diff --git a/NEWS b/NEWS index 6f171aa8b..dbeec3d6c 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,9 @@ Noteworthy changes in version 2.1.2 (unreleased) * gpg: The parameter 'Passphrase' for batch key generation works again. + * gpg: Using a passphrase option in batch mode now has the expected + effect on --quick-gen-key. + Noteworthy changes in version 2.1.1 (2014-12-16) ------------------------------------------------ diff --git a/doc/gpg.texi b/doc/gpg.texi index 6921fd998..429cc5be2 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -571,6 +571,14 @@ If invoked directly on the console without any special options an answer to a ``Continue?'' style confirmation prompt is required. In case the user id already exists in the key ring a second prompt to force the creation of the key will show up. + +If this command is used with @option{--batch}, +@option{--pinentry-mode} has been set to @code{loopback}, and one of +the passphrase options (@option{--passphrase}, +@option{--passphrase-fd}, or @option{passphrase-file}) is used, the +supplied passphrase is used for the new key and the agent does not ask +for it. To create a key without any protection @code{--passphrase ''} +may be used. @end ifset @item --gen-key diff --git a/g10/keygen.c b/g10/keygen.c index a3dbed8db..de45d2fa9 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -42,6 +42,7 @@ #include "keyserver-internal.h" #include "call-agent.h" #include "pkglue.h" +#include "../common/shareddefs.h" /* The default algorithms. If you change them remember to change them also in gpg.c:gpgconf_list. You should also check that the value @@ -2816,6 +2817,18 @@ get_parameter_value( struct para_data_s *para, enum para_name key ) return (r && *r->u.value)? r->u.value : NULL; } + +/* This is similar to get_parameter_value but also returns the empty + string. This is required so that quick_generate_keypair can use an + empty Passphrase to specify no-protection. */ +static const char * +get_parameter_passphrase (struct para_data_s *para) +{ + struct para_data_s *r = get_parameter (para, pPASSPHRASE); + return r->u.value; +} + + static int get_parameter_algo( struct para_data_s *para, enum para_name key, int *r_default) @@ -3496,6 +3509,21 @@ quick_generate_keypair (const char *uid) DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE, DEFAULT_STD_SUBCURVE); + /* If the pinentry loopback mode is not and we have a static + passphrase (i.e. set with --passphrase{,-fd,-file} while in batch + mode), we use that passphrase for the new key. */ + if (opt.pinentry_mode != PINENTRY_MODE_LOOPBACK + && have_static_passphrase ()) + { + const char *s = get_static_passphrase (); + + r = xmalloc_clear (sizeof *r + strlen (s)); + r->key = pPASSPHRASE; + strcpy (r->u.value, s); + r->next = para; + para = r; + } + proc_parameter_file (para, "[internal]", &outctrl, 0); leave: release_parameter_list (para); @@ -3970,7 +3998,7 @@ do_generate_keypair (struct para_data_s *para, timestamp, get_parameter_u32( para, pKEYEXPIRE ), 0, outctrl->keygen_flags, - get_parameter_value (para, pPASSPHRASE), + get_parameter_passphrase (para), &cache_nonce); else err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, @@ -4024,7 +4052,7 @@ do_generate_keypair (struct para_data_s *para, timestamp, get_parameter_u32 (para, pSUBKEYEXPIRE), 1, outctrl->keygen_flags, - get_parameter_value (para, pPASSPHRASE), + get_parameter_passphrase (para), &cache_nonce); /* Get the pointer to the generated public subkey packet. */ if (!err)