security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

gpg: Improve usability of --quick-gen-key.

Browse Source 
* g10/keygen.c (FUTURE_STD_): New constants.
(parse_expire_string): Handle special keywords.
(parse_algo_usage_expire): Allow "future-default".  Simplify call to
parse_expire_string.
(quick_generate_keypair): Always allow an expiration date.  Replace
former "test-default" by "future-default".
--

Using an expiration date is pretty common, thus we now allow the
creation of a standard key with expiration date.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-09-13 11:30:54 +02:00
parent 9da780e5c4
commit 30a011cfd6
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 81 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
doc/gpg.texi
View File

@ -615,12 +615,14 @@ answer to a ``Continue?'' style confirmation prompt is required. In
case the user id already exists in the key ring a second prompt to case the user id already exists in the key ring a second prompt to
force the creation of the key will show up. force the creation of the key will show up.
If any of the optional arguments are given, only the primary key is If @code{algo} or @code{usage} are given, only the primary key is
created and no prompts are shown. For a description of these optional created and no prompts are shown. To specify an expiration date but
arguments see the command @code{--quick-addkey}. The @code{usage} still create a primary and subkey use ``default'' or
accepts also the value ``cert'' which can be used to create a ``future-default'' for @code{algo} and ``default'' for @code{usage}.
certification only primary key; the default is to a create For a description of these optional arguments see the command
certification and signing key. @code{--quick-addkey}. The @code{usage} accepts also the value
``cert'' which can be used to create a certification only primary key;
the default is to a create certification and signing key.
If this command is used with @option{--batch}, If this command is used with @option{--batch},
@option{--pinentry-mode} has been set to @code{loopback}, and one of @option{--pinentry-mode} has been set to @code{loopback}, and one of
@ -637,13 +639,15 @@ Directly add a subkey to the key identified by the fingerprint
added. If any of the arguments are given a more specific subkey is added. If any of the arguments are given a more specific subkey is
added. added.
@code{algo} may be any of the supported algorithms or curve names given @code{algo} may be any of the supported algorithms or curve names
in the format as used by key listings. To use the default algorithm given in the format as used by key listings. To use the default
the string ``default'' or ``-'' can be used. Supported algorithms are algorithm the string ``default'' or ``-'' can be used. Supported
``rsa'', ``dsa'', ``elg'', ``ed25519'', ``cv25519'', and other ECC algorithms are ``rsa'', ``dsa'', ``elg'', ``ed25519'', ``cv25519'',
curves. For example the string ``rsa'' adds an RSA key with the and other ECC curves. For example the string ``rsa'' adds an RSA key
default key length; a string ``rsa4096'' requests that the key length with the default key length; a string ``rsa4096'' requests that the
is 4096 bits. key length is 4096 bits. The string ``future-default'' is an alias
for the algorithm which will likely be used as default algorithm in
future versions of gpg.
Depending on the given @code{algo} the subkey may either be an Depending on the given @code{algo} the subkey may either be an
encryption subkey or a signing subkey. If an algorithm is capable of encryption subkey or a signing subkey. If an algorithm is capable of

2
g10/keyedit.c
View File

@ -3304,7 +3304,7 @@ keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr,
goto leave; goto leave;
} }
/* Create the subkey. Noet that the called function already prints /* Create the subkey. Note that the called function already prints
* an error message. */ * an error message. */
if (!generate_subkeypair (ctrl, keyblock, algostr, usagestr, expirestr)) if (!generate_subkeypair (ctrl, keyblock, algostr, usagestr, expirestr))
modified = 1; modified = 1;

