From 45ae027ce404be5ef3f89384856cf823f859e37d Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 21 Mar 2023 16:30:18 +0100 Subject: [PATCH] gpg: New command --quick-add-adsk * g10/gpg.c (enum cmd_and_opt_values): Add aQuickAddADSK. (opts): Add --quick-add-adsk. (main): Call the actual function. * g10/keyedit.c (keyedit_quick_addadsk): New. (menu_addadsk): Add arg adskfpr and change caller. -- GnuPG-bug-id: 6395 (cherry picked from commit 9f27e448bf1f825906f3c53e3428087d34bbd8fc) --- doc/gpg.texi | 9 +++++++ g10/gpg.c | 15 ++++++++++++ g10/keyedit.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++- g10/keyedit.h | 1 + 4 files changed, 89 insertions(+), 1 deletion(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index c3b17fd51..572dbbbee 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -765,6 +765,15 @@ specifying a value, or using ``-'' results in a key expiring in a reasonable default interval. The values ``never'', ``none'' can be used for no expiration date. +@item --quick-add-adsk @var{fpr} @var{adskfpr} +@opindex quick-add-adsk +Directly add an Additional Decryption Subkey to the key identified by +the fingerprint @var{fpr}. @var{adskfpr} is the fingerprint of +another key's encryption subkey. A subkey is commonly used here +because by default a primary key has no encryption capability. Use +the option @option{--with-subkey-fingerprint} with a list command to +display the subkey fingerprints. + @item --generate-key @opindex generate-key @itemx --gen-key diff --git a/g10/gpg.c b/g10/gpg.c index 0264d8bc3..16b54b0f6 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -128,6 +128,7 @@ enum cmd_and_opt_values aQuickRevSig, aQuickAddUid, aQuickAddKey, + aQuickAddADSK, aQuickRevUid, aQuickSetExpire, aQuickSetPrimaryUid, @@ -481,6 +482,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aQuickAddUid, "quick-adduid", "@"), ARGPARSE_c (aQuickAddKey, "quick-add-key", "@"), ARGPARSE_c (aQuickAddKey, "quick-addkey", "@"), + ARGPARSE_c (aQuickAddADSK, "quick-add-adsk", "@"), ARGPARSE_c (aQuickRevUid, "quick-revoke-uid", N_("quickly revoke a user-id")), ARGPARSE_c (aQuickRevUid, "quick-revuid", "@"), @@ -2641,6 +2643,7 @@ main (int argc, char **argv) case aQuickKeygen: case aQuickAddUid: case aQuickAddKey: + case aQuickAddADSK: case aQuickRevUid: case aQuickSetExpire: case aQuickSetPrimaryUid: @@ -4224,6 +4227,7 @@ main (int argc, char **argv) case aQuickKeygen: case aQuickAddUid: case aQuickAddKey: + case aQuickAddADSK: case aQuickRevUid: case aQuickSetPrimaryUid: case aQuickUpdatePref: @@ -4691,6 +4695,17 @@ main (int argc, char **argv) } break; + case aQuickAddADSK: + { + if (argc != 2) + wrong_args ("--quick-add-adsk FINGERPRINT ADSK-FINGERPRINT"); + if (mopt.forbid_gen_key) + gen_key_forbidden (); + else + keyedit_quick_addadsk (ctrl, argv[0], argv[1]); + } + break; + case aQuickRevUid: { const char *uid, *uidtorev; diff --git a/g10/keyedit.c b/g10/keyedit.c index 2b0e378ba..7a575b44b 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1306,7 +1306,7 @@ static struct { "addrevoker", cmdADDREVOKER, KEYEDIT_NEED_SK, N_("add a revocation key")}, { "addadsk", cmdADDADSK, KEYEDIT_NEED_SK, - N_("add additional decryption subkeys")}, + N_("add an additional decryption subkey")}, { "delsig", cmdDELSIG, 0, N_("delete signatures from the selected user IDs")}, { "expire", cmdEXPIRE, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, @@ -3214,6 +3214,69 @@ keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr, } +/* Unattended ADSK setup function. + * + * FPR is the fingerprint of our key. ADSKFPR is the fingerprint of + * another subkey which we want to add as ADSK to our key. + */ +void +keyedit_quick_addadsk (ctrl_t ctrl, const char *fpr, const char *adskfpr) +{ + gpg_error_t err; + kbnode_t keyblock; + KEYDB_HANDLE kdbhd; + int modified = 0; + PKT_public_key *pk; + +#ifdef HAVE_W32_SYSTEM + /* See keyedit_menu for why we need this. */ + check_trustdb_stale (ctrl); +#endif + + /* We require a fingerprint because only this uniquely identifies a + * key and may thus be used to select a key for unattended adsk + * adding. */ + if (find_by_primary_fpr (ctrl, fpr, &keyblock, &kdbhd)) + goto leave; + + if (fix_keyblock (ctrl, &keyblock)) + modified++; + + pk = keyblock->pkt->pkt.public_key; + if (pk->flags.revoked) + { + if (!opt.verbose) + show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1); + log_error ("%s%s", _("Key is revoked."), "\n"); + goto leave; + } + + /* Locate and add the ADSK. Note that the called function already + * prints error messages. */ + if (menu_addadsk (ctrl, keyblock, adskfpr)) + modified = 1; + else + log_inc_errorcount (); /* (We use log_info in menu_adsk) */ + + es_fflush (es_stdout); + + /* Store. */ + if (modified) + { + err = keydb_update_keyblock (ctrl, kdbhd, keyblock); + if (err) + { + log_error (_("update failed: %s\n"), gpg_strerror (err)); + goto leave; + } + } + + leave: + release_kbnode (keyblock); + keydb_release (kdbhd); +} + + /* Unattended expiration setting function for the main key. If * SUBKEYFPRS is not NULL and SUBKEYSFPRS[0] is neither NULL, it is * expected to be an array of fingerprints for subkeys to change. It diff --git a/g10/keyedit.h b/g10/keyedit.h index 706afb1b1..7cbbe45b6 100644 --- a/g10/keyedit.h +++ b/g10/keyedit.h @@ -43,6 +43,7 @@ void keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid); void keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr, const char *usagestr, const char *expirestr); +void keyedit_quick_addadsk (ctrl_t ctrl, const char *fpr, const char *adskfpr); void keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev); void keyedit_quick_sign (ctrl_t ctrl, const char *fpr,