See ChangeLog: Fri Oct 6 14:29:16 CEST 2000 Werner Koch

NEWS

@@ -5,6 +5,8 @@ Noteworthy changes in the current CVS HEAD
 
     * Add Rijndael (AES) support.
 
+    * Removed gdbm support.
+
     * Fixed problems with piping to/from other MS-Windows software
 
     * Expiration time of the primary key can be changed again.
@@ -28,8 +30,6 @@ Noteworthy changes in the current CVS HEAD
     * Twofish and MDC enhanced encryption is now used.  PGP 7 supports 
       this.  Older versions of GnuPG don't support it, so they should be
       upgraded to at least 1.0.2
-      
-      
     
 
 Noteworthy changes in version 1.1.1

configure.in

@@ -184,7 +184,6 @@ MPI_OPT_FLAGS=""
 
 
 try_gettext=yes
-try_gdbm=yes
 case "${target}" in
     *-*-mingw32*)
         # special stuff for Windoze NT
@@ -194,7 +193,6 @@ case "${target}" in
         AC_DEFINE(HAVE_DOSISH_SYSTEM)
         AC_DEFINE(USE_SIMPLE_GETTEXT)
         try_gettext="no"
-        try_gdbm="no"
         ;;
     i?86-emx-os2 | i?86-*-os2*emx )
         # OS/2 with the EMX environment
@@ -202,7 +200,6 @@ case "${target}" in
         AC_DEFINE(HAVE_DRIVE_LETTERS)
         AC_DEFINE(HAVE_DOSISH_SYSTEM)
         try_gettext="no"
-        try_gdbm="no"
         ;;
 
     i?86-*-msdosdjgpp*)
@@ -211,7 +208,6 @@ case "${target}" in
         AC_DEFINE(HAVE_DRIVE_LETTERS)
         AC_DEFINE(HAVE_DOSISH_SYSTEM)
         try_gettext="no"
-        try_gdbm="no"
         ;;
 
     *-*-freebsd*)
@@ -331,19 +327,6 @@ fi
 AM_CONDITIONAL(COMPILE_AGENT, test x$compile_agent = xyes)
 
 
-
-dnl
-dnl There are lot of misconfigured systems.  We include
-dnl gdbm support only if the lib and the header is installed.
-dnl
-if test "$try_gdbm" = yes; then
-AC_CHECK_HEADERS(gdbm.h)
-if test "$ac_cv_header_gdbm_h" = yes ; then
-  AC_CHECK_LIB(gdbm,gdbm_firstkey)
-fi
-fi
-
-
 dnl Solaris needs -lsocket and -lnsl. Unisys system includes
 dnl gethostbyname in libsocket but needs libnsl for socket.
 AC_CHECK_LIB(nsl, gethostbyname)

g10/ChangeLog

@@ -1,3 +1,37 @@
+Fri Oct  6 14:29:16 CEST 2000  Werner Koch  <wk@openit.de>
+
+        Started to rework the whole getkey/ringedit stuff to make
+        it simpler, correcter and faster. 
+
+        * parse-packet.c (parse_packet): Add a 3rd arg to return the filepos.
+        Changed all callers.
+        * getkey.c (classify_user_id): Add new mode 21.
+        (find_by_fpr): Find using this new mode.
+        (get_seckey_byname): New arg to return the context. Changed all
+        callers.
+        * keyid.c (unified_fingerprint_from_pk): New.
+        (unified_fingerprint_from_sk): New.
+        * ringedit.c (find_keyblock_bypk): Changed to use the unified 
+        fingerprint for lookup.  I can't see a reason why we did compare
+        the entire public key.
+        (find_keyblock_bysk): Ditto.
+        (search,cmp_pubkey,cmp_seckey): Removed.
+        (keyring_search, do_kbxf_search): Removed.
+        (locate_keyblock_by_fpr,locate_keyblock_by_keyid): Removed.
+        (find_keyblock_byname): Removed use o search function.
+        (find_secret_keyblock_byname): Ditto.
+        (merge_public_with_secret): Fixed removing subkeys.
+        (premerge_public_with_secret): New.
+
+        * ringedit.c: Removed all GDBM support
+
+        * ringedit.c (read_keyblock): Removed.
+        * ringedit.c (find_keyblock_byname,find_secret_keyblock_byname,
+        find_keyblock_bypk,find_keyblock_bysk): Moved from here to ....
+        * getkey.c: ... here. Changed first arg to return a keyblock and
+        changed all callers to merge the old read_keyblock() with these
+        functions.       
+
 Wed Oct  4 13:16:18 CEST 2000  Werner Koch  <wk@openit.de>
 
         * getkey.c (merge_selfsigs_main): Fixed for v3 keys.

g10/delkey.c

@@ -58,21 +58,14 @@ delete_key( const char *username, int secret )
     int yes;
 
     /* search the userid */
-    rc = secret? find_secret_keyblock_byname( &kbpos, username )
+    rc = secret? find_secret_keyblock_byname( &keyblock, username )
-	       : find_keyblock_byname( &kbpos, username );
+	       : find_keyblock_byname( &keyblock, username );
     if( rc ) {
-	log_error(_("%s: user not found\n"), username );
+	log_error(_("%s: user not found: %s\n"), username, gpg_errstr(rc) );
 	write_status_text( STATUS_DELETE_PROBLEM, "1" );
 	goto leave;
     }
 
