mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
sm/
* server.c (skip_options): Skip leading spaces. (has_option): Honor "--". (cmd_export): Add option --data to do an inline export. Skip all options. * certdump.c (gpgsm_fpr_and_name_for_status): New. * verify.c (gpgsm_verify): Use it to print correct status messages. doc/ * gpgsm.texi (GPGSM EXPORT): Document changes.
This commit is contained in:
parent
f48d38e7df
commit
650293c4f6
@ -153,7 +153,7 @@ has_option_name (const char *line, const char *name)
|
|||||||
|
|
||||||
/* Skip over options. It is assumed that leading spaces have been
|
/* Skip over options. It is assumed that leading spaces have been
|
||||||
removed (this is the case for lines passed to a handler from
|
removed (this is the case for lines passed to a handler from
|
||||||
assuan). Bkanls after the options are also removed. */
|
assuan). Blanks after the options are also removed. */
|
||||||
static char *
|
static char *
|
||||||
skip_options (char *line)
|
skip_options (char *line)
|
||||||
{
|
{
|
||||||
|
@ -1,3 +1,7 @@
|
|||||||
|
2006-11-14 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* gpgsm.texi (GPGSM EXPORT): Document changes.
|
||||||
|
|
||||||
2006-11-11 Werner Koch <wk@g10code.com>
|
2006-11-11 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
* gnupg.texi (Top): Move gpg-agent part before gpg.
|
* gnupg.texi (Top): Move gpg-agent part before gpg.
|
||||||
|
57
doc/DETAILS
57
doc/DETAILS
@ -199,48 +199,62 @@ more arguments in future versions.
|
|||||||
is useful to define a context for parsing ERROR status
|
is useful to define a context for parsing ERROR status
|
||||||
messages. No arguments are currently defined.
|
messages. No arguments are currently defined.
|
||||||
|
|
||||||
GOODSIG <long keyid> <username>
|
GOODSIG <long_keyid_or_fpr> <username>
|
||||||
The signature with the keyid is good. For each signature only
|
The signature with the keyid is good. For each signature only
|
||||||
one of the three codes GOODSIG, BADSIG or ERRSIG will be
|
one of the three codes GOODSIG, BADSIG or ERRSIG will be
|
||||||
emitted and they may be used as a marker for a new signature.
|
emitted and they may be used as a marker for a new signature.
|
||||||
The username is the primary one encoded in UTF-8 and %XX
|
The username is the primary one encoded in UTF-8 and %XX
|
||||||
escaped.
|
escaped. The fingerprint may be used instead of the long keyid
|
||||||
|
if it is available. This is the case with CMS and might
|
||||||
|
eventually also be available for OpenPGP.
|
||||||
|
|
||||||
EXPSIG <long keyid> <username>
|
EXPSIG <long_keyid_or_fpr> <username>
|
||||||
The signature with the keyid is good, but the signature is
|
The signature with the keyid is good, but the signature is
|
||||||
expired. The username is the primary one encoded in UTF-8 and
|
expired. The username is the primary one encoded in UTF-8 and
|
||||||
%XX escaped.
|
%XX escaped. The fingerprint may be used instead of the long
|
||||||
|
keyid if it is available. This is the case with CMS and might
|
||||||
|
eventually also be available for OpenPGP.
|
||||||
|
|
||||||
EXPKEYSIG <long keyid> <username>
|
EXPKEYSIG <long_keyid_or_fpr> <username>
|
||||||
The signature with the keyid is good, but the signature was
|
The signature with the keyid is good, but the signature was
|
||||||
made by an expired key. The username is the primary one
|
made by an expired key. The username is the primary one
|
||||||
encoded in UTF-8 and %XX escaped.
|
encoded in UTF-8 and %XX escaped. The fingerprint may be used
|
||||||
|
instead of the long keyid if it is available. This is the
|
||||||
|
case with CMS and might eventually also be available for
|
||||||
|
OpenPGP.
|
||||||
|
|
||||||
REVKEYSIG <long keyid> <username>
|
REVKEYSIG <long_keyid_or_fpr> <username>
|
||||||
The signature with the keyid is good, but the signature was
|
The signature with the keyid is good, but the signature was
|
||||||
made by a revoked key. The username is the primary one
|
made by a revoked key. The username is the primary one encoded
|
||||||
encoded in UTF-8 and %XX escaped.
