mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
version 0.2.1
This commit is contained in:
Werner Koch
parent
3d637328c9
commit
9bf8ce27bc
35 changed files with 714 additions and 274 deletions
|
|
@ -46,8 +46,8 @@ g10_SOURCES = g10.c \
|
|||
sig-check.c
|
||||
|
||||
|
||||
LDADD = -L ../cipher -L ../mpi -L ../util -L ../intl \
|
||||
-lcipher -lmpi -lutil -lintl
|
||||
LDADD = -L ../cipher -L ../mpi -L ../util \
|
||||
-lcipher -lmpi -lutil
|
||||
|
||||
|
||||
$(PROGRAMS): ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a
|
||||
|
|
|
|||
|
|
@ -83,8 +83,8 @@ g10_SOURCES = g10.c \
|
|||
comment.c \
|
||||
sig-check.c
|
||||
|
||||
LDADD = -L ../cipher -L ../mpi -L ../util -L ../intl \
|
||||
-lcipher -lmpi -lutil -lintl
|
||||
LDADD = -L ../cipher -L ../mpi -L ../util \
|
||||
-lcipher -lmpi -lutil
|
||||
mkinstalldirs = $(top_srcdir)/scripts/mkinstalldirs
|
||||
CONFIG_HEADER = ../config.h
|
||||
PROGRAMS = $(bin_PROGRAMS)
|
||||
|
|
|
|||
10
g10/elg.c
10
g10/elg.c
|
|
@ -66,18 +66,20 @@ g10_elg_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek )
|
|||
|
||||
|
||||
void
|
||||
g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md )
|
||||
g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig,
|
||||
MD_HANDLE md, int digest_algo )
|
||||
{
|
||||
ELG_secret_key skey;
|
||||
MPI frame;
|
||||
byte *dp;
|
||||
|
||||
assert( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL );
|
||||
if( !digest_algo )
|
||||
digest_algo = md_get_algo(md);
|
||||
|
||||
md_final( md );
|
||||
dp = md_read( md, 0 );
|
||||
dp = md_read( md, digest_algo );
|
||||
keyid_from_skc( skc, sig->keyid );
|
||||
sig->d.elg.digest_algo = md_get_algo(md);
|
||||
sig->d.elg.digest_algo = digest_algo;
|
||||
sig->d.elg.digest_start[0] = dp[0];
|
||||
sig->d.elg.digest_start[1] = dp[1];
|
||||
sig->d.elg.a = mpi_alloc( mpi_get_nlimbs(skc->d.elg.p) );
|
||||
|
|
|
|||
|
|
@ -35,9 +35,8 @@ typedef struct {
|
|||
u32 crc;
|
||||
byte helpbuf[100];
|
||||
int helpidx, helplen;
|
||||
byte tempbuf[100];
|
||||
int tempidx, templen;
|
||||
void *fake;
|
||||
int faked;
|
||||
int parse_state;
|
||||
int inp_checked; /* set if inp has been checked */
|
||||
int inp_bypass; /* set if the input is not armored */
|
||||
int inp_eof;
|
||||
|
|
|
|||
22
g10/g10.c
22
g10/g10.c
|
|
@ -116,7 +116,7 @@ wrong_args( const char *text)
|
|||
fputs(_("Usage: g10 [options] "),stderr);
|
||||
fputs(text,stderr);
|
||||
putc('\n',stderr);
|
||||
exit(2);
|
||||
g10_exit(2);
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
@ -150,14 +150,14 @@ set_cmd( enum cmd_values *ret_cmd, enum cmd_values new_cmd )
|
|||
cmd = aKModeC;
|
||||
else {
|
||||
log_error(_("conflicting commands\n"));
|
||||
exit(2);
|
||||
g10_exit(2);
|
||||
}
|
||||
|
||||
*ret_cmd = cmd;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
void
|
||||
main( int argc, char **argv )
|
||||
{
|
||||
static ARGPARSE_OPTS opts[] = {
|
||||
|
|
