mirror of
git://git.gnupg.org/gnupg.git
synced 2024-05-29 21:58:04 +02:00
Decryption and signi via agent is now implemented.
This commit is contained in:
parent
c86a59db74
commit
8e5010a958
|
@ -136,7 +136,7 @@ cmp_simple_canon_sexp (const unsigned char *a_orig,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Create a simple S-expression from the hex string at LIBNE. Returns
|
/* Create a simple S-expression from the hex string at LINE. Returns
|
||||||
a newly allocated buffer with that canonical encoded S-expression
|
a newly allocated buffer with that canonical encoded S-expression
|
||||||
or NULL in case of an error. On return the number of characters
|
or NULL in case of an error. On return the number of characters
|
||||||
scanned in LINE will be stored at NSCANNED. This fucntions stops
|
scanned in LINE will be stored at NSCANNED. This fucntions stops
|
||||||
|
|
|
@ -1,3 +1,33 @@
|
||||||
|
2010-04-23 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* pubkey-enc.c (get_it): Use the agent for decryption.
|
||||||
|
* call-agent.c (agent_pkdecrypt, inq_ciphertext_cb): New.
|
||||||
|
|
||||||
|
2010-04-22 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* photoid.c (show_photos): Remove arg SK.
|
||||||
|
|
||||||
|
* pubkey-enc.c (get_session_key, get_it): Change to use the public
|
||||||
|
key object.
|
||||||
|
(get_it): Remove card related stuff. Now automagically handled
|
||||||
|
by the agent.
|
||||||
|
|
||||||
|
* skclist.c (build_sk_list): Remove UNLOCK arg.
|
||||||
|
|
||||||
|
* keylist.c (print_fingerprint): Remove arg SK.
|
||||||
|
* mainproc.c (list_node): Disable listing of secret key packets.
|
||||||
|
|
||||||
|
* keyring.c (struct keyring_name, struct keyring_handle): Remove
|
||||||
|
field SECRET.
|
||||||
|
(keyring_register_filename, keyring_new, orename_tmp_file)
|
||||||
|
(do_copy): Remove arg SECRET.
|
||||||
|
* keydb.c (struct resource_item): Remove field SECRET.
|
||||||
|
(keydb_add_resource): Remove arg SECRET.
|
||||||
|
(keydb_new): Remove code fro secret keyrings.
|
||||||
|
|
||||||
|
* gpg.c (main): Ignore --secret-keyring. Remove all secret
|
||||||
|
keyring related code.
|
||||||
|
|
||||||
2010-04-21 Werner Koch <wk@g10code.com>
|
2010-04-21 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
* pkclist.c (default_recipient): Change to use public keys.
|
* pkclist.c (default_recipient): Change to use public keys.
|
||||||
|
|
128
g10/call-agent.c
128
g10/call-agent.c
|
@ -50,8 +50,9 @@ static int did_early_card_test;
|
||||||
|
|
||||||
struct cipher_parm_s
|
struct cipher_parm_s
|
||||||
{
|
{
|
||||||
|
ctrl_t ctrl;
|
||||||
assuan_context_t ctx;
|
assuan_context_t ctx;
|
||||||
const char *ciphertext;
|
unsigned char *ciphertext;
|
||||||
size_t ciphertextlen;
|
size_t ciphertextlen;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -104,7 +105,6 @@ status_sc_op_failure (int rc)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Try to connect to the agent via socket or fork it off and work by
|
/* Try to connect to the agent via socket or fork it off and work by
|
||||||
pipes. Handle the server's initial greeting */
|
pipes. Handle the server's initial greeting */
|
||||||
static int
|
static int
|
||||||
|
@ -1582,3 +1582,127 @@ agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/* Handle a CIPHERTEXT inquiry. Note, we only send the data,
|
||||||
|
assuan_transact takes care of flushing and writing the END. */
|
||||||
|
static gpg_error_t
|
||||||
|
inq_ciphertext_cb (void *opaque, const char *line)
|
||||||
|
{
|
||||||
|
struct cipher_parm_s *parm = opaque;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
if (!strncmp (line, "CIPHERTEXT", 10) && (line[10]==' '||!line[10]))
|
||||||
|
{
|
||||||
|
assuan_begin_confidential (parm->ctx);
|
||||||
|
rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen);
|
||||||
|
assuan_end_confidential (parm->ctx);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
rc = default_inq_cb (parm->ctrl, line);
|
||||||
|
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Call the agent to do a decrypt operation using the key identified
|
||||||
|
by the hex string KEYGRIP and the input data S_CIPHERTEXT. On the
|
||||||
|
success the decoded value is stored verbatim at R_BUF and its
|
||||||
|
length at R_BUF; the callers needs to release it. */
|
||||||
|
gpg_error_t
|
||||||
|
agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
|
||||||
|
gcry_sexp_t s_ciphertext,
|
||||||
|
unsigned char **r_buf, size_t *r_buflen)
|
||||||
|
{
|
||||||
|
gpg_error_t err;
|
||||||
|
char line[ASSUAN_LINELENGTH];
|
||||||
|
membuf_t data;
|
||||||
|
size_t n, len;
|
||||||
|
char *p, *buf, *endp;
|
||||||
|
|
||||||
|
if (!keygrip || strlen(keygrip) != 40 || !s_ciphertext || !r_buf || !r_buflen)
|
||||||
|
return gpg_error (GPG_ERR_INV_VALUE);
|
||||||
|
*r_buf = NULL;
|
||||||
|
|
||||||
|
err = start_agent (ctrl, 0);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
err = assuan_transact (agent_ctx, "RESET",
|
||||||
|
NULL, NULL, NULL, NULL, NULL, NULL);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
snprintf (line, sizeof line, "SETKEY %s", keygrip);
|
||||||
|
err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
if (desc)
|
||||||
|
{
|
||||||
|
snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
|
||||||
|
line[DIM(line)-1] = 0;
|
||||||
|
err = assuan_transact (agent_ctx, line,
|
||||||
|
NULL, NULL, NULL, NULL, NULL, NULL);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
init_membuf_secure (&data, 1024);
|
||||||
|
{
|
||||||
|
struct cipher_parm_s parm;
|
||||||
|
|
||||||
|
parm.ctrl = ctrl;
|
||||||
|
parm.ctx = agent_ctx;
|
||||||
|
err = make_canon_sexp (s_ciphertext, &parm.ciphertext, &parm.ciphertextlen);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
err = assuan_transact (agent_ctx, "PKDECRYPT",
|
||||||
|
membuf_data_cb, &data,
|
||||||
|
inq_ciphertext_cb, &parm, NULL, NULL);
|
||||||
|
xfree (parm.ciphertext);
|
||||||
|
}
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
xfree (get_membuf (&data, &len));
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
|
||||||
|
buf = get_membuf (&data, &len);
|
||||||
|
if (!buf)
|
||||||
|
return gpg_error_from_syserror ();
|
||||||
|
assert (len); /* (we forced Nul termination.) */
|
||||||
|
|
||||||
|
if (*buf != '(')
|
||||||
|
{
|
||||||
|
xfree (buf);
|
||||||
|
return gpg_error (GPG_ERR_INV_SEXP);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
|
||||||
|
{
|
||||||
|
xfree (buf);
|
||||||
|
return gpg_error (GPG_ERR_INV_SEXP);
|
||||||
|
}
|
||||||
|
len -= 11; /* Count only the data of the second part. */
|
||||||
|
p = buf + 8; /* Skip leading parenthesis and the value tag. */
|
||||||
|
|
||||||
|
n = strtoul (p, &endp, 10);
|
||||||
|
if (!n || *endp != ':')
|
||||||
|
{
|
||||||
|
xfree (buf);
|
||||||
|
return gpg_error (GPG_ERR_INV_SEXP);
|
||||||
|
}
|
||||||
|
endp++;
|
||||||
|
if (endp-p+n > len)
|
||||||
|
{
|
||||||
|
xfree (buf);
|
||||||
|
return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
|
||||||
|
}
|
||||||
|
|
||||||
|
memmove (buf, endp, n);
|
||||||
|
|
||||||
|
*r_buflen = n;
|
||||||
|
*r_buf = buf;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
|
@ -158,6 +158,10 @@ gpg_error_t agent_pksign (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
|
||||||
int digestalgo,
|
int digestalgo,
|
||||||
gcry_sexp_t *r_sigval);
|
gcry_sexp_t *r_sigval);
|
||||||
|
|
||||||
|
/* Decrypt a ciphertext. */
|
||||||
|
gpg_error_t agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
|
||||||
|
gcry_sexp_t s_ciphertext,
|
||||||
|
unsigned char **r_buf, size_t *r_buflen);
|
||||||
|
|
||||||
|
|
||||||
#endif /*GNUPG_G10_CALL_AGENT_H*/
|
#endif /*GNUPG_G10_CALL_AGENT_H*/
|
||||||
|
|
23
g10/gpg.c
23
g10/gpg.c
|
@ -1890,7 +1890,7 @@ main (int argc, char **argv)
|
||||||
char *username;
|
char *username;
|
||||||
int may_coredump;
|
int may_coredump;
|
||||||
strlist_t sl, remusr= NULL, locusr=NULL;
|
strlist_t sl, remusr= NULL, locusr=NULL;
|
||||||
strlist_t nrings=NULL, sec_nrings=NULL;
|
strlist_t nrings = NULL;
|
||||||
armor_filter_context_t *afx = NULL;
|
armor_filter_context_t *afx = NULL;
|
||||||
int detached_sig = 0;
|
int detached_sig = 0;
|
||||||
FILE *configfp = NULL;
|
FILE *configfp = NULL;
|
||||||
|
@ -2283,8 +2283,9 @@ main (int argc, char **argv)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case oSecretKeyring:
|
case oSecretKeyring:
|
||||||
append_to_strlist( &sec_nrings, pargs.r.ret_str);
|
/* Ignore this old option. */
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case oOptions:
|
case oOptions:
|
||||||
/* config files may not be nested (silently ignore them) */
|
/* config files may not be nested (silently ignore them) */
|
||||||
if( !configfp ) {
|
if( !configfp ) {
|
||||||
|
@ -3385,22 +3386,12 @@ main (int argc, char **argv)
|
||||||
if( ALWAYS_ADD_KEYRINGS
|
if( ALWAYS_ADD_KEYRINGS
|
||||||
|| (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
|
|| (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
|
||||||
{
|
{
|
||||||
if (ALWAYS_ADD_KEYRINGS
|
if (!nrings || default_keyring) /* Add default ring. */
|
||||||
|| (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys
|
keydb_add_resource ("pubring" EXTSEP_S "gpg", 4);
|
||||||
&& cmd != aVerify && cmd != aSym && cmd != aLocateKeys))
|
for (sl = nrings; sl; sl = sl->next )
|
||||||
{
|
keydb_add_resource (sl->d, sl->flags);
|
||||||
if (!sec_nrings || default_keyring) /* add default secret rings */
|
|
||||||
keydb_add_resource ("secring" EXTSEP_S "gpg", 4, 1);
|
|
||||||
for (sl = sec_nrings; sl; sl = sl->next)
|
|
||||||
keydb_add_resource ( sl->d, 0, 1 );
|
|
||||||
}
|
|
||||||
if( !nrings || default_keyring ) /* add default ring */
|
|
||||||
keydb_add_resource ("pubring" EXTSEP_S "gpg", 4, 0);
|
|
||||||
for(sl = nrings; sl; sl = sl->next )
|
|
||||||
keydb_add_resource ( sl->d, sl->flags, 0 );
|
|
||||||
}
|
}
|
||||||
FREE_STRLIST(nrings);
|
FREE_STRLIST(nrings);
|
||||||
FREE_STRLIST(sec_nrings);
|
|
||||||
|
|
||||||
if (cmd == aGPGConfTest)
|
if (cmd == aGPGConfTest)
|
||||||
g10_exit(0);
|
g10_exit(0);
|
||||||
|
|
|
@ -196,9 +196,9 @@ main( int argc, char **argv )
|
||||||
|
|
||||||
/* Note: We open all keyrings in read-only mode (flag value: 8). */
|
/* Note: We open all keyrings in read-only mode (flag value: 8). */
|
||||||
if (!nrings) /* No keyring given: use default one. */
|
if (!nrings) /* No keyring given: use default one. */
|
||||||
keydb_add_resource ("trustedkeys" EXTSEP_S "gpg", 8, 0);
|
keydb_add_resource ("trustedkeys" EXTSEP_S "gpg", 8);
|
||||||
for (sl = nrings; sl; sl = sl->next)
|
for (sl = nrings; sl; sl = sl->next)
|
||||||
keydb_add_resource (sl->d, 8, 0 );
|
keydb_add_resource (sl->d, 8);
|
||||||
|
|
||||||
FREE_STRLIST (nrings);
|
FREE_STRLIST (nrings);
|
||||||
|
|
||||||
|
|
38
g10/keydb.c
38
g10/keydb.c
|
@ -45,13 +45,13 @@ typedef enum {
|
||||||
} KeydbResourceType;
|
} KeydbResourceType;
|
||||||
#define MAX_KEYDB_RESOURCES 40
|
#define MAX_KEYDB_RESOURCES 40
|
||||||
|
|
||||||
struct resource_item {
|
struct resource_item
|
||||||
|
{
|
||||||
KeydbResourceType type;
|
KeydbResourceType type;
|
||||||
union {
|
union {
|
||||||
KEYRING_HANDLE kr;
|
KEYRING_HANDLE kr;
|
||||||
} u;
|
} u;
|
||||||
void *token;
|
void *token;
|
||||||
int secret;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct resource_item all_resources[MAX_KEYDB_RESOURCES];
|
static struct resource_item all_resources[MAX_KEYDB_RESOURCES];
|
||||||
|
@ -213,9 +213,9 @@ maybe_create_keyring (char *filename, int force)
|
||||||
* Flag 8 - Open as read-only.
