mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-08 12:44:23 +01:00
gpg: New export and import options "backup" and "restore".
* g10/export.c (parse_export_options): Add "backup" and its alias "export-backup". (do_export_one_keyblock): Export ring trust packets in backup mode. * g10/import.c (parse_import_options): Add "restore" and its alias "import-restore". (read_block): Import ring trust packets. -- These options are intended to, well, backup and restore keys between GnuPG implementations. These options may eventually be enhanced to backup and restore all public key related information. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
21c9ebb908
commit
953d4ec6af
13
doc/gpg.texi
13
doc/gpg.texi
@ -2283,6 +2283,12 @@ opposite meaning. The options are:
|
|||||||
the most recent self-signature on each user ID. This option is the
|
the most recent self-signature on each user ID. This option is the
|
||||||
same as running the @option{--edit-key} command "minimize" after import.
|
same as running the @option{--edit-key} command "minimize" after import.
|
||||||
Defaults to no.
|
Defaults to no.
|
||||||
|
|
||||||
|
@item restore
|
||||||
|
@itemx import-restore
|
||||||
|
Import in key restore mode. This imports all data which is usually
|
||||||
|
skipped during import; including all GnuPG specific data. All other
|
||||||
|
contradicting options are overridden.
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
@item --import-filter @code{@var{name}=@var{expr}}
|
@item --import-filter @code{@var{name}=@var{expr}}
|
||||||
@ -2393,6 +2399,13 @@ opposite meaning. The options are:
|
|||||||
@c when the exported subkey is to be used on an unattended machine where
|
@c when the exported subkey is to be used on an unattended machine where
|
||||||
@c a passphrase doesn't necessarily make sense. Defaults to no.
|
@c a passphrase doesn't necessarily make sense. Defaults to no.
|
||||||
|
|
||||||
|
@item backup
|
||||||
|
@itemx export-backup
|
||||||
|
Export for use as a backup. The exported data includes all data
|
||||||
|
which is needed to restore the key or keys later with GnuPG. The
|
||||||
|
format is basically the OpenPGP format but enhanced with GnuPG
|
||||||
|
specific data. All other contradicting options are overridden.
|
||||||
|
|
||||||
@item export-clean
|
@item export-clean
|
||||||
Compact (remove all signatures from) user IDs on the key being
|
Compact (remove all signatures from) user IDs on the key being
|
||||||
exported if the user IDs are not usable. Also, do not export any
|
exported if the user IDs are not usable. Also, do not export any
|
||||||
|
21
g10/export.c
21
g10/export.c
@ -116,6 +116,10 @@ parse_export_options(char *str,unsigned int *options,int noisy)
|
|||||||
{"export-pka", EXPORT_PKA_FORMAT, NULL, NULL },
|
{"export-pka", EXPORT_PKA_FORMAT, NULL, NULL },
|
||||||
{"export-dane", EXPORT_DANE_FORMAT, NULL, NULL },
|
{"export-dane", EXPORT_DANE_FORMAT, NULL, NULL },
|
||||||
|
|
||||||
|
{"backup", EXPORT_BACKUP, NULL,
|
||||||
|
N_("use the GnuPG key backup format")},
|
||||||
|
{"export-backup", EXPORT_BACKUP, NULL, NULL },
|
||||||
|
|
||||||
/* Aliases for backward compatibility */
|
/* Aliases for backward compatibility */
|
||||||
{"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL},
|
{"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL},
|
||||||
{"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL},
|
{"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL},
|
||||||
@ -127,8 +131,18 @@ parse_export_options(char *str,unsigned int *options,int noisy)
|
|||||||
{NULL,0,NULL,NULL}
|
{NULL,0,NULL,NULL}
|
||||||
/* add tags for include revoked and disabled? */
|
/* add tags for include revoked and disabled? */
|
||||||
};
|
};
|
||||||
|
int rc;
|
||||||
|
|
||||||
return parse_options(str,options,export_opts,noisy);
|
rc = parse_options (str, options, export_opts, noisy);
|
||||||
|
if (rc && (*options & EXPORT_BACKUP))
|
||||||
|
{
|
||||||
|
/* Alter other options we want or don't want for restore. */
|
||||||
|
*options |= (EXPORT_LOCAL_SIGS | EXPORT_ATTRIBUTES
|
||||||
|
| EXPORT_SENSITIVE_REVKEYS);
|
||||||
|
*options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL
|
||||||
|
