security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-12 23:01:14 +01:00
Code Activity

g10: Add openpgp_protected flag to agent secret key export functions

Browse Source 
* g10/call-agent.c, g10/call-agent.h (agent_export_key): Add
openpgp_protected flag.
* g10/export.c (receive_seckey_from_agent): Request openpgp_protected
secret keys from agent.
* agent/command.c (hlp_export_key): EXPORT_KEY help text: add a
brief description of the effect of --openpgp.
--

The --openpgp flag for gpg-agent's EXPORT_KEY actually forces
encryption in a certain (RFC 4880-compatible format).  This changeset
exposes that functionality in internal functions, and clarifies
functionality in the agent's help text.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
Daniel Kahn Gillmor 2016-06-10 16:15:34 -04:00 committed by Werner Koch
parent 00f30cc01c
commit 7de7432076
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
agent/command.c
View File

@ -2210,7 +2210,12 @@ static const char hlp_export_key[] =
"Export a secret key from the key store. The key will be encrypted\n" "Export a secret key from the key store. The key will be encrypted\n"
"using the current session's key wrapping key (cf. command KEYWRAP_KEY)\n" "using the current session's key wrapping key (cf. command KEYWRAP_KEY)\n"
"using the AESWRAP-128 algorithm. The caller needs to retrieve that key\n" "using the AESWRAP-128 algorithm. The caller needs to retrieve that key\n"
"prior to using this command. The function takes the keygrip as argument.\n"; "prior to using this command. The function takes the keygrip as argument.\n"
"\n"
"If --openpgp is used, the secret key material will be exported in RFC 4880\n"
"compatible passphrase-protected form. Without --openpgp, the secret key\n"
"material will be exported in the clear (after prompting the user to unlock\n"
"it, if needed).\n";
static gpg_error_t static gpg_error_t
cmd_export_key (assuan_context_t ctx, char *line) cmd_export_key (assuan_context_t ctx, char *line)
{ {

15
g10/call-agent.c
View File

@ -2315,13 +2315,15 @@ agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr,
/* Receive a secret key from the agent. HEXKEYGRIP is the hexified /* Receive a secret key from the agent. HEXKEYGRIP is the hexified
keygrip, DESC a prompt to be displayed with the agent's passphrase keygrip, DESC a prompt to be displayed with the agent's passphrase
question (needs to be plus+percent escaped). If CACHE_NONCE_ADDR question (needs to be plus+percent escaped). if OPENPGP_PROTECTED
is not NULL the agent is advised to first try a passphrase is not zero, ensure that the key material is returned in RFC
associated with that nonce. On success the key is stored as a 4880-compatible passphrased-protected form. If CACHE_NONCE_ADDR is
canonical S-expression at R_RESULT and R_RESULTLEN. */ not NULL the agent is advised to first try a passphrase associated
with that nonce. On success the key is stored as a canonical
S-expression at R_RESULT and R_RESULTLEN. */
gpg_error_t gpg_error_t
agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc, agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
char **cache_nonce_addr, int openpgp_protected, char **cache_nonce_addr,
unsigned char **r_result, size_t *r_resultlen) unsigned char **r_result, size_t *r_resultlen)
{ {
gpg_error_t err; gpg_error_t err;
@ -2351,7 +2353,8 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
return err; return err;
} }
snprintf (line, DIM(line)-1, "EXPORT_KEY --openpgp %s%s %s", snprintf (line, DIM(line)-1, "EXPORT_KEY %s%s%s %s",
openpgp_protected ? "--openpgp ":"",
cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"", cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"", cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
hexkeygrip); hexkeygrip);

3
g10/call-agent.h
View File

@ -192,7 +192,8 @@ gpg_error_t agent_import_key (ctrl_t ctrl, const char *desc,
/* Receive a key from the agent. */ /* Receive a key from the agent. */
gpg_error_t agent_export_key (ctrl_t ctrl, const char *keygrip, gpg_error_t agent_export_key (ctrl_t ctrl, const char *keygrip,
const char *desc, char **cache_nonce_addr, const char *desc, int openpgp_protected,
char **cache_nonce_addr,
unsigned char **r_result, size_t *r_resultlen); unsigned char **r_result, size_t *r_resultlen);
/* Delete a key from the agent. */ /* Delete a key from the agent. */

2
g10/export.c
View File

@ -852,7 +852,7 @@ receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
log_info ("key %s: asking agent for the secret parts\n", hexgrip); log_info ("key %s: asking agent for the secret parts\n", hexgrip);
prompt = gpg_format_keydesc (pk, FORMAT_KEYDESC_EXPORT,1); prompt = gpg_format_keydesc (pk, FORMAT_KEYDESC_EXPORT,1);
err = agent_export_key (ctrl, hexgrip, prompt, cache_nonce_addr, err = agent_export_key (ctrl, hexgrip, prompt, 1, cache_nonce_addr,
&wrappedkey, &wrappedkeylen); &wrappedkey, &wrappedkeylen);
xfree (prompt); xfree (prompt);