|
in UTF-8 and %XX escaped. The fingerprint may be used instead
|
||||||
|
of the long keyid if it is available. This is the case with
|
||||||
|
CMS and might eventually also be available for OpenPGP.
|
||||||
|
|
||||||
BADSIG <long keyid> <username>
|
BADSIG <long_keyid_or_fpr> <username>
|
||||||
The signature with the keyid has not been verified okay.
|
The signature with the keyid has not been verified okay. The
|
||||||
The username is the primary one encoded in UTF-8 and %XX
|
username is the primary one encoded in UTF-8 and %XX
|
||||||
escaped.
|
escaped. The fingerprint may be used instead of the long keyid
|
||||||
|
if it is available. This is the case with CMS and might
|
||||||
|
eventually also be available for OpenPGP.
|
||||||
|
|
||||||
ERRSIG <long keyid> <pubkey_algo> <hash_algo> \
|
ERRSIG <long_keyid_or_fpr> <pubkey_algo> <hash_algo> \
|
||||||
<sig_class> <timestamp> <rc>
|
<sig_class> <timestamp> <rc>
|
||||||
It was not possible to check the signature. This may be
|
It was not possible to check the signature. This may be
|
||||||
caused by a missing public key or an unsupported algorithm.
|
caused by a missing public key or an unsupported algorithm. A
|
||||||
A RC of 4 indicates unknown algorithm, a 9 indicates a missing
|
RC of 4 indicates unknown algorithm, a 9 indicates a missing
|
||||||
public key. The other fields give more information about
|
public key. The other fields give more information about this
|
||||||
this signature. sig_class is a 2 byte hex-value.
|
signature. sig_class is a 2 byte hex-value. The fingerprint
|
||||||
|
may be used instead of the long keyid if it is available.
|
||||||
|
This is the case with CMS and might eventually also be
|
||||||
|
available for OpenPGP.
|
||||||
|
|
||||||
Note, that TIMESTAMP may either be a number with seconds since
|
Note, that TIMESTAMP may either be a number with seconds since
|
||||||
epoch or an ISO 8601 string which can be detected by the
|
epoch or an ISO 8601 string which can be detected by the
|
||||||
presence of the letter 'T' inside.
|
presence of the letter 'T' inside.
|
||||||
|
|
||||||
VALIDSIG <fingerprint in hex> <sig_creation_date> <sig-timestamp>
|
VALIDSIG <fingerprint in hex> <sig_creation_date> <sig-timestamp>
|
||||||
<expire-timestamp> <sig-version> <reserved> <pubkey-algo>
|
<expire-timestamp> [ <sig-version> <reserved> <pubkey-algo>
|
||||||
<hash-algo> <sig-class> <primary-key-fpr>
|
<hash-algo> <sig-class> <primary-key-fpr> ]
|
||||||
|
|
||||||
The signature with the keyid is good. This is the same as
|
The signature with the keyid is good. This is the same as
|
||||||
GOODSIG but has the fingerprint as the argument. Both status
|
GOODSIG but has the fingerprint as the argument. Both status
|
||||||
@ -255,6 +269,9 @@ more arguments in future versions.
|
|||||||
useful to get back to the primary key without running gpg
|
useful to get back to the primary key without running gpg
|
||||||
again for this purpose.
|
again for this purpose.
|
||||||
|
|
||||||
|
The optional parameters are used for OpenPGP and are not
|
||||||
|
available for CMS signatures.
|
||||||
|
|
||||||
Note, that *-TIMESTAMP may either be a number with seconds
|
Note, that *-TIMESTAMP may either be a number with seconds
|
||||||
since epoch or an ISO 8601 string which can be detected by the
|
since epoch or an ISO 8601 string which can be detected by the
|
||||||
presence of the letter 'T' inside.
|
presence of the letter 'T' inside.
|
||||||
|
188
doc/announce-2.0.txt
Normal file
188
doc/announce-2.0.txt
Normal file
@ -0,0 +1,188 @@
|
|||||||
|
Hello!