|
* Flag 8 - Open as read-only.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
keydb_add_resource (const char *url, int flags, int secret)
|
keydb_add_resource (const char *url, int flags)
|
||||||
{
|
{
|
||||||
static int any_secret, any_public;
|
static int any_public;
|
||||||
const char *resname = url;
|
const char *resname = url;
|
||||||
char *filename = NULL;
|
char *filename = NULL;
|
||||||
int force = (flags&1);
|
int force = (flags&1);
|
||||||
|
@ -255,7 +255,7 @@ keydb_add_resource (const char *url, int flags, int secret)
|
||||||
filename = xstrdup (resname);
|
filename = xstrdup (resname);
|
||||||
|
|
||||||
if (!force && !read_only)
|
if (!force && !read_only)
|
||||||
force = secret? !any_secret : !any_public;
|
force = !any_public;
|
||||||
|
|
||||||
/* See whether we can determine the filetype. */
|
/* See whether we can determine the filetype. */
|
||||||
if (rt == KEYDB_RESOURCE_TYPE_NONE) {
|
if (rt == KEYDB_RESOURCE_TYPE_NONE) {
|
||||||
|
@ -289,7 +289,7 @@ keydb_add_resource (const char *url, int flags, int secret)
|
||||||
if (rc)
|
if (rc)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
if(keyring_register_filename (filename, secret, read_only, &token))
|
if(keyring_register_filename (filename, read_only, &token))
|
||||||
{
|
{
|
||||||
if (used_resources >= MAX_KEYDB_RESOURCES)
|
if (used_resources >= MAX_KEYDB_RESOURCES)
|
||||||
rc = G10ERR_RESOURCE_LIMIT;
|
rc = G10ERR_RESOURCE_LIMIT;
|
||||||
|
@ -300,7 +300,6 @@ keydb_add_resource (const char *url, int flags, int secret)
|
||||||
all_resources[used_resources].type = rt;
|
all_resources[used_resources].type = rt;
|
||||||
all_resources[used_resources].u.kr = NULL; /* Not used here */
|
all_resources[used_resources].u.kr = NULL; /* Not used here */
|
||||||
all_resources[used_resources].token = token;
|
all_resources[used_resources].token = token;
|
||||||
all_resources[used_resources].secret = secret;
|
|
||||||
used_resources++;
|
used_resources++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -324,22 +323,9 @@ keydb_add_resource (const char *url, int flags, int secret)
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
log_error (_("keyblock resource `%s': %s\n"), filename, g10_errstr(rc));
|
||||||
/* Secret keyrings are not required in all cases. To avoid
|
|
||||||
having gpg return failure we use log_info here if the
|
|
||||||
rewsource is a secret one and marked as default
|
|
||||||
resource. */
|
|
||||||
if ((flags&4) && secret)
|
|
||||||
log_info (_("keyblock resource `%s': %s\n"),
|
|
||||||
filename, g10_errstr(rc));
|
|
||||||
else
|
|
||||||
log_error (_("keyblock resource `%s': %s\n"),
|
|
||||||
filename, g10_errstr(rc));
|
|
||||||
}
|
|
||||||
else if (secret)
|
|
||||||
any_secret = 1;
|
|
||||||
else
|
else
|
||||||
any_public = 1;
|
any_public = 1;
|
||||||
xfree (filename);
|
xfree (filename);
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
@ -352,7 +338,6 @@ keydb_new (void)
|
||||||
{
|
{
|
||||||
KEYDB_HANDLE hd;
|
KEYDB_HANDLE hd;
|
||||||
int i, j;
|
int i, j;
|
||||||
int secret = 0; /* FIXME: Remove the secret stuff all together. */
|
|
||||||
|
|
||||||
hd = xmalloc_clear (sizeof *hd);
|
hd = xmalloc_clear (sizeof *hd);
|
||||||
hd->found = -1;
|
hd->found = -1;
|
||||||
|
@ -360,8 +345,6 @@ keydb_new (void)
|
||||||
assert (used_resources <= MAX_KEYDB_RESOURCES);
|
assert (used_resources <= MAX_KEYDB_RESOURCES);
|
||||||
for (i=j=0; i < used_resources; i++)
|
for (i=j=0; i < used_resources; i++)
|
||||||
{
|
{
|
||||||
if (!all_resources[i].secret != !secret)
|
|
||||||
continue;
|
|
||||||
switch (all_resources[i].type)
|
switch (all_resources[i].type)
|
||||||
{
|
{
|
||||||
case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
|
case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
|
||||||
|
@ -369,8 +352,7 @@ keydb_new (void)
|
||||||
case KEYDB_RESOURCE_TYPE_KEYRING:
|
case KEYDB_RESOURCE_TYPE_KEYRING:
|
||||||
hd->active[j].type = all_resources[i].type;
|
hd->active[j].type = all_resources[i].type;
|
||||||
hd->active[j].token = all_resources[i].token;
|
hd->active[j].token = all_resources[i].token;
|
||||||
hd->active[j].secret = all_resources[i].secret;
|
hd->active[j].u.kr = keyring_new (all_resources[i].token);
|
||||||
hd->active[j].u.kr = keyring_new (all_resources[i].token, secret);
|
|
||||||
if (!hd->active[j].u.kr) {
|
if (!hd->active[j].u.kr) {
|
||||||
xfree (hd);
|
xfree (hd);
|
||||||
return NULL; /* fixme: release all previously allocated handles*/
|
return NULL; /* fixme: release all previously allocated handles*/
|
||||||
|
@ -706,8 +688,6 @@ keydb_rebuild_caches (int noisy)
|
||||||
|
|
||||||
for (i=0; i < used_resources; i++)
|
for (i=0; i < used_resources; i++)
|
||||||
{
|
{
|
||||||
if (all_resources[i].secret)
|
|
||||||
continue;
|
|
||||||
if (!keyring_is_writable (all_resources[i].token))
|
if (!keyring_is_writable (all_resources[i].token))
|
||||||
continue;
|
continue;
|
||||||
switch (all_resources[i].type)
|
switch (all_resources[i].type)
|
||||||
|
|
|
@ -132,7 +132,7 @@ union pref_hint
|
||||||
Flag 1 == force
|
Flag 1 == force
|
||||||
Flag 2 == default
|
Flag 2 == default
|
||||||
*/
|
*/
|
||||||
int keydb_add_resource (const char *url, int flags, int secret);
|
int keydb_add_resource (const char *url, int flags);
|
||||||
KEYDB_HANDLE keydb_new (void);
|
KEYDB_HANDLE keydb_new (void);
|
||||||
void keydb_release (KEYDB_HANDLE hd);
|
void keydb_release (KEYDB_HANDLE hd);
|
||||||
const char *keydb_get_resource_name (KEYDB_HANDLE hd);
|
const char *keydb_get_resource_name (KEYDB_HANDLE hd);
|
||||||
|
@ -173,7 +173,7 @@ void warn_missing_aes_from_pklist (PK_LIST pk_list);
|
||||||
int random_is_faked (void);
|
int random_is_faked (void);
|
||||||
void release_sk_list( SK_LIST sk_list );
|
void release_sk_list( SK_LIST sk_list );
|
||||||
gpg_error_t build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list,
|
gpg_error_t build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list,
|
||||||
int unlock, unsigned use);
|
unsigned use);
|
||||||
|
|
||||||
/*-- passphrase.h --*/
|
/*-- passphrase.h --*/
|
||||||
unsigned char encode_s2k_iterations (int iterations);
|
unsigned char encode_s2k_iterations (int iterations);
|
||||||
|
|
|
@ -557,7 +557,7 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
|
||||||
* why to sign keys using a subkey. Implementation of USAGE_CERT
|
* why to sign keys using a subkey. Implementation of USAGE_CERT
|
||||||
* is just a hack in getkey.c and does not mean that a subkey
|
* is just a hack in getkey.c and does not mean that a subkey
|
||||||
* marked as certification capable will be used. */
|
* marked as certification capable will be used. */
|
||||||
rc = build_sk_list (locusr, &sk_list, 0, PUBKEY_USAGE_CERT);
|
rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_CERT);
|
||||||
if (rc)
|
if (rc)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
|
@ -2686,7 +2686,7 @@ show_key_with_all_names_colon (KBNODE keyblock)
|
||||||
putchar ('a');
|
putchar ('a');
|
||||||
putchar ('\n');
|
putchar ('\n');
|
||||||
|
|
||||||
print_fingerprint (pk, NULL, 0);
|
print_fingerprint (pk, 0);
|
||||||
print_revokers (pk);
|
print_revokers (pk);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2970,7 +2970,7 @@ show_key_with_all_names (KBNODE keyblock, int only_marked, int with_revoker,
|
||||||
|
|
||||||
if (node->pkt->pkttype == PKT_PUBLIC_KEY && with_fpr)
|
if (node->pkt->pkttype == PKT_PUBLIC_KEY && with_fpr)
|
||||||
{
|
{
|
||||||
print_fingerprint (pk, NULL, 2);
|
print_fingerprint (pk, 2);
|
||||||
tty_printf ("\n");
|
tty_printf ("\n");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3047,7 +3047,7 @@ show_basic_key_info (KBNODE keyblock)
|
||||||
tty_printf (" ");
|
tty_printf (" ");
|
||||||
tty_printf (_("expires: %s"), expirestr_from_pk (pk));
|
tty_printf (_("expires: %s"), expirestr_from_pk (pk));
|
||||||
tty_printf ("\n");
|
tty_printf ("\n");
|
||||||
print_fingerprint (pk, NULL, 3);
|