@ -237,6 +237,8 @@ main( int argc, char **argv )
|
|||
enum cmd_values cmd = 0;
|
||||
|
||||
|
||||
secmem_init( 16384 );
|
||||
|
||||
i18n_init();
|
||||
opt.compress = -1; /* defaults to standard compress level */
|
||||
opt.def_cipher_algo = CIPHER_ALGO_BLOWFISH;
|
||||
|
|
@ -397,7 +399,7 @@ main( int argc, char **argv )
|
|||
errors++;
|
||||
}
|
||||
if( errors )
|
||||
exit(2);
|
||||
g10_exit(2);
|
||||
|
||||
|
||||
set_debug();
|
||||
|
|
@ -673,7 +675,17 @@ main( int argc, char **argv )
|
|||
/* cleanup */
|
||||
FREE_STRLIST(remusr);
|
||||
FREE_STRLIST(locusr);
|
||||
return log_get_errorcount(0)? 2:0;
|
||||
g10_exit(0);
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
g10_exit( int rc )
|
||||
{
|
||||
if( opt.verbose )
|
||||
secmem_dump_stats();
|
||||
secmem_term();
|
||||
exit( rc? rc : log_get_errorcount(0)? 2:0 );
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
165
g10/keygen.c
165
g10/keygen.c
|
|
@ -32,6 +32,7 @@
|
|||
#include "ttyio.h"
|
||||
#include "options.h"
|
||||
#include "keydb.h"
|
||||
#include "i18n.h"
|
||||
|
||||
#if 0
|
||||
#define TEST_ALGO 1
|
||||
|
|
@ -105,7 +106,7 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
|
|||
PKT_public_cert *pkc;
|
||||
|
||||
if( opt.verbose )
|
||||
log_info("writing self signature\n");
|
||||
log_info(_("writing self signature\n"));
|
||||
|
||||
/* get the uid packet from the tree */
|
||||
for( kbctx=NULL; (node=walk_kbtree( root, &kbctx)) ; ) {
|
||||
|
|
@ -201,19 +202,16 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
|
|||
|
||||
#ifdef ENABLE_RSA_KEYGEN
|
||||
static int
|
||||
gen_rsa(unsigned nbits, IOBUF pub_io, IOBUF sec_io, DEK *dek,
|
||||
PKT_public_cert **ret_pkc, PKT_secret_cert **ret_skc )
|
||||
gen_rsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
|
||||
PKT_secret_cert **ret_skc )
|
||||
{
|
||||
int rc;
|
||||
PACKET pkt1, pkt2;
|
||||
PACKET *pkt;
|
||||
PKT_secret_cert *skc;
|
||||
PKT_public_cert *pkc;
|
||||
RSA_public_key pk;
|
||||
RSA_secret_key sk;
|
||||
|
||||
init_packet(&pkt1);
|
||||
init_packet(&pkt2);
|
||||
|
||||
rsa_generate( &pk, &sk, nbits );
|
||||
|
||||
skc = m_alloc_clear( sizeof *skc );
|
||||
|
|
@ -234,11 +232,11 @@ gen_rsa(unsigned nbits, IOBUF pub_io, IOBUF sec_io, DEK *dek,
|
|||
skc->d.rsa.csum += checksum_mpi( skc->d.rsa.rsa_p );
|
||||
skc->d.rsa.csum += checksum_mpi( skc->d.rsa.rsa_q );
|
||||
skc->d.rsa.csum += checksum_mpi( skc->d.rsa.rsa_u );
|
||||
if( !dek ) {
|
||||
skc->d.rsa.is_protected = 0;
|
||||
skc->d.rsa.protect_algo = 0;
|
||||
}
|
||||
else {
|
||||
|
||||
/* return an unprotected version of the skc */
|
||||
*ret_skc = copy_secret_cert( NULL, skc );
|
||||
|
||||
if( dek ) {
|
||||
skc->d.rsa.is_protected = 1;
|
||||
skc->d.rsa.protect_algo = CIPHER_ALGO_BLOWFISH;
|
||||
randomize_buffer( skc->d.rsa.protect.blowfish.iv, 8, 1);
|
||||
|
|
@ -246,31 +244,22 @@ gen_rsa(unsigned nbits, IOBUF pub_io, IOBUF sec_io, DEK *dek,
|
|||