|
||||||
|
|
||||||
|
The GNU project is pleased to announce the availability of a new
|
||||||
|
stable GnuPG release: Version 2.0.0.
|
||||||
|
|
||||||
|
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
|
||||||
|
and data storage. It can be used to encrypt data, create digital
|
||||||
|
signatures, help authenticating using Secure Shell and to provide a
|
||||||
|
framework for public key cryptography. It includes an advanced key
|
||||||
|
management facility and is compliant with the OpenPGP and S/MIME
|
||||||
|
standards.
|
||||||
|
|
||||||
|
GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.5) in that
|
||||||
|
it splits up functionality into several modules. However, both
|
||||||
|
versions may be installed alongside without any conflict. In fact,
|
||||||
|
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
|
||||||
|
included in GnuPG-2 and allows for seamless passphrase caching. The
|
||||||
|
advantage of GnuPG-1 is its smaller size and the lack of dependency on
|
||||||
|
other modules at run and build time. We will keep maintaining GnuPG-1
|
||||||
|
versions because they are very useful for small systems and for server
|
||||||
|
based applications requiring only OpenPGP support.
|
||||||
|
|
||||||
|
GnuPG is distributed under the terms of the GNU General Public License
|
||||||
|
(GPL). GnuPG-2 works best on GNU/Linux or *BSD systems. Other POSIX
|
||||||
|
compliant systems are also supported but have not yet been tested very
|
||||||
|
well.
|
||||||
|
|
||||||
|
|
||||||
|
What's New in GnuPG-2
|
||||||
|
=====================
|
||||||
|
|
||||||
|
* The *gpg-agent* is the central place to maintain private keys and
|
||||||
|
to cache passphrases. It is implemented as a daemon to be started
|
||||||
|
with a user session.
|
||||||
|
|
||||||
|
* *gpgsm* is an implementation of the X.509 and CMS standards and
|
||||||
|
provides the cryptographic core to implement the S/MIME protocol.
|
||||||
|
The command line interface is very similar to the one of gpg. This
|
||||||
|
helps adding S/MIME to application currently providing OpenPGP
|
||||||
|
support.
|
||||||
|
|
||||||
|
* *scdaemon* is a daemon run by gpg-agent to access different types
|
||||||
|
of smart cards using a unified interface.
|
||||||
|
|
||||||
|
* *gpg-connect-agent* is a tool to help scripts directly accessing
|
||||||
|
services of gpg-agent and scdaemon.
|
||||||
|
|
||||||
|
* *gpgconf* is a tool to maintain the configuration files of all
|
||||||
|
modules using a well defined API.
|
||||||
|
|
||||||
|
* Support for Dirmngr, a separate package to maintain certificate
|
||||||
|
revocation lists, do OCSP requests and to run LDAP queries.
|
||||||
|
|
||||||
|
* Support for the Secure Shell Agent protocol. In fact, gpg-agent
|
||||||
|
may be used as full replacement of the commonly used ssh-agent
|
||||||
|
daemon.
|
||||||
|
|
||||||
|
* Smart card support for the Secure Shell.
|
||||||
|
|
||||||
|
* Documentation is now done in Texinfo. Thus besides Info, HTML and
|
||||||
|
PDF versions may easily be generated.
|
||||||
|
|
||||||
|
* Man pages for all tools.
|
||||||
|
|
||||||
|
|
||||||
|
Getting the Software
|
||||||
|
====================
|
||||||
|
|
||||||
|
Please follow the instructions found at http://www.gnupg.org/download/
|
||||||
|
or read on:
|
||||||
|
|
||||||
|
GnuPG 2.0.0 may be downloaded from one of the GnuPG mirror sites or
|
||||||
|
direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be
|
||||||
|
found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not
|
||||||
|
available at ftp.gnu.org.
|
||||||
|
|
||||||
|
On the mirrors you should find the following files in the *gnupg*
|
||||||
|
directory:
|
||||||
|
|
||||||
|
gnupg-2.0.0.tar.bz2 (3.8M)
|
||||||
|
gnupg-2.0.0.tar.bz2.sig
|
||||||
|
|
||||||
|
GnuPG source compressed using BZIP2 and OpenPGP signature.
