security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-02 12:01:32 +01:00
Code Activity

.

Browse Source
This commit is contained in:
Werner Koch 2006-10-23 14:02:13 +00:00
parent 2a9f9d76a2
commit 7b8ea82ab6
20 changed files with 172 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,3 +1,7 @@
2006-10-20 Werner Koch <wk@g10code.com>
* Makefile.am (stowinstall): Add convenience target.
2006-10-18 Werner Koch <wk@g10code.com> 2006-10-18 Werner Koch <wk@g10code.com>
* configure.ac: svn revison magic fixes for old bashs. Suggested * configure.ac: svn revison magic fixes for old bashs. Suggested

2
Makefile.am
View File

@ -79,5 +79,7 @@ SUBDIRS = m4 intl gl include jnlib common ${kbx} \
dist-hook: dist-hook:
echo "$(VERSION)" > $(distdir)/VERSION echo "$(VERSION)" > $(distdir)/VERSION
stowinstall:
$(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/gnupg

5
NEWS
View File

@ -4,6 +4,11 @@ Noteworthy changes in version 1.9.94
* Keys for gpgsm may now be specified using a keygrip. A keygrip is * Keys for gpgsm may now be specified using a keygrip. A keygrip is
indicated by a prefixing it with an ampersand. indicated by a prefixing it with an ampersand.
* gpgconf now supports switching the CMS cipher algo (e.g. to AES).
* New command --gpgconf-test for all major tools. This may be used to
check whether the configuration file is sane.
Noteworthy changes in version 1.9.93 (2006-10-18) Noteworthy changes in version 1.9.93 (2006-10-18)
------------------------------------------------- -------------------------------------------------

2
agent/ChangeLog
View File

@ -1,5 +1,7 @@
2006-10-23 Werner Koch <wk@g10code.com> 2006-10-23 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): New command --gpgconf-test.
* minip12.c (parse_bag_encrypted_data, parse_bag_data): Allow for * minip12.c (parse_bag_encrypted_data, parse_bag_data): Allow for
a salt of 20 bytes. a salt of 20 bytes.

5
agent/gpg-agent.c
View File

@ -61,6 +61,7 @@ enum cmd_and_opt_values
oNoVerbose = 500, oNoVerbose = 500,
aGPGConfList, aGPGConfList,
aGPGConfTest,
oOptions, oOptions,
oDebug, oDebug,
oDebugAll, oDebugAll,
@ -105,6 +106,7 @@ enum cmd_and_opt_values
static ARGPARSE_OPTS opts[] = { static ARGPARSE_OPTS opts[] = {
{ aGPGConfList, "gpgconf-list", 256, "@" }, { aGPGConfList, "gpgconf-list", 256, "@" },
{ aGPGConfTest, "gpgconf-test", 256, "@" },
{ 301, NULL, 0, N_("@Options:\n ") }, { 301, NULL, 0, N_("@Options:\n ") },
@ -620,6 +622,7 @@ main (int argc, char **argv )
switch (pargs.r_opt) switch (pargs.r_opt)
{ {
case aGPGConfList: gpgconf_list = 1; break; case aGPGConfList: gpgconf_list = 1; break;
case aGPGConfTest: gpgconf_list = 2; break;
case oBatch: opt.batch=1; break; case oBatch: opt.batch=1; break;
case oDebugWait: debug_wait = pargs.r.ret_int; break; case oDebugWait: debug_wait = pargs.r.ret_int; break;
@ -719,6 +722,8 @@ main (int argc, char **argv )
log_debug ("... okay\n"); log_debug ("... okay\n");
} }
if (gpgconf_list == 2)
agent_exit (0);
if (gpgconf_list) if (gpgconf_list)
{ {
char *filename; char *filename;

