security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

intermediate release

Browse source
This commit is contained in:
Werner Koch 1998-07-06 10:23:57 +00:00
parent 97090f1293
commit a9ec668cbe
45 changed files with 526 additions and 260 deletions
Download patch file Download diff file Expand all files Collapse all files

38
g10/ChangeLog
View file

@ -1,3 +1,41 @@
Mon Jul 6 09:03:49 1998 Werner Koch (wk@isil.d.shuttle.de)
* getkey.c (add_keyring): Keyrings are now added to end of the
list of keyrings. The first added keyringwill be created.
(add_secret_keyring): Likewise.
* ringedit.c (add_keyblock_resource): Files are created here.
* g10.c (aNOP): Removed
* getkey.c (lookup): Add checking of usage for name lookups
* packet.h (pubkey_usage): Add a field which may be used to store
usage capabilities.
* pkclist.c (build_pk_list): getkey now called with usage arg.
* skclist.c (build_sk_list): Ditto.
* sign.c (clearsign_file): Fixed "Hash:" headers
Sat Jul 4 13:33:31 1998 Werner Koch (wk@isil.d.shuttle.de)
* trustdb.c (list_ownertrust): New.
* g10.c (aListOwnerTrust): New.
* g10.c (def_pubkey_algo): Removed.
* trustdb.c (verify_private_data): Removed and also the call to it.
(sign_private_data): Removed.
Fri Jul 3 13:26:10 1998 Werner Koch (wk@isil.d.shuttle.de)
* g10.c (aEditKey): was aEditSig. Changed usage msg.
* keyedit.c: Done some i18n stuff.
* g10.c (do_not_use_RSA): New.
* sign.c (do_sign): Add call to above function.
* encode.c (write_pubkey_enc_from_list): Ditto.
Thu Jul 2 21:01:25 1998 Werner Koch (wk@isil.d.shuttle.de)
* parse-packet.c: Now is able sto store data of unknown

2
g10/Makefile.am
View file

@ -32,6 +32,8 @@ common_source = \
keyid.c \
trustdb.c \
trustdb.h \
pref.h \
pref.c \
packet.h \
parse-packet.c \
passphrase.c \

25
g10/armor.c
View file

@ -325,7 +325,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
if( n < buflen || c == '\n' ) {
if( n && buf[0] != '\r') { /* maybe a header */
if( strchr( buf, ':') ) { /* yes */
int hashes;
int hashes=0;
if( buf[n-1] == '\r' )
buf[--n] = 0;
if( opt.verbose ) {
@ -822,13 +822,19 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
else if( (c=iobuf_get(a)) == -1 )
break;
} while( ++idx < 4 );
if( c == -1 )
if( c == -1 ) {
log_error("premature eof (in CRC)\n");
else if( idx != 4 )
rc = G10ERR_INVALID_ARMOR;
}
else if( idx != 4 ) {
log_error("malformed CRC\n");
else if( mycrc != afx->crc )
rc = G10ERR_INVALID_ARMOR;
}
else if( mycrc != afx->crc ) {
log_error("CRC error; %06lx - %06lx\n",
(ulong)afx->crc, (ulong)mycrc);
rc = G10ERR_INVALID_ARMOR;
}
else {
rc = 0;
#if 0
@ -843,10 +849,14 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
}
if( rc == -1 )
rc = 0;
else if( rc == 2 )
else if( rc == 2 ) {
log_error("premature eof (in Trailer)\n");
else
rc = G10ERR_INVALID_ARMOR;
}
else {
log_error("error in trailer line\n");
rc = G10ERR_INVALID_ARMOR;
}
#endif
}
}
@ -988,7 +998,8 @@ armor_filter( void *opaque, int control,
iobuf_writestr(a, "-----\n");
iobuf_writestr(a, "Version: GNUPG v" VERSION " ("
PRINTABLE_OS_NAME ")\n");
iobuf_writestr(a, "Comment: This is an alpha version!\n");
iobuf_writestr(a,
"Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/\n");
if( afx->hdrlines )
iobuf_writestr(a, afx->hdrlines);
iobuf_put(a, '\n');

2
g10/build-packet.c
View file

@ -281,7 +281,7 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
iobuf_put(a, sk->pubkey_algo );
nskey = pubkey_get_nskey( sk->pubkey_algo );
npkey = pubkey_get_npkey( sk->pubkey_algo );
if( npkey ) {
if( !npkey ) {
write_fake_data( a, sk->skey[0] );
goto leave;
}