|
||||||
|
|
||||||
|
Please try another mirror if exceptional your mirror is not yet up to
|
||||||
|
date. GnuPG-2 requires a couple of libraries to be installed; see the
|
||||||
|
README file or the output of the configure run for details.
|
||||||
|
|
||||||
|
|
||||||
|
Checking the Integrity
|
||||||
|
======================
|
||||||
|
|
||||||
|
In order to check that the version of GnuPG which you are going to
|
||||||
|
install is an original and unmodified one, you can do it in one of
|
||||||
|
the following ways:
|
||||||
|
|
||||||
|
* If you already have a trusted version of GnuPG installed, you
|
||||||
|
can simply check the supplied signature. For example to check the
|
||||||
|
signature of the file gnupg-2.0.0.tar.bz2 you would use this command:
|
||||||
|
|
||||||
|
gpg --verify gnupg-2.0.0.tar.bz2.sig
|
||||||
|
|
||||||
|
This checks whether the signature file matches the source file.
|
||||||
|
You should see a message indicating that the signature is good and
|
||||||
|
made by that signing key. Make sure that you have the right key,
|
||||||
|
either by checking the fingerprint of that key with other sources
|
||||||
|
or by checking that the key has been signed by a trustworthy other
|
||||||
|
key. Note, that you can retrieve the signing key using the command
|
||||||
|
|
||||||
|
finger wk ,at' g10code.com
|
||||||
|
|
||||||
|
or using a key server like
|
||||||
|
|
||||||
|
gpg --recv-key 1CE0C630
|
||||||
|
|
||||||
|
The distribution key 1CE0C630 is signed by the well known key
|
||||||
|
5B0358A2. If you get an key expired message, you should retrieve a
|
||||||
|
fresh copy as the expiration date might have been prolonged.
|
||||||
|
|
||||||
|
NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
|
||||||
|
INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!
|
||||||
|
|
||||||
|
* If you are not able to use an existing version of GnuPG, you have
|
||||||
|
to verify the SHA-1 checksum. Assuming you downloaded the file
|
||||||
|
gnupg-2.0.0.tar.bz2, you would run the sha1sum command like this:
|
||||||
|
|
||||||
|
sha1sum gnupg-2.0.0.tar.bz2
|
||||||
|
|
||||||
|
and check that the output matches this:
|
||||||
|
|
||||||
|
c335957368ea88bcb658922e7d3aae7e3ac6896d gnupg-2.0.0.tar.bz2
|
||||||
|
|
||||||
|
|
||||||
|
Internationalization
|
||||||
|
====================
|
||||||
|
|
||||||
|
GnuPG comes with support for 27 languages. Due to a lot of new and
|
||||||
|
changed strings most translations are not entirely complete. However
|
||||||
|
the Turkish and German translators have been very fast in completing
|
||||||
|
their translations. The Russian one came in just a few hours too
|
||||||
|
late. Updates of the other translations are expected for the next
|
||||||
|
releases.
|
||||||
|
|
||||||
|
|
||||||
|
Documentation
|
||||||
|
=============
|
||||||
|
|
||||||
|
We are currently working on an installation guide to explain in more
|
||||||
|
detail how to configure the new features. As of now the chapters on
|
||||||
|
gpg-agent and gpgsm include brief information on how to set up the
|
||||||
|
whole thing. Please watch the GnuPG website for updates of the
|
||||||
|
documentation. In the meantime you may search the GnuPG mailing list
|
||||||
|
archives or ask on the gnupg-users mailing lists for advise on how to
|
||||||
|
solve problems. Many of the new features are around for several years
|
||||||
|
and thus enough public knowledge is already available.
|
||||||
|
|
||||||
|
|
||||||
|
Support
|
||||||
|
=======
|
||||||
|
|
||||||
|
Improving GnuPG is costly, but you can help! We are looking for
|
||||||
|
organizations that find GnuPG useful and wish to contribute back. You
|
||||||
|
can contribute by reporting bugs, improve the software, or by donating
|
||||||
|
money.
|
||||||
|
|
||||||
|
Commercial support contracts for GnuPG are available, and they help
|
||||||
|
finance continued maintenance. g10 Code GmbH, a Duesseldorf based
|
||||||
|
company owned and headed by GnuPG's principal author, is currently
|
||||||
|
funding GnuPG development. We are always looking for interesting
|
||||||
|
development projects.