-    /* read the keyblock */
-    rc = read_keyblock( &kbpos, &keyblock );
-    if( rc ) {
-	log_error("%s: read problem: %s\n", username, gpg_errstr(rc) );
-	goto leave;
-    }
-
     /* get the keyid from the keyblock */
     node = find_kbnode( keyblock, secret? PKT_SECRET_KEY:PKT_PUBLIC_KEY );
     if( !node ) {

g10/export.c

@@ -147,22 +147,15 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any )
 	}
 	else {
 	    /* search the userid */
-	    rc = secret? find_secret_keyblock_byname( &kbpos, sl->d )
+	    rc = secret? find_secret_keyblock_byname( &keyblock, sl->d )
-		       : find_keyblock_byname( &kbpos, sl->d );
+		       : find_keyblock_byname( &keyblock, sl->d );
 	    if( rc ) {
 		log_error(_("%s: user not found: %s\n"), sl->d, gpg_errstr(rc));
 		rc = 0;
 		continue;
 	    }
-	    /* read the keyblock */
-	    rc = read_keyblock( &kbpos, &keyblock );
 	}
 
-	if( rc ) {
-	    log_error(_("certificate read problem: %s\n"), gpg_errstr(rc));
-	    goto leave;
-	}
-      
 
 	/* do not export keys which are incompatible with rfc2440 */
 	if( onlyrfc && (node = find_kbnode( keyblock, PKT_PUBLIC_KEY )) ) {

g10/getkey.c

@@ -112,10 +112,6 @@ struct getkey_ctx_s {
     getkey_item_t items[1];
 };
 
-
-
-
-
 #if 0
 static struct {
     int any;
@@ -595,6 +591,8 @@ hextobyte( const byte *s )
  * 12 = it is a trustdb index (keyid is looked up)
  * 16 = it is a 16 byte fingerprint
  * 20 = it is a 20 byte fingerprint
+ * 21 = Unified fingerprint :fpr:pk_algo:
+ *      (We don't use pk_algo yet)
  *
  * if fprint is not NULL, it should be an array of at least 20 bytes.
  *
@@ -606,6 +604,8 @@ hextobyte( const byte *s )
  *   must be in the range 0..9), this is considered a fingerprint.
  * - If the username starts with a left angle, we assume it is a complete
  *   email address and look only at this part.
+ * - If the username starts with a colon we assume it is a unified 
+ *   key specfification. 
  * - If the username starts with a '.', we assume it is the ending
  *   part of an email address
  * - If the username starts with an '@', we assume it is a part of an
@@ -674,7 +674,32 @@ classify_user_id( const char *name, u32 *keyid, byte *fprint,
 		    keyid[0] = keyid[1] = 0;
 	    }
 	    break;
-
+        
+        case ':': /*Unified fingerprint */
+            {  
+                const char *se, *si;
+                int i;
+                
+                se = strchr( ++s,':');
+                if ( !se )
+                    return 0;
+                for (i=0,si=s; si < se; si++, i++ ) {
+                    if ( !strchr("01234567890abcdefABCDEF", *si ) )
+                        return 0; /* invalid digit */
+                }
+                if (i != 32 && i != 40)
+                    return 0; /* invalid length of fpr*/
+		if (fprint) {
+		    for (i=0,si=s; si < se; i++, si +=2) 
+			fprint[i] = hextobyte(si);
+                    for ( ; i < 20; i++)
+                        fprint[i]= 0;
+		}
+                s = se + 1;
+                mode = 21;
+            } 
+            break;
+           
 	default:
 	    if (s[0] == '0' && s[1] == 'x') {
 		hexprefix = 1;
@@ -803,7 +828,8 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist,
 
         /* if we don't use one of the exact key specifications, we assume that
          * the primary key is requested */
-        if ( mode != 10 && mode != 11 && mode != 16 && mode == 20 )
+        if ( mode != 10 && mode != 11
+             && mode != 16 && mode == 20 && mode != 21 )
             ctx->primary = 1; 
 
 	ctx->items[n].mode = mode;
@@ -836,6 +862,10 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist,
         }
     }
 
+    if (!rc )
+       log_debug ( "pk_byname: kbpos %s %lu %p\n",
+                   ctx->kbpos.valid? "valid":"",
+                   ctx->kbpos.offset, ctx->kbpos.fp );
     release_kbnode ( help_kb );
 
     if( retctx ) /* caller wants the context */
@@ -883,6 +913,7 @@ get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock )
     return rc;
 }
 
+
 void
 get_pubkey_end( GETKEY_CTX ctx )
 {
@@ -897,8 +928,66 @@ get_pubkey_end( GETKEY_CTX ctx )
     }
 }
 