rc = protect_secret_key( skc, dek );
|
||||
if( rc ) {
|
||||
log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );
|
||||
goto leave;
|
||||
free_public_cert(pkc);
|
||||
free_secret_cert(skc);
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
||||
pkt1.pkttype = PKT_PUBLIC_CERT;
|
||||
pkt1.pkt.public_cert = pkc;
|
||||
pkt2.pkttype = PKT_SECRET_CERT;
|
||||
pkt2.pkt.secret_cert = skc;
|
||||
pkt = m_alloc_clear(sizeof *pkt);
|
||||
pkt->pkttype = PKT_PUBLIC_CERT;
|
||||
pkt->pkt.public_cert = pkc;
|
||||
add_kbnode(pub_root, new_kbnode( pkt ));
|
||||
|
||||
if( (rc = build_packet( pub_io, &pkt1 )) ) {
|
||||
log_error("build public_cert packet failed: %s\n", g10_errstr(rc) );
|
||||
goto leave;
|
||||
}
|
||||
if( (rc = build_packet( sec_io, &pkt2 )) ) {
|
||||
log_error("build secret_cert packet failed: %s\n", g10_errstr(rc) );
|
||||
goto leave;
|
||||
}
|
||||
*ret_pkc = pkt1.pkt.public_cert;
|
||||
pkt1.pkt.public_cert = NULL;
|
||||
*ret_skc = pkt1.pkt.secret_cert;
|
||||
pkt1.pkt.secret_cert = NULL;
|
||||
pkt = m_alloc_clear(sizeof *pkt);
|
||||
pkt->pkttype = PKT_SECRET_CERT;
|
||||
pkt->pkt.secret_cert = skc;
|
||||
add_kbnode(sec_root, new_kbnode( pkt ));
|
||||
|
||||
leave:
|
||||
free_packet(&pkt1);
|
||||
free_packet(&pkt2);
|
||||
return rc;
|
||||
}
|
||||
#endif /*ENABLE_RSA_KEYGEN*/
|
||||
|
|
@ -305,28 +294,27 @@ generate_keypair()
|
|||
const char *algo_name;
|
||||
char *aname, *acomment, *amail;
|
||||
|
||||
#ifndef TEST_ALGO
|
||||
#ifndef TEST_ALGO
|
||||
if( opt.batch || opt.answer_yes || opt.answer_no )
|
||||
log_fatal("Key generation can only be used in interactive mode\n");
|
||||
log_fatal(_("Key generation can only be used in interactive mode\n"));
|
||||
|
||||
tty_printf("Please select the algorithm to use:\n"
|
||||
" (1) ElGamal is the suggested one.\n"
|
||||
" (2) DSA can only be used for signatures.\n"
|
||||
#ifdef ENABLE_RSA_KEYGEN
|
||||
" (3) RSA cannot be used in the U.S.\n"
|
||||
#endif
|
||||
);
|
||||
tty_printf(_("Please select the algorithm to use:\n"
|
||||
" (1) ElGamal is the suggested one.\n"
|
||||
" (2) DSA can only be used for signatures.\n"));
|
||||
#ifdef ENABLE_RSA_KEYGEN
|
||||
tty_printf(_(" (3) RSA cannot be used in the U.S.\n"));
|
||||
#endif
|
||||
#endif
|
||||
|
||||
for(;;) {
|
||||
#ifdef TEST_ALGO
|
||||
algo = TEST_ALGO;
|
||||
#else
|
||||
answer = tty_get("Your selection? (1,2"
|
||||
#ifdef ENABLE_RSA_KEYGEN
|
||||
",3"
|
||||
#endif
|
||||
") ");
|
||||
#ifdef ENABLE_RSA_KEYGEN
|
||||
answer = tty_get(_("Your selection? (1,2,3) "));
|
||||
#else
|
||||
answer = tty_get(_("Your selection? (1,2) "));
|
||||
#endif
|
||||
tty_kill_prompt();
|
||||
algo = *answer? atoi(answer): 1;
|
||||
m_free(answer);
|
||||
|
|
@ -339,7 +327,7 @@ generate_keypair()
|
|||
else if( algo == 2 ) {
|
||||
algo = PUBKEY_ALGO_DSA;
|
||||
algo_name = "DSA";
|
||||
tty_printf("Sorry; DSA is not yet supported.\n");
|
||||
