2007-08-23 19:41:22 +02:00
|
|
|
|
/* export.c - Export certificates and private keys.
|
2010-03-08 13:22:18 +01:00
|
|
|
|
* Copyright (C) 2002, 2003, 2004, 2007, 2009,
|
|
|
|
|
* 2010 Free Software Foundation, Inc.
|
2003-08-05 19:11:04 +02:00
|
|
|
|
*
|
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2007-07-04 21:49:40 +02:00
|
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2003-08-05 19:11:04 +02:00
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2016-11-05 12:02:19 +01:00
|
|
|
|
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
2003-08-05 19:11:04 +02:00
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <time.h>
|
|
|
|
|
|
|
|
|
|
#include "gpgsm.h"
|
|
|
|
|
#include <gcrypt.h>
|
|
|
|
|
#include <ksba.h>
|
|
|
|
|
|
|
|
|
|
#include "keydb.h"
|
2017-03-07 12:21:23 +01:00
|
|
|
|
#include "../common/exechelp.h"
|
|
|
|
|
#include "../common/i18n.h"
|
|
|
|
|
#include "../common/sysutils.h"
|
2010-06-21 12:01:24 +02:00
|
|
|
|
#include "minip12.h"
|
2004-02-19 17:26:32 +01:00
|
|
|
|
|
2004-03-03 09:55:50 +01:00
|
|
|
|
/* A table to store a fingerprint as used in a duplicates table. We
|
2009-03-06 18:31:27 +01:00
|
|
|
|
don't need to hash here because a fingerprint is already a perfect
|
2004-03-02 09:02:47 +01:00
|
|
|
|
hash value. This we use the most significant bits to index the
|
|
|
|
|
table and then use a linked list for the overflow. Possible
|
2009-03-06 18:31:27 +01:00
|
|
|
|
enhancement for very large number of certificates: Add a second
|
|
|
|
|
level table and then resort to a linked list. */
|
2004-03-02 09:02:47 +01:00
|
|
|
|
struct duptable_s
|
|
|
|
|
{
|
|
|
|
|
struct duptable_s *next;
|
|
|
|
|
|
|
|
|
|
/* Note that we only need to store 19 bytes because the first byte
|
Spelling cleanup.
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 15:34:42 +01:00
|
|
|
|
is implicitly given by the table index (we require at least 8
|
2004-03-02 09:02:47 +01:00
|
|
|
|
bits). */
|
|
|
|
|
unsigned char fpr[19];
|
|
|
|
|
};
|
|
|
|
|
typedef struct duptable_s *duptable_t;
|
|
|
|
|
#define DUPTABLE_BITS 12
|
|
|
|
|
#define DUPTABLE_SIZE (1 << DUPTABLE_BITS)
|
|
|
|
|
|
2003-08-05 19:11:04 +02:00
|
|
|
|
|
2010-06-21 12:01:24 +02:00
|
|
|
|
static void print_short_info (ksba_cert_t cert, estream_t stream);
|
2004-09-29 15:50:31 +02:00
|
|
|
|
static gpg_error_t export_p12 (ctrl_t ctrl,
|
|
|
|
|
const unsigned char *certimg, size_t certimglen,
|
2004-02-19 17:26:32 +01:00
|
|
|
|
const char *prompt, const char *keygrip,
|
2014-06-03 18:57:33 +02:00
|
|
|
|
int rawmode,
|
2010-06-21 12:01:24 +02:00
|
|
|
|
void **r_result, size_t *r_resultlen);
|
2003-08-05 19:11:04 +02:00
|
|
|
|
|
|
|
|
|
|
2004-03-02 09:02:47 +01:00
|
|
|
|
/* Create a table used to indetify duplicated certificates. */
|
|
|
|
|
static duptable_t *
|
|
|
|
|
create_duptable (void)
|
|
|
|
|
{
|
|
|
|
|
return xtrycalloc (DUPTABLE_SIZE, sizeof (duptable_t));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
destroy_duptable (duptable_t *table)
|
|
|
|
|
{
|
|
|
|
|
int idx;
|
|
|
|
|
duptable_t t, t2;
|
|
|
|
|
|
|
|
|
|
if (table)
|
|
|
|
|
{
|
2011-02-04 12:57:53 +01:00
|
|
|
|
for (idx=0; idx < DUPTABLE_SIZE; idx++)
|
2004-03-02 09:02:47 +01:00
|
|
|
|
for (t = table[idx]; t; t = t2)
|
|
|
|
|
{
|
|
|
|
|
t2 = t->next;
|
|
|
|
|
xfree (t);
|
|
|
|
|
}
|
|
|
|
|
xfree (table);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Insert the 20 byte fingerprint FPR into TABLE. Sets EXITS to true
|
|
|
|
|
if the fingerprint already exists in the table. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
insert_duptable (duptable_t *table, unsigned char *fpr, int *exists)
|
|
|
|
|
{
|
|
|
|
|
size_t idx;
|
|
|
|
|
duptable_t t;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2004-03-02 09:02:47 +01:00
|
|
|
|
*exists = 0;
|
|
|
|
|
idx = fpr[0];
|
2004-03-03 09:55:50 +01:00
|
|
|
|
#if DUPTABLE_BITS > 16 || DUPTABLE_BITS < 8
|
|
|
|
|
