agent: Re-introduce --enable-extended-key-format.

* agent/gpg-agent.c (oEnableExtendedKeyFormat): Re-introduce.
(parse_rereadable_options): Handle it in a special way.
* agent/protect.c (agent_protect): Be safe and set use_ocb only to 1
or 0.
* tools/gpgconf-comp.c: Add --enable-extended-key-format again.
--

This is required for backward compatible with profiles.

Signed-off-by: Werner Koch <wk@gnupg.org>

agent/agent.h

@@ -124,7 +124,11 @@ struct
      passphrase change.  */
   int enable_passphrase_history;
 
-  /* If set the extended key format is used for new keys.  */
+  /* If set the extended key format is used for new keys.  Note that
+   * this may vave the value 2 in which case
+   * --disable-extended-key-format won't have any effect and thus
+   * effectivley locking it.  This is required to support existing
+   * profiles which lock the use of --enable-extended-key-format. */
   int enable_extended_key_format;
 
   int running_detached; /* We are running detached from the tty. */

agent/gpg-agent.c

@@ -113,6 +113,7 @@ enum cmd_and_opt_values
   oMaxPassphraseDays,
   oEnablePassphraseHistory,
   oDisableExtendedKeyFormat,
+  oEnableExtendedKeyFormat,
   oUseStandardSocket,
   oNoUseStandardSocket,
   oExtraSocket,
@@ -254,6 +255,7 @@ static ARGPARSE_OPTS opts[] = {
 #endif
                 ),
   ARGPARSE_s_n (oDisableExtendedKeyFormat, "disable-extended-key-format", "@"),
+  ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
 
   ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
   ARGPARSE_s_u (oS2KCalibration, "s2k-calibration", "@"),
@@ -268,7 +270,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"),
 
   /* Dummy options.  */
-  ARGPARSE_s_n (oNoop, "enable-extended-key-format", "@"),
 
 
   ARGPARSE_end () /* End of list */
@@ -906,7 +907,13 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.enable_passphrase_history = 1;
       break;
 
-    case oDisableExtendedKeyFormat: opt.enable_extended_key_format = 0; break;
+    case oEnableExtendedKeyFormat:
+      opt.enable_extended_key_format = 2;
+      break;
+    case oDisableExtendedKeyFormat:
+      if (opt.enable_extended_key_format != 2)
+        opt.enable_extended_key_format = 0;
+      break;
 
     case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
 

agent/protect.c

@@ -623,7 +623,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
   int have_curve = 0;
 
   if (use_ocb == -1)
-    use_ocb = opt.enable_extended_key_format;
+    use_ocb = !!opt.enable_extended_key_format;
 
   /* Create an S-expression with the protected-at timestamp.  */
   memcpy (timestamp_exp, "(12:protected-at15:", 19);

doc/gpg-agent.texi

@@ -585,16 +585,19 @@ local gpg-agent and use its private keys.  This enables decrypting or
 signing data on a remote machine without exposing the private keys to the
 remote machine.
 
-@item --disable-extended-key-format
+@item --enable-extended-key-format
+@itemx --disable-extended-key-format
+@opindex enable-extended-key-format
 @opindex disable-extended-key-format
 Since version 2.3 keys are created in the extended private key format.
 Changing the passphrase of a key will also convert the key to that new
 format.  This new key format is supported since GnuPG version 2.1.12
-and thus there should be no need to disable it.  However, this options
-allows to revert to the old behaviour for new keys; be aware that keys
-are never migrated back to the old format.  The advantage of the
-extended private key format is that it is text based and can carry
-additional meta data.
+and thus there should be no need to disable it.  The disable option
+allows to revert to the old behavior for new keys; be aware that keys
+are never migrated back to the old format.  However if the enable
+option has been used the disable option won't have an effect.  The
+advantage of the extended private key format is that it is text based
+and can carry additional meta data.
 
 @anchor{option --enable-ssh-support}
 @item --enable-ssh-support

tools/gpgconf-comp.c

@@ -508,6 +508,9 @@ static gc_option_t gc_options_gpg_agent[] =
    { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
      "gnupg", "enable putty support",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+   { "enable-extended-key-format", GC_OPT_FLAG_RUNTIME, GC_LEVEL_INVISIBLE,
+     NULL, NULL,
+     GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
 
    { "Debug",
      GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,