7
g10/cipher.c
View file

@ -46,6 +46,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
memset( &ed, 0, sizeof ed );
ed.len = cfx->datalen;
ed.new_ctb = !ed.len && !opt.rfc1991;
init_packet( &pkt );
pkt.pkttype = PKT_ENCRYPTED;
pkt.pkt.encrypted = &ed;
@ -88,13 +89,7 @@ cipher_filter( void *opaque, int control,
rc = G10ERR_WRITE_FILE;
}
else if( control == IOBUFCTRL_FREE ) {
#if 0
if( cfx->new_partial && cfx->cfx->la_buffer ) {
}
#endif
cipher_close(cfx->cipher_hd);
m_free(cfx->la_buffer); cfx->la_buffer = NULL;
}
else if( control == IOBUFCTRL_DESC ) {
*(char**)buf = "cipher_filter";

20
g10/encode.c
View file

@ -34,6 +34,7 @@
#include "util.h"
#include "main.h"
#include "filter.h"
#include "i18n.h"
static int encode_simple( const char *filename, int mode );
@ -81,7 +82,7 @@ encode_simple( const char *filename, int mode )
/* prepare iobufs */
if( !(inp = iobuf_open(filename)) ) {
log_error("can't open %s: %s\n", filename? filename: "[stdin]",
log_error(_("%s: can't open: %s\n"), filename? filename: "[stdin]",
strerror(errno) );
return G10ERR_OPEN_FILE;
}
@ -98,7 +99,7 @@ encode_simple( const char *filename, int mode )
m_free(cfx.dek);
m_free(s2k);
iobuf_close(inp);
log_error("error creating passphrase: %s\n", g10_errstr(rc) );
log_error(_("error creating passphrase: %s\n"), g10_errstr(rc) );
return rc;
}
}
@ -134,7 +135,7 @@ encode_simple( const char *filename, int mode )
pt->namelen = strlen(filename);
memcpy(pt->name, filename, pt->namelen );
if( !(filesize = iobuf_get_filelength(inp)) )
log_info("warning: '%s' is an empty file\n", filename );
log_info(_("%s: warning: empty file\n"), filename );
}
else { /* no filename */
pt = m_alloc( sizeof *pt - 1 );
@ -191,18 +192,18 @@ encode_crypt( const char *filename, STRLIST remusr )
memset( &afx, 0, sizeof afx);
memset( &zfx, 0, sizeof zfx);
if( (rc=build_pk_list( remusr, &pk_list, 2)) )
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
return rc;
/* prepare iobufs */
if( !(inp = iobuf_open(filename)) ) {
log_error("can't open %s: %s\n", filename? filename: "[stdin]",
log_error(_("can't open %s: %s\n"), filename? filename: "[stdin]",
strerror(errno) );
rc = G10ERR_OPEN_FILE;
goto leave;
}
else if( opt.verbose )
log_info("reading from '%s'\n", filename? filename: "[stdin]");
log_info(_("reading from '%s'\n"), filename? filename: "[stdin]");
if( !(out = open_outfile( filename, opt.armor? 1:0 )) ) {
rc = G10ERR_CREATE_FILE; /* or user said: do not overwrite */
@ -232,7 +233,7 @@ encode_crypt( const char *filename, STRLIST remusr )
pt->namelen = strlen(filename);
memcpy(pt->name, filename, pt->namelen );
if( !(filesize = iobuf_get_filelength(inp)) )
log_info("warning: '%s' is an empty file\n", filename );
log_info(_("%s: warning: empty file\n"), filename );
}
else { /* no filename */
pt = m_alloc( sizeof *pt - 1 );
@ -242,6 +243,7 @@ encode_crypt( const char *filename, STRLIST remusr )
pt->timestamp = make_timestamp();
pt->mode = 'b';
pt->len = filesize;
pt->new_ctb = !pt->len && !opt.rfc1991;
pt->buf = inp;
init_packet(&pkt);
pkt.pkttype = PKT_PLAINTEXT;
@ -332,6 +334,8 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
MPI frame;
pk = pk_list->pk;
if( is_RSA(pk->pubkey_algo) )
do_not_use_RSA();
enc = m_alloc_clear( sizeof *enc );
enc->pubkey_algo = pk->pubkey_algo;
keyid_from_pk( pk, enc->keyid );
@ -344,7 +348,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
else {
if( opt.verbose ) {
char *ustr = get_user_id_string( enc->keyid );
log_info("%s encrypted for: %s\n",
log_info(_("%s encrypted for: %s\n"),
pubkey_algo_to_string(enc->pubkey_algo), ustr );
m_free(ustr);
}