11
doc/gpg.texi
View File

@ -365,12 +365,13 @@ those of the given name. The new keyring is written to stdout or to the
file given with option @option{--output}. Use together with file given with option @option{--output}. Use together with
@option{--armor} to mail those keys. @option{--armor} to mail those keys.
@item --send-keys @item --send-keys @code{key IDs}
@opindex send-keys @opindex send-keys
Same as @option{--export} but sends the keys to a keyserver. Option Similar to @option{--export} but sends the keys to a keyserver.
@option{--keyserver} must be used to give the name of this Fingerprints may be used instead of key IDs. Option @option{--keyserver}
keyserver. Don't send your complete keyring to a keyserver --- select must be used to give the name of this keyserver. Don't send your
only those keys which are new or changed by you. complete keyring to a keyserver --- select only those keys which are new
or changed by you.
@item --export-secret-keys @item --export-secret-keys
@itemx --export-secret-subkeys @itemx --export-secret-subkeys

9
doc/gpgsm.texi
View File

@ -490,11 +490,20 @@ certificate.
@table @gnupgtabopt @table @gnupgtabopt
@item --include-certs @var{n} @item --include-certs @var{n}
@opindex include-certs
Using @var{n} of -2 includes all certificate except for the root cert, Using @var{n} of -2 includes all certificate except for the root cert,
-1 includes all certs, 0 does not include any certs, 1 includes only -1 includes all certs, 0 does not include any certs, 1 includes only
the signers cert (this is the default) and all other positive the signers cert (this is the default) and all other positive
values include up to @var{n} certificates starting with the signer cert. values include up to @var{n} certificates starting with the signer cert.
@item --cipher-algo @var{oid}
@opindex cipher-algo
Use the cipher algorithm with the ASN.1 object identifier @var{oid} for
encryption. For convenience the strings @code{3DES}, @code{AES} and
@code{AES256} may be used instead of their OIDs. The default is
@code{3DES} (1.2.840.113549.3.7).
@end table @end table

6
g10/ChangeLog
View File

@ -1,3 +1,9 @@
2006-10-23 Werner Koch <wk@g10code.com>
* gpg.c (main): New command --gpgconf-test.
* Makefile.am (bzip2_source): New.
2006-10-20 Werner Koch <wk@g10code.com> 2006-10-20 Werner Koch <wk@g10code.com>
* getkey.c (classify_user_id): Reserve '&' for search by keygrip. * getkey.c (classify_user_id): Reserve '&' for search by keygrip.

9
g10/Makefile.am
View File

@ -33,11 +33,18 @@ needed_libs = ../gl/libgnu.a ../common/libcommon.a ../jnlib/libjnlib.a
bin_PROGRAMS = gpg2 gpgv2 bin_PROGRAMS = gpg2 gpgv2
if ENABLE_BZIP2_SUPPORT
bzip2_source = compress-bz2.c
else
bzip2_source =
endif
common_source = \ common_source = \
gpg.h \ gpg.h \
build-packet.c \ build-packet.c \
compress.c \ compress.c \
compress-bz2.c \ $(bzip2_source) \
filter.h \ filter.h \
free-packet.c \ free-packet.c \
getkey.c \ getkey.c \

