agent: Add "ephemeral" Assuan option.

* agent/agent.h (struct ephemeral_private_key_s): New. (struct server_control_s): Add ephemeral_mode and ephemeral_keys. (GENKEY_FLAG_NO_PROTECTION, GENKEY_FLAG_PRESET): New. * agent/genkey.c (clear_ephemeral_keys): New. (store_key): Add arg ctrl and implement ephemeral_mode. Change all callers. (agent_genkey): Replace args no_protection and preset by a generic new flags arg. * agent/findkey.c (wipe_and_fclose): New. (agent_write_private_key): Add arg ctrl and implement ephemeral_mode. Change all callers. (agent_update_private_key): Ditto (read_key_file): Ditto. (agent_key_available): Ditto. * agent/command-ssh.c (card_key_available): Do not update display s/n in ephemeral mode. This is however enver triggred. * agent/gpg-agent.c (agent_deinit_default_ctrl): Cleanup ephemeral keys. * agent/command.c (cmd_genkey): Use the new flags instead of separate vars. (cmd_readkey): Create a shadow key only in non-ephemeral_mode. (cmd_getinfo): Add sub-command "ephemeral". (option_handler): Add option "ephemeral". -- The idea here that a session can be switched in an ephemeral mode which does not store or read keys from disk but keeps them local to the session. GnuPG-bug-id: 6944
2025-07-03 22:56:33 +02:00 · 2024-01-22 13:22:44 +01:00 · 2024-01-22 13:22:44 +01:00 · 434a641d40
commit 434a641d40
parent 18320d692c
11 changed files with 496 additions and 206 deletions
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@ -969,7 +969,7 @@ convert_from_openpgp_main (ctrl_t ctrl, gcry_sexp_t s_pgp, int dontcare_exist,
  if (err)
    goto leave;

-  if (!dontcare_exist && !from_native && !agent_key_available (grip))
+  if (!dontcare_exist && !from_native && !agent_key_available (ctrl, grip))
    {
      err = gpg_error (GPG_ERR_EEXIST);
      goto leave;
@ -1147,14 +1147,16 @@ convert_from_openpgp_native (ctrl_t ctrl,
          if (!agent_protect (*r_key, passphrase,
                              &protectedkey, &protectedkeylen,
                              ctrl->s2k_count))
-            agent_write_private_key (grip, protectedkey, protectedkeylen, 1,
-                                     NULL, NULL, NULL, 0);
+            agent_write_private_key (ctrl, grip,
+                                     protectedkey,
+                                     protectedkeylen,
+                                     1, NULL, NULL, NULL, 0);
          xfree (protectedkey);
        }
      else
        {
          /* Empty passphrase: write key without protection.  */
-          agent_write_private_key (grip,
+          agent_write_private_key (ctrl, grip,
                                   *r_key,
                                   gcry_sexp_canon_len (*r_key, 0, NULL,NULL),
                                   1, NULL, NULL, NULL, 0);