gpgsm: Allow unattended PKCS#12 export without passphrase.

* sm/gpgsm.c (oNoProtection): New. (opts): Add "--no-protection". (main): PArse it. * sm/gpgsm.h (struct server_control_s): Add field no_protection. * sm/server.c (option_handler): Add option "no-protection". (reset_notify): Clear option. * sm/export.c (export_p12): Use empty passphrase if option is set.
2025-02-01 16:33:02 +01:00 · 2025-01-29 18:06:15 +01:00 · 2025-01-29 18:06:15 +01:00 · 159e801043
commit 159e801043
parent 89055f24f4
5 changed files with 48 additions and 15 deletions
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@ -271,7 +271,8 @@ Export the private key and the certificate identified by @var{key-id}
 using the PKCS#12 format.  When used with the @code{--armor} option a few
 informational lines are prepended to the output.  Note, that the PKCS#12
 format is not very secure and proper transport security should be used
-to convey the exported key.  (@xref{option --p12-charset}.)
+to convey the exported key.  The option @code{--no-protection} can be
+used to export without passphrase protection.  (@xref{option --p12-charset}.)

@item --export-secret-key-p8 @var{key-id}
@itemx --export-secret-key-raw @var{key-id}
@ -887,6 +888,13 @@ are:
  Pinentry the user is not prompted again if he enters a bad password.
@end table

+@item --no-protection
+@opindex no-protection
+When exporting a private key in the PKCS#12 format do not use a
+passphrase to protect the key.  Please use this option only along with
+a PKCS#12 export becuase it may eventually also have an effect for
+other commands.
+
@item --request-origin @var{origin}
@opindex request-origin
 Tell gpgsm to assume that the operation ultimately originated at
@ -1784,6 +1792,11 @@ encrypt operation.  Note that this option is ignored if
@item input-size-hint
 This is the same as the @option{--input-size-hint} command line option.

+@item no-protection
+If @var{value} is true exported keys are not protected by a
+passphrase.  This can be reset with a value of 0 or a RESET command.
+This is the same as the command line option @option{--no-protection}.
+
@end table

@mansect see also
--- a/sm/export.c
+++ b/sm/export.c
@ -316,10 +316,11 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)


 /* Export a certificate and its private key.  RAWMODE controls the
-   actual output:
-       0 - Private key and certificate in PKCS#12 format
-       1 - Only unencrypted private key in PKCS#8 format
-       2 - Only unencrypted private key in PKCS#1 format
+ * actual output:
+ *     0 - Private key and certificate in PKCS#12 format
+ *         (With --no-protection no PKSC#12 passphrase is used)
+ *     1 - Only unencrypted private key in PKCS#8 format
+ *     2 - Only unencrypted private key in PKCS#1 format
 */
 void
 gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
@ -714,12 +715,15 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,

  if (rawmode)
    {
-      /* Export in raw mode, that is only the pkcs#1/#8 private key. */
+      /* Export in raw mode, that is only the pkcs#1/#8 unprotected
+       * private key. */
      result = p12_raw_build (kparms, rawmode, &resultlen);
      if (!result)
        err = gpg_error (GPG_ERR_GENERAL);
    }
  else
+    {
+      if (!ctrl->no_protection)
        {
          err = gpgsm_agent_ask_passphrase
            (ctrl,
@ -728,8 +732,10 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
             1, &passphrase);
          if (err)
            goto leave;
+        }

-      result = p12_build (kparms, certimg, certimglen, passphrase,
+      result = p12_build (kparms, certimg, certimglen,
+                          ctrl->no_protection? "" : passphrase,
                          opt.p12_charset, &resultlen);
      xfree (passphrase);
      passphrase = NULL;
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -135,6 +135,7 @@ enum cmd_and_opt_values {

  oPassphraseFD,
  oPinentryMode,
+  oNoProtection,
  oRequestOrigin,

  oAssumeArmor,
@ -436,6 +437,7 @@ static gpgrt_opt_t opts[] = {
  ARGPARSE_s_n (oDisableFdTranslation, "disable-fd-translation", "@"),
  ARGPARSE_s_i (oPassphraseFD,    "passphrase-fd", "@"),
  ARGPARSE_s_s (oPinentryMode,    "pinentry-mode", "@"),
+  ARGPARSE_s_n (oNoProtection,    "no-protection", "@"),


  ARGPARSE_header (NULL, N_("Other options")),
@ -1178,6 +1180,10 @@ main ( int argc, char **argv)
            log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str);
 	  break;

+        case oNoProtection:
+          ctrl.no_protection = 1;
+          break;
+
        case oRequestOrigin:
          opt.request_origin = parse_request_origin (pargs.r.ret_str);
          if (opt.request_origin == -1)
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -284,6 +284,8 @@ struct server_control_s
   * progress info and to decide on how to allocate buffers.  */
  uint64_t input_size_hint;

+  int no_protection;  /* No passphrase for PKCS#12 export.  */
+
  int create_base64;  /* Create base64 encoded output */
  int create_pem;     /* create PEM output */
  const char *pem_name; /* PEM name to use */
--- a/sm/server.c
+++ b/sm/server.c
@ -318,6 +318,11 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
    {
      ctrl->input_size_hint = string_to_u64 (value);
    }
+  else if (!strcmp (key, "no-protection"))
+    {
+      int i = *value? atoi (value) : 0;
+      ctrl->no_protection = !!i;
+    }
  else
    err = gpg_error (GPG_ERR_UNKNOWN_OPTION);

@ -338,6 +343,7 @@ reset_notify (assuan_context_t ctx, char *line)
  ctrl->server_local->recplist = NULL;
  ctrl->server_local->signerlist = NULL;
  ctrl->always_trust = 0;
+  ctrl->no_protection = 0;
  close_message_fp (ctrl);
  assuan_close_input_fd (ctx);
  assuan_close_output_fd (ctx);