security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpgsm: Allow unattended PKCS#12 export without passphrase.

Browse source 
* sm/gpgsm.c (oNoProtection): New.
(opts): Add "--no-protection".
(main): PArse it.
* sm/gpgsm.h (struct server_control_s): Add field no_protection.
* sm/server.c (option_handler): Add option "no-protection".
(reset_notify): Clear option.
* sm/export.c (export_p12): Use empty passphrase if option is set.
This commit is contained in:
Werner Koch 2025-01-29 18:06:15 +01:00
parent 89055f24f4
commit 159e801043
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 48 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

34
sm/export.c
View file

@ -316,11 +316,12 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
/* Export a certificate and its private key. RAWMODE controls the
actual output:
0 - Private key and certificate in PKCS#12 format
1 - Only unencrypted private key in PKCS#8 format
2 - Only unencrypted private key in PKCS#1 format
*/
* actual output:
* 0 - Private key and certificate in PKCS#12 format
* (With --no-protection no PKSC#12 passphrase is used)
* 1 - Only unencrypted private key in PKCS#8 format
* 2 - Only unencrypted private key in PKCS#1 format
*/
void
gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
{
@ -714,22 +715,27 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
if (rawmode)
{
/* Export in raw mode, that is only the pkcs#1/#8 private key. */
/* Export in raw mode, that is only the pkcs#1/#8 unprotected
* private key. */
result = p12_raw_build (kparms, rawmode, &resultlen);
if (!result)
err = gpg_error (GPG_ERR_GENERAL);
}
else
{
err = gpgsm_agent_ask_passphrase
(ctrl,
i18n_utf8 (N_("Please enter the passphrase to protect the "
"new PKCS#12 object.")),
1, &passphrase);
if (err)
goto leave;
if (!ctrl->no_protection)
{
err = gpgsm_agent_ask_passphrase
(ctrl,
i18n_utf8 (N_("Please enter the passphrase to protect the "
"new PKCS#12 object.")),
1, &passphrase);
if (err)
goto leave;
}
result = p12_build (kparms, certimg, certimglen, passphrase,
result = p12_build (kparms, certimg, certimglen,
ctrl->no_protection? "" : passphrase,
opt.p12_charset, &resultlen);
xfree (passphrase);
passphrase = NULL;