8
g10/gpg.c
View File

@ -110,6 +110,7 @@ enum cmd_and_opt_values
aLSignKey, aLSignKey,
aListConfig, aListConfig,
aGPGConfList, aGPGConfList,
aGPGConfTest,
aListPackets, aListPackets,
aEditKey, aEditKey,
aDeleteKeys, aDeleteKeys,
@ -408,6 +409,7 @@ static ARGPARSE_OPTS opts[] = {
#endif #endif
{ aListConfig, "list-config", 256, "@"}, { aListConfig, "list-config", 256, "@"},
{ aGPGConfList, "gpgconf-list", 256, "@" }, { aGPGConfList, "gpgconf-list", 256, "@" },
{ aGPGConfTest, "gpgconf-test", 256, "@" },
{ aListPackets, "list-packets",256, "@"}, { aListPackets, "list-packets",256, "@"},
{ aExportOwnerTrust, "export-ownertrust", 256, "@"}, { aExportOwnerTrust, "export-ownertrust", 256, "@"},
{ aImportOwnerTrust, "import-ownertrust", 256, "@"}, { aImportOwnerTrust, "import-ownertrust", 256, "@"},
@ -2026,6 +2028,7 @@ main (int argc, char **argv )
case aCheckKeys: case aCheckKeys:
case aListConfig: case aListConfig:
case aGPGConfList: case aGPGConfList:
case aGPGConfTest:
case aListPackets: case aListPackets:
case aImport: case aImport:
case aFastImport: case aFastImport:
@ -3183,7 +3186,7 @@ main (int argc, char **argv )
SELinux, this is so that the rings are added to the list of SELinux, this is so that the rings are added to the list of
secured files. */ secured files. */
if( ALWAYS_ADD_KEYRINGS if( ALWAYS_ADD_KEYRINGS
|| (cmd != aDeArmor && cmd != aEnArmor) ) || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
{ {
if (ALWAYS_ADD_KEYRINGS if (ALWAYS_ADD_KEYRINGS
|| (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys || (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys
@ -3202,6 +3205,9 @@ main (int argc, char **argv )
FREE_STRLIST(nrings); FREE_STRLIST(nrings);
FREE_STRLIST(sec_nrings); FREE_STRLIST(sec_nrings);
if (cmd == aGPGConfTest)
g10_exit(0);
if( pwfd != -1 ) /* Read the passphrase now. */ if( pwfd != -1 ) /* Read the passphrase now. */
read_passphrase_from_fd( pwfd ); read_passphrase_from_fd( pwfd );

5
keyserver/ChangeLog
View File

@ -1,3 +1,8 @@
2006-10-20 Werner Koch <wk@g10code.com>
* Makefile.am: Reporder macros for better readability.
(gpg2keys_finger_LDADD): Add GPG_ERROR_LIBS.
2006-10-19 David Shaw <dshaw@jabberwocky.com> 2006-10-19 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_hkp.c (curl_mrindex_writer): Print a warning if we see * gpgkeys_hkp.c (curl_mrindex_writer): Print a warning if we see

15
keyserver/Makefile.am
View File

@ -40,18 +40,17 @@ common_libs = ../gl/libgnu.a ../common/libcommon.a ../jnlib/libjnlib.a
other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS) other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS)
gpg2keys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h no-libgcrypt.c gpg2keys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h no-libgcrypt.c
gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h no-libgcrypt.c
gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h no-libgcrypt.c
gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h no-libgcrypt.c
gpg2keys_ldap_CPPFLAGS = $(LDAP_CPPFLAGS) $(AM_CPPFLAGS) gpg2keys_ldap_CPPFLAGS = $(LDAP_CPPFLAGS) $(AM_CPPFLAGS)
gpg2keys_ldap_LDADD = $(LDAPLIBS) $(NETLIBS) \ gpg2keys_ldap_LDADD = $(LDAPLIBS) $(NETLIBS) $(other_libs)
$(other_libs)
gpg2keys_finger_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) \ gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h no-libgcrypt.c
gpg2keys_ldap_CPPFLAGS = $(AM_CPPFLAGS)
gpg2keys_finger_LDADD = $(common_libs) $(GPG_ERROR_LIBS) \
$(NETLIBS) $(other_libs) $(NETLIBS) $(other_libs)
gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h no-libgcrypt.c
gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h no-libgcrypt.c
if FAKE_CURL if FAKE_CURL
gpg2keys_curl_SOURCES += curl-shim.c curl-shim.h gpg2keys_curl_SOURCES += curl-shim.c curl-shim.h
gpg2keys_curl_CPPFLAGS = $(AM_CPPFLAGS) gpg2keys_curl_CPPFLAGS = $(AM_CPPFLAGS)

4
scd/ChangeLog
View File

@ -1,3 +1,7 @@
2006-10-23 Werner Koch <wk@g10code.com>
* scdaemon.c (main): New command --gpgconf-test.
2006-10-17 Werner Koch <wk@g10code.com> 2006-10-17 Werner Koch <wk@g10code.com>
* Makefile.am (scdaemon_LDADD): Link against libcommonpth. * Makefile.am (scdaemon_LDADD): Link against libcommonpth.