+
+
+/****************
+ * Combined function to search for a username and get the position
+ * of the keyblock.
+ */
+int
+find_keyblock_byname( KBNODE *retblock, const char *username )
+{
+    PKT_public_key *pk = gcry_xcalloc( 1, sizeof *pk );
+    int rc;
+
+    rc = get_pubkey_byname( NULL, pk, username, retblock );
+    free_public_key(pk);
+    return rc;
+}
+
+
+/****************
+ * Combined function to search for a key and get the position
+ * of the keyblock.  Used for merging while importing keys.
+ */
+int
+find_keyblock_bypk( KBNODE *retblock, PKT_public_key *pk )
+{
+    char ufpr[50];
+
+    unified_fingerprint_from_pk( pk, ufpr, sizeof ufpr );
+    return find_keyblock_byname( retblock, ufpr );
+}
+
+int 
+find_kblocation_bypk( void *re_opaque, PKT_public_key *pk )
+{
+    PKT_public_key *dummy_pk = gcry_xcalloc( 1, sizeof *pk );
+    char ufpr[50];
+    GETKEY_CTX ctx;
+    int rc;
+     
+    unified_fingerprint_from_pk( pk, ufpr, sizeof ufpr );
+    /* FIXME: There is no need to return any informaton, we just
+     * wnat to know the location.  Using the general lookup function
+     * has the problem that we might not get the key becuase it has expired
+     * or due to some similar probelm.  A solotion would be a locate-only
+     * flag in the ctx */
+    rc = get_pubkey_byname( &ctx, dummy_pk, ufpr, NULL );
+    free_public_key(dummy_pk);
+    if ( !rc )
+        ringedit_copy_kbpos( re_opaque, &ctx->kbpos );
+    get_pubkey_end( ctx );
+
+    return rc;
+}
+
+
 /****************
  * Search for a key with the given fingerprint.
+ * FIXME:
+ * We should replace this with the _byname function.  Thiscsan be done
+ * by creating a userID conforming to the unified fingerprint style. 
  */
 int
 get_pubkey_byfprint( PKT_public_key *pk,
@@ -988,19 +1077,23 @@ get_keyblock_bylid( KBNODE *ret_keyblock, ulong lid )
  * If NAME is NULL use the default key
  */
 int
-get_seckey_byname( PKT_secret_key *sk, const char *name, int unprotect )
+get_seckey_byname( GETKEY_CTX *retctx,
+                   PKT_secret_key *sk, const char *name, int unprotect,
+                   KBNODE *retblock )
 {
     STRLIST namelist = NULL;
     int rc;
 
     if( !name && opt.def_secret_key && *opt.def_secret_key ) {
 	add_to_strlist( &namelist, opt.def_secret_key );
-	rc = key_byname( NULL, namelist, NULL, sk, NULL );
+	rc = key_byname( retctx, namelist, NULL, sk, retblock );
     }
     else if( !name ) { /* use the first one as default key */
 	struct getkey_ctx_s ctx;
         KBNODE kb = NULL;
 
+        assert (!retctx ); /* do we need this at all */
+        assert (!retblock);
 	memset( &ctx, 0, sizeof ctx );
 	ctx.not_allocated = 1;
 	ctx.primary = 1;
@@ -1014,7 +1107,7 @@ get_seckey_byname( PKT_secret_key *sk, const char *name, int unprotect )
     }
     else {
 	add_to_strlist( &namelist, name );
-	rc = key_byname( NULL, namelist, NULL, sk, NULL );
+	rc = key_byname( retctx, namelist, NULL, sk, retblock );
     }
 
     free_strlist( namelist );
@@ -1045,6 +1138,7 @@ get_seckey_next( GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_keyblock )
     return rc;
 }
 
+
 void
 get_seckey_end( GETKEY_CTX ctx )
 {
@@ -1052,6 +1146,57 @@ get_seckey_end( GETKEY_CTX ctx )
 }
 
 
+
+/****************
+ * Combined function to search for a username and get the position
+ * of the keyblock. This function does not unprotect the secret key.
+ */
+int
+find_secret_keyblock_byname( KBNODE *retblock, const char *username )
+{
+    PKT_secret_key *sk = gcry_xcalloc( 1, sizeof *sk );
+    int rc;
+
+    rc = get_seckey_byname( NULL, sk, username, 0, retblock );
+    free_secret_key(sk);
+    return rc;
+}
+
+
+
+/****************
+ * Combined function to search for a key and get the position
+ * of the keyblock.
+ */
+int
+find_keyblock_bysk( KBNODE *retblock, PKT_secret_key *sk )
+{
+    char ufpr[50];
+
+    unified_fingerprint_from_sk( sk, ufpr, sizeof ufpr );
+    return find_secret_keyblock_byname( retblock, ufpr );
+}
+
+int 
+find_kblocation_bysk( void *re_opaque, PKT_secret_key *sk )
+{
+    PKT_secret_key *dummy_sk = gcry_xcalloc( 1, sizeof *sk );
+    char ufpr[50];
+    GETKEY_CTX ctx;
+    int rc;
+     
+    unified_fingerprint_from_sk( sk, ufpr, sizeof ufpr );
+    rc = get_seckey_byname( &ctx, dummy_sk, ufpr, 0, NULL );
+    free_secret_key(dummy_sk);
+    if ( !rc )
+        ringedit_copy_kbpos( re_opaque, &ctx->kbpos );
+    get_seckey_end( ctx );
+
+    return rc;
+}
+
+
+
 
 /*******************************************************
  ************** compare functions **********************
@@ -1728,8 +1873,6 @@ void
 merge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
 {
     KBNODE pub;
-    int deleting = 0;
-    int any_deleted = 0;
 
     assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY );
     assert ( secblock->pkt->pkttype == PKT_SECRET_KEY );
@@ -1750,7 +1893,6 @@ merge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
             KBNODE sec;
             PKT_public_key *pk = pub->pkt->pkt.public_key;
 