#error cannot handle a table larger than 16 bits or smaller than 8 bits
|
2004-03-02 09:02:47 +01:00
|
|
|
|
#elif DUPTABLE_BITS > 8
|
2011-02-04 12:57:53 +01:00
|
|
|
|
idx <<= (DUPTABLE_BITS - 8);
|
2016-01-26 03:00:53 +01:00
|
|
|
|
idx |= (fpr[1] & ~(~0U << 4));
|
2011-02-04 12:57:53 +01:00
|
|
|
|
#endif
|
2004-03-02 09:02:47 +01:00
|
|
|
|
|
|
|
|
|
for (t = table[idx]; t; t = t->next)
|
|
|
|
|
if (!memcmp (t->fpr, fpr+1, 19))
|
|
|
|
|
break;
|
|
|
|
|
if (t)
|
|
|
|
|
{
|
|
|
|
|
*exists = 1;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
/* Insert that fingerprint. */
|
|
|
|
|
t = xtrymalloc (sizeof *t);
|
|
|
|
|
if (!t)
|
2006-09-14 18:50:33 +02:00
|
|
|
|
return gpg_error_from_syserror ();
|
2004-03-02 09:02:47 +01:00
|
|
|
|
memcpy (t->fpr, fpr+1, 19);
|
|
|
|
|
t->next = table[idx];
|
|
|
|
|
table[idx] = t;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2010-03-08 19:19:21 +01:00
|
|
|
|
/* Export all certificates or just those given in NAMES. The output
|
|
|
|
|
is written to STREAM. */
|
2003-08-05 19:11:04 +02:00
|
|
|
|
void
|
2010-03-08 19:19:21 +01:00
|
|
|
|
gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
|
2003-08-05 19:11:04 +02:00
|
|
|
|
{
|
2004-03-02 09:02:47 +01:00
|
|
|
|
KEYDB_HANDLE hd = NULL;
|
2003-08-05 19:11:04 +02:00
|
|
|
|
KEYDB_SEARCH_DESC *desc = NULL;
|
|
|
|
|
int ndesc;
|
2017-02-16 17:11:38 +01:00
|
|
|
|
gnupg_ksba_io_t b64writer = NULL;
|
2003-12-17 13:28:24 +01:00
|
|
|
|
ksba_writer_t writer;
|
2006-10-02 13:54:35 +02:00
|
|
|
|
strlist_t sl;
|
2003-12-17 13:28:24 +01:00
|
|
|
|
ksba_cert_t cert = NULL;
|
2003-08-05 19:11:04 +02:00
|
|
|
|
int rc=0;
|
|
|
|
|
int count = 0;
|
|
|
|
|
int i;
|
2004-03-02 09:02:47 +01:00
|
|
|
|
duptable_t *dtable;
|
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2004-03-02 09:02:47 +01:00
|
|
|
|
dtable = create_duptable ();
|
|
|
|
|
if (!dtable)
|
|
|
|
|
{
|
|
|
|
|
log_error ("creating duplicates table failed: %s\n", strerror (errno));
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2003-08-05 19:11:04 +02:00
|
|
|
|
|
2020-09-02 17:27:30 +02:00
|
|
|
|
hd = keydb_new (ctrl);
|
2003-08-05 19:11:04 +02:00
|
|
|
|
if (!hd)
|
|
|
|
|
{
|
|
|
|
|
log_error ("keydb_new failed\n");
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!names)
|
|
|
|
|
ndesc = 1;
|
|
|
|
|
else
|
|
|
|
|
{
|
2011-02-04 12:57:53 +01:00
|
|
|
|
for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++)
|
2003-08-05 19:11:04 +02:00
|
|
|
|
;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
desc = xtrycalloc (ndesc, sizeof *desc);
|
|
|
|
|
if (!ndesc)
|
|
|
|
|
{
|
|
|
|
|
log_error ("allocating memory for export failed: %s\n",
|
2006-09-06 18:35:52 +02:00
|
|
|
|
gpg_strerror (out_of_core ()));
|
2003-08-05 19:11:04 +02:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!names)
|
|
|
|
|
desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
else
|
2003-08-05 19:11:04 +02:00
|
|
|
|
{
|
2011-02-04 12:57:53 +01:00
|
|
|
|
for (ndesc=0, sl=names; sl; sl = sl->next)
|
2003-08-05 19:11:04 +02:00
|
|
|
|
{
|
2011-04-25 23:56:47 +02:00
|
|
|
|
rc = classify_user_id (sl->d, desc+ndesc, 0);
|
2003-08-05 19:11:04 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
{
|
2012-06-05 19:29:22 +02:00
|
|
|
|
log_error ("key '%s' not found: %s\n",
|
2003-08-05 19:11:04 +02:00
|
|
|
|
sl->d, gpg_strerror (rc));
|
|
|
|
|
rc = 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
ndesc++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2009-03-06 18:31:27 +01:00
|
|
|
|
/* If all specifications are done by fingerprint or keygrip, we
|
|
|
|
|
switch to ephemeral mode so that _all_ currently available and
|
|
|
|
|
matching certificates are exported. */
|
2003-08-05 19:11:04 +02:00
|
|
|
|
if (names && ndesc)
|
|
|
|
|
{
|
|
|
|
|
for (i=0; (i < ndesc
|
|
|
|
|
&& (desc[i].mode == KEYDB_SEARCH_MODE_FPR
|
2009-03-06 18:31:27 +01:00
|
|
|
|
|| desc[i].mode == KEYDB_SEARCH_MODE_KEYGRIP)); i++)
|