|
||||||
|
|
||||||
|
A service directory is available at:
|
||||||
|
|
||||||
|
http://www.gnupg.org/service.html
|
||||||
|
|
||||||
|
|
||||||
|
Thanks
|
||||||
|
======
|
||||||
|
|
||||||
|
We have to thank all the people who helped with this release, be it
|
||||||
|
testing, coding, translating, suggesting, auditing, administering the
|
||||||
|
servers, spreading the word or answering questions on the mailing
|
||||||
|
lists.
|
||||||
|
|
||||||
|
|
||||||
|
Happy Hacking,
|
||||||
|
|
||||||
|
The GnuPG Team (David, Werner and all other contributors)
|
@ -1072,16 +1072,22 @@ Note that options are valid for the entire session.
|
|||||||
To export certificate from the internal key database the command:
|
To export certificate from the internal key database the command:
|
||||||
|
|
||||||
@example
|
@example
|
||||||
EXPORT @var{pattern}
|
EXPORT [--data [--armor] [--base64]] [--] @var{pattern}
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
is used. To allow multiple patterns (which are ORed) quoting is
|
is used. To allow multiple patterns (which are ORed) quoting is
|
||||||
required: Spaces are to be translated into "+" or into "%20"; in turn
|
required: Spaces are to be translated into "+" or into "%20"; in turn
|
||||||
this requires that the usual escape quoting rules are done.
|
this requires that the usual escape quoting rules are done.
|
||||||
|
|
||||||
The format of the output depends on what was set with the OUTPUT
|
If the @option{--data} option has not been given, the format of the
|
||||||
command. When using @acronym{PEM} encoding a few informational lines
|
output depends on what was set with the OUTPUT command. When using
|
||||||
are prepended.
|
@acronym{PEM} encoding a few informational lines are prepended.
|
||||||
|
|
||||||
|
If the @option{--data} has been given, a target set via OUTPUT is
|
||||||
|
ignored and the data is returned inline using standard
|
||||||
|
@code{D}-lines. This avoids the need for an extra file descriptor. In
|
||||||
|
this case the options @option{--armor} and @option{--base64} may be used
|
||||||
|
in the same way as with the OUTPUT command.
|
||||||
|
|
||||||
|
|
||||||
@node GPGSM IMPORT
|
@node GPGSM IMPORT
|
||||||
|
@ -1,3 +1,7 @@
|
|||||||
|
2006-11-13 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* ru.po: Update from Maxim.
|
||||||
|
|
||||||
2006-11-10 Werner Koch <wk@g10code.com>
|
2006-11-10 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
* de.po: Received complete update from Walter.
|
* de.po: Received complete update from Walter.
|
||||||
|
14
sm/ChangeLog
14
sm/ChangeLog
@ -1,3 +1,17 @@
|
|||||||
|
2006-11-14 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* server.c (skip_options): Skip leading spaces.
|
||||||
|
(has_option): Honor "--".
|
||||||
|
(cmd_export): Add option --data to do an inline export. Skip all
|
||||||
|
options.
|
||||||
|
|
||||||
|
* certdump.c (gpgsm_fpr_and_name_for_status): New.
|
||||||
|
* verify.c (gpgsm_verify): Use it to print correct status messages.
|
||||||
|
|
||||||
|
2006-11-11 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* server.c (skip_options): New.
