
2002-08-19 10:28:00 +02:00
|
|
|
}
|
1998-03-09 22:44:06 +01:00
|
|
|
else {
|
2002-06-29 15:46:34 +02:00
|
|
|
fp = stdout;
|
* keyedit.c (print_and_check_one_sig, show_key_and_fingerprint,
menu_addrevoker), keylist.c (list_keyblock_print, print_fingerprint): Show
"T" or the trust depth for trust signatures, and add spaces to some
strings to make room for it.
* packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
parse_signature): Parse trust signature values.
* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Reserve a byte
for the minimum ownertrust value (for use with trust signatures).
2002-10-29 19:00:07 +01:00
|
|
|
text = _(" Key fingerprint =");
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (sk)
|
|
|
|
fingerprint_from_sk (sk, array, &n);
|
|
|
|
else
|
|
|
|
fingerprint_from_pk (pk, array, &n);
|
|
|
|
p = array;
|
|
|
|
if (opt.with_colons && !mode) {
|
|
|
|
fprintf (fp, "fpr:::::::::");
|
|
|
|
for (i=0; i < n ; i++, p++ )
|
|
|
|
fprintf (fp, "%02X", *p );
|
|
|
|
putc(':', fp);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
if (fp)
|
|
|
|
fputs (text, fp);
|
|
|
|
else
|
|
|
|
tty_printf ("%s", text);
|
|
|
|
if (n == 20) {
|
|
|
|
for (i=0; i < n ; i++, i++, p += 2 ) {
|
|
|
|
if (fp) {
|
|
|
|
if (i == 10 )
|
|
|
|
putc(' ', fp);
|
|
|
|
fprintf (fp, " %02X%02X", *p, p[1] );
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
if (i == 10 )
|
|
|
|
tty_printf (" ");
|
|
|
|
tty_printf (" %02X%02X", *p, p[1]);
|
|
|
|
}
|
1998-03-09 22:44:06 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
2002-06-29 15:46:34 +02:00
|
|
|
for (i=0; i < n ; i++, p++ ) {
|
|
|
|
if (fp) {
|
|
|
|
if (i && !(i%8) )
|
|
|
|
putc (' ', fp);
|
|
|
|
fprintf (fp, " %02X", *p );
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
if (i && !(i%8) )
|
|
|
|
tty_printf (" ");
|
|
|
|
tty_printf (" %02X", *p );
|
|
|
|
}
|
1998-03-09 22:44:06 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2002-06-29 15:46:34 +02:00
|
|
|
if (fp)
|
|
|
|
putc ('\n', fp);
|
|
|
|
else
|
|
|
|
tty_printf ("\n");
|
1998-03-05 10:22:13 +01:00
|
|
|
}
|
|
|
|
|
2004-09-20 20:38:39 +02:00
|
|
|
/* Print the serial number of an OpenPGP card if available. */
|
|
|
|
static void
|
|
|
|
print_card_serialno (PKT_secret_key *sk)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if (!sk)
|
|
|
|
return;
|
|
|
|
if (!sk->is_protected || sk->protect.s2k.mode != 1002)
|
|
|
|
return; /* Not a card. */
|
|
|
|
if (opt.with_colons)
|
2004-10-14 22:13:16 +02:00
|
|
|
return; /* Handled elsewhere. */
|
2004-09-20 20:38:39 +02:00
|
|
|
|
|
|
|
fputs (_(" Card serial no. ="), stdout);
|
|
|
|
putchar (' ');
|
|
|
|
if (sk->protect.ivlen == 16
|
|
|
|
&& !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6) )
|
|
|
|
{ /* This is an OpenPGP card. Just print the relevant part. */
|
|
|
|
for (i=8; i < 14; i++)
|
|
|
|
{
|
|
|
|
if (i == 10)
|
|
|
|
putchar (' ');
|
|
|
|
printf ("%02X", sk->protect.iv[i]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{ /* Something is wrong: Print all. */
|
|
|
|
for (i=0; i < sk->protect.ivlen; i++)
|
|
|
|
printf ("%02X", sk->protect.iv[i]);
|
|
|
|
}
|
|
|
|
putchar ('\n');
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
void set_attrib_fd(int fd)
|
|
|
|
{
|
|
|
|
static int last_fd=-1;
|
|
|
|
|
|
|
|
if ( fd != -1 && last_fd == fd )
|
|
|
|
return;
|
|
|
|
|
|
|
|
if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr )
|
|
|
|
fclose (attrib_fp);
|
|
|
|
attrib_fp = NULL;
|
|
|
|
if ( fd == -1 )
|
|
|
|
return;
|
|
|
|
|
|
|
|
if( fd == 1 )
|
|
|
|
attrib_fp = stdout;
|
|
|
|
else if( fd == 2 )
|
|
|
|
attrib_fp = stderr;
|
|
|
|
else
|
2004-01-21 05:35:32 +01:00
|
|
|
attrib_fp = fdopen( fd, "wb" );
|
2002-06-29 15:46:34 +02:00
|
|
|
if( !attrib_fp ) {
|
|
|
|
log_fatal("can't open fd %d for attribute output: %s\n",
|
|
|
|
fd, strerror(errno));
|
|
|
|
}
|
2004-01-21 05:35:32 +01:00
|
|
|
|
2002-06-29 15:46:34 +02:00
|
|
|
last_fd = fd;
|
|
|
|
}
|