print_fingerprint (pk, 3);
|
||||||
tty_printf ("\n");
|
tty_printf ("\n");
|
||||||
}
|
}
|
||||||
else if (node->pkt->pkttype == PKT_SECRET_KEY)
|
else if (node->pkt->pkttype == PKT_SECRET_KEY)
|
||||||
|
@ -3061,7 +3061,8 @@ show_basic_key_info (KBNODE keyblock)
|
||||||
tty_printf (" ");
|
tty_printf (" ");
|
||||||
tty_printf (_("expires: %s"), expirestr_from_sk (sk));
|
tty_printf (_("expires: %s"), expirestr_from_sk (sk));
|
||||||
tty_printf ("\n");
|
tty_printf ("\n");
|
||||||
print_fingerprint (NULL, sk, 3);
|
log_debug ("FIXME\n");
|
||||||
|
/* print_fingerprint (NULL, sk, 3); */
|
||||||
tty_printf ("\n");
|
tty_printf ("\n");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3110,7 +3111,7 @@ show_key_and_fingerprint (KBNODE keyblock)
|
||||||
}
|
}
|
||||||
tty_printf ("\n");
|
tty_printf ("\n");
|
||||||
if (pk)
|
if (pk)
|
||||||
print_fingerprint (pk, NULL, 2);
|
print_fingerprint (pk, 2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -3588,7 +3589,7 @@ menu_addrevoker (KBNODE pub_keyblock, int sensitive)
|
||||||
}
|
}
|
||||||
|
|
||||||
print_pubkey_info (NULL, revoker_pk);
|
print_pubkey_info (NULL, revoker_pk);
|
||||||
print_fingerprint (revoker_pk, NULL, 2);
|
print_fingerprint (revoker_pk, 2);
|
||||||
tty_printf ("\n");
|
tty_printf ("\n");
|
||||||
|
|
||||||
tty_printf (_("WARNING: appointing a key as a designated revoker "
|
tty_printf (_("WARNING: appointing a key as a designated revoker "
|
||||||
|
@ -5201,7 +5202,7 @@ menu_showphoto (KBNODE keyblock)
|
||||||
"key %s (uid %d)\n"),
|
"key %s (uid %d)\n"),
|
||||||
image_type_to_string (type, 1),
|
image_type_to_string (type, 1),
|
||||||
(ulong) size, keystr_from_pk (pk), count);
|
(ulong) size, keystr_from_pk (pk), count);
|
||||||
show_photos (&uid->attribs[i], 1, pk, NULL, uid);
|
show_photos (&uid->attribs[i], 1, pk, uid);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -817,7 +817,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
|
||||||
es_fprintf (es_stdout, "\n");
|
es_fprintf (es_stdout, "\n");
|
||||||
|
|
||||||
if (fpr)
|
if (fpr)
|
||||||
print_fingerprint (pk, NULL, 0);
|
print_fingerprint (pk, 0);
|
||||||
|
|
||||||
/* FIXME: Change this function to take a PK and ask the agent: */
|
/* FIXME: Change this function to take a PK and ask the agent: */
|
||||||
/* if (secret) print_card_serialno (sk); */
|
/* if (secret) print_card_serialno (sk); */
|
||||||
|
@ -866,7 +866,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
|
||||||
es_putc ('\n', es_stdout);
|
es_putc ('\n', es_stdout);
|
||||||
|
|
||||||
if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
|
if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
|
||||||
show_photos (uid->attribs, uid->numattribs, pk, NULL, uid);
|
show_photos (uid->attribs, uid->numattribs, pk, uid);
|
||||||
}
|
}
|
||||||
else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
|
else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
|
||||||
{
|
{
|
||||||
|
@ -911,7 +911,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
|
||||||
es_putc ('\n', es_stdout);
|
es_putc ('\n', es_stdout);
|
||||||
if (fpr > 1)
|
if (fpr > 1)
|
||||||
{
|
{
|
||||||
print_fingerprint (pk2, NULL, 0);
|
print_fingerprint (pk2, 0);
|
||||||
/* FIXME: (see above) */
|
/* FIXME: (see above) */
|
||||||
/* if (secret) */
|
/* if (secret) */
|
||||||
/* print_card_serialno (sk2); */
|
/* print_card_serialno (sk2); */
|
||||||
|
@ -1127,7 +1127,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
|
||||||
|
|
||||||
print_revokers (pk);
|
print_revokers (pk);
|
||||||
if (fpr)
|
if (fpr)
|
||||||
print_fingerprint (pk, NULL, 0);
|
print_fingerprint (pk, 0);
|
||||||
if (opt.with_key_data)
|
if (opt.with_key_data)
|
||||||
{
|
{
|
||||||
if (!hexkeygrip_from_pk (pk, &p))
|
if (!hexkeygrip_from_pk (pk, &p))
|
||||||
|
@ -1232,7 +1232,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
|
||||||
}
|
}
|
||||||
es_putc ('\n', es_stdout);
|
es_putc ('\n', es_stdout);
|
||||||
if (fpr > 1)
|
if (fpr > 1)
|
||||||
print_fingerprint (pk2, NULL, 0);
|
print_fingerprint (pk2, 0);
|
||||||
if (opt.with_key_data)
|
if (opt.with_key_data)
|
||||||
{
|
{
|
||||||
if (!hexkeygrip_from_pk (pk2, &p))
|
if (!hexkeygrip_from_pk (pk2, &p))
|
||||||
|
@ -1428,15 +1428,17 @@ list_keyblock (KBNODE keyblock, int secret, int fpr, void *opaque)
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* standard function to print the finperprint.
|
* Function to print the finperprint.
|
||||||
* mode 0: as used in key listings, opt.with_colons is honored
|
* mode 0: as used in key listings, opt.with_colons is honored
|
||||||
* 1: print using log_info ()
|
* 1: print using log_info ()
|
||||||
* 2: direct use of tty
|
* 2: direct use of tty
|
||||||
* 3: direct use of tty but only primary key.
|
* 3: direct use of tty but only primary key.
|
||||||
* modes 1 and 2 will try and print both subkey and primary key fingerprints
|
*
|
||||||
|
* Modes 1 and 2 will try and print both subkey and primary key
|
||||||
|
* fingerprints. A MODE with bit 7 set is used internally.
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
print_fingerprint (PKT_public_key * pk, PKT_secret_key * sk, int mode)
|
print_fingerprint (PKT_public_key *pk, int mode)
|
||||||
{
|
{
|
||||||
byte array[MAX_FINGERPRINT_LEN], *p;
|
byte array[MAX_FINGERPRINT_LEN], *p;
|
||||||
size_t i, n;
|
size_t i, n;
|
||||||
|
@ -1444,21 +1446,12 @@ print_fingerprint (PKT_public_key * pk, PKT_secret_key * sk, int mode)
|
||||||
const char *text;
|
const char *text;
|
||||||
int primary = 0;
|
int primary = 0;
|
||||||
|
|
||||||
if (sk)
|
if (pk->main_keyid[0] == pk->keyid[0]
|
||||||
{
|
&& pk->main_keyid[1] == pk->keyid[1])
|
||||||
if (sk->main_keyid[0] == sk->keyid[0]
|
primary = 1;
|
||||||
&& sk->main_keyid[1] == sk->keyid[1])
|
|
||||||
primary = 1;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
if (pk->main_keyid[0] == pk->keyid[0]
|
|
||||||
&& pk->main_keyid[1] == pk->keyid[1])
|
|
||||||
primary = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Just to be safe */
|
/* Just to be safe */
|
||||||
if (mode & 0x80 && !primary)
|
if ((mode & 0x80) && !primary)
|
||||||
{
|
{
|
||||||
log_error ("primary key is not really primary!\n");
|
log_error ("primary key is not really primary!\n");
|
||||||
return;
|
return;
|
||||||
|
@ -1468,20 +1461,10 @@ print_fingerprint (PKT_public_key * pk, PKT_secret_key * sk, int mode)
|
||||||
|
|
||||||
if (!primary && (mode == 1 || mode == 2))
|
if (!primary && (mode == 1 || mode == 2))
|
||||||
{
|
{
|
||||||
if (sk)
|
PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
|
||||||
{
|
get_pubkey (primary_pk, pk->main_keyid);
|
||||||
PKT_secret_key *primary_sk = xmalloc_clear (sizeof (*primary_sk));
|
print_fingerprint (primary_pk, mode | 0x80);
|
||||||
get_seckey (primary_sk, sk->main_keyid);
|
free_public_key (primary_pk);
|
||||||
print_fingerprint (NULL, primary_sk, mode | 0x80);
|
|
||||||
free_secret_key (primary_sk);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
|
|
||||||
get_pubkey (primary_pk, pk->main_keyid);
|
|
||||||
print_fingerprint (primary_pk, NULL, mode | 0x80);
|
|
||||||
free_public_key (primary_pk);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (mode == 1)
|
if (mode == 1)
|
||||||
|
@ -1513,10 +1496,7 @@ print_fingerprint (PKT_public_key * pk, PKT_secret_key * sk, int mode)
|
||||||
text = _(" Key fingerprint =");
|
text = _(" Key fingerprint =");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (sk)
|
fingerprint_from_pk (pk, array, &n);
|
||||||
fingerprint_from_sk (sk, array, &n);
|
|
||||||
else
|
|
||||||
fingerprint_from_pk (pk, array, &n);
|
|
||||||
p = array;
|
p = array;
|
||||||
if (opt.with_colons && !mode)
|
if (opt.with_colons && !mode)
|
||||||
{
|
{
|
||||||
|
|
111
g10/keyring.c
111
g10/keyring.c
|
@ -1,5 +1,5 @@
|
||||||
/* keyring.c - keyring file handling
|
/* keyring.c - keyring file handling
|
||||||
* Copyright (C) 2001, 2004, 2009 Free Software Foundation, Inc.