2003-08-05 19:11:04 +02:00
|
|
|
|
;
|
|
|
|
|
if (i == ndesc)
|
|
|
|
|
keydb_set_ephemeral (hd, 1);
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2016-11-10 17:01:19 +01:00
|
|
|
|
while (!(rc = keydb_search (ctrl, hd, desc, ndesc)))
|
2003-08-05 19:11:04 +02:00
|
|
|
|
{
|
2004-03-02 09:02:47 +01:00
|
|
|
|
unsigned char fpr[20];
|
|
|
|
|
int exists;
|
2003-08-05 19:11:04 +02:00
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (!names)
|
2003-08-05 19:11:04 +02:00
|
|
|
|
desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
|
|
|
|
|
|
|
|
|
|
rc = keydb_get_cert (hd, &cert);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (rc)
|
2003-08-05 19:11:04 +02:00
|
|
|
|
{
|
|
|
|
|
log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc));
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
2004-03-02 09:02:47 +01:00
|
|
|
|
gpgsm_get_fingerprint (cert, 0, fpr, NULL);
|
|
|
|
|
rc = insert_duptable (dtable, fpr, &exists);
|
|
|
|
|
if (rc)
|
2003-08-05 19:11:04 +02:00
|
|
|
|
{
|
2009-03-06 18:31:27 +01:00
|
|
|
|
log_error ("inserting into duplicates table failed: %s\n",
|
2004-03-02 09:02:47 +01:00
|
|
|
|
gpg_strerror (rc));
|
2003-08-05 19:11:04 +02:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
2004-03-03 09:55:50 +01:00
|
|
|
|
if (!exists && count && !ctrl->create_pem)
|
|
|
|
|
{
|
|
|
|
|
log_info ("exporting more than one certificate "
|
|
|
|
|
"is not possible in binary mode\n");
|
|
|
|
|
log_info ("ignoring other certificates\n");
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2004-03-02 09:02:47 +01:00
|
|
|
|
if (!exists)
|
2003-08-05 19:11:04 +02:00
|
|
|
|
{
|
2004-03-02 09:02:47 +01:00
|
|
|
|
const unsigned char *image;
|
|
|
|
|
size_t imagelen;
|
2003-08-05 19:11:04 +02:00
|
|
|
|
|
2004-03-02 09:02:47 +01:00
|
|
|
|
image = ksba_cert_get_image (cert, &imagelen);
|
|
|
|
|
if (!image)
|
2003-08-05 19:11:04 +02:00
|
|
|
|
{
|
2004-03-02 09:02:47 +01:00
|
|
|
|
log_error ("ksba_cert_get_image failed\n");
|
2003-08-05 19:11:04 +02:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2004-03-02 09:02:47 +01:00
|
|
|
|
if (ctrl->create_pem)
|
2003-08-05 19:11:04 +02:00
|
|
|
|
{
|
2004-03-02 09:02:47 +01:00
|
|
|
|
if (count)
|
2007-03-19 16:44:59 +01:00
|
|
|
|
es_putc ('\n', stream);
|
2010-06-21 12:01:24 +02:00
|
|
|
|
print_short_info (cert, stream);
|
2010-03-08 19:19:21 +01:00
|
|
|
|
es_putc ('\n', stream);
|
2004-03-02 09:02:47 +01:00
|
|
|
|
}
|
|
|
|
|
count++;
|
|
|
|
|
|
|
|
|
|
if (!b64writer)
|
|
|
|
|
{
|
|
|
|
|
ctrl->pem_name = "CERTIFICATE";
|
2017-02-16 15:16:48 +01:00
|
|
|
|
rc = gnupg_ksba_create_writer
|
|
|
|
|
(&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
|
|
|
|
|
| (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 :0)),
|
|
|
|
|
ctrl->pem_name, stream, &writer);
|
2004-03-02 09:02:47 +01:00
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
log_error ("can't create writer: %s\n", gpg_strerror (rc));
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = ksba_writer_write (writer, image, imagelen);
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
log_error ("write error: %s\n", gpg_strerror (rc));
|
2003-08-05 19:11:04 +02:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2004-03-02 09:02:47 +01:00
|
|
|
|
|
|
|
|
|
if (ctrl->create_pem)
|
|
|
|
|
{
|
|
|
|
|
/* We want one certificate per PEM block */
|
2017-02-16 17:11:38 +01:00
|
|
|
|
rc = gnupg_ksba_finish_writer (b64writer);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (rc)
|
2004-03-02 09:02:47 +01:00
|
|
|
|
{
|
|
|
|
|
log_error ("write failed: %s\n", gpg_strerror (rc));
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2017-02-16 17:11:38 +01:00
|
|
|
|
gnupg_ksba_destroy_writer (b64writer);
|
2004-03-02 09:02:47 +01:00
|
|
|
|
b64writer = NULL;
|
|
|
|
|
}
|
2003-08-05 19:11:04 +02:00
|
|
|
|
}
|
2004-03-02 09:02:47 +01:00
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
ksba_cert_release (cert);
|
