agent: Default to extended key format.

* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
(opts): Make --enable-extended-key-format a dummy option.  Add
disable-extended-key-format.
(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
* agent/protect.c (agent_protect): Be safe and set use_ocb either to
to 1 or 0.
--

Extended key format is supported since version 2.1.12 which should have
long been replaced by a newer version in all installations.  Thus for
2.2.22 we will make use of the extended-key-format by default.

This is a backport of the commits:
05eff1f6623c272fcabd4e238842afc832710324
91ae3e7fb66271691f6fe507262a62fc7e2663a3

Signed-off-by: Werner Koch <wk@gnupg.org>

agent/agent.h

@@ -125,7 +125,11 @@ struct
      passphrase change.  */
   int enable_passphrase_history;
 
-  /* If set the extended key format is used for new keys.  */
+  /* If set the extended key format is used for new keys.  Note that
+   * this may have the value 2 in which case
+   * --disable-extended-key-format won't have any effect and thus
+   * effectivley locking it.  This is required to support existing
+   * profiles which lock the use of --enable-extended-key-format. */
   int enable_extended_key_format;
 
   int running_detached; /* We are running detached from the tty. */

agent/gpg-agent.c

@@ -113,6 +113,7 @@ enum cmd_and_opt_values
   oCheckPassphrasePattern,
   oMaxPassphraseDays,
   oEnablePassphraseHistory,
+  oDisableExtendedKeyFormat,
   oEnableExtendedKeyFormat,
   oUseStandardSocket,
   oNoUseStandardSocket,
@@ -140,7 +141,9 @@ enum cmd_and_opt_values
   oAutoExpandSecmem,
   oListenBacklog,
 
-  oWriteEnvFile
+  oWriteEnvFile,
+
+  oNoop
 };
 
 
@@ -252,6 +255,7 @@ static ARGPARSE_OPTS opts[] = {
                 /* */           "@"
 #endif
                 ),
+  ARGPARSE_s_n (oDisableExtendedKeyFormat, "disable-extended-key-format", "@"),
   ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
 
   ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
@@ -266,6 +270,9 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
   ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"),
 
+  /* Dummy options.  */
+
+
   ARGPARSE_end () /* End of list */
 };
 
@@ -826,7 +833,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.check_passphrase_pattern = NULL;
       opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
       opt.enable_passphrase_history = 0;
-      opt.enable_extended_key_format = 0;
+      opt.enable_extended_key_format = 1;
       opt.ignore_cache_for_signing = 0;
       opt.allow_mark_trusted = 1;
       opt.allow_external_cache = 1;
@@ -902,7 +909,11 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       break;
 
     case oEnableExtendedKeyFormat:
-      opt.enable_extended_key_format = 1;
+      opt.enable_extended_key_format = 2;
+      break;
+    case oDisableExtendedKeyFormat:
+      if (opt.enable_extended_key_format != 2)
+        opt.enable_extended_key_format = 0;
       break;
 
     case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
@@ -937,6 +948,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       set_s2k_calibration_time (pargs->r.ret_ulong);
       break;
 
+    case oNoop: break;
+
     default:
       return 0; /* not handled */
     }
@@ -1452,8 +1465,6 @@ main (int argc, char **argv )
                  GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
       es_printf ("pinentry-timeout:%lu:0:\n",
                  GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
-      es_printf ("enable-extended-key-format:%lu:\n",
-                 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
       es_printf ("grab:%lu:\n",
                  GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
 

agent/protect.c

@@ -625,7 +625,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
   int have_curve = 0;
 
   if (use_ocb == -1)
-    use_ocb = opt.enable_extended_key_format;
+    use_ocb = !!opt.enable_extended_key_format;
 
   /* Create an S-expression with the protected-at timestamp.  */
   memcpy (timestamp_exp, "(12:protected-at15:", 19);

doc/gpg-agent.texi

@@ -585,16 +585,20 @@ local gpg-agent and use its private keys.  This enables decrypting or
 signing data on a remote machine without exposing the private keys to the
 remote machine.
 
-@anchor{option --enable-extended-key-format}
 @item --enable-extended-key-format
+@itemx --disable-extended-key-format
 @opindex enable-extended-key-format
-This option creates keys in the extended private key format.  Changing
+@opindex disable-extended-key-format
-the passphrase of a key will also convert the key to that new format.
+Since version 2.2.22 keys are created in the extended private key
-Using this option makes the private keys unreadable for gpg-agent
+format by default.  Changing the passphrase of a key will also convert
-versions before 2.1.12.  The advantage of the extended private key
+the key to that new format.  This key format is supported since GnuPG
-format is that it is text based and can carry additional meta data.
+version 2.1.12 and thus there should be no need to disable it.
-Note that this option also changes the key protection format to use
+Anyway, the disable option still allows to revert to the old behavior
-OCB mode.
+for new keys; be aware that keys are never migrated back to the old
+format.  If the enable option has been used the disable option won't
+have an effect.  The advantage of the extended private key format is
+that it is text based and can carry additional meta data.  In extended
+key format the OCB mode is used for key protection.
 
 @anchor{option --enable-ssh-support}
 @item --enable-ssh-support