4
scd/app-p15.c
View File

@ -2712,7 +2712,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
general rule for it so we need to decide case by case. */ general rule for it so we need to decide case by case. */
if (app->app_local->card_type == CARD_TYPE_BELPIC) if (app->app_local->card_type == CARD_TYPE_BELPIC)
{ {
/* The eID card has a card number printed on the fron matter /* The eID card has a card number printed on the front matter
which seems to be a good indication. */ which seems to be a good indication. */
unsigned char *buffer; unsigned char *buffer;
const unsigned char *p; const unsigned char *p;
@ -2938,7 +2938,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
/* Due to the fact that the non-repudiation signature on a BELPIC /* Due to the fact that the non-repudiation signature on a BELPIC
card requires a ver verify immediately before the DSO we set the card requires a verify immediately before the DSO we set the
MSE before we do the verification. Other cards might allow to do MSE before we do the verification. Other cards might allow to do
this also but I don't want to break anything, thus we do it only this also but I don't want to break anything, thus we do it only
for the BELPIC card here. */ for the BELPIC card here. */

5
scd/scdaemon.c
View File

@ -63,6 +63,7 @@ enum cmd_and_opt_values
oNoVerbose = 500, oNoVerbose = 500,
aGPGConfList, aGPGConfList,
aGPGConfTest,
oOptions, oOptions,
oDebug, oDebug,
oDebugAll, oDebugAll,
@ -97,6 +98,7 @@ enum cmd_and_opt_values
static ARGPARSE_OPTS opts[] = { static ARGPARSE_OPTS opts[] = {
{ aGPGConfList, "gpgconf-list", 256, "@" }, { aGPGConfList, "gpgconf-list", 256, "@" },
{ aGPGConfTest, "gpgconf-test", 256, "@" },
{ 301, NULL, 0, N_("@Options:\n ") }, { 301, NULL, 0, N_("@Options:\n ") },
@ -450,6 +452,7 @@ main (int argc, char **argv )
switch (pargs.r_opt) switch (pargs.r_opt)
{ {
case aGPGConfList: gpgconf_list = 1; break; case aGPGConfList: gpgconf_list = 1; break;
case aGPGConfTest: gpgconf_list = 2; break;
case oQuiet: opt.quiet = 1; break; case oQuiet: opt.quiet = 1; break;
case oVerbose: opt.verbose++; break; case oVerbose: opt.verbose++; break;
case oBatch: opt.batch=1; break; case oBatch: opt.batch=1; break;
@ -552,6 +555,8 @@ main (int argc, char **argv )
log_debug ("... okay\n"); log_debug ("... okay\n");
} }
if (gpgconf_list == 2)
scd_exit (0);
if (gpgconf_list) if (gpgconf_list)
{ {
/* List options and default values in the GPG Conf format. */ /* List options and default values in the GPG Conf format. */

5
sm/ChangeLog
View File

@ -1,3 +1,8 @@
2006-10-23 Werner Koch <wk@g10code.com>
* gpgsm.c (main): Remap common cipher algo names to their OIDs.
(main): New command --gpgconf-test.
2006-10-20 Werner Koch <wk@g10code.com> 2006-10-20 Werner Koch <wk@g10code.com>
* keydb.c (classify_user_id): Parse keygrip for the '&' identifier. * keydb.c (classify_user_id): Parse keygrip for the '&' identifier.