| EXPORT_PKA_FORMAT | EXPORT_DANE_FORMAT);
|
||||||
|
}
|
||||||
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1535,8 +1549,9 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
|
|||||||
if (node->pkt->pkttype == PKT_COMMENT)
|
if (node->pkt->pkttype == PKT_COMMENT)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
/* Make sure that ring_trust packets never get exported. */
|
/* Make sure that ring_trust packets are only exported in backup
|
||||||
if (node->pkt->pkttype == PKT_RING_TRUST)
|
* mode. */
|
||||||
|
if (node->pkt->pkttype == PKT_RING_TRUST && !(options & EXPORT_BACKUP))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
/* If exact is set, then we only export what was requested
|
/* If exact is set, then we only export what was requested
|
||||||
|
21
g10/import.c
21
g10/import.c
@ -175,6 +175,10 @@ parse_import_options(char *str,unsigned int *options,int noisy)
|
|||||||
{"import-export", IMPORT_EXPORT, NULL,
|
{"import-export", IMPORT_EXPORT, NULL,
|
||||||
N_("run import filters and export key immediately")},
|
N_("run import filters and export key immediately")},
|
||||||
|
|
||||||
|
{"restore", IMPORT_RESTORE, NULL,
|
||||||
|
N_("assume the GnuPG key backup format")},
|
||||||
|
{"import-restore", IMPORT_RESTORE, NULL, NULL},
|
||||||
|
|
||||||
/* Aliases for backward compatibility */
|
/* Aliases for backward compatibility */
|
||||||
{"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
|
{"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
|
||||||
{"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
|
{"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
|
||||||
@ -186,8 +190,18 @@ parse_import_options(char *str,unsigned int *options,int noisy)
|
|||||||
the new design. */
|
the new design. */
|
||||||
{NULL,0,NULL,NULL}
|
{NULL,0,NULL,NULL}
|
||||||
};
|
};
|
||||||
|
int rc;
|
||||||
|
|
||||||
return parse_options(str,options,import_opts,noisy);
|
rc = parse_options (str, options, import_opts, noisy);
|
||||||
|
if (rc && (*options & IMPORT_RESTORE))
|
||||||
|
{
|
||||||
|
/* Alter other options we want or don't want for restore. */
|
||||||
|
*options |= (IMPORT_LOCAL_SIGS | IMPORT_KEEP_OWNERTTRUST);
|
||||||
|
*options &= ~(IMPORT_MINIMAL | IMPORT_CLEAN
|
||||||
|
| IMPORT_REPAIR_PKS_SUBKEY_BUG
|
||||||
|
| IMPORT_MERGE_ONLY);
|
||||||
|
}
|
||||||
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -833,7 +847,9 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case PKT_RING_TRUST:
|
case PKT_RING_TRUST:
|
||||||
/* Skip those packets. */
|
/* Skip those packets unless we are in restore mode. */
|
||||||
|
if ((opt.import_options & IMPORT_RESTORE))
|
||||||
|
goto x_default;
|
||||||
free_packet( pkt );
|
free_packet( pkt );
|
||||||
init_packet(pkt);
|
init_packet(pkt);
|
||||||
break;
|
break;
|
||||||
@ -848,6 +864,7 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys)
|
|||||||
}
|
}
|
||||||
in_cert = 1;
|
in_cert = 1;
|
||||||
default:
|
default:
|
||||||
|
x_default:
|
||||||
if (in_cert && valid_keyblock_packet (pkt->pkttype))
|
if (in_cert && valid_keyblock_packet (pkt->pkttype))
|
||||||
{
|
{
|
||||||
if (!root )
|
if (!root )
|
||||||
|
@ -349,6 +349,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
|
|||||||
#define IMPORT_NO_SECKEY (1<<7)
|
#define IMPORT_NO_SECKEY (1<<7)
|
||||||
#define IMPORT_KEEP_OWNERTTRUST (1<<8)
|
#define IMPORT_KEEP_OWNERTTRUST (1<<8)
|
||||||
#define IMPORT_EXPORT (1<<9)
|
#define IMPORT_EXPORT (1<<9)
|
||||||
|
#define IMPORT_RESTORE (1<<10)
|
||||||
|
|
||||||
#define EXPORT_LOCAL_SIGS (1<<0)
|
#define EXPORT_LOCAL_SIGS (1<<0)
|
||||||
#define EXPORT_ATTRIBUTES (1<<1)
|
#define EXPORT_ATTRIBUTES (1<<1)
|
||||||
@ -358,6 +359,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
|
|||||||
#define EXPORT_CLEAN (1<<5)
|
#define EXPORT_CLEAN (1<<5)
|
||||||
#define EXPORT_PKA_FORMAT (1<<6)
|
#define EXPORT_PKA_FORMAT (1<<6)
|
||||||
#define EXPORT_DANE_FORMAT (1<<7)
|
#define EXPORT_DANE_FORMAT (1<<7)
|
||||||
|
#define EXPORT_BACKUP (1<<10)
|
||||||
|
|
||||||
#define LIST_SHOW_PHOTOS (1<<0)
|
#define LIST_SHOW_PHOTOS (1<<0)
|
||||||
#define LIST_SHOW_POLICY_URLS (1<<1)
|
#define LIST_SHOW_POLICY_URLS (1<<1)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user