|
* Copyright (C) 2001, 2004, 2009, 2010 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
|
@ -53,7 +53,6 @@ typedef struct keyring_name *KR_NAME;
|
||||||
struct keyring_name
|
struct keyring_name
|
||||||
{
|
{
|
||||||
struct keyring_name *next;
|
struct keyring_name *next;
|
||||||
int secret;
|
|
||||||
int read_only;
|
int read_only;
|
||||||
dotlock_t lockhd;
|
dotlock_t lockhd;
|
||||||
int is_locked;
|
int is_locked;
|
||||||
|
@ -69,9 +68,9 @@ static OffsetHashTable kr_offtbl;
|
||||||
static int kr_offtbl_ready;
|
static int kr_offtbl_ready;
|
||||||
|
|
||||||
|
|
||||||
struct keyring_handle {
|
struct keyring_handle
|
||||||
|
{
|
||||||
CONST_KR_NAME resource;
|
CONST_KR_NAME resource;
|
||||||
int secret; /* this is for a secret keyring */
|
|
||||||
struct {
|
struct {
|
||||||
CONST_KR_NAME kr;
|
CONST_KR_NAME kr;
|
||||||
IOBUF iobuf;
|
IOBUF iobuf;
|
||||||
|
@ -93,7 +92,7 @@ struct keyring_handle {
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
static int do_copy (int mode, const char *fname, KBNODE root, int secret,
|
static int do_copy (int mode, const char *fname, KBNODE root,
|
||||||
off_t start_offset, unsigned int n_packets );
|
off_t start_offset, unsigned int n_packets );
|
||||||
|
|
||||||
|
|
||||||
|
@ -201,8 +200,7 @@ update_offset_hash_table_from_kb (OffsetHashTable tbl, KBNODE node, off_t off)
|
||||||
* if a new keyring was registered.
|
* if a new keyring was registered.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
keyring_register_filename (const char *fname, int secret, int read_only,
|
keyring_register_filename (const char *fname, int read_only, void **ptr)
|
||||||
void **ptr)
|
|
||||||
{
|
{
|
||||||
KR_NAME kr;
|
KR_NAME kr;
|
||||||
|
|
||||||
|
@ -221,12 +219,8 @@ keyring_register_filename (const char *fname, int secret, int read_only,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (secret)
|
|
||||||
register_secured_file (fname);
|
|
||||||
|
|
||||||
kr = xmalloc (sizeof *kr + strlen (fname));
|
kr = xmalloc (sizeof *kr + strlen (fname));
|
||||||
strcpy (kr->fname, fname);
|
strcpy (kr->fname, fname);
|
||||||
kr->secret = !!secret;
|
|
||||||
kr->read_only = read_only;
|
kr->read_only = read_only;
|
||||||
kr->lockhd = NULL;
|
kr->lockhd = NULL;
|
||||||
kr->is_locked = 0;
|
kr->is_locked = 0;
|
||||||
|
@ -254,21 +248,19 @@ keyring_is_writable (void *token)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Create a new handle for the resource associated with TOKEN. SECRET
|
/* Create a new handle for the resource associated with TOKEN.
|
||||||
is just just as a cross-check.
|
|
||||||
|
|
||||||
The returned handle must be released using keyring_release (). */
|
The returned handle must be released using keyring_release (). */
|
||||||
KEYRING_HANDLE
|
KEYRING_HANDLE
|
||||||
keyring_new (void *token, int secret)
|
keyring_new (void *token)
|
||||||
{
|
{
|
||||||
KEYRING_HANDLE hd;
|
KEYRING_HANDLE hd;
|
||||||
KR_NAME resource = token;
|
KR_NAME resource = token;
|
||||||
|
|
||||||
assert (resource && !resource->secret == !secret);
|
assert (resource);
|
||||||
|
|
||||||
hd = xmalloc_clear (sizeof *hd);
|
hd = xmalloc_clear (sizeof *hd);
|
||||||
hd->resource = resource;
|
hd->resource = resource;
|
||||||
hd->secret = !!secret;
|
|
||||||
active_handles++;
|
active_handles++;
|
||||||
return hd;
|
return hd;
|
||||||
}
|
}
|
||||||
|
@ -537,10 +529,10 @@ keyring_update_keyblock (KEYRING_HANDLE hd, KBNODE kb)
|
||||||
hd->current.iobuf = NULL;
|
hd->current.iobuf = NULL;
|
||||||
|
|
||||||
/* do the update */
|
/* do the update */
|
||||||
rc = do_copy (3, hd->found.kr->fname, kb, hd->secret,
|
rc = do_copy (3, hd->found.kr->fname, kb,
|
||||||
hd->found.offset, hd->found.n_packets );
|
hd->found.offset, hd->found.n_packets );
|
||||||
if (!rc) {
|
if (!rc) {
|
||||||
if (!hd->secret && kr_offtbl)
|
if (kr_offtbl)
|
||||||
{
|
{
|
||||||
update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
|
update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
|
||||||
}
|
}
|
||||||
|
@ -585,8 +577,8 @@ keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
|
||||||
hd->current.iobuf = NULL;
|
hd->current.iobuf = NULL;
|
||||||
|
|
||||||
/* do the insert */
|
/* do the insert */
|
||||||
rc = do_copy (1, fname, kb, hd->secret, 0, 0 );
|
rc = do_copy (1, fname, kb, 0, 0 );
|
||||||
if (!rc && !hd->secret && kr_offtbl)
|
if (!rc && kr_offtbl)
|
||||||
{
|
{
|
||||||
update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
|
update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
|
||||||
}
|
}
|
||||||
|
@ -625,7 +617,7 @@ keyring_delete_keyblock (KEYRING_HANDLE hd)
|
||||||
hd->current.iobuf = NULL;
|
hd->current.iobuf = NULL;
|
||||||
|
|
||||||
/* do the delete */
|
/* do the delete */
|
||||||
rc = do_copy (2, hd->found.kr->fname, NULL, hd->secret,
|
rc = do_copy (2, hd->found.kr->fname, NULL,
|
||||||
hd->found.offset, hd->found.n_packets );
|
hd->found.offset, hd->found.n_packets );
|
||||||
if (!rc) {
|
if (!rc) {
|
||||||
/* better reset the found info */
|
/* better reset the found info */
|
||||||
|
@ -953,7 +945,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
|
||||||
if (rc)
|
if (rc)
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
use_offtbl = !hd->secret && kr_offtbl;
|
use_offtbl = !!kr_offtbl;
|
||||||
if (!use_offtbl)
|
if (!use_offtbl)
|
||||||
;
|
;
|
||||||
else if (!kr_offtbl_ready)
|
else if (!kr_offtbl_ready)
|
||||||
|
@ -1148,11 +1140,10 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
|
||||||
{
|
{
|
||||||
KR_NAME kr;
|
KR_NAME kr;
|
||||||
|
|
||||||
/* First set the did_full_scan flag for this keyring (ignore
|
/* First set the did_full_scan flag for this keyring. */
|
||||||
secret keyrings) */
|
|
||||||
for (kr=kr_names; kr; kr = kr->next)
|
for (kr=kr_names; kr; kr = kr->next)
|
||||||
{
|
{
|
||||||
if (!kr->secret && hd->resource == kr)
|
if (hd->resource == kr)
|
||||||
{
|
{
|
||||||
kr->did_full_scan = 1;
|
kr->did_full_scan = 1;
|
||||||
break;
|
break;
|
||||||
|
@ -1162,7 +1153,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
|
||||||
offtbl ready */
|
offtbl ready */
|
||||||
for (kr=kr_names; kr; kr = kr->next)
|
for (kr=kr_names; kr; kr = kr->next)
|
||||||
{
|
{
|
||||||
if (!kr->secret && !kr->did_full_scan)
|
if (!kr->did_full_scan)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (!kr)
|
if (!kr)
|
||||||
|
@ -1247,20 +1238,10 @@ create_tmp_file (const char *template,
|
||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
rename_tmp_file (const char *bakfname, const char *tmpfname,
|
rename_tmp_file (const char *bakfname, const char *tmpfname, const char *fname)
|
||||||
const char *fname, int secret )
|
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
/* It's a secret keyring, so let's force a fsync just to be safe on
|
|
||||||
filesystems that may not sync data and metadata together
|
|
||||||
(e.g. ext4). */
|
|
||||||
if (secret && iobuf_ioctl (NULL, IOBUF_IOCTL_FSYNC, 0, (char*)tmpfname))
|
|
||||||
{
|
|
||||||
rc = gpg_error_from_syserror ();
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Invalidate close caches. */
|
/* Invalidate close caches. */
|
||||||
if (iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)tmpfname ))
|
if (iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)tmpfname ))
|
||||||
{
|
{
|
||||||
|
@ -1270,27 +1251,22 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
|
||||||
iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)bakfname );
|
iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)bakfname );
|
||||||
iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname );
|
iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname );
|
||||||
|
|
||||||
/* first make a backup file except for secret keyrings */
|
/* First make a backup file. */
|
||||||
if (!secret)
|
|
||||||
{
|
|
||||||
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
|
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
|
||||||
gnupg_remove (bakfname);
|
gnupg_remove (bakfname);
|
||||||
#endif
|
#endif
|
||||||
if (rename (fname, bakfname) )
|
if (rename (fname, bakfname) )
|
||||||
{
|
{
|
||||||
rc = gpg_error_from_syserror ();
|
rc = gpg_error_from_syserror ();
|
||||||
log_error ("renaming `%s' to `%s' failed: %s\n",
|
log_error ("renaming `%s' to `%s' failed: %s\n",
|
||||||
fname, bakfname, strerror(errno) );
|
fname, bakfname, strerror(errno) );
|
||||||
return rc;
|
return rc;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* then rename the file */
|
/* then rename the file */
|
||||||
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
|
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
|
||||||
gnupg_remove( fname );
|
gnupg_remove( fname );
|
||||||
#endif
|
#endif
|
||||||
if (secret)
|
|
||||||
unregister_secured_file (fname);
|
|
||||||
if (rename (tmpfname, fname) )
|
if (rename (tmpfname, fname) )
|
||||||
{
|
{
|
||||||
rc = gpg_error_from_syserror ();
|
rc = gpg_error_from_syserror ();
|
||||||
|
@ -1308,9 +1284,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
|
||||||