tty_printf(_("Sorry; DSA is not yet supported.\n"));
|
||||
}
|
||||
#ifdef ENABLE_RSA_KEYGEN
|
||||
else if( algo == 3 ) {
|
||||
|
|
@ -352,36 +340,33 @@ generate_keypair()
|
|||
|
||||
|
||||
|
||||
tty_printf("About to generate a new %s keypair.\n"
|
||||
#ifndef TEST_NBITS
|
||||
" minimum keysize is 768 bits\n"
|
||||
" default keysize is 1024 bits\n"
|
||||
" highest suggested keysize is 2048 bits\n"
|
||||
#endif
|
||||
, algo_name );
|
||||
tty_printf(_("About to generate a new %s keypair.\n"
|
||||
" minimum keysize is 768 bits\n"
|
||||
" default keysize is 1024 bits\n"
|
||||
" highest suggested keysize is 2048 bits\n"), algo_name );
|
||||
for(;;) {
|
||||
#ifdef TEST_NBITS
|
||||
nbits = TEST_NBITS;
|
||||
#else
|
||||
answer = tty_get("What keysize do you want? (1024) ");
|
||||
answer = tty_get(_("What keysize do you want? (1024) "));
|
||||
tty_kill_prompt();
|
||||
nbits = *answer? atoi(answer): 1024;
|
||||
m_free(answer);
|
||||
#endif
|
||||
if( algo == PUBKEY_ALGO_DSA && (nbits < 512 || nbits > 1024) )
|
||||
tty_printf("DSA does only allow keysizes from 512 to 1024\n");
|
||||
tty_printf(_("DSA does only allow keysizes from 512 to 1024\n"));
|
||||
else if( nbits < 768 )
|
||||
tty_printf("keysize too small; 768 is smallest value allowed.\n");
|
||||
tty_printf(_("keysize too small; 768 is smallest value allowed.\n"));
|
||||
else if( nbits > 2048 ) {
|
||||
tty_printf("Keysizes larger than 2048 are not suggested, because "
|
||||
"computations take REALLY long!\n");
|
||||
answer = tty_get("Are you sure, that you want this keysize? ");
|
||||
tty_printf(_("Keysizes larger than 2048 are not suggested, because "
|
||||
"computations take REALLY long!\n"));
|
||||
answer = tty_get(_("Are you sure, that you want this keysize? "));
|
||||
tty_kill_prompt();
|
||||
if( answer_is_yes(answer) ) {
|
||||
m_free(answer);
|
||||
tty_printf("Okay, but keep in mind that your monitor "
|
||||
"and keyboard radiation is also very vulnerable "
|
||||
"to attacks!\n");
|
||||
tty_printf(_("Okay, but keep in mind that your monitor "
|
||||
"and keyboard radiation is also very vulnerable "
|
||||
"to attacks!\n"));
|
||||
break;
|
||||
}
|
||||
m_free(answer);
|
||||
|
|
@ -389,24 +374,24 @@ generate_keypair()
|
|||
else
|
||||
break;
|
||||
}
|
||||
tty_printf("Requested keysize is %u bits\n", nbits );
|
||||
tty_printf(_("Requested keysize is %u bits\n"), nbits );
|
||||
if( algo == PUBKEY_ALGO_DSA && (nbits % 64) ) {
|
||||
nbits = ((nbits + 63) / 64) * 64;
|
||||
tty_printf("rounded up to %u bits\n", nbits );
|
||||
tty_printf(_("rounded up to %u bits\n"), nbits );
|
||||
}
|
||||
else if( (nbits % 32) ) {
|
||||
nbits = ((nbits + 31) / 32) * 32;
|
||||
tty_printf("rounded up to %u bits\n", nbits );
|
||||
tty_printf(_("rounded up to %u bits\n"), nbits );
|
||||
}
|
||||
|
||||
#ifdef TEST_UID
|
||||
uid = m_alloc(strlen(TEST_UID)+1);
|
||||
strcpy(uid, TEST_UID);
|
||||
#else
|
||||
tty_printf( "\n"
|
||||