3
g10/filter.h
View file

@ -61,9 +61,6 @@ typedef struct {
typedef struct {
DEK *dek;
u32 datalen;
int new_partial; /* use Openpgp partial packets header */
char *la_buffer; /* help buffer for OP partial stuff */
size_t la_buflen; /* and its used length */
CIPHER_HANDLE cipher_hd;
int header;
} cipher_filter_context_t;

88
g10/g10.c
View file

@ -79,6 +79,7 @@ static ARGPARSE_OPTS opts[] = {
{ 530, "import", 0 , N_("import/merge keys")},
{ 521, "list-packets",0,N_("list only the sequence of packets")},
#ifdef IS_G10MAINT
{ 564, "list-ownertrust", 0, "list the ownertrust values"},
{ 546, "dearmor", 0, N_("De-Armor a file or stdin") },
{ 547, "enarmor", 0, N_("En-Armor a file or stdin") },
{ 555, "print-md" , 0, N_("|algo [files]|print message digests")},
@ -116,12 +117,10 @@ static ARGPARSE_OPTS opts[] = {
{ 561, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
#ifdef IS_G10
{ 527, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")},
{ 528, "pubkey-algo", 2 , N_("|NAME|use public key algorithm NAME")},
{ 529, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")},
{ 556, "compress-algo", 1 , N_("|N|use compress algorithm N")},
#else /* some dummies */
{ 527, "cipher-algo", 2 , "@"},
{ 528, "pubkey-algo", 2 , "@"},
{ 529, "digest-algo", 2 , "@"},
{ 556, "compress-algo", 1 , "@"},
#endif
@ -138,6 +137,7 @@ static ARGPARSE_OPTS opts[] = {
/* hidden options */
#ifdef IS_G10MAINT
{ 514, "test" , 0, "@" },
{ 564, "list-ownertrust",0 , "@"},
{ 531, "list-trustdb",0 , "@"},
{ 533, "list-trust-path",0, "@"},
#endif
@ -154,7 +154,6 @@ static ARGPARSE_OPTS opts[] = {
{ 519, "no-armor", 0, "@"},
{ 520, "no-default-keyring", 0, "@" },
{ 522, "no-greeting", 0, "@" },
{ 541, "no-operation", 0, "@" }, /* used by regression tests */
{ 543, "no-options", 0, "@" }, /* shortcut for --options /dev/null */
{ 544, "homedir", 2, "@" }, /* defaults to "~/.gnupg" */
{ 545, "no-batch", 0, "@" },
@ -169,18 +168,19 @@ static ARGPARSE_OPTS opts[] = {
{0} };
/* (Free numbers: 541) */
enum cmd_values { aNull = 0,
aSym, aStore, aEncr, aKeygen, aSign, aSignEncr,
aSignKey, aClearsign, aListPackets, aEditSig, aDeleteKey, aDeleteSecretKey,
aSignKey, aClearsign, aListPackets, aEditKey, aDeleteKey, aDeleteSecretKey,
aKMode, aKModeC, aChangePass, aImport, aVerify, aDecrypt, aListKeys,
aListSigs, aKeyadd, aListSecretKeys,
aExport, aExportSecret,
aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs,
aListTrustDB, aListTrustPath, aDeArmor, aEnArmor, aGenRandom, aTest,
aNOP };
aListTrustDB, aListTrustPath, aListOwnerTrust,
aDeArmor, aEnArmor, aGenRandom,
aTest };
static char *build_list( const char *text,
@ -358,8 +358,6 @@ check_opts(void)
{
if( !opt.def_cipher_algo || check_cipher_algo(opt.def_cipher_algo) )
log_error(_("selected cipher algorithm is invalid\n"));
if( !opt.def_pubkey_algo || check_pubkey_algo(opt.def_pubkey_algo) )
log_error(_("selected pubkey algorithm is invalid\n"));
if( opt.def_digest_algo && check_digest_algo(opt.def_digest_algo) )
log_error(_("selected digest algorithm is invalid\n"));
if( opt.def_compress_algo < 1 || opt.def_compress_algo > 2 )
@ -414,7 +412,6 @@ main( int argc, char **argv )
opt.compress = -1; /* defaults to standard compress level */
/* fixme: set the next two to zero and decide where used */
opt.def_cipher_algo = DEFAULT_CIPHER_ALGO;
opt.def_pubkey_algo = DEFAULT_PUBKEY_ALGO;
opt.def_digest_algo = 0;
opt.def_compress_algo = 2;
opt.completes_needed = 1;
@ -510,14 +507,11 @@ main( int argc, char **argv )
case 506: set_cmd( &cmd, aSignKey); break;
case 507: set_cmd( &cmd, aStore); break;
case 523: set_passphrase_fd( pargs.r.ret_int ); break;