|
||||||
|
|
||||||
2006-10-24 Marcus Brinkmann <marcus@g10code.de>
|
2006-10-24 Marcus Brinkmann <marcus@g10code.de>
|
||||||
|
|
||||||
* Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
|
* Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
|
||||||
|
@ -705,6 +705,59 @@ gpgsm_format_name (const char *name)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Return fingerprint and a percent escaped name in a human readable
|
||||||
|
format suitable for status messages like GOODSIG. May return NULL
|
||||||
|
on error (out of core). */
|
||||||
|
char *
|
||||||
|
gpgsm_fpr_and_name_for_status (ksba_cert_t cert)
|
||||||
|
{
|
||||||
|
char *fpr, *name, *p;
|
||||||
|
char *buffer;
|
||||||
|
|
||||||
|
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
|
||||||
|
if (!fpr)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
name = ksba_cert_get_subject (cert, 0);
|
||||||
|
if (!name)
|
||||||
|
{
|
||||||
|
xfree (fpr);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
p = gpgsm_format_name2 (name, 0);
|
||||||
|
ksba_free (name);
|
||||||
|
name = p;
|
||||||
|
if (!name)
|
||||||
|
{
|
||||||
|
xfree (fpr);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
buffer = xtrymalloc (strlen (fpr) + 1 + 3*strlen (name) + 1);
|
||||||
|
if (buffer)
|
||||||
|
{
|
||||||
|
const unsigned char *s;
|
||||||
|
|
||||||
|
p = stpcpy (stpcpy (buffer, fpr), " ");
|
||||||
|
for (s = name; *s; s++)
|
||||||
|
{
|
||||||
|
if (*s < ' ')
|
||||||
|
{
|
||||||
|
sprintf (p, "%%%02X", *s);
|
||||||
|
p += 3;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
*p++ = *s;
|
||||||
|
}
|
||||||
|
*p = 0;
|
||||||
|
}
|
||||||
|
xfree (fpr);
|
||||||
|
xfree (name);
|
||||||
|
return buffer;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Create a key description for the CERT, this may be passed to the
|
/* Create a key description for the CERT, this may be passed to the
|
||||||
pinentry. The caller must free the returned string. NULL may be
|
pinentry. The caller must free the returned string. NULL may be
|
||||||
returned on error. */
|
returned on error. */
|
||||||
@ -800,3 +853,4 @@ gpgsm_format_keydesc (ksba_cert_t cert)
|
|||||||
|
|
||||||
return buffer;
|
return buffer;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -241,6 +241,8 @@ char *gpgsm_format_serial (ksba_const_sexp_t p);
|
|||||||
char *gpgsm_format_name2 (const char *name, int translate);
|
char *gpgsm_format_name2 (const char *name, int translate);
|
||||||
char *gpgsm_format_name (const char *name);
|
char *gpgsm_format_name (const char *name);
|
||||||
|
|
||||||
|
char *gpgsm_fpr_and_name_for_status (ksba_cert_t cert);
|
||||||
|
|
||||||
char *gpgsm_format_keydesc (ksba_cert_t cert);
|
char *gpgsm_format_keydesc (ksba_cert_t cert);
|
||||||
|
|
||||||
|
|
||||||
|
122
sm/server.c
122
sm/server.c
@ -74,6 +74,22 @@ strcpy_escaped_plus (char *d, const char *s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Skip over options.
|
||||||
|
Blanks after the options are also removed. */
|
||||||
|
static char *
|
||||||
|
skip_options (const char *line)
|
||||||
|
{
|
||||||
|
while (spacep (line))
|
||||||
|
line++;
|
||||||
|
while ( *line == '-' && line[1] == '-' )
|
||||||
|
{
|
||||||
|
while (*line && !spacep (line))
|
||||||
|
line++;
|
||||||
|
while (spacep (line))
|
||||||
|
line++;
|
||||||
|
}
|
||||||
|
return (char*)line;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Check whether the option NAME appears in LINE */
|
/* Check whether the option NAME appears in LINE */
|
||||||