|
|
||||||
statbuf.st_mode=S_IRUSR | S_IWUSR;
|
statbuf.st_mode=S_IRUSR | S_IWUSR;
|
||||||
|
|
||||||
if (((secret && !opt.preserve_permissions)
|
if (!stat (bakfname, &statbuf) && !chmod (fname, statbuf.st_mode))
|
||||||
|| !stat (bakfname,&statbuf))
|
|
||||||
&& !chmod (fname,statbuf.st_mode))
|
|
||||||
;
|
;
|
||||||
else
|
else
|
||||||
log_error ("WARNING: unable to restore permissions to `%s': %s",
|
log_error ("WARNING: unable to restore permissions to `%s': %s",
|
||||||
|
@ -1321,13 +1295,6 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
if (secret)
|
|
||||||
{
|
|
||||||
log_info(_("WARNING: 2 files with confidential information exists.\n"));
|
|
||||||
log_info(_("%s is the unchanged one\n"), fname );
|
|
||||||
log_info(_("%s is the new one\n"), tmpfname );
|
|
||||||
log_info(_("Please fix this possible security flaw\n"));
|
|
||||||
}
|
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1392,7 +1359,7 @@ keyring_rebuild_cache (void *token,int noisy)
|
||||||
int rc;
|
int rc;
|
||||||
ulong count = 0, sigcount = 0;
|
ulong count = 0, sigcount = 0;
|
||||||
|
|
||||||
hd = keyring_new (token, 0);
|
hd = keyring_new (token);
|
||||||
memset (&desc, 0, sizeof desc);
|
memset (&desc, 0, sizeof desc);
|
||||||
desc.mode = KEYDB_SEARCH_MODE_FIRST;
|
desc.mode = KEYDB_SEARCH_MODE_FIRST;
|
||||||
|
|
||||||
|
@ -1420,7 +1387,7 @@ keyring_rebuild_cache (void *token,int noisy)
|
||||||
tmpfp = NULL;
|
tmpfp = NULL;
|
||||||
}
|
}
|
||||||
rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
|
rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
|
||||||
lastresname, 0) : 0;
|
lastresname) : 0;
|
||||||
xfree (tmpfilename); tmpfilename = NULL;
|
xfree (tmpfilename); tmpfilename = NULL;
|
||||||
xfree (bakfilename); bakfilename = NULL;
|
xfree (bakfilename); bakfilename = NULL;
|
||||||
if (rc)
|
if (rc)
|
||||||
|
@ -1513,7 +1480,7 @@ keyring_rebuild_cache (void *token,int noisy)
|
||||||
tmpfp = NULL;
|
tmpfp = NULL;
|
||||||
}
|
}
|
||||||
rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
|
rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
|
||||||
lastresname, 0) : 0;
|
lastresname) : 0;
|
||||||
xfree (tmpfilename); tmpfilename = NULL;
|
xfree (tmpfilename); tmpfilename = NULL;
|
||||||
xfree (bakfilename); bakfilename = NULL;
|
xfree (bakfilename); bakfilename = NULL;
|
||||||
|
|
||||||
|
@ -1536,7 +1503,7 @@ keyring_rebuild_cache (void *token,int noisy)
|
||||||
* 3 = update
|
* 3 = update
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
do_copy (int mode, const char *fname, KBNODE root, int secret,
|
do_copy (int mode, const char *fname, KBNODE root,
|
||||||
off_t start_offset, unsigned int n_packets )
|
off_t start_offset, unsigned int n_packets )
|
||||||
{
|
{
|
||||||
IOBUF fp, newfp;
|
IOBUF fp, newfp;
|
||||||
|
@ -1556,7 +1523,7 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
|
||||||
mode_t oldmask;
|
mode_t oldmask;
|
||||||
|
|
||||||
oldmask=umask(077);
|
oldmask=umask(077);
|
||||||
if (!secret && is_secured_filename (fname)) {
|
if (is_secured_filename (fname)) {
|
||||||
newfp = NULL;
|
newfp = NULL;
|
||||||
gpg_err_set_errno (EPERM);
|
gpg_err_set_errno (EPERM);
|
||||||
}
|
}
|
||||||
|
@ -1602,8 +1569,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
|
||||||
iobuf_close(fp);
|
iobuf_close(fp);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
if (secret)
|
|
||||||
register_secured_file (tmpfname);
|
|
||||||
|
|
||||||
if( mode == 1 ) { /* insert */
|
if( mode == 1 ) { /* insert */
|
||||||
/* copy everything to the new file */
|
/* copy everything to the new file */
|
||||||
|
@ -1612,8 +1577,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
|
||||||
log_error("%s: copy to `%s' failed: %s\n",
|
log_error("%s: copy to `%s' failed: %s\n",
|
||||||
fname, tmpfname, g10_errstr(rc) );
|
fname, tmpfname, g10_errstr(rc) );
|
||||||
iobuf_close(fp);
|
iobuf_close(fp);
|
||||||
if (secret)
|
|
||||||
unregister_secured_file (tmpfname);
|
|
||||||
iobuf_cancel(newfp);
|
iobuf_cancel(newfp);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
@ -1627,8 +1590,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
|
||||||
log_error ("%s: copy to `%s' failed: %s\n",
|
log_error ("%s: copy to `%s' failed: %s\n",
|
||||||
fname, tmpfname, g10_errstr(rc) );
|
fname, tmpfname, g10_errstr(rc) );
|
||||||
iobuf_close(fp);
|
iobuf_close(fp);
|
||||||
if (secret)
|
|
||||||
unregister_secured_file (tmpfname);
|
|
||||||
iobuf_cancel(newfp);
|
iobuf_cancel(newfp);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
@ -1639,8 +1600,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
|
||||||
log_error("%s: skipping %u packets failed: %s\n",
|
log_error("%s: skipping %u packets failed: %s\n",
|
||||||
fname, n_packets, g10_errstr(rc));
|
fname, n_packets, g10_errstr(rc));
|
||||||
iobuf_close(fp);
|
iobuf_close(fp);
|
||||||
if (secret)
|
|
||||||
unregister_secured_file (tmpfname);
|
|
||||||
iobuf_cancel(newfp);
|
iobuf_cancel(newfp);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
@ -1650,8 +1609,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
|
||||||
rc = write_keyblock (newfp, root);
|
rc = write_keyblock (newfp, root);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
iobuf_close(fp);
|
iobuf_close(fp);
|
||||||
if (secret)
|
|
||||||
unregister_secured_file (tmpfname);
|
|
||||||
iobuf_cancel(newfp);
|
iobuf_cancel(newfp);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
@ -1664,8 +1621,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
|
||||||
log_error("%s: copy to `%s' failed: %s\n",
|
log_error("%s: copy to `%s' failed: %s\n",
|
||||||
fname, tmpfname, g10_errstr(rc) );
|
fname, tmpfname, g10_errstr(rc) );
|
||||||
iobuf_close(fp);
|
iobuf_close(fp);
|
||||||
if (secret)
|
|
||||||
unregister_secured_file (tmpfname);
|
|
||||||
iobuf_cancel(newfp);
|
iobuf_cancel(newfp);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
@ -1684,7 +1639,7 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = rename_tmp_file (bakfname, tmpfname, fname, secret);
|
rc = rename_tmp_file (bakfname, tmpfname, fname);
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
xfree(bakfname);
|
xfree(bakfname);
|
||||||
|
|
|
@ -24,11 +24,10 @@
|
||||||
|
|
||||||
typedef struct keyring_handle *KEYRING_HANDLE;
|
typedef struct keyring_handle *KEYRING_HANDLE;
|
||||||
|
|
||||||
int keyring_register_filename (const char *fname, int secret, int read_only,
|
int keyring_register_filename (const char *fname, int read_only, void **ptr);
|
||||||
void **ptr);
|
|
||||||
int keyring_is_writable (void *token);
|
int keyring_is_writable (void *token);
|
||||||
|
|
||||||
KEYRING_HANDLE keyring_new (void *token, int secret);
|
KEYRING_HANDLE keyring_new (void *token);
|
||||||
void keyring_release (KEYRING_HANDLE hd);
|
void keyring_release (KEYRING_HANDLE hd);
|
||||||
const char *keyring_get_resource_name (KEYRING_HANDLE hd);
|
const char *keyring_get_resource_name (KEYRING_HANDLE hd);
|
||||||
int keyring_lock (KEYRING_HANDLE hd, int yes);
|
int keyring_lock (KEYRING_HANDLE hd, int yes);
|
||||||
|
|
|
@ -305,7 +305,7 @@ void secret_key_list( strlist_t list );
|
||||||
void print_subpackets_colon(PKT_signature *sig);
|
void print_subpackets_colon(PKT_signature *sig);
|
||||||
void reorder_keyblock (KBNODE keyblock);
|
void reorder_keyblock (KBNODE keyblock);
|
||||||
void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque );
|
void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque );
|
||||||
void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode);
|
void print_fingerprint (PKT_public_key *pk, int mode);
|
||||||
void print_revokers(PKT_public_key *pk);
|
void print_revokers(PKT_public_key *pk);
|
||||||
void show_policy_url(PKT_signature *sig,int indent,int mode);
|
void show_policy_url(PKT_signature *sig,int indent,int mode);
|
||||||
void show_keyserver_url(PKT_signature *sig,int indent,int mode);
|
void show_keyserver_url(PKT_signature *sig,int indent,int mode);
|
||||||
|
|
132
g10/mainproc.c
132
g10/mainproc.c
|
@ -939,7 +939,7 @@ list_node( CTX c, KBNODE node )
|
||||||
if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
|
if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
|
||||||
putchar('\n'); any=1;
|
putchar('\n'); any=1;
|
||||||
if( opt.fingerprint )
|
if( opt.fingerprint )
|
||||||
print_fingerprint( pk, NULL, 0 );
|
print_fingerprint (pk, 0);
|
||||||
printf("rtv:1:%u:\n",
|
printf("rtv:1:%u:\n",
|
||||||
node->next->pkt->pkt.ring_trust->trustval );
|
node->next->pkt->pkt.ring_trust->trustval );
|
||||||
}
|
}
|
||||||
|
@ -976,7 +976,7 @@ list_node( CTX c, KBNODE node )
|
||||||
putchar(':');
|
putchar(':');
|
||||||
putchar('\n');
|
putchar('\n');
|
||||||
if( opt.fingerprint && !any )
|
if( opt.fingerprint && !any )
|
||||||
print_fingerprint( pk, NULL, 0 );
|
print_fingerprint ( pk, 0 );
|
||||||
if( opt.with_colons
|
if( opt.with_colons
|
||||||
&& node->next
|
&& node->next
|
||||||
&& node->next->pkt->pkttype == PKT_RING_TRUST ) {
|
&& node->next->pkt->pkttype == PKT_RING_TRUST ) {
|
||||||
|