case 524: set_cmd( &cmd, aEditSig); break;
case 524: set_cmd( &cmd, aEditKey); break;
case 525: set_cmd( &cmd, aChangePass); break;
case 527:
opt.def_cipher_algo = string_to_cipher_algo(pargs.r.ret_str);
break;
case 528:
opt.def_pubkey_algo = string_to_pubkey_algo(pargs.r.ret_str);
break;
case 529:
opt.def_digest_algo = string_to_digest_algo(pargs.r.ret_str);
break;
@ -527,7 +521,6 @@ main( int argc, char **argv )
case 550: set_cmd( &cmd, aVerify); break;
#else
case 527:
case 528:
case 529:
break;
#endif /* !IS_G10 */
@ -543,6 +536,7 @@ main( int argc, char **argv )
case 547: set_cmd( &cmd, aEnArmor); break;
case 548: set_cmd( &cmd, aGenRandom); break;
case 555: set_cmd( &cmd, aPrintMD); break;
case 564: set_cmd( &cmd, aListOwnerTrust); break;
#endif /* IS_G10MAINT */
case 'o': opt.outfile = pargs.r.ret_str; break;
@ -581,7 +575,6 @@ main( int argc, char **argv )
case 536: opt.marginals_needed = pargs.r.ret_int; break;
case 537: set_cmd( &cmd, aExport); break;
case 538: trustdb_name = pargs.r.ret_str; break;
case 541: set_cmd( &cmd, aNOP); break;
case 543: break; /* no-options */
case 544: opt.homedir = pargs.r.ret_str; break;
case 545: opt.batch = 0; break;
@ -692,6 +685,7 @@ main( int argc, char **argv )
if( opt.with_colons ) /* need this to list the trust */
rc = init_trustdb(1, trustdb_name );
break;
case aListOwnerTrust: rc = init_trustdb( 0, trustdb_name ); break;
case aListTrustDB: rc = init_trustdb( argc? 1:0, trustdb_name ); break;
default: rc = init_trustdb(1, trustdb_name ); break;
}
@ -784,9 +778,9 @@ main( int argc, char **argv )
log_error("%s: sign key failed: %s\n", print_fname_stdin(fname), g10_errstr(rc) );
break;
case aEditSig: /* Edit a key signature */
case aEditKey: /* Edit a key signature */
if( argc != 1 )
wrong_args(_("--edit-sig username"));
wrong_args(_("--edit-key username"));
/* note: fname is the user id! */
if( (rc = edit_keysigs(fname)) )
log_error("%s: edit signature failed: %s\n", print_fname_stdin(fname), g10_errstr(rc) );
@ -1003,12 +997,15 @@ main( int argc, char **argv )
list_trust_path( atoi(*argv), argv[1] );
break;
case aListOwnerTrust:
if( argc )
wrong_args("--list-ownertrust");
list_ownertrust();
break;
#endif /* IS_G10MAINT */
case aNOP:
break;
case aListPackets:
opt.list_packets=1;
default:
@ -1053,6 +1050,20 @@ g10_exit( int rc )
exit(rc );
}
void
do_not_use_RSA()
{
static int did_rsa_note = 0;
if( !did_rsa_note ) {
did_rsa_note = 1;
log_info(_("RSA keys are depreciated; please consider "
"creating a new key and use this key in the future\n"));
}
}
#ifdef IS_G10MAINT
static void
print_hex( byte *p, size_t n )
@ -1159,41 +1170,6 @@ print_mds( const char *fname, int algo )
static void
do_test(int times)
{
MPI base[4];
MPI exp[4];
MPI t1 = mpi_alloc(50);
MPI t2 = mpi_alloc(50);
MPI t3 = mpi_alloc(50);
MPI tmp= mpi_alloc(50);
MPI m = mpi_alloc(50);
MPI res = mpi_alloc(50);
mpi_fromstr( m, "0x10000000000000000000000000" );
base[0] = mpi_alloc_set_ui( 3 );
mpi_fromstr( base[0], "0x145984358945989898495ffdd13" );
base[1] = mpi_alloc_set_ui( 5 );
mpi_fromstr( base[1], "0x000effff9999000000001100001" );
base[2] = mpi_alloc_set_ui( 2 );
mpi_fromstr( base[2], "0x499eeeaaaaa0444444545466672" );
base[3] = NULL;
exp[0] = mpi_alloc_set_ui( 30 );
exp[1] = mpi_alloc_set_ui( 10 );
mpi_fromstr( exp[1], "0x3457878888888888aabbbccccc1" );
exp[2] = mpi_alloc_set_ui( 24 );
exp[3] = NULL;
mpi_powm( t1, base[0], exp[0], m );
mpi_powm( t2, base[1], exp[1], m );
mpi_powm( t3, base[2], exp[2], m );
mpi_mulm( tmp, t1, t2, m );
mpi_mulm( t1, tmp, t3, m );
log_mpidump("X=", t1 );
mpi_mulpowm( res, base, exp, m );
log_mpidump("X=", res );
m_check(NULL);
}
#endif /* IS_G10MAINT */

