* keylist.c (list_cert_colon): Print the short fingerprint in the

key ID field. * fingerprint.c (gpgsm_get_short_fingerprint): New. * verify.c (gpgsm_verify): Print more verbose info for a good signature.
2025-01-26 15:37:03 +01:00 · 2002-08-10 09:14:21 +00:00 · 2002-08-10 09:14:21 +00:00 · 9382b621ad
commit 9382b621ad
parent 69f389096d
6 changed files with 53 additions and 15 deletions
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,11 @@
+2002-08-10  Werner Koch  <wk@gnupg.org>
+
+	* keylist.c (list_cert_colon): Print the short fingerprint in the
+	key ID field.
+	* fingerprint.c (gpgsm_get_short_fingerprint): New.
+	* verify.c (gpgsm_verify): Print more verbose info for a good
+	signature.
+
 2002-08-09  Werner Koch  <wk@gnupg.org>

 	* decrypt.c (prepare_decryption): Hack to detected already
--- a/sm/certdump.c
+++ b/sm/certdump.c
@ -116,9 +116,9 @@ gpgsm_dump_time (time_t t)
 {

  if (!t)
-    log_printf ("none");
+    log_printf (_("[none]"));
  else if ( t == (time_t)(-1) )
-    log_printf ("error");
+    log_printf (_("[error]"));
  else
    {
      struct tm *tp;
--- a/sm/fingerprint.c
+++ b/sm/fingerprint.c
@ -102,7 +102,7 @@ gpgsm_get_fingerprint_string (KsbaCert cert, int algo)
  return buf;
 }

-/* Return an allocated buffer with the formatted fungerprint as one
+/* Return an allocated buffer with the formatted fingerprint as one
   large hexnumber */
 char *
 gpgsm_get_fingerprint_hexstring (KsbaCert cert, int algo)
@ -124,6 +124,17 @@ gpgsm_get_fingerprint_hexstring (KsbaCert cert, int algo)
  return buf;
 }

+/* Return a certificate ID.  These are the last 4 bytes of the SHA-1
+   fingerprint. */
+unsigned long
+gpgsm_get_short_fingerprint (KsbaCert cert)
+{
+  unsigned char digest[20];
+
+  gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL);
+  return ((digest[16]<<24)|(digest[17]<<16)|(digest[18]<< 8)|digest[19]);
+}
+

 /* Return the so called KEYGRIP which is the SHA-1 hash of the public
   key parameters expressed as an canoncial encoded S-Exp.  array must
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -149,6 +149,7 @@ void gpgsm_status2 (CTRL ctrl, int no, ...);
 char *gpgsm_get_fingerprint (KsbaCert cert, int algo, char *array, int *r_len);
 char *gpgsm_get_fingerprint_string (KsbaCert cert, int algo);
 char *gpgsm_get_fingerprint_hexstring (KsbaCert cert, int algo);
+unsigned long gpgsm_get_short_fingerprint (KsbaCert cert);
 char *gpgsm_get_keygrip (KsbaCert cert, char *array);
 char *gpgsm_get_keygrip_hexstring (KsbaCert cert);
 char *gpgsm_get_certid (KsbaCert cert);
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -151,6 +151,7 @@ list_cert_colon (KsbaCert cert, FILE *fp, int have_secret)
  int idx, trustletter = 0;
  char *p;
  KsbaSexp sexp;
+  char *fpr;

  fputs (have_secret? "crs:":"crt:", fp);
  trustletter = 0;
@ -168,9 +169,11 @@ list_cert_colon (KsbaCert cert, FILE *fp, int have_secret)
      putc (trustletter, fp);
    }

-  fprintf (fp, ":%u:%d::",
+  fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+  fprintf (fp, ":%u:%d:%s:",
           /*keylen_of_cert (cert)*/1024,
-           /* pubkey_algo_of_cert (cert)*/1);
+           /* pubkey_algo_of_cert (cert)*/1,
+           fpr+24);

  /* we assume --fixed-list-mode for gpgsm */
  print_time ( ksba_cert_get_validity (cert, 0), fp);
@ -212,9 +215,8 @@ list_cert_colon (KsbaCert cert, FILE *fp, int have_secret)
  putc ('\n', fp);

  /* FPR record */
-  p = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
-  fprintf (fp, "fpr:::::::::%s:::", p);
-  xfree (p);
+  fprintf (fp, "fpr:::::::::%s:::", fpr);
+  xfree (fpr); fpr = NULL;
  /* print chaining ID (field 13)*/
  {
    KsbaCert next;
--- a/sm/verify.c
+++ b/sm/verify.c
@ -108,6 +108,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
  int algo;
  int is_detached;
  FILE *fp = NULL;
+  char *p;

  kh = keydb_new (0);
  if (!kh)
@ -285,12 +286,8 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
          log_error ("error getting signing time: %s\n", ksba_strerror (err));
          sigtime = (time_t)-1;
        }
-      if (DBG_X509)
-        {
-          log_debug ("signer %d - sigtime: ", signer);
-          gpgsm_dump_time (sigtime);  
-          log_printf ("\n");
-        }
+
+                  

      err = ksba_cms_get_message_digest (cms, signer,
                                         &msgdigest, &msgdigestlen);
@ -343,6 +340,15 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
          goto next_signer;
        }

+      log_info (_("Signature made "));
+      if (sigtime)
+        gpgsm_dump_time (sigtime);
+      else
+        log_printf (_("[date not given]"));
+      log_printf (_(" using certificate ID %08lX\n"),
+                  gpgsm_get_short_fingerprint (cert));
+
+
      if (msgdigest)
        { /* Signed attributes are available. */
          GCRY_MD_HD md;
@ -446,7 +452,17 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
            gpgsm_status (ctrl, STATUS_TRUST_UNDEFINED, gnupg_error_token (rc));
          goto next_signer;
        }
-      log_info ("signature is good\n");
+
+      for (i=0; (p = ksba_cert_get_subject (cert, i)); i++)
+        {
+          log_info (!i? _("Good signature from")
+                      : _("                aka"));
+          log_printf (" \"");
+          gpgsm_print_name (log_get_stream (), p);
+          log_printf ("\"\n");
+          ksba_free (p);
+        }
+
      gpgsm_status (ctrl, STATUS_TRUST_FULLY, NULL);