1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00

gpg: New export and import options "backup" and "restore".

* g10/export.c (parse_export_options): Add "backup" and its alias
"export-backup".
(do_export_one_keyblock): Export ring trust packets in backup mode.
* g10/import.c (parse_import_options): Add "restore" and its alias
"import-restore".
(read_block): Import ring trust packets.
--

These options are intended to, well, backup and restore keys between
GnuPG implementations.  These options may eventually be enhanced to
backup and restore all public key related information.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-01-23 10:12:18 +01:00
parent 21c9ebb908
commit 953d4ec6af
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 52 additions and 5 deletions

View File

@ -2283,6 +2283,12 @@ opposite meaning. The options are:
the most recent self-signature on each user ID. This option is the the most recent self-signature on each user ID. This option is the
same as running the @option{--edit-key} command "minimize" after import. same as running the @option{--edit-key} command "minimize" after import.
Defaults to no. Defaults to no.
@item restore
@itemx import-restore
Import in key restore mode. This imports all data which is usually
skipped during import; including all GnuPG specific data. All other
contradicting options are overridden.
@end table @end table
@item --import-filter @code{@var{name}=@var{expr}} @item --import-filter @code{@var{name}=@var{expr}}
@ -2393,6 +2399,13 @@ opposite meaning. The options are:
@c when the exported subkey is to be used on an unattended machine where @c when the exported subkey is to be used on an unattended machine where
@c a passphrase doesn't necessarily make sense. Defaults to no. @c a passphrase doesn't necessarily make sense. Defaults to no.
@item backup
@itemx export-backup
Export for use as a backup. The exported data includes all data
which is needed to restore the key or keys later with GnuPG. The
format is basically the OpenPGP format but enhanced with GnuPG
specific data. All other contradicting options are overridden.
@item export-clean @item export-clean
Compact (remove all signatures from) user IDs on the key being Compact (remove all signatures from) user IDs on the key being
exported if the user IDs are not usable. Also, do not export any exported if the user IDs are not usable. Also, do not export any

View File

@ -116,6 +116,10 @@ parse_export_options(char *str,unsigned int *options,int noisy)
{"export-pka", EXPORT_PKA_FORMAT, NULL, NULL }, {"export-pka", EXPORT_PKA_FORMAT, NULL, NULL },
{"export-dane", EXPORT_DANE_FORMAT, NULL, NULL }, {"export-dane", EXPORT_DANE_FORMAT, NULL, NULL },
{"backup", EXPORT_BACKUP, NULL,
N_("use the GnuPG key backup format")},
{"export-backup", EXPORT_BACKUP, NULL, NULL },
/* Aliases for backward compatibility */ /* Aliases for backward compatibility */
{"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL}, {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL},
{"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL}, {"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL},
@ -127,8 +131,18 @@ parse_export_options(char *str,unsigned int *options,int noisy)
{NULL,0,NULL,NULL} {NULL,0,NULL,NULL}
/* add tags for include revoked and disabled? */ /* add tags for include revoked and disabled? */
}; };
int rc;
return parse_options(str,options,export_opts,noisy); rc = parse_options (str, options, export_opts, noisy);
if (rc && (*options & EXPORT_BACKUP))
{
/* Alter other options we want or don't want for restore. */
*options |= (EXPORT_LOCAL_SIGS | EXPORT_ATTRIBUTES
| EXPORT_SENSITIVE_REVKEYS);
*options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL
| EXPORT_PKA_FORMAT | EXPORT_DANE_FORMAT);
}
return rc;
} }
@ -1535,8 +1549,9 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
if (node->pkt->pkttype == PKT_COMMENT) if (node->pkt->pkttype == PKT_COMMENT)
continue; continue;
/* Make sure that ring_trust packets never get exported. */ /* Make sure that ring_trust packets are only exported in backup
if (node->pkt->pkttype == PKT_RING_TRUST) * mode. */
if (node->pkt->pkttype == PKT_RING_TRUST && !(options & EXPORT_BACKUP))
continue; continue;
/* If exact is set, then we only export what was requested /* If exact is set, then we only export what was requested

View File

@ -175,6 +175,10 @@ parse_import_options(char *str,unsigned int *options,int noisy)
{"import-export", IMPORT_EXPORT, NULL, {"import-export", IMPORT_EXPORT, NULL,
N_("run import filters and export key immediately")}, N_("run import filters and export key immediately")},
{"restore", IMPORT_RESTORE, NULL,
N_("assume the GnuPG key backup format")},
{"import-restore", IMPORT_RESTORE, NULL, NULL},
/* Aliases for backward compatibility */ /* Aliases for backward compatibility */
{"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL}, {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
{"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL}, {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
@ -186,8 +190,18 @@ parse_import_options(char *str,unsigned int *options,int noisy)
the new design. */ the new design. */
{NULL,0,NULL,NULL} {NULL,0,NULL,NULL}
}; };
int rc;
return parse_options(str,options,import_opts,noisy); rc = parse_options (str, options, import_opts, noisy);
if (rc && (*options & IMPORT_RESTORE))
{
/* Alter other options we want or don't want for restore. */
*options |= (IMPORT_LOCAL_SIGS | IMPORT_KEEP_OWNERTTRUST);
*options &= ~(IMPORT_MINIMAL | IMPORT_CLEAN
| IMPORT_REPAIR_PKS_SUBKEY_BUG
| IMPORT_MERGE_ONLY);
}
return rc;
} }
@ -833,7 +847,9 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys)
break; break;
case PKT_RING_TRUST: case PKT_RING_TRUST:
/* Skip those packets. */ /* Skip those packets unless we are in restore mode. */
if ((opt.import_options & IMPORT_RESTORE))
goto x_default;
free_packet( pkt ); free_packet( pkt );
init_packet(pkt); init_packet(pkt);
break; break;
@ -848,6 +864,7 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys)
} }
in_cert = 1; in_cert = 1;
default: default:
x_default:
if (in_cert && valid_keyblock_packet (pkt->pkttype)) if (in_cert && valid_keyblock_packet (pkt->pkttype))
{ {
if (!root ) if (!root )

View File

@ -349,6 +349,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
#define IMPORT_NO_SECKEY (1<<7) #define IMPORT_NO_SECKEY (1<<7)
#define IMPORT_KEEP_OWNERTTRUST (1<<8) #define IMPORT_KEEP_OWNERTTRUST (1<<8)
#define IMPORT_EXPORT (1<<9) #define IMPORT_EXPORT (1<<9)
#define IMPORT_RESTORE (1<<10)
#define EXPORT_LOCAL_SIGS (1<<0) #define EXPORT_LOCAL_SIGS (1<<0)
#define EXPORT_ATTRIBUTES (1<<1) #define EXPORT_ATTRIBUTES (1<<1)
@ -358,6 +359,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
#define EXPORT_CLEAN (1<<5) #define EXPORT_CLEAN (1<<5)
#define EXPORT_PKA_FORMAT (1<<6) #define EXPORT_PKA_FORMAT (1<<6)
#define EXPORT_DANE_FORMAT (1<<7) #define EXPORT_DANE_FORMAT (1<<7)
#define EXPORT_BACKUP (1<<10)
#define LIST_SHOW_PHOTOS (1<<0) #define LIST_SHOW_PHOTOS (1<<0)
#define LIST_SHOW_POLICY_URLS (1<<1) #define LIST_SHOW_POLICY_URLS (1<<1)