46
g10/getkey.c
View file

@ -76,12 +76,15 @@ static int lookup_sk( PKT_secret_key *sk,
int mode, u32 *keyid, const char *name );
/* note this function may be called before secure memory is
* available */
* available
* The first keyring which is added by this function is
* created if it does not exist.
*/
void
add_keyring( const char *name )
{
STRLIST sl;
int rc;
int rc, force = !keyrings;
if( *name != '/' ) { /* do tilde expansion etc */
char *p ;
@ -90,22 +93,17 @@ add_keyring( const char *name )
p = make_filename(name, NULL);
else
p = make_filename(opt.homedir, name, NULL);
sl = m_alloc( sizeof *sl + strlen(p) );
strcpy(sl->d, p );
sl = append_to_strlist( &keyrings, p );
m_free(p);
}
else {
sl = m_alloc( sizeof *sl + strlen(name) );
strcpy(sl->d, name );
}
sl->next = keyrings;
keyrings = sl;
else
sl = append_to_strlist( &keyrings, name );
/* fixme: We should remove much out of this module and
* combine it with the keyblock stuff from ringedit.c
* For now we will simple add the filename as keyblock resource
*/
rc = add_keyblock_resource( sl->d, 0, 0 );
rc = add_keyblock_resource( sl->d, force, 0 );
if( rc )
log_error("keyblock resource '%s': %s\n", sl->d, g10_errstr(rc) );
}
@ -139,7 +137,7 @@ void
add_secret_keyring( const char *name )
{
STRLIST sl;
int rc;
int rc, force = !secret_keyrings;
if( *name != '/' ) { /* do tilde expansion etc */
char *p ;
@ -148,22 +146,17 @@ add_secret_keyring( const char *name )
p = make_filename(name, NULL);
else
p = make_filename(opt.homedir, name, NULL);
sl = m_alloc( sizeof *sl + strlen(p) );
strcpy(sl->d, p );
sl = append_to_strlist( &secret_keyrings, p );
m_free(p);
}
else {
sl = m_alloc( sizeof *sl + strlen(name) );
strcpy(sl->d, name );
}
sl->next = secret_keyrings;
secret_keyrings = sl;
else
sl = append_to_strlist( &secret_keyrings, name );
/* fixme: We should remove much out of this module and
* combine it with the keyblock stuff from ringedit.c
* For now we will simple add the filename as keyblock resource
*/
rc = add_keyblock_resource( sl->d, 0, 1 );
rc = add_keyblock_resource( sl->d, force, 1 );
if( rc )
log_error("secret keyblock resource '%s': %s\n", sl->d, g10_errstr(rc));
}
@ -648,6 +641,7 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
}
}
/****************
* Lookup a key by scanning all keyrings
* mode 1 = lookup by NAME (exact)
@ -696,7 +690,12 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid,
|| kk->pkt->pkttype == PKT_PUBLIC_SUBKEY )
&& ( !pk->pubkey_algo
|| pk->pubkey_algo
== kk->pkt->pkt.public_key->pubkey_algo))
== kk->pkt->pkt.public_key->pubkey_algo)
&& ( !pk->pubkey_usage
|| !check_pubkey_algo2(
kk->pkt->pkt.public_key->pubkey_algo,
pk->pubkey_usage ))
)
break;
if( kk ) {
u32 aki[2];
@ -711,6 +710,9 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid,
}
}
else { /* keyid or fingerprint lookup */
/* No need to compare the usage here, as we already have the
* keyid to use
*/
if( DBG_CACHE && (mode== 10 || mode==11) ) {
log_debug("lookup keyid=%08lx%08lx req_algo=%d mode=%d\n",
(ulong)keyid[0], (ulong)keyid[1],