2003-08-05 19:11:04 +02:00
|
|
|
|
cert = NULL;
|
|
|
|
|
}
|
2020-09-10 13:05:17 +02:00
|
|
|
|
if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
|
2003-08-05 19:11:04 +02:00
|
|
|
|
log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
|
|
|
|
|
else if (b64writer)
|
|
|
|
|
{
|
2017-02-16 17:11:38 +01:00
|
|
|
|
rc = gnupg_ksba_finish_writer (b64writer);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (rc)
|
2003-08-05 19:11:04 +02:00
|
|
|
|
{
|
|
|
|
|
log_error ("write failed: %s\n", gpg_strerror (rc));
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-08-05 19:11:04 +02:00
|
|
|
|
leave:
|
2017-02-16 17:11:38 +01:00
|
|
|
|
gnupg_ksba_destroy_writer (b64writer);
|
2003-08-05 19:11:04 +02:00
|
|
|
|
ksba_cert_release (cert);
|
|
|
|
|
xfree (desc);
|
|
|
|
|
keydb_release (hd);
|
2004-03-02 09:02:47 +01:00
|
|
|
|
destroy_duptable (dtable);
|
2003-08-05 19:11:04 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2014-06-03 18:57:33 +02:00
|
|
|
|
/* Export a certificate and its private key. RAWMODE controls the
|
|
|
|
|
actual output:
|
|
|
|
|
0 - Private key and certifciate in PKCS#12 format
|
|
|
|
|
1 - Only unencrypted private key in PKCS#8 format
|
|
|
|
|
2 - Only unencrypted private key in PKCS#1 format
|
|
|
|
|
*/
|
2004-02-19 17:26:32 +01:00
|
|
|
|
void
|
2014-06-03 18:57:33 +02:00
|
|
|
|
gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
gpg_error_t err = 0;
|
2004-02-19 17:26:32 +01:00
|
|
|
|
KEYDB_HANDLE hd;
|
|
|
|
|
KEYDB_SEARCH_DESC *desc = NULL;
|
2017-02-16 17:11:38 +01:00
|
|
|
|
gnupg_ksba_io_t b64writer = NULL;
|
2004-02-19 17:26:32 +01:00
|
|
|
|
ksba_writer_t writer;
|
|
|
|
|
ksba_cert_t cert = NULL;
|
|
|
|
|
const unsigned char *image;
|
|
|
|
|
size_t imagelen;
|
|
|
|
|
char *keygrip = NULL;
|
|
|
|
|
char *prompt;
|
2010-06-21 12:01:24 +02:00
|
|
|
|
void *data;
|
|
|
|
|
size_t datalen;
|
2004-02-19 17:26:32 +01:00
|
|
|
|
|
2020-09-02 17:27:30 +02:00
|
|
|
|
hd = keydb_new (ctrl);
|
2004-02-19 17:26:32 +01:00
|
|
|
|
if (!hd)
|
|
|
|
|
{
|
|
|
|
|
log_error ("keydb_new failed\n");
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
desc = xtrycalloc (1, sizeof *desc);
|
|
|
|
|
if (!desc)
|
|
|
|
|
{
|
|
|
|
|
log_error ("allocating memory for export failed: %s\n",
|
2006-09-06 18:35:52 +02:00
|
|
|
|
gpg_strerror (out_of_core ()));
|
2004-02-19 17:26:32 +01:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
2011-04-25 23:56:47 +02:00
|
|
|
|
err = classify_user_id (name, desc, 0);
|
2010-06-21 12:01:24 +02:00
|
|
|
|
if (err)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
2012-06-05 19:29:22 +02:00
|
|
|
|
log_error ("key '%s' not found: %s\n",
|
2010-06-21 12:01:24 +02:00
|
|
|
|
name, gpg_strerror (err));
|
2004-02-19 17:26:32 +01:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
2008-05-20 10:00:40 +02:00
|
|
|
|
/* Lookup the certificate and make sure that it is unique. */
|
2016-11-10 17:01:19 +01:00
|
|
|
|
err = keydb_search (ctrl, hd, desc, 1);
|
2010-06-21 12:01:24 +02:00
|
|
|
|
if (!err)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
err = keydb_get_cert (hd, &cert);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (err)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
log_error ("keydb_get_cert failed: %s\n", gpg_strerror (err));
|
2004-02-19 17:26:32 +01:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2007-08-23 19:41:22 +02:00
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
next_ambiguous:
|
2016-11-10 17:01:19 +01:00
|
|
|
|
err = keydb_search (ctrl, hd, desc, 1);
|
2010-06-21 12:01:24 +02:00
|
|
|
|
if (!err)
|
2007-08-23 19:41:22 +02:00
|
|
|
|
{
|
|
|
|
|
ksba_cert_t cert2 = NULL;
|
|
|
|
|
|
|
|
|
|
if (!keydb_get_cert (hd, &cert2))
|
|
|
|
|
{
|
|
|
|
|
if (gpgsm_certs_identical_p (cert, cert2))
|
|
|
|
|
{
|
|
|
|
|
ksba_cert_release (cert2);
|
|
|
|
|
goto next_ambiguous;
|
|
|
|
|
}
|
|
|
|
|
ksba_cert_release (cert2);
|
|
|
|
|
}
|
2010-06-21 12:01:24 +02:00
|