@ -84,6 +100,8 @@ has_option (const char *line, const char *name)
|
|||||||
int n = strlen (name);
|
int n = strlen (name);
|
||||||
|
|
||||||
s = strstr (line, name);
|
s = strstr (line, name);
|
||||||
|
if (s && s >= skip_options (line))
|
||||||
|
return 0;
|
||||||
return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n)));
|
return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n)));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -530,6 +548,10 @@ cmd_import (assuan_context_t ctx, char *line)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* EXPORT [--data [--armor|--base64]] [--] pattern
|
||||||
|
|
||||||
|
*/
|
||||||
|
|
||||||
static int
|
static int
|
||||||
cmd_export (assuan_context_t ctx, char *line)
|
cmd_export (assuan_context_t ctx, char *line)
|
||||||
{
|
{
|
||||||
@ -538,11 +560,20 @@ cmd_export (assuan_context_t ctx, char *line)
|
|||||||
FILE *out_fp;
|
FILE *out_fp;
|
||||||
char *p;
|
char *p;
|
||||||
strlist_t list, sl;
|
strlist_t list, sl;
|
||||||
|
int use_data;
|
||||||
|
|
||||||
if (fd == -1)
|
use_data = has_option (line, "--data");
|
||||||
return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
|
|
||||||
|
|
||||||
/* break the line down into an strlist_t */
|
if (use_data)
|
||||||
|
{
|
||||||
|
/* We need to override any possible setting done by an OUTPUT command. */
|
||||||
|
ctrl->create_pem = has_option (line, "--armor");
|
||||||
|
ctrl->create_base64 = has_option (line, "--base64");
|
||||||
|
}
|
||||||
|
|
||||||
|
line = skip_options (line);
|
||||||
|
|
||||||
|
/* Break the line down into an strlist_t. */
|
||||||
list = NULL;
|
list = NULL;
|
||||||
for (p=line; *p; line = p)
|
for (p=line; *p; line = p)
|
||||||
{
|
{
|
||||||
@ -565,6 +596,23 @@ cmd_export (assuan_context_t ctx, char *line)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (use_data)
|
||||||
|
{
|
||||||
|
out_fp = assuan_get_data_fp (ctx);
|
||||||
|
if (!out_fp)
|
||||||
|
{
|
||||||
|
free_strlist (list);
|
||||||
|
return set_error (GPG_ERR_ASS_GENERAL, "no data stream");
|
||||||
|
}
|
||||||
|
gpgsm_export (ctrl, list, out_fp);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (fd == -1)
|
||||||
|
{
|
||||||
|
free_strlist (list);
|
||||||
|
return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
|
||||||
|
}
|
||||||
out_fp = fdopen ( dup(fd), "w");
|
out_fp = fdopen ( dup(fd), "w");
|
||||||
if (!out_fp)
|
if (!out_fp)
|
||||||
{
|
{
|
||||||
@ -574,8 +622,10 @@ cmd_export (assuan_context_t ctx, char *line)
|
|||||||
|
|
||||||
gpgsm_export (ctrl, list, out_fp);
|
gpgsm_export (ctrl, list, out_fp);
|
||||||
fclose (out_fp);
|
fclose (out_fp);
|
||||||
|
}
|
||||||
|
|
||||||
free_strlist (list);
|
free_strlist (list);
|
||||||
/* close and reset the fd */
|
/* Close and reset the fds. */
|
||||||
close_message_fd (ctrl);
|
close_message_fd (ctrl);
|
||||||
assuan_close_input_fd (ctx);
|
assuan_close_input_fd (ctx);
|
||||||
assuan_close_output_fd (ctx);
|
assuan_close_output_fd (ctx);
|
||||||
@ -1097,67 +1147,3 @@ gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
|
|||||||
return gpgsm_status2 (ctrl, no, buf, NULL);
|
return gpgsm_status2 (ctrl, no, buf, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
#if 0
|
|
||||||
/*
|
|
||||||
* Write a status line with a buffer using %XX escapes. If WRAP is >
|
|
||||||
* 0 wrap the line after this length. If STRING is not NULL it will
|
|
||||||
* be prepended to the buffer, no escaping is done for string.
|
|
||||||
* A wrap of -1 forces spaces not to be encoded as %20.