tty_printf( _("\n"
|
||||
"You need a User-ID to identify your key; the software constructs the user id\n"
|
||||
"from Real Name, Comment and Email Address in this form:\n"
|
||||
" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n\n" );
|
||||
" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n\n") );
|
||||
uid = NULL;
|
||||
aname=acomment=amail=NULL;
|
||||
for(;;) {
|
||||
|
|
@ -415,15 +400,15 @@ generate_keypair()
|
|||
if( !aname ) {
|
||||
for(;;) {
|
||||
m_free(aname);
|
||||
aname = tty_get("Real name: ");
|
||||
aname = tty_get(_("Real name: "));
|
||||
trim_spaces(aname);
|
||||
tty_kill_prompt();
|
||||
if( strpbrk( aname, "<([])>" ) )
|
||||
tty_printf("Invalid character in name\n");
|
||||
tty_printf(_("Invalid character in name\n"));
|
||||
else if( isdigit(*aname) )
|
||||
tty_printf("Name may not start with a digit\n");
|
||||
tty_printf(_("Name may not start with a digit\n"));
|
||||
else if( strlen(aname) < 5 )
|
||||
tty_printf("Name must be at least 5 characters long\n");
|
||||
tty_printf(_("Name must be at least 5 characters long\n"));
|
||||
else
|
||||
break;
|
||||
}
|
||||
|
|
@ -431,7 +416,7 @@ generate_keypair()
|
|||
if( !amail ) {
|
||||
for(;;) {
|
||||
m_free(amail);
|
||||
amail = tty_get("Email address: ");
|
||||
amail = tty_get(_("Email address: "));
|
||||
trim_spaces(amail);
|
||||
strlwr(amail);
|
||||
tty_kill_prompt();
|
||||
|
|
@ -443,7 +428,7 @@ generate_keypair()
|
|||
|| amail[strlen(amail)-1] == '@'
|
||||
|| amail[strlen(amail)-1] == '.'
|
||||
|| strstr(amail, "..") )
|
||||
tty_printf("Not a valid email address\n");
|
||||
tty_printf(_("Not a valid email address\n"));
|
||||
else
|
||||
break;
|
||||
}
|
||||
|
|
@ -451,13 +436,13 @@ generate_keypair()
|
|||
if( !acomment ) {
|
||||
for(;;) {
|
||||
m_free(acomment);
|
||||
acomment = tty_get("Comment: ");
|
||||
acomment = tty_get(_("Comment: "));
|
||||
trim_spaces(acomment);
|
||||
tty_kill_prompt();
|
||||
if( !*acomment )
|
||||
break; /* no comment is okay */
|
||||
else if( strpbrk( acomment, "()" ) )
|
||||
tty_printf("Invalid character in comment\n");
|
||||
tty_printf(_("Invalid character in comment\n"));
|
||||
else
|
||||
break;
|
||||
}
|
||||
|
|
@ -473,15 +458,13 @@ generate_keypair()
|
|||
|
||||
/* append a warning if we do not have dev/random
|
||||
* or it is switched into quick testmode */
|
||||
#ifdef HAVE_DEV_RANDOM
|
||||
if( quick_random_gen(-1) )
|
||||
#endif
|
||||
strcpy(p, " (INSECURE!)" );
|
||||
|
||||
|
||||
tty_printf("You selected this USER-ID:\n \"%s\"\n\n", uid);
|
||||
tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid);
|
||||
for(;;) {
|
||||
answer = tty_get("Edit (N)ame, (C)omment, (E)mail or (O)kay? ");
|
||||
answer = tty_get(_("Edit (N)ame, (C)omment, (E)mail or (O)kay? "));
|
||||
tty_kill_prompt();
|
||||
if( strlen(answer) > 1 )
|
||||
;
|
||||
|
|
@ -513,7 +496,7 @@ generate_keypair()
|
|||
#endif
|
||||
|
||||
|
||||