|
|
|
err = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
|
2007-08-23 19:41:22 +02:00
|
|
|
|
}
|
2020-09-10 13:05:17 +02:00
|
|
|
|
else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
|
2010-06-21 12:01:24 +02:00
|
|
|
|
err = 0;
|
|
|
|
|
if (err)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
2012-06-05 19:29:22 +02:00
|
|
|
|
log_error ("key '%s' not found: %s\n",
|
2010-06-21 12:01:24 +02:00
|
|
|
|
name, gpg_strerror (err));
|
2004-02-19 17:26:32 +01:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2004-02-19 17:26:32 +01:00
|
|
|
|
keygrip = gpgsm_get_keygrip_hexstring (cert);
|
2004-04-26 15:29:09 +02:00
|
|
|
|
if (!keygrip || gpgsm_agent_havekey (ctrl, keygrip))
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
|
|
|
|
/* Note, that the !keygrip case indicates a bad certificate. */
|
2010-06-21 12:01:24 +02:00
|
|
|
|
err = gpg_error (GPG_ERR_NO_SECKEY);
|
2012-06-05 19:29:22 +02:00
|
|
|
|
log_error ("can't export key '%s': %s\n", name, gpg_strerror (err));
|
2004-02-19 17:26:32 +01:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2004-02-19 17:26:32 +01:00
|
|
|
|
image = ksba_cert_get_image (cert, &imagelen);
|
|
|
|
|
if (!image)
|
|
|
|
|
{
|
|
|
|
|
log_error ("ksba_cert_get_image failed\n");
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ctrl->create_pem)
|
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
print_short_info (cert, stream);
|
|
|
|
|
es_putc ('\n', stream);
|
2004-02-19 17:26:32 +01:00
|
|
|
|
}
|
|
|
|
|
|
2014-06-03 18:57:33 +02:00
|
|
|
|
if (opt.p12_charset && ctrl->create_pem && !rawmode)
|
2007-03-20 11:00:55 +01:00
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
es_fprintf (stream, "The passphrase is %s encoded.\n\n",
|
|
|
|
|
opt.p12_charset);
|
2007-03-20 11:00:55 +01:00
|
|
|
|
}
|
|
|
|
|
|
2020-04-27 16:53:30 +02:00
|
|
|
|
|
2014-06-03 18:57:33 +02:00
|
|
|
|
if (rawmode == 0)
|
|
|
|
|
ctrl->pem_name = "PKCS12";
|
2023-10-24 14:51:16 +02:00
|
|
|
|
else if (gpgsm_get_key_algo_info (cert, NULL, NULL) == GCRY_PK_ECC)
|
2020-04-27 16:53:30 +02:00
|
|
|
|
ctrl->pem_name = "EC PRIVATE KEY";
|
2014-06-03 18:57:33 +02:00
|
|
|
|
else if (rawmode == 1)
|
|
|
|
|
ctrl->pem_name = "PRIVATE KEY";
|
|
|
|
|
else
|
|
|
|
|
ctrl->pem_name = "RSA PRIVATE KEY";
|
2017-02-16 15:16:48 +01:00
|
|
|
|
err = gnupg_ksba_create_writer
|
|
|
|
|
(&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
|
|
|
|
|
| (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
|
|
|
|
|
ctrl->pem_name, stream, &writer);
|
2010-06-21 12:01:24 +02:00
|
|
|
|
if (err)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
log_error ("can't create writer: %s\n", gpg_strerror (err));
|
2004-02-19 17:26:32 +01:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
prompt = gpgsm_format_keydesc (cert);
|
2014-06-03 18:57:33 +02:00
|
|
|
|
err = export_p12 (ctrl, image, imagelen, prompt, keygrip, rawmode,
|
|
|
|
|
&data, &datalen);
|
2004-02-19 17:26:32 +01:00
|
|
|
|
xfree (prompt);
|
2010-06-21 12:01:24 +02:00
|
|
|
|
if (err)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
goto leave;
|
2010-06-21 12:01:24 +02:00
|
|
|
|
err = ksba_writer_write (writer, data, datalen);
|
|
|
|
|
xfree (data);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error ("write failed: %s\n", gpg_strerror (err));
|
2004-02-19 17:26:32 +01:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ctrl->create_pem)
|
|
|
|
|
{
|
|
|
|
|
/* We want one certificate per PEM block */
|
2017-02-16 17:11:38 +01:00
|
|
|
|
err = gnupg_ksba_finish_writer (b64writer);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (err)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
log_error ("write failed: %s\n", gpg_strerror (err));
|
2004-02-19 17:26:32 +01:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2017-02-16 17:11:38 +01:00
|
|
|
|
gnupg_ksba_destroy_writer (b64writer);
|
2004-02-19 17:26:32 +01:00
|
|
|
|
b64writer = NULL;