-            deleting = 0;
             /* this is more complicated: it may happen that the sequence
              * of the subkeys dosn't match, so we have to find the
              * appropriate secret key */
@@ -1766,26 +1908,57 @@ merge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
                     }
                 }
             }
-            if ( !sec ) {
+            if ( !sec ) 
-                log_error ( "no corresponding secret subkey "
+                BUG(); /* already checked in premerge */
-                            "for public subkey - removing\n" );
-                /* better remove the public subkey in this case */
-                delete_kbnode ( pub );
-                deleting = 1;
-                any_deleted = 1;
-            }
-        }
-        else if ( deleting ) {
-            delete_kbnode (pub);
         }
     }
+}
 
-    if ( any_deleted ) {
+/* This function checks that for every public subkey a corresponding
-        /* because we have not deleted the root node, we don't need to
+ * secret subkey is avalable and deletes the public subkey otherwise.
-         * update the pubblock */
+ * We need this function becuase we can'tdelete it later when we
-        pub = pubblock;
+ * actually merge the secret parts into the pubring.
-        commit_kbnode ( &pubblock );
+ */
-        assert ( pub == pubblock );
+void
+premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
+{
+    KBNODE last, pub;
+
+    assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY );
+    assert ( secblock->pkt->pkttype == PKT_SECRET_KEY );
+    
+    for (pub=pubblock,last=NULL; pub; last = pub, pub = pub->next ) {
+        if ( pub->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+            KBNODE sec;
+            PKT_public_key *pk = pub->pkt->pkt.public_key;
+
+            for (sec=secblock->next; sec; sec = sec->next ) {
+                if ( sec->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+                    PKT_secret_key *sk = sec->pkt->pkt.secret_key;
+                    if ( !cmp_public_secret_key ( pk, sk ) ) 
+                        break;
+                }
+            }
+            if ( !sec ) {
+                KBNODE next, ll;
+                log_error ( "no corresponding secret subkey "
+                            "for public subkey - removing\n" );
+                /* we have to remove the subkey in this case */
+                assert ( last );
+                /* find the next subkey */
+                for (next=pub->next,ll=pub;
+                     next && pub->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+                     ll = next, next = next->next ) 
+                    ;
+                /* make new link */
+                last->next = next;
+                /* release this public subkey with all sigs */
+                ll->next = NULL;
+                release_kbnode( pub );
+                /* let the loop continue */
+                pub = last;
+            }
+        }
     }
 }
 
@@ -1859,8 +2032,17 @@ find_by_fpr( KBNODE keyblock,  const char *name, int mode )
 	    size_t an;
 
 	    fingerprint_from_pk(k->pkt->pkt.public_key, afp, &an );
-	    if( an == mode && !memcmp( afp, name, an) ) {
+            if ( mode == 21 ) {
-                return k;
+                /* Unified fingerprint. The fingerprint is always 20 bytes*/
+                while ( an < 20 )
+                    afp[an++] = 0;
+                if ( !memcmp( afp, name, 20 ) )
+                    return k;
+            }
+	    else { 
+                if( an == mode && !memcmp( afp, name, an) ) {
+                    return k;
+                }
             }
 	}
     }
@@ -2055,6 +2237,7 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
                 }
                 secblock = ctx->keyblock;
                 ctx->keyblock = k;
+                premerge_public_with_secret ( ctx->keyblock, secblock );
             }
 
 
@@ -2078,7 +2261,8 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
 		else if( item->mode == 15 ) {
 		    found = 1;
                 }
-		else if( item->mode == 16 || item->mode == 20 ) {
+		else if( item->mode == 16 || item->mode == 20
+                         || item->mode == 21 ) {
 		    k = find_by_fpr( ctx->keyblock,
 				     item->fprint, item->mode );
                     found = !!k;
@@ -2218,7 +2402,7 @@ enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys )
 
 	save_mode = set_packet_list_mode(0);
 	init_packet(&pkt);
-	while( (rc=parse_packet(c->iobuf, &pkt)) != -1 ) {
+	while( (rc=parse_packet(c->iobuf, &pkt, NULL)) != -1 ) {
 	    if( rc )
 		; /* e.g. unknown packet */
 	    else if( pkt.pkttype == PKT_SECRET_KEY

g10/import.c

@@ -274,7 +274,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
 	in_cert = 0;
     pkt = gcry_xmalloc( sizeof *pkt );
     init_packet(pkt);
-    while( (rc=parse_packet(a, pkt)) != -1 ) {
+    while( (rc=parse_packet(a, pkt, NULL)) != -1 ) {
 	if( rc ) {  /* ignore errors */
 	    if( rc != GPGERR_UNKNOWN_PACKET ) {
 		log_error("read_block: read error: %s\n", gpg_errstr(rc) );
@@ -436,7 +436,7 @@ import_one( const char *fname, KBNODE keyblock, int fast )
 	if( (rc=lock_keyblock( &kbpos )) )
 	   log_error(_("can't lock keyring `%s': %s\n"),
 		       keyblock_resource_name(&kbpos), gpg_errstr(rc) );
-	else if( (rc=insert_keyblock( &kbpos, keyblock )) )
+	else if( (rc=insert_keyblock( keyblock )) )
 	   log_error( _("error writing keyring `%s': %s\n"),
 		       keyblock_resource_name(&kbpos), gpg_errstr(rc) );
 	unlock_keyblock( &kbpos );
@@ -466,18 +466,12 @@ import_one( const char *fname, KBNODE keyblock, int fast )
 	}
 