tty_printf( "You need a Passphrase to protect your secret key.\n\n" );
|
||||
tty_printf(_("You need a Passphrase to protect your secret key.\n\n") );
|
||||
|
||||
dek = m_alloc_secure( sizeof *dek );
|
||||
for(;;) {
|
||||
|
|
@ -521,14 +504,14 @@ generate_keypair()
|
|||
rc = make_dek_from_passphrase( dek , 2 );
|
||||
if( rc == -1 ) {
|
||||
m_free(dek); dek = NULL;
|
||||
tty_printf(
|
||||
tty_printf(_(
|
||||
"You don't what a passphrase - this is probably a *bad* idea!\n"
|
||||
"I will do it anyway. You can change your passphrase at anytime,\n"
|
||||
"using this program with the option \"--change-passphrase\"\n\n" );
|
||||
"using this program with the option \"--change-passphrase\"\n\n"));
|
||||
break;
|
||||
}
|
||||
else if( rc == G10ERR_PASSPHRASE ) {
|
||||
tty_printf("passphrase not correctly repeated; try again.\n");
|
||||
tty_printf(_("passphrase not correctly repeated; try again.\n"));
|
||||
}
|
||||
else if( rc ) {
|
||||
m_free(dek); dek = NULL;
|
||||
|
|
@ -545,8 +528,8 @@ generate_keypair()
|
|||
pub_fname = make_filename("~/.g10", "pubring.g10", NULL );
|
||||
sec_fname = make_filename("~/.g10", "secring.g10", NULL );
|
||||
if( opt.verbose ) {
|
||||
tty_printf("writing public certificate to '%s'\n", pub_fname );
|
||||
tty_printf("writing secret certificate to '%s'\n", sec_fname );
|
||||
tty_printf(_("writing public certificate to '%s'\n"), pub_fname );
|
||||
tty_printf(_("writing secret certificate to '%s'\n"), sec_fname );
|
||||
}
|
||||
|
||||
/* we create the packets as a tree of kbnodes. Because the structure
|
||||
|
|
@ -557,17 +540,17 @@ generate_keypair()
|
|||
pub_root = make_comment_node("#created by G10 pre-release " VERSION );
|
||||
sec_root = make_comment_node("#created by G10 pre-release " VERSION );
|
||||
|
||||
tty_printf(
|
||||
tty_printf(_(
|
||||
"We need to generate a lot of random bytes. It is a good idea to perform\n"
|
||||
"some other action (work in another window, move the mouse, utilize the\n"
|
||||
"network and the disks) during the prime generation; this gives the random\n"
|
||||
"number generator a better chance to gain enough entropy.\n" );
|
||||
"number generator a better chance to gain enough entropy.\n") );
|
||||
|
||||
if( algo == PUBKEY_ALGO_ELGAMAL )
|
||||
rc = gen_elg(nbits, pub_root, sec_root, dek, &skc );
|
||||
#ifdef ENABLE_RSA_KEYGEN
|
||||
else if( algo == PUBKEY_ALGO_RSA )
|
||||
rc = gen_rsa(nbits, pub_io, sec_io, dek, &skc );
|
||||
rc = gen_rsa(nbits, pub_root, sec_root, dek, &skc );
|
||||
#endif
|
||||
else if( algo == PUBKEY_ALGO_DSA )
|
||||
rc = gen_dsa(nbits, pub_root, sec_root, dek, &skc );
|
||||
|
|
@ -625,7 +608,7 @@ generate_keypair()
|
|||
else if( (rc=insert_keyblock( &sec_kbpos, sec_root )) )
|
||||
log_error("can't write secret key: %s\n", g10_errstr(rc) );
|
||||
else {
|
||||
tty_printf("public and secret key created and signed.\n" );
|
||||
tty_printf(_("public and secret key created and signed.\n") );