@ -1015,71 +1015,75 @@ list_node( CTX c, KBNODE node )
|
||||||
if( !any )
|
if( !any )
|
||||||
putchar('\n');
|
putchar('\n');
|
||||||
if( !mainkey && opt.fingerprint > 1 )
|
if( !mainkey && opt.fingerprint > 1 )
|
||||||
print_fingerprint( pk, NULL, 0 );
|
print_fingerprint( pk, 0 );
|
||||||
}
|
}
|
||||||
else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
|
else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
|
||||||
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
|
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
|
||||||
PKT_secret_key *sk = node->pkt->pkt.secret_key;
|
|
||||||
|
|
||||||
if( opt.with_colons )
|
log_debug ("FIXME: No way to print secret key packets here\n");
|
||||||
{
|
/* fixme: We may use a fucntion to trun a secret key packet into
|
||||||
u32 keyid[2];
|
a public key one and use that here. */
|
||||||
keyid_from_sk( sk, keyid );
|
/* PKT_secret_key *sk = node->pkt->pkt.secret_key; */
|
||||||
printf("%s::%u:%d:%08lX%08lX:%s:%s:::",
|
|
||||||
mainkey? "sec":"ssb",
|
/* if( opt.with_colons ) */
|
||||||
nbits_from_sk( sk ),
|
/* { */
|
||||||
sk->pubkey_algo,
|
/* u32 keyid[2]; */
|
||||||
(ulong)keyid[0],(ulong)keyid[1],
|
/* keyid_from_sk( sk, keyid ); */
|
||||||
colon_datestr_from_sk( sk ),
|
/* printf("%s::%u:%d:%08lX%08lX:%s:%s:::", */
|
||||||
colon_strtime (sk->expiredate)
|
/* mainkey? "sec":"ssb", */
|
||||||
/* fixme: add LID */ );
|
/* nbits_from_sk( sk ), */
|
||||||
}
|
/* sk->pubkey_algo, */
|
||||||
else
|
/* (ulong)keyid[0],(ulong)keyid[1], */
|
||||||
printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb",
|
/* colon_datestr_from_sk( sk ), */
|
||||||
nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ),
|
/* colon_strtime (sk->expiredate) */
|
||||||
keystr_from_sk( sk ), datestr_from_sk( sk ));
|
/* /\* fixme: add LID *\/ ); */
|
||||||
if( mainkey ) {
|
/* } */
|
||||||
/* and now list all userids with their signatures */
|
/* else */
|
||||||
for( node = node->next; node; node = node->next ) {
|
/* printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb", */
|
||||||
if( node->pkt->pkttype == PKT_SIGNATURE ) {
|
/* nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ), */
|
||||||
if( !any ) {
|
/* keystr_from_sk( sk ), datestr_from_sk( sk )); */
|
||||||
if( node->pkt->pkt.signature->sig_class == 0x20 )
|
/* if( mainkey ) { */
|
||||||
puts("[revoked]");
|
/* /\* and now list all userids with their signatures *\/ */
|
||||||
else
|
/* for( node = node->next; node; node = node->next ) { */
|
||||||
putchar('\n');
|
/* if( node->pkt->pkttype == PKT_SIGNATURE ) { */
|
||||||
any = 1;
|
/* if( !any ) { */
|
||||||
}
|
/* if( node->pkt->pkt.signature->sig_class == 0x20 ) */
|
||||||
list_node(c, node );
|
/* puts("[revoked]"); */
|
||||||
}
|
/* else */
|
||||||
else if( node->pkt->pkttype == PKT_USER_ID ) {
|
/* putchar('\n'); */
|
||||||
if( any ) {
|
/* any = 1; */
|
||||||
if( opt.with_colons )
|
/* } */
|
||||||
printf("%s:::::::::",
|
/* list_node(c, node ); */
|
||||||
node->pkt->pkt.user_id->attrib_data?"uat":"uid");
|
/* } */
|
||||||
else
|
/* else if( node->pkt->pkttype == PKT_USER_ID ) { */
|
||||||
printf( "uid%*s", 28, "" );
|
/* if( any ) { */
|
||||||
}
|
/* if( opt.with_colons ) */
|
||||||
print_userid( node->pkt );
|
/* printf("%s:::::::::", */
|
||||||
if( opt.with_colons )
|
/* node->pkt->pkt.user_id->attrib_data?"uat":"uid"); */
|
||||||
putchar(':');
|
/* else */
|
||||||
putchar('\n');
|
/* printf( "uid%*s", 28, "" ); */
|
||||||
if( opt.fingerprint && !any )
|
/* } */
|
||||||
print_fingerprint( NULL, sk, 0 );
|
/* print_userid( node->pkt ); */
|
||||||
any=1;
|
/* if( opt.with_colons ) */
|
||||||
}
|
/* putchar(':'); */
|
||||||
else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
|
/* putchar('\n'); */
|
||||||
if( !any ) {
|
/* if( opt.fingerprint && !any ) */
|
||||||
putchar('\n');
|
/* print_fingerprint( NULL, sk, 0 ); */
|
||||||
any = 1;
|
/* any=1; */
|
||||||
}
|
/* } */
|
||||||
list_node(c, node );
|
/* else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { */
|
||||||
}
|
/* if( !any ) { */
|
||||||
}
|
/* putchar('\n'); */
|
||||||
}
|
/* any = 1; */
|
||||||
if( !any )
|
/* } */
|
||||||
putchar('\n');
|
/* list_node(c, node ); */
|
||||||
if( !mainkey && opt.fingerprint > 1 )
|
/* } */
|
||||||
print_fingerprint( NULL, sk, 0 );
|
/* } */
|
||||||
|
/* } */
|
||||||
|
/* if( !any ) */
|
||||||
|
/* putchar('\n'); */
|
||||||
|
/* if( !mainkey && opt.fingerprint > 1 ) */
|
||||||
|
/* print_fingerprint( NULL, sk, 0 ); */
|
||||||
}
|
}
|
||||||
else if( node->pkt->pkttype == PKT_SIGNATURE ) {
|
else if( node->pkt->pkttype == PKT_SIGNATURE ) {
|
||||||
PKT_signature *sig = node->pkt->pkt.signature;
|
PKT_signature *sig = node->pkt->pkt.signature;
|
||||||
|
@ -1848,7 +1852,7 @@ check_sig_and_print( CTX c, KBNODE node )
|
||||||
if(opt.verify_options&VERIFY_SHOW_PHOTOS)
|
if(opt.verify_options&VERIFY_SHOW_PHOTOS)
|
||||||
show_photos(un->pkt->pkt.user_id->attribs,
|
show_photos(un->pkt->pkt.user_id->attribs,
|
||||||
un->pkt->pkt.user_id->numattribs,
|
un->pkt->pkt.user_id->numattribs,
|
||||||
pk,NULL,un->pkt->pkt.user_id);
|
pk ,un->pkt->pkt.user_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
p=utf8_to_native(un->pkt->pkt.user_id->name,
|
p=utf8_to_native(un->pkt->pkt.user_id->name,
|
||||||
|
|
|
@ -161,7 +161,7 @@ generate_photo_id(PKT_public_key *pk,const char *photo_name)
|
||||||
"user" may not be able to dismiss a viewer window! */
|
"user" may not be able to dismiss a viewer window! */
|
||||||
if(opt.command_fd==-1)
|
if(opt.command_fd==-1)
|
||||||
{
|
{
|
||||||
show_photos(uid->attribs,uid->numattribs,pk,NULL,uid);
|
show_photos (uid->attribs, uid->numattribs, pk, uid);
|
||||||
switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay",
|
switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay",
|
||||||
_("Is this photo correct (y/N/q)? ")))
|
_("Is this photo correct (y/N/q)? ")))
|
||||||
{
|
{
|
||||||
|
@ -285,9 +285,8 @@ static const char *get_default_photo_command(void)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void
|
void
|
||||||
show_photos(const struct user_attribute *attrs,
|
show_photos(const struct user_attribute *attrs, int count,
|
||||||
int count,PKT_public_key *pk,PKT_secret_key *sk,
|
PKT_public_key *pk, PKT_user_id *uid)
|
||||||
PKT_user_id *uid)
|
|
||||||
{
|
{
|
||||||
#ifndef DISABLE_PHOTO_VIEWER
|
#ifndef DISABLE_PHOTO_VIEWER
|
||||||
int i;
|
int i;
|
||||||
|
@ -295,16 +294,13 @@ show_photos(const struct user_attribute *attrs,
|
||||||
u32 len;
|
u32 len;
|
||||||
u32 kid[2]={0,0};
|
u32 kid[2]={0,0};
|
||||||
|
|
||||||
memset(&args,0,sizeof(args));
|
memset (&args, 0, sizeof(args));
|
||||||
args.pk=pk;
|
args.pk = pk;
|
||||||
args.pksk=sk;
|
args.validity_info = get_validity_info (pk, uid);
|
||||||
args.validity_info=get_validity_info(pk,uid);
|
args.validity_string = get_validity_string (pk, uid);
|
||||||
args.validity_string=get_validity_string(pk,uid);
|
|
||||||
|
|
||||||
if(pk)
|
if (pk)
|
||||||
keyid_from_pk(pk,kid);
|
keyid_from_pk (pk, kid);
|
||||||
else if(sk)
|
|
||||||
keyid_from_sk(sk,kid);
|
|
||||||
|
|
||||||
for(i=0;i<count;i++)
|
for(i=0;i<count;i++)
|
||||||
if(attrs[i].type==ATTRIB_IMAGE &&
|
if(attrs[i].type==ATTRIB_IMAGE &&
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
PKT_user_id *generate_photo_id(PKT_public_key *pk,const char *filename);
|
PKT_user_id *generate_photo_id(PKT_public_key *pk,const char *filename);
|
||||||
int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len);
|
int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len);
|
||||||
char *image_type_to_string(byte type,int style);
|
char *image_type_to_string(byte type,int style);
|
||||||
void show_photos(const struct user_attribute *attrs,int count,
|
void show_photos (const struct user_attribute *attrs, int count,
|
||||||
PKT_public_key *pk,PKT_secret_key *sk,PKT_user_id *uid);
|
PKT_public_key *pk, PKT_user_id *uid);
|
||||||
|
|
||||||
#endif /* !_PHOTOID_H_ */
|
#endif /* !_PHOTOID_H_ */
|
||||||
|
|
|
@ -246,9 +246,9 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
|
||||||
|
|
||||||
if((opt.verify_options&VERIFY_SHOW_PHOTOS)
|
if((opt.verify_options&VERIFY_SHOW_PHOTOS)
|
||||||
&& un->pkt->pkt.user_id->attrib_data)
|
&& un->pkt->pkt.user_id->attrib_data)
|
||||||
show_photos(un->pkt->pkt.user_id->attribs,
|
show_photos (un->pkt->pkt.user_id->attribs,
|
||||||
un->pkt->pkt.user_id->numattribs,pk,NULL,
|
un->pkt->pkt.user_id->numattribs, pk,
|
||||||
un->pkt->pkt.user_id);
|
un->pkt->pkt.user_id);
|
||||||
|
|
||||||
p=utf8_to_native(un->pkt->pkt.user_id->name,
|
p=utf8_to_native(un->pkt->pkt.user_id->name,
|
||||||
un->pkt->pkt.user_id->len,0);
|
un->pkt->pkt.user_id->len,0);
|
||||||
|
@ -256,7 +256,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
|
||||||
tty_printf(_(" aka \"%s\"\n"),p);
|
tty_printf(_(" aka \"%s\"\n"),p);
|
||||||
}
|
}
|
||||||
|
|
||||||
print_fingerprint (pk, NULL, 2);
|
print_fingerprint (pk, 2);
|
||||||
tty_printf("\n");
|
tty_printf("\n");
|
||||||