27
sm/gpgsm.c
View File

@ -90,6 +90,7 @@ enum cmd_and_opt_values {
aCallProtectTool, aCallProtectTool,
aPasswd, aPasswd,
aGPGConfList, aGPGConfList,
aGPGConfTest,
aDumpKeys, aDumpKeys,
aDumpChain, aDumpChain,
aDumpSecretKeys, aDumpSecretKeys,
@ -265,6 +266,7 @@ static ARGPARSE_OPTS opts[] = {
N_("invoke gpg-protect-tool")}, N_("invoke gpg-protect-tool")},
{ aPasswd, "passwd", 256, N_("change a passphrase")}, { aPasswd, "passwd", 256, N_("change a passphrase")},
{ aGPGConfList, "gpgconf-list", 256, "@" }, { aGPGConfList, "gpgconf-list", 256, "@" },
{ aGPGConfTest, "gpgconf-test", 256, "@" },
{ aDumpKeys, "dump-cert", 256, "@"}, { aDumpKeys, "dump-cert", 256, "@"},
{ aDumpKeys, "dump-keys", 256, "@"}, { aDumpKeys, "dump-keys", 256, "@"},
@ -781,7 +783,7 @@ main ( int argc, char **argv)
create_dotlock (NULL); /* register locking cleanup */ create_dotlock (NULL); /* register locking cleanup */
i18n_init(); i18n_init();
opt.def_cipher_algoid = "1.2.840.113549.3.7"; /*des-EDE3-CBC*/ opt.def_cipher_algoid = "3DES"; /*des-EDE3-CBC*/
opt.homedir = default_homedir (); opt.homedir = default_homedir ();
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
@ -880,6 +882,7 @@ main ( int argc, char **argv)
switch (pargs.r_opt) switch (pargs.r_opt)
{ {
case aGPGConfList: case aGPGConfList:
case aGPGConfTest:
set_cmd (&cmd, pargs.r_opt); set_cmd (&cmd, pargs.r_opt);
do_not_setup_keys = 1; do_not_setup_keys = 1;
nogreeting = 1; nogreeting = 1;
@ -1265,7 +1268,20 @@ main ( int argc, char **argv)
} }
/* Must do this after dropping setuid, because the mapping functions /* Must do this after dropping setuid, because the mapping functions
may try to load an module and we may have disabled an algorithm. */ may try to load an module and we may have disabled an algorithm.
We remap the commonly used algorithms to the OIDs for
convenience. We need to work with the OIDs because they are used
to check whether the encryption mode is actually available. */
if (!strcmp (opt.def_cipher_algoid, "3DES") )
opt.def_cipher_algoid = "1.2.840.113549.3.7";
else if (!strcmp (opt.def_cipher_algoid, "AES")
|| !strcmp (opt.def_cipher_algoid, "AES128"))
opt.def_cipher_algoid = "2.16.840.1.101.3.4.1.2";
else if (!strcmp (opt.def_cipher_algoid, "AES256") )
opt.def_cipher_algoid = "2.16.840.1.101.3.4.1.42";
if (cmd != aGPGConfList)
{
if ( !gcry_cipher_map_name (opt.def_cipher_algoid) if ( !gcry_cipher_map_name (opt.def_cipher_algoid)
|| !gcry_cipher_mode_from_oid (opt.def_cipher_algoid)) || !gcry_cipher_mode_from_oid (opt.def_cipher_algoid))
log_error (_("selected cipher algorithm is invalid\n")); log_error (_("selected cipher algorithm is invalid\n"));
@ -1278,6 +1294,7 @@ main ( int argc, char **argv)
if (our_md_test_algo(opt.def_digest_algo) ) if (our_md_test_algo(opt.def_digest_algo) )
log_error (_("selected digest algorithm is invalid\n")); log_error (_("selected digest algorithm is invalid\n"));
} }
}
if (log_get_errorcount(0)) if (log_get_errorcount(0))
gpgsm_exit(2); gpgsm_exit(2);
@ -1411,9 +1428,15 @@ main ( int argc, char **argv)
GC_OPT_FLAG_NONE ); GC_OPT_FLAG_NONE );
printf ("prefer-system-dirmngr:%lu:\n", printf ("prefer-system-dirmngr:%lu:\n",
GC_OPT_FLAG_NONE ); GC_OPT_FLAG_NONE );
printf ("cipher-algo:%lu:\"3DES:\n",
GC_OPT_FLAG_DEFAULT );
} }
break; break;
case aGPGConfTest:
/* This is merely a dummy command to test whether the
configuration file is valid. */
break;
case aServer: case aServer:
if (debug_wait) if (debug_wait)