|
||||
}
|
||||
|
||||
if( !rc1 )
|
||||
|
|
@ -636,7 +619,7 @@ generate_keypair()
|
|||
|
||||
|
||||
if( rc )
|
||||
tty_printf("Key generation failed: %s\n", g10_errstr(rc) );
|
||||
tty_printf(_("Key generation failed: %s\n"), g10_errstr(rc) );
|
||||
release_kbnode( pub_root );
|
||||
release_kbnode( sec_root );
|
||||
if( skc ) /* the unprotected secret certificate */
|
||||
|
|
|
|||
13
g10/main.h
13
g10/main.h
|
|
@ -32,6 +32,13 @@ typedef struct {
|
|||
} encrypt_filter_context_t;
|
||||
|
||||
|
||||
/*-- g10.c --*/
|
||||
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
|
||||
void g10_exit(int rc) __attribute__ ((noreturn));
|
||||
#else
|
||||
void g10_exit(int rc);
|
||||
#endif
|
||||
|
||||
/*-- encode.c --*/
|
||||
int encode_symmetric( const char *filename );
|
||||
int encode_store( const char *filename );
|
||||
|
|
@ -71,11 +78,13 @@ KBNODE make_comment_node( const char *s );
|
|||
|
||||
/*-- elg.c --*/
|
||||
void g10_elg_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek );
|
||||
void g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md );
|
||||
void g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig,
|
||||
MD_HANDLE md, int digest_algo );
|
||||
|
||||
/*-- rsa.c --*/
|
||||
void g10_rsa_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek );
|
||||
void g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md );
|
||||
void g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig,
|
||||
MD_HANDLE md, int digest_algo );
|
||||
|
||||
/*-- import.c --*/
|
||||
int import_pubkeys( const char *filename );
|
||||
|
|
|
|||
|
|
@ -613,7 +613,7 @@ proc_tree( CTX c, KBNODE node )
|
|||
print_keyid( stderr, sig->keyid );
|
||||
putc('\n', stderr);
|
||||
if( opt.batch )
|
||||
exit(1);
|
||||
g10_exit(1);
|
||||
}
|
||||
else
|
||||
log_error("Can't check signature made by %08lX: %s\n",
|
||||
|
|
|
|||
11
g10/rsa.c
11
g10/rsa.c
|
|
@ -64,19 +64,20 @@ g10_rsa_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek )
|
|||
|
||||
|
||||
void
|
||||
g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md )
|
||||
g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig,
|
||||
MD_HANDLE md, int digest_algo )
|
||||
{
|
||||
#ifdef HAVE_RSA_CIPHER
|
||||
RSA_secret_key skey;
|
||||
byte *dp;
|
||||
|
||||
assert( sig->pubkey_algo == PUBKEY_ALGO_RSA );
|
||||
if( !digest_algo )
|
||||
digest_algo = md_get_algo(md);
|
||||
|
||||
md_final( md );
|
||||
dp = md_read( md, 0 );
|
||||
|
||||
dp = md_read( md, digest_algo );
|
||||
keyid_from_skc( skc, sig->keyid );
|
||||
sig->d.rsa.digest_algo = md_get_algo( md );
|
||||
sig->d.rsa.digest_algo = digest_algo;
|
||||
sig->d.rsa.digest_start[0] = dp[0];
|
||||
sig->d.rsa.digest_start[1] = dp[1];
|
||||
sig->d.rsa.rsa_integer =
|
||||
|
|
|
|||
60
g10/sign.c
60
g10/sign.c
|
|
@ -48,9 +48,9 @@ complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md )
|
|||
if( (rc=check_secret_key( skc )) )
|
||||
;
|
||||