release_kbnode (keyblock);
|
release_kbnode (keyblock);
|
||||||
}
|
}
|
||||||
|
@ -464,7 +464,7 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
|
||||||
if( !opt.batch && !rc )
|
if( !opt.batch && !rc )
|
||||||
{
|
{
|
||||||
print_pubkey_info(NULL,pk);
|
print_pubkey_info(NULL,pk);
|
||||||
print_fingerprint (pk, NULL, 2);
|
print_fingerprint (pk, 2);
|
||||||
tty_printf("\n");
|
tty_printf("\n");
|
||||||
|
|
||||||
tty_printf(
|
tty_printf(
|
||||||
|
@ -523,7 +523,7 @@ check_signatures_trust( PKT_signature *sig )
|
||||||
if( !opt.quiet )
|
if( !opt.quiet )
|
||||||
log_info(_("WARNING: Using untrusted key!\n"));
|
log_info(_("WARNING: Using untrusted key!\n"));
|
||||||
if (opt.with_fingerprint)
|
if (opt.with_fingerprint)
|
||||||
print_fingerprint (pk, NULL, 1);
|
print_fingerprint (pk, 1);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -611,7 +611,7 @@ check_signatures_trust( PKT_signature *sig )
|
||||||
{
|
{
|
||||||
case TRUST_EXPIRED:
|
case TRUST_EXPIRED:
|
||||||
log_info(_("Note: This key has expired!\n"));
|
log_info(_("Note: This key has expired!\n"));
|
||||||
print_fingerprint (pk, NULL, 1);
|
print_fingerprint (pk, 1);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
@ -625,7 +625,7 @@ check_signatures_trust( PKT_signature *sig )
|
||||||
" a trusted signature!\n"));
|
" a trusted signature!\n"));
|
||||||
log_info(_(" There is no indication that the "
|
log_info(_(" There is no indication that the "
|
||||||
"signature belongs to the owner.\n" ));
|
"signature belongs to the owner.\n" ));
|
||||||
print_fingerprint (pk, NULL, 1);
|
print_fingerprint (pk, 1);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TRUST_NEVER:
|
case TRUST_NEVER:
|
||||||
|
@ -634,7 +634,7 @@ check_signatures_trust( PKT_signature *sig )
|
||||||
log_info(_("WARNING: We do NOT trust this key!\n"));
|
log_info(_("WARNING: We do NOT trust this key!\n"));
|
||||||
log_info(_(" The signature is probably a FORGERY.\n"));
|
log_info(_(" The signature is probably a FORGERY.\n"));
|
||||||
if (opt.with_fingerprint)
|
if (opt.with_fingerprint)
|
||||||
print_fingerprint (pk, NULL, 1);
|
print_fingerprint (pk, 1);
|
||||||
rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
|
rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -644,19 +644,19 @@ check_signatures_trust( PKT_signature *sig )
|
||||||
" sufficiently trusted signatures!\n"));
|
" sufficiently trusted signatures!\n"));
|
||||||
log_info(_(" It is not certain that the"
|
log_info(_(" It is not certain that the"
|
||||||
" signature belongs to the owner.\n" ));
|
" signature belongs to the owner.\n" ));
|
||||||
print_fingerprint (pk, NULL, 1);
|
print_fingerprint (pk, 1);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TRUST_FULLY:
|
case TRUST_FULLY:
|
||||||
write_status( STATUS_TRUST_FULLY );
|
write_status( STATUS_TRUST_FULLY );
|
||||||
if (opt.with_fingerprint)
|
if (opt.with_fingerprint)
|
||||||
print_fingerprint (pk, NULL, 1);
|
print_fingerprint (pk, 1);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TRUST_ULTIMATE:
|
case TRUST_ULTIMATE:
|
||||||
write_status( STATUS_TRUST_ULTIMATE );
|
write_status( STATUS_TRUST_ULTIMATE );
|
||||||
if (opt.with_fingerprint)
|
if (opt.with_fingerprint)
|
||||||
print_fingerprint (pk, NULL, 1);
|
print_fingerprint (pk, 1);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
125
g10/pubkey-enc.c
125
g10/pubkey-enc.c
|
@ -39,7 +39,7 @@
|
||||||
|
|
||||||
|
|
||||||
static gpg_error_t get_it (PKT_pubkey_enc *k,
|
static gpg_error_t get_it (PKT_pubkey_enc *k,
|
||||||
DEK *dek, PKT_secret_key *sk, u32 *keyid);
|
DEK *dek, PKT_public_key *sk, u32 *keyid);
|
||||||
|
|
||||||
|
|
||||||
/* Check that the given algo is mentioned in one of the valid user-ids. */
|
/* Check that the given algo is mentioned in one of the valid user-ids. */
|
||||||
|
@ -74,7 +74,7 @@ is_algo_in_prefs (kbnode_t keyblock, preftype_t type, int algo)
|
||||||
gpg_error_t
|
gpg_error_t
|
||||||
get_session_key (PKT_pubkey_enc * k, DEK * dek)
|
get_session_key (PKT_pubkey_enc * k, DEK * dek)
|
||||||
{
|
{
|
||||||
PKT_secret_key *sk = NULL;
|
PKT_public_key *sk = NULL;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
rc = openpgp_pk_test_algo2 (k->pubkey_algo, PUBKEY_USAGE_ENC);
|
rc = openpgp_pk_test_algo2 (k->pubkey_algo, PUBKEY_USAGE_ENC);
|
||||||
|
@ -84,7 +84,7 @@ get_session_key (PKT_pubkey_enc * k, DEK * dek)
|
||||||
if ((k->keyid[0] || k->keyid[1]) && !opt.try_all_secrets)
|
if ((k->keyid[0] || k->keyid[1]) && !opt.try_all_secrets)
|
||||||
{
|
{
|
||||||
sk = xmalloc_clear (sizeof *sk);
|
sk = xmalloc_clear (sizeof *sk);
|
||||||
sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo */
|
sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo. */
|
||||||
if (!(rc = get_seckey (sk, k->keyid)))
|
if (!(rc = get_seckey (sk, k->keyid)))
|
||||||
rc = get_it (k, dek, sk, k->keyid);
|
rc = get_it (k, dek, sk, k->keyid);
|
||||||
}
|
}
|
||||||
|
@ -99,9 +99,9 @@ get_session_key (PKT_pubkey_enc * k, DEK * dek)
|
||||||
for (;;)
|
for (;;)
|
||||||
{
|
{
|
||||||
if (sk)
|
if (sk)
|
||||||
free_secret_key (sk);
|
free_public_key (sk);
|
||||||
sk = xmalloc_clear (sizeof *sk);
|
sk = xmalloc_clear (sizeof *sk);
|
||||||
rc = enum_secret_keys (&enum_context, sk, 1, 0);
|
rc = -1; /* FIXME:enum_secret_keys (&enum_context, sk, 1, 0);*/
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
rc = G10ERR_NO_SECKEY;
|
rc = G10ERR_NO_SECKEY;
|
||||||
|
@ -109,7 +109,7 @@ get_session_key (PKT_pubkey_enc * k, DEK * dek)
|
||||||
}
|
}
|
||||||
if (sk->pubkey_algo != k->pubkey_algo)
|
if (sk->pubkey_algo != k->pubkey_algo)
|
||||||
continue;
|
continue;
|
||||||
keyid_from_sk (sk, keyid);
|
keyid_from_pk (sk, keyid);
|
||||||
log_info (_("anonymous recipient; trying secret key %s ...\n"),
|
log_info (_("anonymous recipient; trying secret key %s ...\n"),
|
||||||
keystr (keyid));
|
keystr (keyid));
|
||||||
|
|
||||||
|
@ -149,63 +149,59 @@ get_session_key (PKT_pubkey_enc * k, DEK * dek)
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
if (sk)
|
if (sk)
|
||||||
free_secret_key (sk);
|
free_public_key (sk);
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
|
get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
|
||||||
{
|
{
|
||||||
int rc;
|
gpg_error_t err;
|
||||||
gcry_mpi_t plain_dek = NULL;
|
|
||||||
byte *frame = NULL;
|
byte *frame = NULL;
|
||||||
unsigned int n;
|
unsigned int n;
|
||||||
size_t nframe;
|
size_t nframe;
|
||||||
u16 csum, csum2;
|
u16 csum, csum2;
|
||||||
|
|
||||||
int card = 0;
|
int card = 0;
|
||||||
|
gcry_sexp_t s_data;
|
||||||
|
char *desc;
|
||||||
|
char *keygrip;
|
||||||
|
|
||||||
if (sk->is_protected && sk->protect.s2k.mode == 1002)
|
/* Get the keygrip. */
|
||||||
{ /* Note, that we only support RSA for now. */
|
err = hexkeygrip_from_pk (sk, &keygrip);
|
||||||
#ifdef ENABLE_CARD_SUPPORT
|
if (err)
|
||||||
unsigned char *rbuf;
|
goto leave;
|
||||||
size_t rbuflen;
|
|
||||||
char *snbuf;
|
|
||||||
unsigned char *indata = NULL;
|
|
||||||
size_t indatalen;
|
|
||||||
|
|
||||||
snbuf =
|
/* Convert the data to an S-expression. */
|
||||||
serialno_and_fpr_from_sk (sk->protect.iv, sk->protect.ivlen, sk);
|
if (sk->pubkey_algo == GCRY_PK_ELG || sk->pubkey_algo == GCRY_PK_ELG_E)
|
||||||
|
{
|
||||||
if (gcry_mpi_aprint
|
if (!enc->data[0] || !enc->data[1])
|
||||||
(GCRYMPI_FMT_USG, &indata, &indatalen, enc->data[0]))
|
err = gpg_error (GPG_ERR_BAD_MPI);
|
||||||
BUG ();
|
else
|
||||||
|
err = gcry_sexp_build (&s_data, NULL, "(enc-val(elg(a%m)(b%m)))",
|
||||||
rc = agent_scd_pkdecrypt (snbuf, indata, indatalen, &rbuf, &rbuflen);
|
enc->data[0], enc->data[1]);
|
||||||
xfree (snbuf);
|
}
|
||||||
xfree (indata);
|
else if (sk->pubkey_algo == GCRY_PK_RSA || sk->pubkey_algo == GCRY_PK_RSA_E)
|
||||||
if (rc)
|
{
|
||||||
goto leave;
|
if (!enc->data[0])
|
||||||
|
err = gpg_error (GPG_ERR_BAD_MPI);
|
||||||
frame = rbuf;
|
else
|
||||||
nframe = rbuflen;
|
err = gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))",
|
||||||
card = 1;
|
enc->data[0]);
|
||||||
#else
|
|
||||||
rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
|
|
||||||
goto leave;
|
|
||||||
#endif /*!ENABLE_CARD_SUPPORT */
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
err = gpg_error (GPG_ERR_BUG);
|
||||||
rc = pk_decrypt (sk->pubkey_algo, &plain_dek, enc->data, sk->skey);
|
|
||||||
if (rc)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
if (gcry_mpi_aprint (GCRYMPI_FMT_USG, &frame, &nframe, plain_dek))
|
|
||||||
BUG ();
|
/* Decrypt. */
|
||||||
gcry_mpi_release (plain_dek);
|
desc = xtrystrdup ("FIXME: Format a description");
|
||||||
plain_dek = NULL;
|
err = agent_pkdecrypt (NULL, keygrip, desc, s_data, &frame, &nframe);
|
||||||
}
|
xfree (desc);
|
||||||
|
gcry_sexp_release (s_data);
|
||||||
|
if (err)
|
||||||
|
goto leave;
|
||||||
|
|
||||||
/* Now get the DEK (data encryption key) from the frame
|
/* Now get the DEK (data encryption key) from the frame
|
||||||
*
|
*
|
||||||
|
@ -231,18 +227,18 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
|