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
|
|
|
|
ksba_cert_release (cert);
|
2004-02-19 17:26:32 +01:00
|
|
|
|
cert = NULL;
|
|
|
|
|
|
|
|
|
|
leave:
|
2017-02-16 17:11:38 +01:00
|
|
|
|
gnupg_ksba_destroy_writer (b64writer);
|
2004-02-19 17:26:32 +01:00
|
|
|
|
ksba_cert_release (cert);
|
2018-02-14 14:54:51 +01:00
|
|
|
|
xfree (keygrip);
|
2004-02-19 17:26:32 +01:00
|
|
|
|
xfree (desc);
|
|
|
|
|
keydb_release (hd);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2007-03-19 16:44:59 +01:00
|
|
|
|
/* Print some info about the certifciate CERT to FP or STREAM */
|
|
|
|
|
static void
|
2010-06-21 12:01:24 +02:00
|
|
|
|
print_short_info (ksba_cert_t cert, estream_t stream)
|
2003-08-05 19:11:04 +02:00
|
|
|
|
{
|
|
|
|
|
char *p;
|
2003-12-17 13:28:24 +01:00
|
|
|
|
ksba_sexp_t sexp;
|
2003-08-05 19:11:04 +02:00
|
|
|
|
int idx;
|
|
|
|
|
|
|
|
|
|
for (idx=0; (p = ksba_cert_get_issuer (cert, idx)); idx++)
|
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
es_fputs ((!idx
|
2007-03-19 16:44:59 +01:00
|
|
|
|
? "Issuer ...: "
|
2011-02-04 12:57:53 +01:00
|
|
|
|
: "\n aka ...: "), stream);
|
2010-06-21 12:01:24 +02:00
|
|
|
|
gpgsm_es_print_name (stream, p);
|
2003-08-05 19:11:04 +02:00
|
|
|
|
xfree (p);
|
|
|
|
|
}
|
2010-06-21 12:01:24 +02:00
|
|
|
|
es_putc ('\n', stream);
|
2003-08-05 19:11:04 +02:00
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
es_fputs ("Serial ...: ", stream);
|
2003-08-05 19:11:04 +02:00
|
|
|
|
sexp = ksba_cert_get_serial (cert);
|
|
|
|
|
if (sexp)
|
|
|
|
|
{
|
|
|
|
|
int len;
|
|
|
|
|
const unsigned char *s = sexp;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-08-05 19:11:04 +02:00
|
|
|
|
if (*s == '(')
|
|
|
|
|
{
|
|
|
|
|
s++;
|
|
|
|
|
for (len=0; *s && *s != ':' && digitp (s); s++)
|
|
|
|
|
len = len*10 + atoi_1 (s);
|
|
|
|
|
if (*s == ':')
|
2010-06-21 12:01:24 +02:00
|
|
|
|
es_write_hexstring (stream, s+1, len, 0, NULL);
|
2003-08-05 19:11:04 +02:00
|
|
|
|
}
|
|
|
|
|
xfree (sexp);
|
|
|
|
|
}
|
2010-06-21 12:01:24 +02:00
|
|
|
|
es_putc ('\n', stream);
|
2003-08-05 19:11:04 +02:00
|
|
|
|
|
|
|
|
|
for (idx=0; (p = ksba_cert_get_subject (cert, idx)); idx++)
|
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
es_fputs ((!idx
|
2007-03-19 16:44:59 +01:00
|
|
|
|
? "Subject ..: "
|
2011-02-04 12:57:53 +01:00
|
|
|
|
: "\n aka ..: "), stream);
|
2010-06-21 12:01:24 +02:00
|
|
|
|
gpgsm_es_print_name (stream, p);
|
2003-08-05 19:11:04 +02:00
|
|
|
|
xfree (p);
|
|
|
|
|
}
|
2010-06-21 12:01:24 +02:00
|
|
|
|
es_putc ('\n', stream);
|
2014-06-03 18:57:33 +02:00
|
|
|
|
|
|
|
|
|
p = gpgsm_get_keygrip_hexstring (cert);
|
|
|
|
|
if (p)
|
|
|
|
|
{
|
|
|
|
|
es_fprintf (stream, "Keygrip ..: %s\n", p);
|
|
|
|
|
xfree (p);
|
|
|
|
|
}
|
2003-08-05 19:11:04 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2010-06-21 12:01:24 +02:00
|
|
|
|
|
2014-06-03 18:57:33 +02:00
|
|
|
|
/* Parse a private key S-expression and return a malloced array with
|
|
|
|
|
the RSA parameters in pkcs#12 order. The caller needs to
|
2010-06-21 12:01:24 +02:00
|
|
|
|
deep-release this array. */
|
|
|
|
|
static gcry_mpi_t *
|
|
|
|
|
sexp_to_kparms (gcry_sexp_t sexp)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
gcry_sexp_t list, l2;
|
|
|
|
|
const char *name;
|
|
|
|
|
const char *s;
|
|
|
|
|
size_t n;
|
|
|
|
|
int idx;
|
|
|
|
|
gcry_mpi_t *array;
|
|
|
|
|
|
|
|
|
|
list = gcry_sexp_find_token (sexp, "private-key", 0 );
|
|
|
|
|
if(!list)
|
2011-02-04 12:57:53 +01:00
|
|
|
|
return NULL;
|
2010-06-21 12:01:24 +02:00
|
|
|
|
l2 = gcry_sexp_cadr (list);
|
|
|
|
|
gcry_sexp_release (list);
|
|
|
|
|
list = l2;
|
|
|
|
|
name = gcry_sexp_nth_data (list, 0, &n);
|
2020-04-27 16:53:30 +02:00
|
|
|
|
if (name && n == 3 && !memcmp (name, "rsa", 3))
|
2010-06-21 12:01:24 +02:00
|
|
|
|
{
|
2020-04-27 16:53:30 +02:00
|
|
|
|
/* Parameter names used with RSA in the pkcs#12 order. */
|
|
|
|
|
const char *elems = "nedqp--u";
|
