agent: New option --enable-extended-key-format.

* agent/gpg-agent.c (oEnableExtendedKeyFormat): New const. (opts): New option --enable-extended-key-format. (parse_rereadable_options): Set option * agent/findkey.c (write_extended_private_key): Add arg 'update'. (agent_write_private_key): Implement new option. Signed-off-by: Werner Koch <wk@gnupg.org>
2024-06-19 00:52:46 +02:00 · 2017-03-24 10:30:17 +01:00 · 2017-03-24 10:30:17 +01:00 · 2c237c1362
commit 2c237c1362
parent 6fab7bba87
4 changed files with 52 additions and 11 deletions
--- a/agent/agent.h
+++ b/agent/agent.h
@ -124,6 +124,9 @@ struct
     passphrase change.  */
  int enable_passphrase_history;
  /* If set the extended key format is used for new keys.  */
  int enable_extended_key_format;
  int running_detached; /* We are running detached from the tty. */
  /* If this global option is true, the passphrase cache is ignored
--- a/agent/findkey.c
+++ b/agent/findkey.c
@ -52,23 +52,38 @@ struct try_unprotect_arg_s
 };
 /* Note: Ownership of FNAME and FP are moved to this function.  */
 static gpg_error_t
-write_extended_private_key (char *fname, estream_t fp,
+write_extended_private_key (char *fname, estream_t fp, int update,
                            const void *buf, size_t len)
 {
  gpg_error_t err;
  nvc_t pk = NULL;
  gcry_sexp_t key = NULL;
  int remove = 0;
  int line;
-  err = nvc_parse_private_key (&pk, &line, fp);
+  if (update)
  if (err)
    {
-      log_error ("error parsing '%s' line %d: %s\n",
+      int line;
-                 fname, line, gpg_strerror (err));
+
-      goto leave;
+      err = nvc_parse_private_key (&pk, &line, fp);
      if (err && gpg_err_code (err) != GPG_ERR_ENOENT)
        {
          log_error ("error parsing '%s' line %d: %s\n",
                     fname, line, gpg_strerror (err));
          goto leave;
        }
    }
  else
    {
      pk = nvc_new_private_key ();
      if (!pk)
        {
          err = gpg_error_from_syserror ();
          goto leave;
        }
    }
  es_clearerr (fp);
  err = gcry_sexp_sscan (&key, NULL, buf, len);
  if (err)
@ -111,8 +126,7 @@ write_extended_private_key (char *fname, estream_t fp,
  bump_key_eventcounter ();
 leave:
-  if (fp)
+  es_fclose (fp);
    es_fclose (fp);
  if (remove)
    gnupg_remove (fname);
  xfree (fname);
@ -193,11 +207,19 @@ agent_write_private_key (const unsigned char *grip,
      if (first != '(')
        {
-          /* Key is in extended format.  */
+          /* Key is already in the extended format.  */
-          return write_extended_private_key (fname, fp, buffer, length);
+          return write_extended_private_key (fname, fp, 1, buffer, length);
        }
      if (first == '(' && opt.enable_extended_key_format)
        {
          /* Key is in the old format - but we want the extended format.  */
          return write_extended_private_key (fname, fp, 0, buffer, length);
        }
    }
  if (opt.enable_extended_key_format)
    return write_extended_private_key (fname, fp, 0, buffer, length);
  if (es_fwrite (buffer, length, 1, fp) != 1)
    {
      gpg_error_t tmperr = gpg_error_from_syserror ();
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@ -111,6 +111,7 @@ enum cmd_and_opt_values
  oCheckPassphrasePattern,
  oMaxPassphraseDays,
  oEnablePassphraseHistory,
  oEnableExtendedKeyFormat,
  oUseStandardSocket,
  oNoUseStandardSocket,
  oExtraSocket,
@ -238,6 +239,7 @@ static ARGPARSE_OPTS opts[] = {
                /* */           "@"
 #endif
                ),
  ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
  /* Dummy options for backward compatibility.  */
  ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
@ -790,6 +792,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
      opt.check_passphrase_pattern = NULL;
      opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
      opt.enable_passphrase_history = 0;
      opt.enable_extended_key_format = 0;
      opt.ignore_cache_for_signing = 0;
      opt.allow_mark_trusted = 1;
      opt.allow_external_cache = 1;
@ -859,6 +862,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
      opt.enable_passphrase_history = 1;
      break;
    case oEnableExtendedKeyFormat:
      opt.enable_extended_key_format = 1;
      break;
    case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
    case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@ -571,6 +571,15 @@ local gpg-agent and use its private keys.  This enables decrypting or
 signing data on a remote machine without exposing the private keys to the
 remote machine.
@anchor{option --enable-extended-key-format}
@item --enable-extended-key-format
@opindex enable-extended-key-format
 This option creates keys in the extended private key format.  Changing
 the passphrase of a key will also convert the key to that new format.
 Using this option makes the private keys unreadable for gpg-agent
 versions before 2.1.12.  The advantage of the extended private key
 format is that it is text based and can carry additional meta data.
@anchor{option --enable-ssh-support}
@item --enable-ssh-support