||||||
{
|
{
|
||||||
if (n + 7 > nframe)
|
if (n + 7 > nframe)
|
||||||
{
|
{
|
||||||
rc = G10ERR_WRONG_SECKEY;
|
err = gpg_error (G10ERR_WRONG_SECKEY);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
if (frame[n] == 1 && frame[nframe - 1] == 2)
|
if (frame[n] == 1 && frame[nframe - 1] == 2)
|
||||||
{
|
{
|
||||||
log_info (_("old encoding of the DEK is not supported\n"));
|
log_info (_("old encoding of the DEK is not supported\n"));
|
||||||
rc = G10ERR_CIPHER_ALGO;
|
err = gpg_error (G10ERR_CIPHER_ALGO);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
if (frame[n] != 2) /* Somethink is wrong. */
|
if (frame[n] != 2) /* Something went wrong. */
|
||||||
{
|
{
|
||||||
rc = G10ERR_WRONG_SECKEY;
|
err = gpg_error (G10ERR_WRONG_SECKEY);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
for (n++; n < nframe && frame[n]; n++) /* Skip the random bytes. */
|
for (n++; n < nframe && frame[n]; n++) /* Skip the random bytes. */
|
||||||
|
@ -252,7 +248,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
|
||||||
|
|
||||||
if (n + 4 > nframe)
|
if (n + 4 > nframe)
|
||||||
{
|
{
|
||||||
rc = G10ERR_WRONG_SECKEY;
|
err = gpg_error (G10ERR_WRONG_SECKEY);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -260,10 +256,10 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
|
||||||
dek->algo = frame[n++];
|
dek->algo = frame[n++];
|
||||||
if (dek->algo == CIPHER_ALGO_IDEA)
|
if (dek->algo == CIPHER_ALGO_IDEA)
|
||||||
write_status (STATUS_RSA_OR_IDEA);
|
write_status (STATUS_RSA_OR_IDEA);
|
||||||
rc = openpgp_cipher_test_algo (dek->algo);
|
err = openpgp_cipher_test_algo (dek->algo);
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
if (!opt.quiet && gpg_err_code (rc) == GPG_ERR_CIPHER_ALGO)
|
if (!opt.quiet && gpg_err_code (err) == GPG_ERR_CIPHER_ALGO)
|
||||||
{
|
{
|
||||||
log_info (_("cipher algorithm %d%s is unknown or disabled\n"),
|
log_info (_("cipher algorithm %d%s is unknown or disabled\n"),
|
||||||
dek->algo,
|
dek->algo,
|
||||||
|
@ -276,7 +272,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
|
||||||
}
|
}
|
||||||
if (dek->keylen != openpgp_cipher_get_algo_keylen (dek->algo))
|
if (dek->keylen != openpgp_cipher_get_algo_keylen (dek->algo))
|
||||||
{
|
{
|
||||||
rc = GPG_ERR_WRONG_SECKEY;
|
err = gpg_error (GPG_ERR_WRONG_SECKEY);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -288,7 +284,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
|
||||||
csum2 += dek->key[n];
|
csum2 += dek->key[n];
|
||||||
if (csum != csum2)
|
if (csum != csum2)
|
||||||
{
|
{
|
||||||
rc = G10ERR_WRONG_SECKEY;
|
err = gpg_error (GPG_ERR_WRONG_SECKEY);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
if (DBG_CIPHER)
|
if (DBG_CIPHER)
|
||||||
|
@ -301,7 +297,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
|
||||||
|
|
||||||
if (!pkb)
|
if (!pkb)
|
||||||
{
|
{
|
||||||
rc = -1;
|
err = -1;
|
||||||
log_error ("oops: public key not found for preference check\n");
|
log_error ("oops: public key not found for preference check\n");
|
||||||
}
|
}
|
||||||
else if (pkb->pkt->pkt.public_key->selfsigversion > 3
|
else if (pkb->pkt->pkt.public_key->selfsigversion > 3
|
||||||
|
@ -310,7 +306,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
|
||||||
&& !is_algo_in_prefs (pkb, PREFTYPE_SYM, dek->algo))
|
&& !is_algo_in_prefs (pkb, PREFTYPE_SYM, dek->algo))
|
||||||
log_info (_("WARNING: cipher algorithm %s not found in recipient"
|
log_info (_("WARNING: cipher algorithm %s not found in recipient"
|
||||||
" preferences\n"), openpgp_cipher_algo_name (dek->algo));
|
" preferences\n"), openpgp_cipher_algo_name (dek->algo));
|
||||||
if (!rc)
|
if (!err)
|
||||||
{
|
{
|
||||||
KBNODE k;
|
KBNODE k;
|
||||||
|
|
||||||
|
@ -346,14 +342,13 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
|
||||||
}
|
}
|
||||||
|
|
||||||
release_kbnode (pkb);
|
release_kbnode (pkb);
|
||||||
rc = 0;
|
err = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
leave:
|
||||||
leave:
|
|
||||||
gcry_mpi_release (plain_dek);
|
|
||||||
xfree (frame);
|
xfree (frame);
|
||||||
return rc;
|
xfree (keygrip);
|
||||||
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -248,7 +248,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
|
||||||
|
|
||||||
if(locusr)
|
if(locusr)
|
||||||
{
|
{
|
||||||
rc=build_sk_list(locusr,&sk_list,0,PUBKEY_USAGE_CERT);
|
rc=build_sk_list(locusr, &sk_list, PUBKEY_USAGE_CERT);
|
||||||
if(rc)
|
if(rc)
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
14
g10/sign.c
14
g10/sign.c
|
@ -314,7 +314,7 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
|
||||||
gcry_sexp_t s_sigval;
|
gcry_sexp_t s_sigval;
|
||||||
|
|
||||||
/* FIXME: desc = gpgsm_format_keydesc (cert); */
|
/* FIXME: desc = gpgsm_format_keydesc (cert); */
|
||||||
desc = xtrystrdup ("FIXME: Format a decription");
|
desc = xtrystrdup ("FIXME: Format a description");
|
||||||
|
|
||||||
err = agent_pksign (NULL/*ctrl*/, hexgrip, desc,
|
err = agent_pksign (NULL/*ctrl*/, hexgrip, desc,
|
||||||
dp, gcry_md_get_algo_dlen (mdalgo), mdalgo,
|
dp, gcry_md_get_algo_dlen (mdalgo), mdalgo,
|
||||||
|
@ -811,7 +811,9 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr,
|
||||||
duration=parse_expire_string(opt.def_sig_expire);
|
duration=parse_expire_string(opt.def_sig_expire);
|
||||||
}
|
}
|
||||||
|
|
||||||
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
|
/* Note: In the old non-agent version the following call used to
|
||||||
|
unprotect the secret key. This is now done on demand by the agent. */
|
||||||
|
if( (rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_SIG )) )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
if(PGP2 && !only_old_style(sk_list))
|
if(PGP2 && !only_old_style(sk_list))
|
||||||
|
@ -1126,7 +1128,9 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
|
||||||
duration=parse_expire_string(opt.def_sig_expire);
|
duration=parse_expire_string(opt.def_sig_expire);
|
||||||
}
|
}
|
||||||
|
|
||||||
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
|
/* Note: In the old non-agent version the following call used to
|
||||||
|
unprotect the secret key. This is now done on demand by the agent. */
|
||||||
|
if( (rc=build_sk_list( locusr, &sk_list, PUBKEY_USAGE_SIG )) )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
if( !old_style && !duration )
|
if( !old_style && !duration )
|
||||||
|
@ -1290,7 +1294,9 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
|
||||||
duration=parse_expire_string(opt.def_sig_expire);
|
duration=parse_expire_string(opt.def_sig_expire);
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
|
/* Note: In the old non-agent version the following call used to
|
||||||
|
unprotect the secret key. This is now done on demand by the agent. */
|
||||||
|
rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_SIG);
|
||||||
if (rc)
|
if (rc)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
|
|
|
@ -115,10 +115,8 @@ is_duplicated_entry (strlist_t list, strlist_t item)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* FIXME: We ignore the UNLOCK flag - should not be needed anymore. */
|
|
||||||
gpg_error_t
|
gpg_error_t
|
||||||
build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list,
|
build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list, unsigned int use)
|
||||||
int unlock, unsigned int use)
|
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
SK_LIST sk_list = NULL;
|
SK_LIST sk_list = NULL;
|
||||||
|
@ -202,18 +200,6 @@ build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list,
|
||||||
pk = NULL;
|
pk = NULL;
|
||||||
log_info (_("skipped: secret key already present\n"));
|
log_info (_("skipped: secret key already present\n"));
|
||||||
}
|
}
|
||||||
/* Fixme: We could change the next test by a call to gpg-agent which
|
|
||||||
would then cache the passphrase. */
|
|
||||||
/* else if (unlock && (rc = check_secret_key (sk, 0))) */
|
|
||||||
/* { */
|
|
||||||
/* free_secret_key (sk); */
|
|
||||||
/* sk = NULL; */
|
|
||||||
/* log_error (_("skipped \"%s\": %s\n"), */
|
|
||||||
/* locusr->d, g10_errstr (rc)); */
|
|
||||||
/* write_status_text_and_buffer */
|
|
||||||
/* (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc), */
|
|
||||||
/* locusr->d, strlen (locusr->d), -1); */
|
|
||||||
/* } */
|
|
||||||
else if ((err = openpgp_pk_test_algo2 (pk->pubkey_algo, use)))
|
else if ((err = openpgp_pk_test_algo2 (pk->pubkey_algo, use)))
|
||||||
{
|
{
|
||||||
free_public_key (pk);
|
free_public_key (pk);
|
||||||
|
|
|
@ -300,7 +300,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
|
||||||
|
|
||||||
|
|
||||||
/* Handle a CIPHERTEXT inquiry. Note, we only send the data,
|
/* Handle a CIPHERTEXT inquiry. Note, we only send the data,
|
||||||
assuan_transact talkes care of flushing and writing the end */
|
assuan_transact takes care of flushing and writing the end */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
inq_ciphertext_cb (void *opaque, const char *line)
|
inq_ciphertext_cb (void *opaque, const char *line)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue
Block a user