 	/* now read the original keyblock */
-	rc = find_keyblock_bypk( &kbpos, pk_orig );
+	rc = find_keyblock_bypk( &keyblock_orig, pk_orig );
 	if( rc ) {
 	    log_error( _("key %08lX: can't locate original keyblock: %s\n"),
 				     (ulong)keyid[1], gpg_errstr(rc));
 	    goto leave;
 	}
-	rc = read_keyblock( &kbpos, &keyblock_orig );
-	if( rc ) {
-	    log_error( _("key %08lX: can't read original keyblock: %s\n"),
-					    (ulong)keyid[1], gpg_errstr(rc));
-	    goto leave;
-	}
 
 	collapse_uids( &keyblock );
 	/* and try to merge the block */
@@ -494,7 +488,7 @@ import_one( const char *fname, KBNODE keyblock, int fast )
 	    if( (rc=lock_keyblock( &kbpos )) )
 	       log_error( _("can't lock keyring `%s': %s\n"),
 			  keyblock_resource_name(&kbpos), gpg_errstr(rc) );
-	    else if( (rc=update_keyblock( &kbpos, keyblock_orig )) )
+	    else if( (rc=update_keyblock( keyblock_orig )) )
 		log_error( _("error writing keyring `%s': %s\n"),
 			     keyblock_resource_name(&kbpos), gpg_errstr(rc) );
 	    unlock_keyblock( &kbpos );
@@ -603,7 +597,7 @@ import_secret_one( const char *fname, KBNODE keyblock )
 	if( (rc=lock_keyblock( &kbpos )) )
 	    log_error( _("can't lock keyring `%s': %s\n"),
 			 keyblock_resource_name(&kbpos), gpg_errstr(rc) );
-	else if( (rc=insert_keyblock( &kbpos, keyblock )) )
+	else if( (rc=insert_keyblock( keyblock )) )
 	    log_error( _("error writing keyring `%s': %s\n"),
 		      keyblock_resource_name(&kbpos), gpg_errstr(rc) );
 	unlock_keyblock( &kbpos );
@@ -659,18 +653,12 @@ import_revoke_cert( const char *fname, KBNODE node )
     }
 
     /* read the original keyblock */
-    rc = find_keyblock_bypk( &kbpos, pk );
+    rc = find_keyblock_bypk( &keyblock, pk );
     if( rc ) {
 	log_error( _("key %08lX: can't locate original keyblock: %s\n"),
 					(ulong)keyid[1], gpg_errstr(rc));
 	goto leave;
     }
-    rc = read_keyblock( &kbpos, &keyblock );
-    if( rc ) {
-	log_error( _("key %08lX: can't read original keyblock: %s\n"),
-					(ulong)keyid[1], gpg_errstr(rc));
-	goto leave;
-    }
 
 
     /* it is okay, that node is not in keyblock because
@@ -704,7 +692,7 @@ import_revoke_cert( const char *fname, KBNODE node )
     if( (rc=lock_keyblock( &kbpos )) )
 	log_error( _("can't lock keyring `%s': %s\n"),
 		   keyblock_resource_name(&kbpos), gpg_errstr(rc) );
-    else if( (rc=update_keyblock( &kbpos, keyblock )) )
+    else if( (rc=update_keyblock( keyblock )) )
 	log_error( _("error writing keyring `%s': %s\n"),
 		    keyblock_resource_name(&kbpos), gpg_errstr(rc) );
     unlock_keyblock( &kbpos );

g10/keydb.h

@@ -21,10 +21,6 @@
 #ifndef GPG_KEYDB_H
 #define GPG_KEYDB_H
 
-#ifdef HAVE_LIBGDBM
-  #include <gdbm.h>
-#endif
-
 #include "types.h"
 #include "basicdefs.h"
 #include "packet.h"
@@ -67,30 +63,16 @@ struct kbnode_struct {
 enum resource_type {
     rt_UNKNOWN = 0,
     rt_RING = 1,
-    rt_GDBM = 2,
+    rt_KBXF = 2
-    rt_KBXF = 3
 };
 
 
 /****************
- * A data structre to hold information about the external position
+ * A data structure to hold information about the external position
  * of a keyblock.
  */
-struct keyblock_pos_struct {
+struct keyblock_pos_struct;
-    int   resno;     /* resource number */
+typedef struct keyblock_pos_struct *KBPOS;
-    enum resource_type rt;
-    ulong offset;    /* position information */
-    unsigned count;  /* length of the keyblock in packets */
-    IOBUF  fp;	     /* used by enum_keyblocks */
-    int secret;      /* working on a secret keyring */
-  #ifdef HAVE_LIBGDBM
-    GDBM_FILE dbf;
-    byte keybuf[21];
-  #endif
-    PACKET *pkt;     /* ditto */
-    int valid;
-};
-typedef struct keyblock_pos_struct KBPOS;
 
 /* structure to hold a couple of public key certificates */
 struct pk_list {
@@ -106,18 +88,6 @@ struct sk_list {
     int mark;
 };
 
-/* structure to collect all information which can be used to
- * identify a public key */
-typedef struct pubkey_find_info *PUBKEY_FIND_INFO;
-struct pubkey_find_info {
-    u32  keyid[2];
-    unsigned nbits;
-    byte pubkey_algo;
-    byte fingerprint[MAX_FINGERPRINT_LEN];
-    char userid[1];
-};
-
-
 