8
tools/ChangeLog
View File

@ -1,3 +1,11 @@
2006-10-23 Werner Koch <wk@g10code.com>
* gpgconf-comp.c <gpgsm>: Add --cipher-algo.
2006-10-20 Werner Koch <wk@g10code.com>
* gpgsm-gencert.sh: Enhanced the main menu.
2006-10-12 Werner Koch <wk@g10code.com> 2006-10-12 Werner Koch <wk@g10code.com>
* Makefile.am (gpg-zip, gpgsplit): Do not install due to a * Makefile.am (gpg-zip, gpgsplit): Do not install due to a

3
tools/gpgconf-comp.c
View File

@ -676,6 +676,9 @@ static gc_option_t gc_options_gpgsm[] =
{ "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, { "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
"gnupg", "fetch missing issuer certificates", "gnupg", "fetch missing issuer certificates",
GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM }, GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
{ "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"gnupg", "|NAME|use cipher algorithm NAME",
GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
GC_OPTION_NULL GC_OPTION_NULL
}; };

34
tools/gpgsm-gencert.sh
View File

@ -84,7 +84,11 @@ query_user_menu()
echo "You selected: $ANSWER" >&2 echo "You selected: $ANSWER" >&2
} }
query_user_menu "Key type" "RSA" "existing key" "OPENPGP.1" "OPENPGP.3"
KEY_TYPE=""
while [ -z "$KEY_TYPE" ]; do
query_user_menu "Key type" "RSA" "Existing key" "Direct from card"
case "$ANSWER" in case "$ANSWER" in
RSA) RSA)
KEY_TYPE=$ANSWER KEY_TYPE=$ANSWER
@ -92,20 +96,40 @@ case "$ANSWER" in
KEY_LENGTH=$ANSWER KEY_LENGTH=$ANSWER
KEY_GRIP= KEY_GRIP=
;; ;;
existing*) Existing*)
# User requested to use an existing key; need to set some dummy defaults # User requested to use an existing key; need to set some dummy defaults
query_user "Keygrip "
if [ -n "$ANSWER" ]; then
KEY_TYPE=RSA KEY_TYPE=RSA
KEY_LENGTH=1024 KEY_LENGTH=1024
query_user "Keygrip "
KEY_GRIP=$ANSWER KEY_GRIP=$ANSWER
fi
;; ;;
*) Direct*)
tmp=$(echo 'SCD SERIALNO' | gpg-connect-agent | \
awk '$2 == "SERIALNO" {print $3}')
if [ -z "$tmp" ]; then
echo "No card found" >&2
else
echo "Card with S/N $tmp found" >&2
tmp=$(echo 'SCD LEARN --force' | gpg-connect-agent | \
awk '$2 == "KEYPAIRINFO" {printf " %s", $4}')
sshid=$(echo 'SCD GETATTR $AUTHKEYID' | gpg-connect-agent | \
awk '$2 == "$AUTHKEYID" {print $3}')
[ -n "$sshid" ] && echo "gpg-agent uses $sshid as ssh key" >&2
query_user_menu "Select key " $tmp "back"
if [ "$ANSWER" != "back" ]; then
KEY_TYPE="card:$ANSWER" KEY_TYPE="card:$ANSWER"
KEY_LENGTH= KEY_LENGTH=
KEY_GRIP= KEY_GRIP=
fi
fi
;;
*)
exit 1
;; ;;
esac esac
done
query_user_menu "Key usage" "sign, encrypt" "sign" "encrypt" query_user_menu "Key usage" "sign, encrypt" "sign" "encrypt"
KEY_USAGE=$ANSWER KEY_USAGE=$ANSWER