security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

g10: Add openpgp_protected flag to agent secret key export functions

Browse source 
* g10/call-agent.c, g10/call-agent.h (agent_export_key): Add
openpgp_protected flag.
* g10/export.c (receive_seckey_from_agent): Request openpgp_protected
secret keys from agent.
* agent/command.c (hlp_export_key): EXPORT_KEY help text: add a
brief description of the effect of --openpgp.
--

The --openpgp flag for gpg-agent's EXPORT_KEY actually forces
encryption in a certain (RFC 4880-compatible format).  This changeset
exposes that functionality in internal functions, and clarifies
functionality in the agent's help text.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
Daniel Kahn Gillmor 2016-06-10 16:15:34 -04:00 committed by Werner Koch
parent 00f30cc01c
commit 7de7432076
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
4 changed files with 18 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

15
g10/call-agent.c
View file

@ -2315,13 +2315,15 @@ agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr,
/* Receive a secret key from the agent. HEXKEYGRIP is the hexified
keygrip, DESC a prompt to be displayed with the agent's passphrase
question (needs to be plus+percent escaped). If CACHE_NONCE_ADDR
is not NULL the agent is advised to first try a passphrase
associated with that nonce. On success the key is stored as a
canonical S-expression at R_RESULT and R_RESULTLEN. */
question (needs to be plus+percent escaped). if OPENPGP_PROTECTED
is not zero, ensure that the key material is returned in RFC
4880-compatible passphrased-protected form. If CACHE_NONCE_ADDR is
not NULL the agent is advised to first try a passphrase associated
with that nonce. On success the key is stored as a canonical
S-expression at R_RESULT and R_RESULTLEN. */
gpg_error_t
agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
char **cache_nonce_addr,
int openpgp_protected, char **cache_nonce_addr,
unsigned char **r_result, size_t *r_resultlen)
{
gpg_error_t err;
@ -2351,7 +2353,8 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
return err;
}
snprintf (line, DIM(line)-1, "EXPORT_KEY --openpgp %s%s %s",
snprintf (line, DIM(line)-1, "EXPORT_KEY %s%s%s %s",
openpgp_protected ? "--openpgp ":"",
cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
hexkeygrip);