86
g10/keygen.c
View File

@ -58,6 +58,15 @@
#define DEFAULT_STD_SUBKEYUSE PUBKEY_USAGE_ENC #define DEFAULT_STD_SUBKEYUSE PUBKEY_USAGE_ENC
#define DEFAULT_STD_SUBCURVE NULL #define DEFAULT_STD_SUBCURVE NULL
#define FUTURE_STD_ALGO PUBKEY_ALGO_EDDSA
#define FUTURE_STD_KEYSIZE 0
#define FUTURE_STD_KEYUSE (PUBKEY_USAGE_CERT|PUBKEY_USAGE_SIG)
#define FUTURE_STD_CURVE "Ed25519"
#define FUTURE_STD_SUBALGO PUBKEY_ALGO_ECDH
#define FUTURE_STD_SUBKEYSIZE 0
#define FUTURE_STD_SUBKEYUSE PUBKEY_USAGE_ENC
#define FUTURE_STD_SUBCURVE "Curve25519"
/* Flag bits used during key generation. */ /* Flag bits used during key generation. */
#define KEYGEN_FLAG_NO_PROTECTION 1 #define KEYGEN_FLAG_NO_PROTECTION 1
#define KEYGEN_FLAG_TRANSIENT_KEY 2 #define KEYGEN_FLAG_TRANSIENT_KEY 2
@ -2330,7 +2339,8 @@ parse_expire_string( const char *string )
u32 curtime = make_timestamp (); u32 curtime = make_timestamp ();
time_t tt; time_t tt;
if (!*string) if (!string || !*string || !strcmp (string, "none")
|| !strcmp (string, "never") || !strcmp (string, "-"))
seconds = 0; seconds = 0;
else if (!strncmp (string, "seconds=", 8)) else if (!strncmp (string, "seconds=", 8))
seconds = atoi (string+8); seconds = atoi (string+8);
@ -2347,7 +2357,7 @@ parse_expire_string( const char *string )
return seconds; return seconds;
} }
/* Parsean Creation-Date string which is either "1986-04-26" or /* Parse a Creation-Date string which is either "1986-04-26" or
"19860426T042640". Returns 0 on error. */ "19860426T042640". Returns 0 on error. */
static u32 static u32
parse_creation_string (const char *string) parse_creation_string (const char *string)
@ -3612,12 +3622,49 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
} }
if (!strcmp (algostr, "test-default")) if ((!*algostr || !strcmp (algostr, "default")
|| !strcmp (algostr, "future-default"))
&& (!*usagestr || !strcmp (usagestr, "default")
|| !strcmp (usagestr, "-")))
{ {
para = quickgen_set_para (para, 0, PUBKEY_ALGO_EDDSA, 0, "Ed25519", 0); if (!strcmp (algostr, "future-default"))
para = quickgen_set_para (para, 1, PUBKEY_ALGO_ECDH, 0, "Curve25519", 0); {
para = quickgen_set_para (para, 0,
FUTURE_STD_ALGO, FUTURE_STD_KEYSIZE,
FUTURE_STD_CURVE, 0);
para = quickgen_set_para (para, 1,
FUTURE_STD_SUBALGO, FUTURE_STD_SUBKEYSIZE,
FUTURE_STD_SUBCURVE, 0);
}
else
{
para = quickgen_set_para (para, 0,
DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
DEFAULT_STD_CURVE, 0);
para = quickgen_set_para (para, 1,
DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
DEFAULT_STD_SUBCURVE, 0);
}
if (*expirestr)
{
u32 expire;
expire = parse_expire_string (expirestr);
if (expire == (u32)-1 )
{
err = gpg_error (GPG_ERR_INV_VALUE);
log_error (_("Key generation failed: %s\n"), gpg_strerror (err));
goto leave;
}
r = xmalloc_clear (sizeof *r + 20);
r->key = pKEYEXPIRE;
r->u.expire = expire;
r->next = para;
para = r;
}
} }
else if (*algostr || *usagestr || *expirestr) else
{ {
/* Extended unattended mode. Creates only the primary key. */ /* Extended unattended mode. Creates only the primary key. */
int algo; int algo;
@ -3641,15 +3688,6 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
r->next = para; r->next = para;
para = r; para = r;
} }
else
{
para = quickgen_set_para (para, 0,
DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
DEFAULT_STD_CURVE, 0);
para = quickgen_set_para (para, 1,
DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
DEFAULT_STD_SUBCURVE, 0);
}
/* If the pinentry loopback mode is not and we have a static /* If the pinentry loopback mode is not and we have a static
passphrase (i.e. set with --passphrase{,-fd,-file} while in batch passphrase (i.e. set with --passphrase{,-fd,-file} while in batch
@ -4416,9 +4454,15 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
if (!algostr || !*algostr if (!algostr || !*algostr
|| !strcmp (algostr, "default") || !strcmp (algostr, "-")) || !strcmp (algostr, "default") || !strcmp (algostr, "-"))
{ {
algo = for_subkey? DEFAULT_STD_SUBALGO : DEFAULT_STD_ALGO; algo = for_subkey? DEFAULT_STD_SUBALGO : DEFAULT_STD_ALGO;
use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE; use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE;
nbits = for_subkey?DEFAULT_STD_SUBKEYSIZE : DEFAULT_STD_KEYSIZE; nbits = for_subkey? DEFAULT_STD_SUBKEYSIZE : DEFAULT_STD_KEYSIZE;
}
else if (!strcmp (algostr, "future-default"))
{
algo = for_subkey? FUTURE_STD_SUBALGO : FUTURE_STD_ALGO;
use = for_subkey? FUTURE_STD_SUBKEYUSE : FUTURE_STD_KEYUSE;
nbits = for_subkey? FUTURE_STD_SUBKEYSIZE : FUTURE_STD_KEYSIZE;
} }
else if (*algostr == '&' && strlen (algostr) == 41) else if (*algostr == '&' && strlen (algostr) == 41)
{ {
@ -4490,11 +4534,7 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
return gpg_error (GPG_ERR_WRONG_KEY_USAGE); return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
/* Parse the expire string. */ /* Parse the expire string. */
if (!expirestr || !*expirestr || !strcmp (expirestr, "none") expire = parse_expire_string (expirestr);
|| !strcmp (expirestr, "never") || !strcmp (expirestr, "-"))
expire = 0;
else
expire = parse_expire_string (expirestr);
if (expire == (u32)-1 ) if (expire == (u32)-1 )
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);