|
|
||||||
*/
|
|
||||||
void
|
|
||||||
write_status_text_and_buffer ( int no, const char *string,
|
|
||||||
const char *buffer, size_t len, int wrap )
|
|
||||||
{
|
|
||||||
const char *s, *text;
|
|
||||||
int esc, first;
|
|
||||||
int lower_limit = ' ';
|
|
||||||
size_t n, count, dowrap;
|
|
||||||
|
|
||||||
if( !statusfp )
|
|
||||||
return; /* not enabled */
|
|
||||||
|
|
||||||
if (wrap == -1) {
|
|
||||||
lower_limit--;
|
|
||||||
wrap = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
text = get_status_string (no);
|
|
||||||
count = dowrap = first = 1;
|
|
||||||
do {
|
|
||||||
if (dowrap) {
|
|
||||||
fprintf (statusfp, "[GNUPG:] %s ", text );
|
|
||||||
count = dowrap = 0;
|
|
||||||
if (first && string) {
|
|
||||||
fputs (string, statusfp);
|
|
||||||
count += strlen (string);
|
|
||||||
}
|
|
||||||
first = 0;
|
|
||||||
}
|
|
||||||
for (esc=0, s=buffer, n=len; n && !esc; s++, n-- ) {
|
|
||||||
if ( *s == '%' || *(const byte*)s <= lower_limit
|
|
||||||
|| *(const byte*)s == 127 )
|
|
||||||
esc = 1;
|
|
||||||
if ( wrap && ++count > wrap ) {
|
|
||||||
dowrap=1;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (esc) {
|
|
||||||
s--; n++;
|
|
||||||
}
|
|
||||||
if (s != buffer)
|
|
||||||
fwrite (buffer, s-buffer, 1, statusfp );
|
|
||||||
if ( esc ) {
|
|
||||||
fprintf (statusfp, "%%%02X", *(const unsigned char*)s );
|
|
||||||
s++; n--;
|
|
||||||
}
|
|
||||||
buffer = s;
|
|
||||||
len = n;
|
|
||||||
if ( dowrap && len )
|
|
||||||
putc ( '\n', statusfp );
|
|
||||||
} while ( len );
|
|
||||||
|
|
||||||
putc ('\n',statusfp);
|
|
||||||
fflush (statusfp);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
15
sm/verify.c
15
sm/verify.c
@ -410,7 +410,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
|
|||||||
|
|
||||||
log_error ("invalid signature: message digest attribute "
|
log_error ("invalid signature: message digest attribute "
|
||||||
"does not match calculated one\n");
|
"does not match calculated one\n");
|
||||||
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
|
fpr = gpgsm_fpr_and_name_for_status (cert);
|
||||||
gpgsm_status (ctrl, STATUS_BADSIG, fpr);
|
gpgsm_status (ctrl, STATUS_BADSIG, fpr);
|
||||||
xfree (fpr);
|
xfree (fpr);
|
||||||
goto next_signer;
|
goto next_signer;
|
||||||
@ -447,7 +447,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
|
|||||||
char *fpr;
|
char *fpr;
|
||||||
|
|
||||||
log_error ("invalid signature: %s\n", gpg_strerror (rc));
|
log_error ("invalid signature: %s\n", gpg_strerror (rc));
|
||||||
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
|
fpr = gpgsm_fpr_and_name_for_status (cert);
|
||||||
gpgsm_status (ctrl, STATUS_BADSIG, fpr);
|
gpgsm_status (ctrl, STATUS_BADSIG, fpr);
|
||||||
xfree (fpr);
|
xfree (fpr);
|
||||||
goto next_signer;
|
goto next_signer;
|
||||||
@ -463,16 +463,19 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
|
|||||||
if (DBG_X509)
|
if (DBG_X509)
|
||||||
log_debug ("signature okay - checking certs\n");
|
log_debug ("signature okay - checking certs\n");
|
||||||
rc = gpgsm_validate_chain (ctrl, cert, keyexptime, 0, NULL, 0);
|
rc = gpgsm_validate_chain (ctrl, cert, keyexptime, 0, NULL, 0);
|
||||||
|
{
|
||||||
|
char *fpr, *buf, *tstr;
|
||||||
|
|
||||||
|
fpr = gpgsm_fpr_and_name_for_status (cert);
|
||||||
if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED)
|
if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED)
|
||||||
{
|
{
|
||||||
gpgsm_status (ctrl, STATUS_EXPKEYSIG, NULL);
|
gpgsm_status (ctrl, STATUS_EXPKEYSIG, fpr);
|
||||||
rc = 0;
|
rc = 0;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
gpgsm_status (ctrl, STATUS_GOODSIG, NULL);
|
gpgsm_status (ctrl, STATUS_GOODSIG, fpr);
|
||||||
|
|
||||||
{
|
xfree (fpr);
|
||||||
char *buf, *fpr, *tstr;
|
|
||||||
|
|
||||||
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
|
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
|
||||||
tstr = strtimestamp_r (sigtime);
|
tstr = strtimestamp_r (sigtime);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user