2010-06-21 12:01:24 +02:00
|
|
|
|
|
2020-04-27 16:53:30 +02:00
|
|
|
|
array = xtrycalloc (strlen(elems) + 1, sizeof *array);
|
|
|
|
|
if (!array)
|
|
|
|
|
{
|
|
|
|
|
gcry_sexp_release (list);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
for (idx=0, s=elems; *s; s++, idx++ )
|
|
|
|
|
{
|
|
|
|
|
if (*s == '-')
|
|
|
|
|
continue; /* Computed below */
|
|
|
|
|
l2 = gcry_sexp_find_token (list, s, 1);
|
|
|
|
|
if (l2)
|
|
|
|
|
{
|
|
|
|
|
array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
|
|
|
|
|
gcry_sexp_release (l2);
|
|
|
|
|
}
|
|
|
|
|
if (!array[idx]) /* Required parameter not found or invalid. */
|
|
|
|
|
{
|
|
|
|
|
for (idx=0; array[idx]; idx++)
|
|
|
|
|
gcry_mpi_release (array[idx]);
|
|
|
|
|
xfree (array);
|
|
|
|
|
gcry_sexp_release (list);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
array[5] = gcry_mpi_snew (0); /* compute d mod (q-1) */
|
|
|
|
|
gcry_mpi_sub_ui (array[5], array[3], 1);
|
|
|
|
|
gcry_mpi_mod (array[5], array[2], array[5]);
|
|
|
|
|
|
|
|
|
|
array[6] = gcry_mpi_snew (0); /* compute d mod (p-1) */
|
|
|
|
|
gcry_mpi_sub_ui (array[6], array[4], 1);
|
|
|
|
|
gcry_mpi_mod (array[6], array[2], array[6]);
|
2010-06-21 12:01:24 +02:00
|
|
|
|
}
|
2020-04-27 16:53:30 +02:00
|
|
|
|
else if (name && n == 3 && !memcmp (name, "ecc", 3))
|
2010-06-21 12:01:24 +02:00
|
|
|
|
{
|
2020-04-27 16:53:30 +02:00
|
|
|
|
array = xtrycalloc (3 + 1, sizeof *array);
|
|
|
|
|
if (!array)
|
2010-06-21 12:01:24 +02:00
|
|
|
|
{
|
2020-04-27 16:53:30 +02:00
|
|
|
|
gcry_sexp_release (list);
|
|
|
|
|
return NULL;
|
2010-06-21 12:01:24 +02:00
|
|
|
|
}
|
2020-04-27 16:53:30 +02:00
|
|
|
|
|
|
|
|
|
if (gcry_sexp_extract_param (list, NULL, "/'curve'qd",
|
|
|
|
|
array+0, array+1, array+2, NULL))
|
2010-06-21 12:01:24 +02:00
|
|
|
|
{
|
|
|
|
|
xfree (array);
|
2020-04-27 16:53:30 +02:00
|
|
|
|
array = NULL; /* Error. */
|
2010-06-21 12:01:24 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
2020-04-27 16:53:30 +02:00
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
array = NULL;
|
|
|
|
|
}
|
2010-06-21 12:01:24 +02:00
|
|
|
|
|
2020-04-27 16:53:30 +02:00
|
|
|
|
gcry_sexp_release (list);
|
2010-06-21 12:01:24 +02:00
|
|
|
|
return array;
|
2004-02-19 17:26:32 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
2004-09-29 15:50:31 +02:00
|
|
|
|
export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
|
2014-06-03 18:57:33 +02:00
|
|
|
|
const char *prompt, const char *keygrip, int rawmode,
|
2010-06-21 12:01:24 +02:00
|
|
|
|
void **r_result, size_t *r_resultlen)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
gpg_error_t err = 0;
|
|
|
|
|
void *kek = NULL;
|
|
|
|
|
size_t keklen;
|
|
|
|
|
unsigned char *wrappedkey = NULL;
|
|
|
|
|
size_t wrappedkeylen;
|
|
|
|
|
gcry_cipher_hd_t cipherhd = NULL;
|
|
|
|
|
gcry_sexp_t s_skey = NULL;
|
|
|
|
|
gcry_mpi_t *kparms = NULL;
|
|
|
|
|
unsigned char *key = NULL;
|
|
|
|
|
size_t keylen;
|
|
|
|
|
char *passphrase = NULL;
|
|
|
|
|
unsigned char *result = NULL;
|
|
|
|
|
size_t resultlen;
|
|
|
|
|
int i;
|
2004-02-19 17:26:32 +01:00
|
|
|
|
|
2010-06-21 12:01:24 +02:00
|
|
|
|
*r_result = NULL;
|
2004-02-19 17:26:32 +01:00
|
|
|
|
|
2010-06-21 12:01:24 +02:00
|
|
|
|
/* Get the current KEK. */
|
|
|
|
|
err = gpgsm_agent_keywrap_key (ctrl, 1, &kek, &keklen);
|
|
|
|
|
if (err)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
log_error ("error getting the KEK: %s\n", gpg_strerror (err));
|
|
|
|
|
goto leave;
|
2004-02-19 17:26:32 +01:00
|
|
|
|
}
|
|
|
|
|
|
2010-06-21 12:01:24 +02:00
|
|
|
|
/* Receive the wrapped key from the agent. */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
err = gpgsm_agent_export_key (ctrl, keygrip, prompt,
|
2010-06-21 12:01:24 +02:00
|
|
|
|
&wrappedkey, &wrappedkeylen);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
2004-02-19 17:26:32 +01:00
|
|
|
|
|
2010-06-21 12:01:24 +02:00
|
|
|
|
|
|
|
|
|
/* Unwrap the key. */
|
|
|
|
|