 /*-- pkclist.c --*/
 int  check_signatures_trust( PKT_signature *sig );
@@ -159,11 +129,18 @@ int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
 						 size_t fprint_len );
 int get_keyblock_bylid( KBNODE *ret_keyblock, ulong lid );
 int seckey_available( u32 *keyid );
-int get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock );
+int get_seckey_byname( GETKEY_CTX *rx,
+                       PKT_secret_key *sk, const char *name, int unlock,
+                       KBNODE *retblock );
 int get_seckey_bynames( GETKEY_CTX *rx, PKT_secret_key *sk,
 			STRLIST names, KBNODE *ret_keyblock );
 int get_seckey_next( GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_keyblock );
 void get_seckey_end( GETKEY_CTX ctx );
+int find_keyblock_byname( KBNODE *retblock, const char *username );
+int find_secret_keyblock_byname( KBNODE *retblock, const char *username );
+int find_keyblock_bypk( KBNODE *retblock, PKT_public_key *pk );
+int find_keyblock_bysk( KBNODE *retblock, PKT_secret_key *sk );
+
 int enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys );
 void merge_keys_and_selfsig( KBNODE keyblock );
 void merge_public_with_secret ( KBNODE pubblock, KBNODE secblock );
@@ -187,6 +164,10 @@ const char *expirestr_from_pk( PKT_public_key *pk );
 const char *expirestr_from_sk( PKT_secret_key *sk );
 byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf, size_t *ret_len );
 byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
+char *unified_fingerprint_from_pk( PKT_public_key *pk,
+                                   char *buffer, size_t bufsize );
+char *unified_fingerprint_from_sk( PKT_secret_key *sk,
+                                   char *buffer, size_t bufsize );
 
 /*-- kbnode.c --*/
 KBNODE new_kbnode( PACKET *pkt );
@@ -208,25 +189,13 @@ void dump_kbnode( KBNODE node );
 /*-- ringedit.c --*/
 const char *enum_keyblock_resources( int *sequence, int secret );
 int add_keyblock_resource( const char *resname, int force, int secret );
-const char *keyblock_resource_name( KBPOS *kbpos );
+const char *keyblock_resource_name( KBPOS kbpos );
-int get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos );
+int get_keyblock_handle( const char *filename, int secret, KBPOS kbpos );
 char *get_writable_keyblock_file( int secret );
-int locate_keyblock_by_fpr( KBPOS *kbpos, const byte *fpr,
+int enum_keyblocks( int mode, KBPOS kbpos, KBNODE *ret_root );
-					    int fprlen, int secret );
+int insert_keyblock( KBNODE keyblock );
-int locate_keyblock_by_keyid( KBPOS *kbpos, u32 *keyid,
+int delete_keyblock( KBNODE keyblock );
-					    int shortkid, int secret );
+int update_keyblock( KBNODE keyblock );
-int find_keyblock( PUBKEY_FIND_INFO info, KBPOS *kbpos );
-int find_keyblock_byname( KBPOS *kbpos, const char *username );
-int find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk );
-int find_keyblock_bysk( KBPOS *kbpos, PKT_secret_key *sk );
-int find_secret_keyblock_byname( KBPOS *kbpos, const char *username );
-int lock_keyblock( KBPOS *kbpos );
-void unlock_keyblock( KBPOS *kbpos );
-int read_keyblock( KBPOS *kbpos, KBNODE *ret_root );
-int enum_keyblocks( int mode, KBPOS *kbpos, KBNODE *ret_root );
-int insert_keyblock( KBPOS *kbpos, KBNODE root );
-int delete_keyblock( KBPOS *kbpos );
-int update_keyblock( KBPOS *kbpos, KBNODE root );
 
 
 #endif /*GPG_KEYDB_H*/

g10/keyedit.c

@@ -89,18 +89,13 @@ get_keyblock_byname( KBNODE *keyblock, KBPOS *kbpos, const char *username )
 
     *keyblock = NULL;
     /* search the userid */
-    rc = find_keyblock_byname( kbpos, username );
+    rc = find_keyblock_byname( keyblock, username );
     if( rc ) {
-	log_error(_("%s: user not found\n"), username );
+	log_error(_("%s: user not found: %s\n"), username, gpg_errstr(rc) );
 	return rc;
     }
 
-    /* read the keyblock */
+    merge_keys_and_selfsig( *keyblock );
-    rc = read_keyblock( kbpos, keyblock );
-    if( rc )
-	log_error("%s: keyblock read problem: %s\n", username, gpg_errstr(rc));
-    else
-	merge_keys_and_selfsig( *keyblock );
 
     return rc;
 }
@@ -616,7 +611,6 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
     KBNODE keyblock = NULL;
     KBPOS keyblockpos;
     KBNODE sec_keyblock = NULL;
-    KBPOS sec_keyblockpos;
     KBNODE cur_keyblock;
     char *answer = NULL;
     int redisplay = 1;
@@ -640,14 +634,11 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
 
