From 5b927b7b27bddc8ee70176414690d8ca8d879b54 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Sat, 22 Aug 2020 15:04:34 +0200 Subject: [PATCH] agent: Default to extended key format. * agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New. (opts): Make --enable-extended-key-format a dummy option. Add disable-extended-key-format. (parse_rereadable_options): Implement oDisableExtendedKeyFormat. * agent/protect.c (agent_protect): Be safe and set use_ocb either to to 1 or 0. -- Extended key format is supported since version 2.1.12 which should have long been replaced by a newer version in all installations. Thus for 2.2.22 we will make use of the extended-key-format by default. This is a backport of the commits: 05eff1f6623c272fcabd4e238842afc832710324 91ae3e7fb66271691f6fe507262a62fc7e2663a3 Signed-off-by: Werner Koch --- agent/agent.h | 6 +++++- agent/gpg-agent.c | 21 ++++++++++++++++----- agent/protect.c | 2 +- doc/gpg-agent.texi | 20 ++++++++++++-------- 4 files changed, 34 insertions(+), 15 deletions(-) diff --git a/agent/agent.h b/agent/agent.h index 8b5ae6083..5bec5e51d 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -125,7 +125,11 @@ struct passphrase change. */ int enable_passphrase_history; - /* If set the extended key format is used for new keys. */ + /* If set the extended key format is used for new keys. Note that + * this may have the value 2 in which case + * --disable-extended-key-format won't have any effect and thus + * effectivley locking it. This is required to support existing + * profiles which lock the use of --enable-extended-key-format. */ int enable_extended_key_format; int running_detached; /* We are running detached from the tty. */ diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 3dcbbf802..8f5d5b899 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -113,6 +113,7 @@ enum cmd_and_opt_values oCheckPassphrasePattern, oMaxPassphraseDays, oEnablePassphraseHistory, + oDisableExtendedKeyFormat, oEnableExtendedKeyFormat, oUseStandardSocket, oNoUseStandardSocket, @@ -140,7 +141,9 @@ enum cmd_and_opt_values oAutoExpandSecmem, oListenBacklog, - oWriteEnvFile + oWriteEnvFile, + + oNoop }; @@ -252,6 +255,7 @@ static ARGPARSE_OPTS opts[] = { /* */ "@" #endif ), + ARGPARSE_s_n (oDisableExtendedKeyFormat, "disable-extended-key-format", "@"), ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"), ARGPARSE_s_u (oS2KCount, "s2k-count", "@"), @@ -266,6 +270,9 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"), ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"), + /* Dummy options. */ + + ARGPARSE_end () /* End of list */ }; @@ -826,7 +833,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.check_passphrase_pattern = NULL; opt.max_passphrase_days = MAX_PASSPHRASE_DAYS; opt.enable_passphrase_history = 0; - opt.enable_extended_key_format = 0; + opt.enable_extended_key_format = 1; opt.ignore_cache_for_signing = 0; opt.allow_mark_trusted = 1; opt.allow_external_cache = 1; @@ -902,7 +909,11 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) break; case oEnableExtendedKeyFormat: - opt.enable_extended_key_format = 1; + opt.enable_extended_key_format = 2; + break; + case oDisableExtendedKeyFormat: + if (opt.enable_extended_key_format != 2) + opt.enable_extended_key_format = 0; break; case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break; @@ -937,6 +948,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) set_s2k_calibration_time (pargs->r.ret_ulong); break; + case oNoop: break; + default: return 0; /* not handled */ } @@ -1452,8 +1465,6 @@ main (int argc, char **argv ) GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); es_printf ("pinentry-timeout:%lu:0:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME); - es_printf ("enable-extended-key-format:%lu:\n", - GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); es_printf ("grab:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); diff --git a/agent/protect.c b/agent/protect.c index 134fbf2e6..1766909f9 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -625,7 +625,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, int have_curve = 0; if (use_ocb == -1) - use_ocb = opt.enable_extended_key_format; + use_ocb = !!opt.enable_extended_key_format; /* Create an S-expression with the protected-at timestamp. */ memcpy (timestamp_exp, "(12:protected-at15:", 19); diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 3997d2046..6b39d73cd 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -585,16 +585,20 @@ local gpg-agent and use its private keys. This enables decrypting or signing data on a remote machine without exposing the private keys to the remote machine. -@anchor{option --enable-extended-key-format} @item --enable-extended-key-format +@itemx --disable-extended-key-format @opindex enable-extended-key-format -This option creates keys in the extended private key format. Changing -the passphrase of a key will also convert the key to that new format. -Using this option makes the private keys unreadable for gpg-agent -versions before 2.1.12. The advantage of the extended private key -format is that it is text based and can carry additional meta data. -Note that this option also changes the key protection format to use -OCB mode. +@opindex disable-extended-key-format +Since version 2.2.22 keys are created in the extended private key +format by default. Changing the passphrase of a key will also convert +the key to that new format. This key format is supported since GnuPG +version 2.1.12 and thus there should be no need to disable it. +Anyway, the disable option still allows to revert to the old behavior +for new keys; be aware that keys are never migrated back to the old +format. If the enable option has been used the disable option won't +have an effect. The advantage of the extended private key format is +that it is text based and can carry additional meta data. In extended +key format the OCB mode is used for key protection. @anchor{option --enable-ssh-support} @item --enable-ssh-support