err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
|
|
|
|
|
GCRY_CIPHER_MODE_AESWRAP, 0);
|
2004-02-19 17:26:32 +01:00
|
|
|
|
if (err)
|
2010-06-21 12:01:24 +02:00
|
|
|
|
goto leave;
|
|
|
|
|
err = gcry_cipher_setkey (cipherhd, kek, keklen);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
xfree (kek);
|
|
|
|
|
kek = NULL;
|
2004-02-19 17:26:32 +01:00
|
|
|
|
|
2010-06-21 12:01:24 +02:00
|
|
|
|
if (wrappedkeylen < 24)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
err = gpg_error (GPG_ERR_INV_LENGTH);
|
|
|
|
|
goto leave;
|
2004-02-19 17:26:32 +01:00
|
|
|
|
}
|
2010-06-21 12:01:24 +02:00
|
|
|
|
keylen = wrappedkeylen - 8;
|
|
|
|
|
key = xtrymalloc_secure (keylen);
|
|
|
|
|
if (!key)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
goto leave;
|
2004-02-19 17:26:32 +01:00
|
|
|
|
}
|
2010-06-21 12:01:24 +02:00
|
|
|
|
err = gcry_cipher_decrypt (cipherhd, key, keylen, wrappedkey, wrappedkeylen);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
xfree (wrappedkey);
|
|
|
|
|
wrappedkey = NULL;
|
|
|
|
|
gcry_cipher_close (cipherhd);
|
|
|
|
|
cipherhd = NULL;
|
2004-02-19 17:26:32 +01:00
|
|
|
|
|
|
|
|
|
|
2010-06-21 12:01:24 +02:00
|
|
|
|
/* Convert to a gcrypt S-expression. */
|
|
|
|
|
err = gcry_sexp_create (&s_skey, key, keylen, 0, xfree_fnc);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
|
|
|
|
key = NULL; /* Key is now owned by S_KEY. */
|
|
|
|
|
|
|
|
|
|
/* Get the parameters from the S-expression. */
|
|
|
|
|
kparms = sexp_to_kparms (s_skey);
|
|
|
|
|
gcry_sexp_release (s_skey);
|
|
|
|
|
s_skey = NULL;
|
|
|
|
|
if (!kparms)
|
2004-02-19 17:26:32 +01:00
|
|
|
|
{
|
2010-06-21 12:01:24 +02:00
|
|
|
|
log_error ("error converting key parameters\n");
|
|
|
|
|
err = GPG_ERR_BAD_SECKEY;
|
|
|
|
|
goto leave;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
}
|
|
|
|
|
|
2014-06-03 18:57:33 +02:00
|
|
|
|
if (rawmode)
|
|
|
|
|
{
|
|
|
|
|
/* Export in raw mode, that is only the pkcs#1/#8 private key. */
|
|
|
|
|
result = p12_raw_build (kparms, rawmode, &resultlen);
|
|
|
|
|
if (!result)
|
|
|
|
|
err = gpg_error (GPG_ERR_GENERAL);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
err = gpgsm_agent_ask_passphrase
|
|
|
|
|
(ctrl,
|
2021-05-17 15:42:27 +02:00
|
|
|
|
i18n_utf8 (N_("Please enter the passphrase to protect the "
|
|
|
|
|
"new PKCS#12 object.")),
|
2014-06-03 18:57:33 +02:00
|
|
|
|
1, &passphrase);
|
|
|
|
|
if (err)
|
|
|
|
|
goto leave;
|
2010-06-21 12:01:24 +02:00
|
|
|
|
|
2014-06-03 18:57:33 +02:00
|
|
|
|
result = p12_build (kparms, certimg, certimglen, passphrase,
|
|
|
|
|
opt.p12_charset, &resultlen);
|
|
|
|
|
xfree (passphrase);
|
|
|
|
|
passphrase = NULL;
|
|
|
|
|
if (!result)
|
|
|
|
|
err = gpg_error (GPG_ERR_GENERAL);
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-06-21 12:01:24 +02:00
|
|
|
|
leave:
|
|
|
|
|
xfree (key);
|
|
|
|
|
gcry_sexp_release (s_skey);
|
|
|
|
|
if (kparms)
|
|
|
|
|
{
|
|
|
|
|
for (i=0; kparms[i]; i++)
|
|
|
|
|
gcry_mpi_release (kparms[i]);
|
|
|
|
|
xfree (kparms);
|
|
|
|
|
}
|
|
|
|
|
gcry_cipher_close (cipherhd);
|
|
|
|
|
xfree (wrappedkey);
|
|
|
|
|
xfree (kek);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2010-06-21 12:01:24 +02:00
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE)
|
2004-09-29 15:50:31 +02:00
|
|
|
|
{
|
|
|
|
|
/* During export this is the passphrase used to unprotect the
|
|
|
|
|
key and not the pkcs#12 thing as in export. Therefore we can
|
|
|
|
|
issue the regular passphrase status. FIXME: replace the all
|
|
|
|
|
zero keyid by a regular one. */
|
|
|
|
|
gpgsm_status (ctrl, STATUS_BAD_PASSPHRASE, "0000000000000000");
|
|
|
|
|
}
|
2010-06-21 12:01:24 +02:00
|
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
xfree (result);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
*r_result = result;
|
|
|
|
|
*r_resultlen = resultlen;
|
|
|
|
|
}
|
2004-02-19 17:26:32 +01:00
|
|
|
|
return err;
|
|
|
|
|
}
|