else if( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL )
|
||||
g10_elg_sign( skc, sig, md );
|
||||
g10_elg_sign( skc, sig, md, 0 );
|
||||
else if( sig->pubkey_algo == PUBKEY_ALGO_RSA )
|
||||
g10_rsa_sign( skc, sig, md );
|
||||
g10_rsa_sign( skc, sig, md, 0 );
|
||||
else
|
||||
BUG();
|
||||
|
||||
|
|
@ -246,7 +246,6 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
|
|||
PKT_secret_cert *skc;
|
||||
PKT_signature *sig;
|
||||
MD_HANDLE md;
|
||||
byte *dp;
|
||||
|
||||
skc = skc_rover->skc;
|
||||
|
||||
|
|
@ -265,58 +264,11 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
|
|||
md_putc( md, a & 0xff );
|
||||
}
|
||||
md_final( md );
|
||||
dp = md_read( md, DIGEST_ALGO_RMD160 );
|
||||
|
||||
if( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
|
||||
ELG_secret_key skey;
|
||||
MPI frame;
|
||||
|
||||
keyid_from_skc( skc, sig->keyid );
|
||||
sig->d.elg.digest_algo = DIGEST_ALGO_RMD160;
|
||||
sig->d.elg.digest_start[0] = dp[0];
|
||||
sig->d.elg.digest_start[1] = dp[1];
|
||||
sig->d.elg.a = mpi_alloc( mpi_get_nlimbs(skc->d.elg.p) );
|
||||
sig->d.elg.b = mpi_alloc( mpi_get_nlimbs(skc->d.elg.p) );
|
||||
frame = encode_rmd160_value( dp, 20, mpi_get_nbits(skc->d.elg.p) );
|
||||
skey.p = skc->d.elg.p;
|
||||
skey.g = skc->d.elg.g;
|
||||
skey.y = skc->d.elg.y;
|
||||
skey.x = skc->d.elg.x;
|
||||
elg_sign( sig->d.elg.a, sig->d.elg.b, frame, &skey);
|
||||
memset( &skey, 0, sizeof skey );
|
||||
mpi_free(frame);
|
||||
if( opt.verbose ) {
|
||||
char *ustr = get_user_id_string( sig->keyid );
|
||||
log_info("ELG signature from: %s\n", ustr );
|
||||
m_free(ustr);
|
||||
}
|
||||
}
|
||||
#ifdef HAVE_RSA_CIPHER
|
||||
else if( sig->pubkey_algo == PUBKEY_ALGO_RSA ) {
|
||||
RSA_secret_key skey;
|
||||
|
||||
keyid_from_skc( skc, sig->keyid );
|
||||
sig->d.rsa.digest_algo = DIGEST_ALGO_RMD160;
|
||||
sig->d.rsa.digest_start[0] = dp[0];
|
||||
sig->d.rsa.digest_start[1] = dp[1];
|
||||
sig->d.rsa.rsa_integer = encode_rmd160_value( dp, 20,
|
||||
mpi_get_nbits(skc->d.rsa.rsa_n) );
|
||||
skey.e = skc->d.rsa.rsa_e;
|
||||
skey.n = skc->d.rsa.rsa_n;
|
||||
skey.p = skc->d.rsa.rsa_p;
|
||||
skey.q = skc->d.rsa.rsa_q;
|
||||
skey.d = skc->d.rsa.rsa_d;
|
||||
skey.u = skc->d.rsa.rsa_u;
|
||||
rsa_secret( sig->d.rsa.rsa_integer, sig->d.rsa.rsa_integer, &skey);
|
||||
memset( &skey, 0, sizeof skey );
|
||||
if( opt.verbose ) {
|
||||
char *ustr = get_user_id_string( sig->keyid );
|
||||
log_info("RSA signature from: %s\n", ustr );
|
||||
m_free(ustr);
|
||||
}
|
||||
/* fixme: should we check wether the signature is okay? */
|
||||
}
|
||||
#endif/*HAVE_RSA_CIPHER*/
|
||||
if( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL )
|
||||
g10_elg_sign( skc, sig, md, DIGEST_ALGO_RMD160 );
|
||||
else if( sig->pubkey_algo == PUBKEY_ALGO_RSA )
|
||||
g10_rsa_sign( skc, sig, md, DIGEST_ALGO_RMD160 );
|
||||
else
|
||||
BUG();
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue