mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
* gpgsm.c (main): New options --no-log-file and --debug-none.
* certreqgen.c (get_parameter, get_parameter_value): Add SEQ arg to allow enumeration. Changed all callers. (create_request): Process DNS and URI parameters. * gpgsm-gencert.sh: Reworked to allow for multiple email addresses as well as DNsanmes and URi. Present the parameter file before creating the certificate.
This commit is contained in:
parent
5e47c18612
commit
99f403b015
@ -1,3 +1,11 @@
|
|||||||
|
2005-07-21 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* gpgsm.c (main): New options --no-log-file and --debug-none.
|
||||||
|
|
||||||
|
* certreqgen.c (get_parameter, get_parameter_value): Add SEQ arg
|
||||||
|
to allow enumeration. Changed all callers.
|
||||||
|
(create_request): Process DNS and URI parameters.
|
||||||
|
|
||||||
2005-07-20 Werner Koch <wk@g10code.com>
|
2005-07-20 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
* keylist.c (email_kludge): Reworked.
|
* keylist.c (email_kludge): Reworked.
|
||||||
|
122
sm/certreqgen.c
122
sm/certreqgen.c
@ -1,5 +1,5 @@
|
|||||||
/* certreqgen.c - Generate a key and a certification request
|
/* certreqgen.c - Generate a key and a certification request
|
||||||
* Copyright (C) 2002, 2003 Free Software Foundation, Inc.
|
* Copyright (C) 2002, 2003, 2005 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -71,7 +71,11 @@ The format of the native parameter file is follows:
|
|||||||
Name-DN: subject name
|
Name-DN: subject name
|
||||||
This is the DN name of the subject in rfc2253 format.
|
This is the DN name of the subject in rfc2253 format.
|
||||||
Name-Email: <string>
|
Name-Email: <string>
|
||||||
The ist the email address
|
The is an email address for the altSubjectName
|
||||||
|
Name-DNS: <string>
|
||||||
|
The is an DNS name for the altSubjectName
|
||||||
|
Name-URI: <string>
|
||||||
|
The is an URI for the altSubjectName
|
||||||
|
|
||||||
Here is an example:
|
Here is an example:
|
||||||
$ cat >foo <<EOF
|
$ cat >foo <<EOF
|
||||||
@ -109,7 +113,9 @@ enum para_name {
|
|||||||
pKEYLENGTH,
|
pKEYLENGTH,
|
||||||
pKEYUSAGE,
|
pKEYUSAGE,
|
||||||
pNAMEDN,
|
pNAMEDN,
|
||||||
pNAMEEMAIL
|
pNAMEEMAIL,
|
||||||
|
pNAMEDNS,
|
||||||
|
pNAMEURI
|
||||||
};
|
};
|
||||||
|
|
||||||
struct para_data_s {
|
struct para_data_s {
|
||||||
@ -155,26 +161,27 @@ release_parameter_list (struct para_data_s *r)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static struct para_data_s *
|
static struct para_data_s *
|
||||||
get_parameter (struct para_data_s *para, enum para_name key)
|
get_parameter (struct para_data_s *para, enum para_name key, int seq)
|
||||||
{
|
{
|
||||||
struct para_data_s *r;
|
struct para_data_s *r;
|
||||||
|
|
||||||
for (r = para; r && r->key != key; r = r->next)
|
for (r = para; r ; r = r->next)
|
||||||
;
|
if ( r->key == key && !seq--)
|
||||||
return r;
|
return r;
|
||||||
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static const char *
|
static const char *
|
||||||
get_parameter_value (struct para_data_s *para, enum para_name key)
|
get_parameter_value (struct para_data_s *para, enum para_name key, int seq)
|
||||||
{
|
{
|
||||||
struct para_data_s *r = get_parameter (para, key);
|
struct para_data_s *r = get_parameter (para, key, seq);
|
||||||
return (r && *r->u.value)? r->u.value : NULL;
|
return (r && *r->u.value)? r->u.value : NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
get_parameter_algo (struct para_data_s *para, enum para_name key)
|
get_parameter_algo (struct para_data_s *para, enum para_name key)
|
||||||
{
|
{
|
||||||
struct para_data_s *r = get_parameter (para, key);
|
struct para_data_s *r = get_parameter (para, key, 0);
|
||||||
if (!r)
|
if (!r)
|
||||||
return -1;
|
return -1;
|
||||||
if (digitp (r->u.value))
|
if (digitp (r->u.value))
|
||||||
@ -189,7 +196,7 @@ get_parameter_algo (struct para_data_s *para, enum para_name key)
|
|||||||
static int
|
static int
|
||||||
parse_parameter_usage (struct para_data_s *para, enum para_name key)
|
parse_parameter_usage (struct para_data_s *para, enum para_name key)
|
||||||
{
|
{
|
||||||
struct para_data_s *r = get_parameter (para, key);
|
struct para_data_s *r = get_parameter (para, key, 0);
|
||||||
char *p, *pn;
|
char *p, *pn;
|
||||||
unsigned int use;
|
unsigned int use;
|
||||||
|
|
||||||
@ -220,7 +227,7 @@ parse_parameter_usage (struct para_data_s *para, enum para_name key)
|
|||||||
static unsigned int
|
static unsigned int
|
||||||
get_parameter_uint (struct para_data_s *para, enum para_name key)
|
get_parameter_uint (struct para_data_s *para, enum para_name key)
|
||||||
{
|
{
|
||||||
struct para_data_s *r = get_parameter (para, key);
|
struct para_data_s *r = get_parameter (para, key, 0);
|
||||||
|
|
||||||
if (!r)
|
if (!r)
|
||||||
return 0;
|
return 0;
|
||||||
@ -241,12 +248,15 @@ read_parameters (ctrl_t ctrl, FILE *fp, ksba_writer_t writer)
|
|||||||
static struct {
|
static struct {
|
||||||
const char *name;
|
const char *name;
|
||||||
enum para_name key;
|
enum para_name key;
|
||||||
|
int allow_dups;
|
||||||
} keywords[] = {
|
} keywords[] = {
|
||||||
{ "Key-Type", pKEYTYPE},
|
{ "Key-Type", pKEYTYPE},
|
||||||
{ "Key-Length", pKEYLENGTH },
|
{ "Key-Length", pKEYLENGTH },
|
||||||
{ "Key-Usage", pKEYUSAGE },
|
{ "Key-Usage", pKEYUSAGE },
|
||||||
{ "Name-DN", pNAMEDN },
|
{ "Name-DN", pNAMEDN },
|
||||||
{ "Name-Email", pNAMEEMAIL },
|
{ "Name-Email", pNAMEEMAIL, 1 },
|
||||||
|
{ "Name-DNS", pNAMEDNS, 1 },
|
||||||
|
{ "Name-URI", pNAMEURI, 1 },
|
||||||
{ NULL, 0 }
|
{ NULL, 0 }
|
||||||
};
|
};
|
||||||
char line[1024], *p;
|
char line[1024], *p;
|
||||||
@ -347,7 +357,7 @@ read_parameters (ctrl_t ctrl, FILE *fp, ksba_writer_t writer)
|
|||||||
release_parameter_list (para);
|
release_parameter_list (para);
|
||||||
para = NULL;
|
para = NULL;
|
||||||
}
|
}
|
||||||
else
|
else if (!keywords[i].allow_dups)
|
||||||
{
|
{
|
||||||
for (r = para; r && r->key != keywords[i].key; r = r->next)
|
for (r = para; r && r->key != keywords[i].key; r = r->next)
|
||||||
;
|
;
|
||||||
@ -433,9 +443,10 @@ proc_parameters (ctrl_t ctrl,
|
|||||||
unsigned char keyparms[100];
|
unsigned char keyparms[100];
|
||||||
int rc;
|
int rc;
|
||||||
ksba_sexp_t public;
|
ksba_sexp_t public;
|
||||||
|
int seq;
|
||||||
|
|
||||||
/* check that we have all required parameters */
|
/* check that we have all required parameters */
|
||||||
assert (get_parameter (para, pKEYTYPE));
|
assert (get_parameter (para, pKEYTYPE, 0));
|
||||||
|
|
||||||
/* We can only use RSA for now. There is a with pkcs-10 on how to
|
/* We can only use RSA for now. There is a with pkcs-10 on how to
|
||||||
use ElGamal because it is expected that a PK algorithm can always
|
use ElGamal because it is expected that a PK algorithm can always
|
||||||
@ -443,20 +454,20 @@ proc_parameters (ctrl_t ctrl,
|
|||||||
i = get_parameter_algo (para, pKEYTYPE);
|
i = get_parameter_algo (para, pKEYTYPE);
|
||||||
if (i < 1 || i != GCRY_PK_RSA )
|
if (i < 1 || i != GCRY_PK_RSA )
|
||||||
{
|
{
|
||||||
r = get_parameter (para, pKEYTYPE);
|
r = get_parameter (para, pKEYTYPE, 0);
|
||||||
log_error (_("line %d: invalid algorithm\n"), r->lnr);
|
log_error (_("line %d: invalid algorithm\n"), r->lnr);
|
||||||
return gpg_error (GPG_ERR_INV_PARAMETER);
|
return gpg_error (GPG_ERR_INV_PARAMETER);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* check the keylength */
|
/* check the keylength */
|
||||||
if (!get_parameter (para, pKEYLENGTH))
|
if (!get_parameter (para, pKEYLENGTH, 0))
|
||||||
nbits = 1024;
|
nbits = 1024;
|
||||||
else
|
else
|
||||||
nbits = get_parameter_uint (para, pKEYLENGTH);
|
nbits = get_parameter_uint (para, pKEYLENGTH);
|
||||||
if (nbits < 1024 || nbits > 4096)
|
if (nbits < 1024 || nbits > 4096)
|
||||||
{
|
{
|
||||||
/* The BSI specs dated 2002-11-25 don't allow lengths below 1024. */
|
/* The BSI specs dated 2002-11-25 don't allow lengths below 1024. */
|
||||||
r = get_parameter (para, pKEYTYPE);
|
r = get_parameter (para, pKEYLENGTH, 0);
|
||||||
log_error (_("line %d: invalid key length %u (valid are %d to %d)\n"),
|
log_error (_("line %d: invalid key length %u (valid are %d to %d)\n"),
|
||||||
r->lnr, nbits, 1024, 4096);
|
r->lnr, nbits, 1024, 4096);
|
||||||
return gpg_error (GPG_ERR_INV_PARAMETER);
|
return gpg_error (GPG_ERR_INV_PARAMETER);
|
||||||
@ -468,16 +479,16 @@ proc_parameters (ctrl_t ctrl,
|
|||||||
|
|
||||||
/* check that there is a subject name and that this DN fits our
|
/* check that there is a subject name and that this DN fits our
|
||||||
requirements */
|
requirements */
|
||||||
if (!(s=get_parameter_value (para, pNAMEDN)))
|
if (!(s=get_parameter_value (para, pNAMEDN, 0)))
|
||||||
{
|
{
|
||||||
r = get_parameter (para, pKEYTYPE);
|
r = get_parameter (para, pKEYTYPE, 0);
|
||||||
log_error (_("line %d: no subject name given\n"), r->lnr);
|
log_error (_("line %d: no subject name given\n"), r->lnr);
|
||||||
return gpg_error (GPG_ERR_INV_PARAMETER);
|
return gpg_error (GPG_ERR_INV_PARAMETER);
|
||||||
}
|
}
|
||||||
/* fixme check s */
|
/* fixme check s */
|
||||||
|
|
||||||
/* check that the optional email address is okay */
|
/* check that the optional email address is okay */
|
||||||
if ((s=get_parameter_value (para, pNAMEEMAIL)))
|
for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++)
|
||||||
{
|
{
|
||||||
if (has_invalid_email_chars (s)
|
if (has_invalid_email_chars (s)
|
||||||
|| *s == '@'
|
|| *s == '@'
|
||||||
@ -485,7 +496,7 @@ proc_parameters (ctrl_t ctrl,
|
|||||||
|| s[strlen(s)-1] == '.'
|
|| s[strlen(s)-1] == '.'
|
||||||
|| strstr(s, ".."))
|
|| strstr(s, ".."))
|
||||||
{
|
{
|
||||||
r = get_parameter (para, pKEYTYPE);
|
r = get_parameter (para, pNAMEEMAIL, seq);
|
||||||
log_error (_("line %d: not a valid email address\n"), r->lnr);
|
log_error (_("line %d: not a valid email address\n"), r->lnr);
|
||||||
return gpg_error (GPG_ERR_INV_PARAMETER);
|
return gpg_error (GPG_ERR_INV_PARAMETER);
|
||||||
}
|
}
|
||||||
@ -497,7 +508,7 @@ proc_parameters (ctrl_t ctrl,
|
|||||||
rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
|
rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
r = get_parameter (para, pKEYTYPE);
|
r = get_parameter (para, pKEYTYPE, 0);
|
||||||
log_error (_("line %d: key generation failed: %s\n"),
|
log_error (_("line %d: key generation failed: %s\n"),
|
||||||
r->lnr, gpg_strerror (rc));
|
r->lnr, gpg_strerror (rc));
|
||||||
return rc;
|
return rc;
|
||||||
@ -524,6 +535,10 @@ create_request (ctrl_t ctrl,
|
|||||||
int rc = 0;
|
int rc = 0;
|
||||||
const char *s;
|
const char *s;
|
||||||
unsigned int use;
|
unsigned int use;
|
||||||
|
int seq;
|
||||||
|
char *buf, *p;
|
||||||
|
size_t len;
|
||||||
|
char numbuf[30];
|
||||||
|
|
||||||
err = ksba_certreq_new (&cr);
|
err = ksba_certreq_new (&cr);
|
||||||
if (err)
|
if (err)
|
||||||
@ -541,7 +556,7 @@ create_request (ctrl_t ctrl,
|
|||||||
ksba_certreq_set_hash_function (cr, HASH_FNC, md);
|
ksba_certreq_set_hash_function (cr, HASH_FNC, md);
|
||||||
ksba_certreq_set_writer (cr, outctrl->writer);
|
ksba_certreq_set_writer (cr, outctrl->writer);
|
||||||
|
|
||||||
err = ksba_certreq_add_subject (cr, get_parameter_value (para, pNAMEDN));
|
err = ksba_certreq_add_subject (cr, get_parameter_value (para, pNAMEDN, 0));
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("error setting the subject's name: %s\n",
|
log_error ("error setting the subject's name: %s\n",
|
||||||
@ -550,11 +565,8 @@ create_request (ctrl_t ctrl,
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
s = get_parameter_value (para, pNAMEEMAIL);
|
for (seq=0; (s = get_parameter_value (para, pNAMEEMAIL, seq)); seq++)
|
||||||
if (s)
|
|
||||||
{
|
{
|
||||||
char *buf;
|
|
||||||
|
|
||||||
buf = xtrymalloc (strlen (s) + 3);
|
buf = xtrymalloc (strlen (s) + 3);
|
||||||
if (!buf)
|
if (!buf)
|
||||||
{
|
{
|
||||||
@ -575,6 +587,60 @@ create_request (ctrl_t ctrl,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for (seq=0; (s = get_parameter_value (para, pNAMEDNS, seq)); seq++)
|
||||||
|
{
|
||||||
|
len = strlen (s);
|
||||||
|
assert (len);
|
||||||
|
snprintf (numbuf, DIM(numbuf), "%u:", (unsigned int)len);
|
||||||
|
buf = p = xtrymalloc (11 + strlen (numbuf) + len + 3);
|
||||||
|
if (!buf)
|
||||||
|
{
|
||||||
|
rc = OUT_OF_CORE (errno);
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
p = stpcpy (p, "(8:dns-name");
|
||||||
|
p = stpcpy (p, numbuf);
|
||||||
|
p = stpcpy (p, s);
|
||||||
|
strcpy (p, ")");
|
||||||
|
|
||||||
|
err = ksba_certreq_add_subject (cr, buf);
|
||||||
|
xfree (buf);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
log_error ("error setting the subject's alternate name: %s\n",
|
||||||
|
gpg_strerror (err));
|
||||||
|
rc = err;
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for (seq=0; (s = get_parameter_value (para, pNAMEURI, seq)); seq++)
|
||||||
|
{
|
||||||
|
len = strlen (s);
|
||||||
|
assert (len);
|
||||||
|
snprintf (numbuf, DIM(numbuf), "%u:", (unsigned int)len);
|
||||||
|
buf = p = xtrymalloc (6 + strlen (numbuf) + len + 3);
|
||||||
|
if (!buf)
|
||||||
|
{
|
||||||
|
rc = OUT_OF_CORE (errno);
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
p = stpcpy (p, "(3:uri");
|
||||||
|
p = stpcpy (p, numbuf);
|
||||||
|
p = stpcpy (p, s);
|
||||||
|
strcpy (p, ")");
|
||||||
|
|
||||||
|
err = ksba_certreq_add_subject (cr, buf);
|
||||||
|
xfree (buf);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
log_error ("error setting the subject's alternate name: %s\n",
|
||||||
|
gpg_strerror (err));
|
||||||
|
rc = err;
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
err = ksba_certreq_set_public_key (cr, public);
|
err = ksba_certreq_set_public_key (cr, public);
|
||||||
if (err)
|
if (err)
|
||||||
|
@ -99,12 +99,14 @@ enum cmd_and_opt_values {
|
|||||||
oDebug,
|
oDebug,
|
||||||
oDebugLevel,
|
oDebugLevel,
|
||||||
oDebugAll,
|
oDebugAll,
|
||||||
|
oDebugNone,
|
||||||
oDebugWait,
|
oDebugWait,
|
||||||
oDebugAllowCoreDump,
|
oDebugAllowCoreDump,
|
||||||
oDebugNoChainValidation,
|
oDebugNoChainValidation,
|
||||||
oDebugIgnoreExpiration,
|
oDebugIgnoreExpiration,
|
||||||
oFixedPassphrase,
|
oFixedPassphrase,
|
||||||
oLogFile,
|
oLogFile,
|
||||||
|
oNoLogFile,
|
||||||
|
|
||||||
oEnableSpecialFilenames,
|
oEnableSpecialFilenames,
|
||||||
|
|
||||||
@ -330,6 +332,7 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
|
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
|
||||||
{ oNoTTY, "no-tty", 0, N_("don't use the terminal at all") },
|
{ oNoTTY, "no-tty", 0, N_("don't use the terminal at all") },
|
||||||
{ oLogFile, "log-file" ,2, N_("use a log file for the server")},
|
{ oLogFile, "log-file" ,2, N_("use a log file for the server")},
|
||||||
|
{ oNoLogFile, "no-log-file" ,0, "@"},
|
||||||
#if 0
|
#if 0
|
||||||
{ oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") },
|
{ oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") },
|
||||||
{ oForceMDC, "force-mdc", 0, N_("always use a MDC for encryption") },
|
{ oForceMDC, "force-mdc", 0, N_("always use a MDC for encryption") },
|
||||||
@ -351,6 +354,7 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
{ oDebug, "debug" ,4|16, "@"},
|
{ oDebug, "debug" ,4|16, "@"},
|
||||||
{ oDebugLevel, "debug-level" ,2, N_("|LEVEL|set the debugging level to LEVEL")},
|
{ oDebugLevel, "debug-level" ,2, N_("|LEVEL|set the debugging level to LEVEL")},
|
||||||
{ oDebugAll, "debug-all" ,0, "@"},
|
{ oDebugAll, "debug-all" ,0, "@"},
|
||||||
|
{ oDebugNone, "debug-none" ,0, "@"},
|
||||||
{ oDebugWait, "debug-wait" ,1, "@"},
|
{ oDebugWait, "debug-wait" ,1, "@"},
|
||||||
{ oDebugAllowCoreDump, "debug-allow-core-dump", 0, "@" },
|
{ oDebugAllowCoreDump, "debug-allow-core-dump", 0, "@" },
|
||||||
{ oDebugNoChainValidation, "debug-no-chain-validation", 0, "@"},
|
{ oDebugNoChainValidation, "debug-no-chain-validation", 0, "@"},
|
||||||
@ -1032,7 +1036,8 @@ main ( int argc, char **argv)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case oLogFile: logfile = pargs.r.ret_str; break;
|
case oLogFile: logfile = pargs.r.ret_str; break;
|
||||||
|
case oNoLogFile: logfile = NULL; break;
|
||||||
|
|
||||||
case oBatch:
|
case oBatch:
|
||||||
opt.batch = 1;
|
opt.batch = 1;
|
||||||
greeting = 0;
|
greeting = 0;
|
||||||
@ -1046,6 +1051,7 @@ main ( int argc, char **argv)
|
|||||||
|
|
||||||
case oDebug: debug_value |= pargs.r.ret_ulong; break;
|
case oDebug: debug_value |= pargs.r.ret_ulong; break;
|
||||||
case oDebugAll: debug_value = ~0; break;
|
case oDebugAll: debug_value = ~0; break;
|
||||||
|
case oDebugNone: debug_value = 0; break;
|
||||||
case oDebugLevel: debug_level = pargs.r.ret_str; break;
|
case oDebugLevel: debug_level = pargs.r.ret_str; break;
|
||||||
case oDebugWait: debug_wait = pargs.r.ret_int; break;
|
case oDebugWait: debug_wait = pargs.r.ret_int; break;
|
||||||
case oDebugAllowCoreDump:
|
case oDebugAllowCoreDump:
|
||||||
|
@ -1,3 +1,9 @@
|
|||||||
|
2005-07-21 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* gpgsm-gencert.sh: Reworked to allow for multiple email addresses
|
||||||
|
as well as DNsanmes and URi. Present the parameter file before
|
||||||
|
creating the certificate.