     if( !sign_mode ) {
 	/* first try to locate it as secret key */
-	rc = find_secret_keyblock_byname( &sec_keyblockpos, username );
+	rc = find_secret_keyblock_byname( &sec_keyblock, username );
-	if( !rc ) {
+        if( rc && rc != GPGERR_NO_SECKEY ) 
-	    rc = read_keyblock( &sec_keyblockpos, &sec_keyblock );
+            log_debug("%s: secret keyblock read problem: %s\n",
-	    if( rc ) {
-		log_error("%s: secret keyblock read problem: %s\n",
 						username, gpg_errstr(rc));
-		goto leave;
+	if( !rc ) {
-	    }
 	    merge_keys_and_selfsig( sec_keyblock );
 	    if( fix_keyblock( sec_keyblock ) )
 		sec_modified++;
@@ -966,14 +957,14 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
 	  do_cmd_save:
 	    if( modified || sec_modified  ) {
 		if( modified ) {
-		    rc = update_keyblock( &keyblockpos, keyblock );
+		    rc = update_keyblock( keyblock );
 		    if( rc ) {
 			log_error(_("update failed: %s\n"), gpg_errstr(rc) );
 			break;
 		    }
 		}
 		if( sec_modified ) {
-		    rc = update_keyblock( &sec_keyblockpos, sec_keyblock );
+		    rc = update_keyblock( sec_keyblock );
 		    if( rc ) {
 			log_error(_("update secret failed: %s\n"),
 							    gpg_errstr(rc) );

g10/keygen.c

@@ -1752,9 +1752,9 @@ do_generate_keypair( struct para_data_s *para,
 	    log_error("can't lock public keyring: %s\n", gpg_errstr(rc) );
 	else if( (rc=rc2=lock_keyblock( &sec_kbpos )) )
 	    log_error("can't lock secret keyring: %s\n", gpg_errstr(rc) );
-	else if( (rc=insert_keyblock( &pub_kbpos, pub_root )) )
+	else if( (rc=insert_keyblock( pub_root )) )
 	    log_error("can't write public key: %s\n", gpg_errstr(rc) );
-	else if( (rc=insert_keyblock( &sec_kbpos, sec_root )) )
+	else if( (rc=insert_keyblock( sec_root )) )
 	    log_error("can't write secret key: %s\n", gpg_errstr(rc) );
 	else {
 	    if( !opt.batch )

g10/keyid.c

@@ -436,6 +436,40 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len )
     return array;
 }
 
+
+/* Create a unified fingerprint, that is a printable fingerprint along
+ * wth some other information suitable to passto get_pubkye_byname.
+ * Pass NULL for buffer to let this function allocate the buffer.
+ * This function will truncate the buffer in a way that a valid C string
+ * is returnd (unless bufsize is 0)
+ * Returns: Supplied buffer or newly allocated buffer
+ */
+char *
+unified_fingerprint_from_pk( PKT_public_key *pk,
+                             char *buffer, size_t bufsize )
+{
+    byte fpr[MAX_FINGERPRINT_LEN];
+    size_t fprlen;
+    int i;
+
+    fingerprint_from_pk( pk, fpr, &fprlen );
+    if ( !buffer ) {
+        bufsize = 1+fprlen*2+1+4+1+1;
+        buffer = gcry_xmalloc( bufsize );
+    }
+    if ( bufsize < 1+fprlen*2+1+4+1+1 ) {
+        /* Hmmm, that should be sufficiend also not very nice */
+        if ( bufsize )
+            *buffer = 0;
+        return buffer;
+    }
+    *buffer = ':';
+    for (i=0; i < fprlen; i++ )
+        sprintf( buffer+1+i*2, "%02X", fpr[i] );
+    sprintf( buffer+1+i*2, ":%d:", (pk->pubkey_algo & 0xff) );
+    return buffer;
+}
+
 byte *
 fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len )
 {
@@ -495,5 +529,36 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len )
     return array;
 }
 
+char *
+unified_fingerprint_from_sk( PKT_secret_key *sk,
+                             char *buffer, size_t bufsize )
+{
+    byte fpr[MAX_FINGERPRINT_LEN];
+    size_t fprlen;
+    int i;
+
+    fingerprint_from_sk( sk, fpr, &fprlen );
+    if ( !buffer ) {
+        bufsize = 1+fprlen*2+1+4+1+1;
+        buffer = gcry_xmalloc( bufsize );
+    }
+    if ( bufsize < 1+fprlen*2+1+4+1+1 ) {
+        /* Hmmm, that should be sufficiend also not very nice */
+        if ( bufsize )
+            *buffer = 0;
+        return buffer;
+    }
+    *buffer = ':';
+    for (i=0; i < fprlen; i++ )
+        sprintf( buffer+1+i*2, "%02X", fpr[i] );
+    sprintf( buffer+1+i*2, ":%d:", (sk->pubkey_algo & 0xff) );
+    return buffer;
+}
+
+
+
+
+
+
 
 

g10/mainproc.c

@@ -953,7 +953,7 @@ do_proc_packets( CTX c, IOBUF a )
 
     c->iobuf = a;
     init_packet(pkt);
-    while( (rc=parse_packet(a, pkt)) != -1 ) {
+    while( (rc=parse_packet(a, pkt, NULL)) != -1 ) {
 	any_data = 1;
 	if( rc ) {
 	    free_packet(pkt);

g10/packet.h

@@ -293,18 +293,19 @@ int set_packet_list_mode( int mode );
 
