agent: Fix use of imported but unprotected openpgp keys.

* agent/agent.h (PRIVATE_KEY_OPENPGP_NONE): New. * agent/command.c (do_one_keyinfo): Implement it. * agent/findkey.c (agent_key_from_file): Ditto. (agent_key_info_from_file): Ditto. (agent_delete_key): Ditto. * agent/protect.c (agent_private_key_type): Add detection for openpgp "none" method. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2015-01-29 16:26:07 +01:00 · 2015-01-29 16:26:07 +01:00 · 6ab0fac575
commit 6ab0fac575
parent 6c368533f5
5 changed files with 118 additions and 14 deletions
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@ -1051,13 +1051,25 @@ convert_from_openpgp_native (ctrl_t ctrl,
  /* On success try to re-write the key.  */
  if (!err)
    {
-      unsigned char *protectedkey = NULL;
-      size_t protectedkeylen;
+      if (*passphrase)
+        {
+          unsigned char *protectedkey = NULL;
+          size_t protectedkeylen;

-      if (!agent_protect (*r_key, passphrase, &protectedkey, &protectedkeylen,
-                          ctrl->s2k_count))
-        agent_write_private_key (grip, protectedkey, protectedkeylen, 1);
-      xfree (protectedkey);
+          if (!agent_protect (*r_key, passphrase,
+                              &protectedkey, &protectedkeylen,
+                              ctrl->s2k_count))
+            agent_write_private_key (grip, protectedkey, protectedkeylen, 1);
+          xfree (protectedkey);
+        }
+      else
+        {
+          /* Empty passphrase: write key without protection.  */
+          agent_write_private_key (grip,
+                                   *r_key,
+                                   gcry_sexp_canon_len (*r_key, 0, NULL,NULL),
+                                   1);
+        }
    }

  return err;