|
||||||
|
|
||||||
2005-07-04 Marcus Brinkmann <marcus@g10code.de>
|
2005-07-04 Marcus Brinkmann <marcus@g10code.de>
|
||||||
|
|
||||||
* symcryptrun.c (SYMC_BAD_PASSPHRASE, SYMC_CANCELED): New symbols,
|
* symcryptrun.c (SYMC_BAD_PASSPHRASE, SYMC_CANCELED): New symbols,
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# -*- sh -*-
|
# -*- sh -*-
|
||||||
# gpgsm-gencert.c - Generate X.509 certificates through GPGSM.
|
# gpgsm-gencert.c - Generate X.509 certificates through GPGSM.
|
||||||
# Copyright (C) 2004 Free Software Foundation, Inc.
|
# Copyright (C) 2004, 2005 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is part of GnuPG.
|
# This file is part of GnuPG.
|
||||||
#
|
#
|
||||||
@ -93,25 +93,67 @@ KEY_LENGTH=$ANSWER
|
|||||||
query_user_menu "Key usage" "sign, encrypt" "sign" "encrypt"
|
query_user_menu "Key usage" "sign, encrypt" "sign" "encrypt"
|
||||||
KEY_USAGE=$ANSWER
|
KEY_USAGE=$ANSWER
|
||||||
|
|
||||||
query_user "Name"
|
query_user "Name (DN)"
|
||||||
NAME=$ANSWER
|
NAME=$ANSWER
|
||||||
|
|
||||||
query_user "E-Mail address"
|
EMAIL_ADDRESSES=
|
||||||
EMAIL_ADDRESS=$ANSWER
|
LF=
|
||||||
|
while : ; do
|
||||||
|
query_user "E-Mail addresses (end with an empty line)"
|
||||||
|
[ -z "$ANSWER" ] && break
|
||||||
|
EMAIL_ADDRESSES="${EMAIL_ADDRESSES}${LF}Name-Email: $ANSWER"
|
||||||
|
LF='
|
||||||
|
'
|
||||||
|
done
|
||||||
|
|
||||||
|
DNS_ADDRESSES=
|
||||||
|
LF=
|
||||||
|
while : ; do
|
||||||
|
query_user "DNS Names (optional; end with an empty line)"
|
||||||
|
[ -z "$ANSWER" ] && break
|
||||||
|
DNS_ADDRESSES="${DNS_ADDRESSES}${LF}Name-DNS: $ANSWER"
|
||||||
|
LF='
|
||||||
|
'
|
||||||
|
done
|
||||||
|
|
||||||
|
URI_ADDRESSES=
|
||||||
|
LF=
|
||||||
|
while : ; do
|
||||||
|
query_user "URIs (optional; end with an empty line)"
|
||||||
|
[ -z "$ANSWER" ] && break
|
||||||
|
URI_ADDRESSES="${URI_ADDRESSES}${LF}Name-URI: $ANSWER"
|
||||||
|
LF='
|
||||||
|
'
|
||||||
|
done
|
||||||
|
|
||||||
file_parameter=$(mktemp "/tmp/gpgsm.XXXXXX")
|
file_parameter=$(mktemp "/tmp/gpgsm.XXXXXX")
|
||||||
outfile=$(mktemp "/tmp/gpgsm.XXXXXX")
|
outfile=$(mktemp "/tmp/gpgsm.XXXXXX")
|
||||||
|
|
||||||
cat > "$file_parameter" <<EOF
|
|
||||||
|
(
|
||||||
|
cat <<EOF
|
||||||
Key-Type: $KEY_TYPE
|
Key-Type: $KEY_TYPE
|
||||||
Key-Length: $KEY_LENGTH
|
Key-Length: $KEY_LENGTH
|
||||||
Key-Usage: $KEY_USAGE
|
Key-Usage: $KEY_USAGE
|
||||||
Name-DN: $NAME
|
Name-DN: $NAME
|
||||||
Name-Email: $EMAIL_ADDRESS
|
|
||||||
EOF
|
EOF
|
||||||
|
[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES"
|
||||||
|
[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES"
|
||||||
|
[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES"
|
||||||
|
) > "$file_parameter"
|
||||||
|
|
||||||
|
|
||||||
|
echo 'Parameters for certificate request to create:' >&2
|
||||||
|
cat -n "$file_parameter" >&2
|
||||||
|
echo >&2
|
||||||
|
|
||||||
|
query_user_menu "Really create such a CSR?" "yes" "no"
|
||||||
|
[ "$ANSWER" != "yes" ] && exit 1
|
||||||
|
|
||||||
|
|
||||||
echo -e "$ASSUAN_COMMANDS" | \
|
echo -e "$ASSUAN_COMMANDS" | \
|
||||||
gpgsm --server 4< "$file_parameter" 5>"$outfile" >/dev/null
|
./gpgsm --no-log-file --debug-level none --debug-none \
|
||||||
|
--server 4< "$file_parameter" 5>"$outfile" >/dev/null
|
||||||
|
|
||||||
cat "$outfile"
|
cat "$outfile"
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user