 #if DEBUG_PARSE_PACKET
 int dbg_search_packet( IOBUF inp, PACKET *pkt, int pkttype, ulong *retpos, const char* file, int lineno  );
-int dbg_parse_packet( IOBUF inp, PACKET *ret_pkt, const char* file, int lineno );
+int dbg_parse_packet( IOBUF inp, PACKET *ret_pkt, ulong *pos,
+                      const char* file, int lineno );
 int dbg_copy_all_packets( IOBUF inp, IOBUF out, const char* file, int lineno  );
 int dbg_copy_some_packets( IOBUF inp, IOBUF out, ulong stopoff, const char* file, int lineno  );
 int dbg_skip_some_packets( IOBUF inp, unsigned n, const char* file, int lineno	);
 #define search_packet( a,b,c,d )   dbg_search_packet( (a), (b), (c), (d), __FILE__, __LINE__ )
-#define parse_packet( a, b )	   dbg_parse_packet( (a), (b), __FILE__, __LINE__ )
+#define parse_packet( a, b, c )	   dbg_parse_packet( (a), (b), (c), __FILE__, __LINE__ )
 #define copy_all_packets( a,b )    dbg_copy_all_packets((a),(b), __FILE__, __LINE__ )
 #define copy_some_packets( a,b,c ) dbg_copy_some_packets((a),(b),(c), __FILE__, __LINE__ )
 #define skip_some_packets( a,b )   dbg_skip_some_packets((a),(b), __FILE__, __LINE__ )
 #else
 int search_packet( IOBUF inp, PACKET *pkt, int pkttype, ulong *retpos );
-int parse_packet( IOBUF inp, PACKET *ret_pkt);
+int parse_packet( IOBUF inp, PACKET *ret_pkt, ulong *retpos);
 int copy_all_packets( IOBUF inp, IOBUF out );
 int copy_some_packets( IOBUF inp, IOBUF out, ulong stopoff );
 int skip_some_packets( IOBUF inp, unsigned n );

g10/parse-packet.c

@@ -127,23 +127,25 @@ unknown_pubkey_warning( int algo )
  */
 #ifdef DEBUG_PARSE_PACKET
 int
-dbg_parse_packet( IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l )
+dbg_parse_packet( IOBUF inp, PACKET *pkt, ulong *retpos,
+                  const char *dbg_f, int dbg_l )
 {
     int skip, rc;
 
     do {
-	rc = parse( inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l );
+	rc = parse( inp, pkt, 0, retpos,
+                    &skip, NULL, 0, "parse", dbg_f, dbg_l );
     } while( skip );
     return rc;
 }
 #else
 int
-parse_packet( IOBUF inp, PACKET *pkt )
+parse_packet( IOBUF inp, PACKET *pkt, ulong *retpos )
 {
     int skip, rc;
 
     do {
-	rc = parse( inp, pkt, 0, NULL, &skip, NULL, 0 );
+	rc = parse( inp, pkt, 0, retpos, &skip, NULL, 0 );
     } while( skip );
     return rc;
 }

g10/pkclist.c

@@ -779,7 +779,7 @@ default_recipient(void)
     if( !opt.def_recipient_self )
 	return NULL;
     sk = gcry_xcalloc( 1, sizeof *sk );
-    i = get_seckey_byname( sk, NULL, 0 );
+    i = get_seckey_byname( NULL, sk, NULL, 0, NULL );
     if( i ) {
 	free_secret_key( sk );
 	return NULL;

g10/revoke.c

@@ -87,7 +87,6 @@ gen_revoke( const char *uname )
     IOBUF out = NULL;
     KBNODE keyblock = NULL;
     KBNODE node;
-    KBPOS kbpos;
     struct revocation_reason_info *reason = NULL;
 
     if( opt.batch ) {
@@ -102,16 +101,10 @@ gen_revoke( const char *uname )
 
 
     /* search the userid */
-    rc = find_secret_keyblock_byname( &kbpos, uname );
+    rc = find_secret_keyblock_byname( &keyblock, uname );
     if( rc ) {
-	log_error(_("secret key for user `%s' not found\n"), uname );
+	log_error(_("secret key for user `%s' not found: %s\n"),
-	goto leave;
+                  uname, gpg_errstr(rc) );
-    }
-
-    /* read the keyblock */
-    rc = read_keyblock( &kbpos, &keyblock );
-    if( rc ) {
-	log_error(_("error reading the certificate: %s\n"), gpg_errstr(rc) );
 	goto leave;
     }
 

g10/skclist.c

@@ -60,7 +60,7 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
 
 	sk = gcry_xcalloc( 1, sizeof *sk );
 	sk->req_usage = use;
-	if( (rc = get_seckey_byname( sk, NULL, unlock )) ) {
+	if( (rc = get_seckey_byname( NULL, sk, NULL, unlock, NULL )) ) {
 	    free_secret_key( sk ); sk = NULL;
 	    log_error("no default secret key: %s\n", gpg_errstr(rc) );
 	}
@@ -93,7 +93,7 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
 
 	    sk = gcry_xcalloc( 1, sizeof *sk );
 	    sk->req_usage = use;
-	    if( (rc = get_seckey_byname( sk, locusr->d, unlock )) ) {
+	    if( (rc = get_seckey_byname( NULL, sk, locusr->d, unlock, NULL))) {
 		free_secret_key( sk ); sk = NULL;
 		log_error(_("skipped `%s': %s\n"), locusr->d, gpg_errstr(rc) );
 	    }