12
g10/gpgd.c
View file

@ -249,6 +249,18 @@ g10_exit( int rc )
exit(rc );
}
void
do_not_use_RSA()
{
static int did_rsa_note = 0;
if( !did_rsa_note ) {
did_rsa_note = 1;
log_info("RSA keys are depreciated; please consider "
"creating a new key and use this key in the future\n");
}
}
static void
become_daemon()

2
g10/import.c
View file

@ -125,7 +125,7 @@ import_keys( const char *fname )
}
if( rc == -1 )
rc = 0;
else if( rc )
else if( rc && rc != G10ERR_INV_KEYRING )
log_error("%s: read error: %s\n", fname, g10_errstr(rc));
iobuf_close(inp);

51
g10/keyedit.c
View file

@ -75,8 +75,9 @@ sign_it_p( PKT_public_key *pk, PKT_user_id *uid )
char *answer;
int yes;
tty_printf("\nAre you really sure that you want to sign this key:\n\n"
"%4u%c/%08lX %s ",
tty_printf("\n");
tty_printf(_("Are you really sure that you want to sign this key:\n\n"));
tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ),
(ulong)keyid_from_pk( pk, NULL ),
@ -85,7 +86,7 @@ sign_it_p( PKT_public_key *pk, PKT_user_id *uid )
tty_printf("\n");
show_fingerprint(pk);
tty_printf("\n");
answer = tty_get("Sign this key? ");
answer = tty_get(_("Sign this key? "));
tty_kill_prompt();
yes = answer_is_yes(answer);
m_free(answer);
@ -141,11 +142,11 @@ check_all_keysigs( KBNODE keyblock )
}
}
if( inv_sigs )
tty_printf("%d bad signatures\n", inv_sigs );
tty_printf(_("%d bad signatures\n"), inv_sigs );
if( no_key )
tty_printf("No public key for %d signatures\n", no_key );
tty_printf(_("No public key for %d signatures\n"), no_key );
if( oth_err )
tty_printf("%d signatures not checked due to errors\n", oth_err );
tty_printf(_("%d signatures not checked due to errors\n"), oth_err );
return inv_sigs || no_key || oth_err;
}
@ -172,7 +173,7 @@ remove_keysigs( KBNODE keyblock, u32 *keyid, int all )
tty_printf("\n \"%08lX %s ",
sig->keyid[1], datestr_from_sig(sig));
if( node->flag & 6 )
tty_printf("[User name not available] ");
tty_printf(_("[User name not available] "));
else {
size_t n;
char *p = get_user_id( sig->keyid, &n );
@ -181,18 +182,19 @@ remove_keysigs( KBNODE keyblock, u32 *keyid, int all )
}
tty_printf("\"\n");
if( node->flag & 1 )
tty_printf("This is a BAD signature!\n");
tty_printf(_("This is a BAD signature!\n"));
else if( node->flag & 2 )
tty_printf("Public key not available.\n");
tty_printf(_("Public key not available.\n"));
else if( node->flag & 4 )
tty_printf("The signature could not be checked!\n");
tty_printf(_("The signature could not be checked!\n"));
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
tty_printf("Skipped self-signature\n");
tty_printf(_("Skipped self-signature\n"));
continue; /* do not remove self-signatures */
}
answer = tty_get("\nRemove this signature? ");
tty_printf("\n");
answer = tty_get(_("Remove this signature? "));
tty_kill_prompt();
if( answer_is_yes(answer) ) {
node->flag |= 128; /* use bit 7 to mark this node */
@ -204,7 +206,7 @@ remove_keysigs( KBNODE keyblock, u32 *keyid, int all )
if( !count )
return 0; /* nothing to remove */
answer = tty_get("Do you really want to remove the selected signatures? ");
answer = tty_get(_("Do you really want to remove the selected signatures? "));
tty_kill_prompt();
yes = answer_is_yes(answer);
m_free(answer);
@ -245,7 +247,7 @@ sign_key( const char *username, STRLIST locusr )
/* search the userid */
rc = find_keyblock_byname( &kbpos, username );
if( rc ) {
log_error("user '%s' not found\n", username );
log_error(_("%s: user not found\n"), username );
goto leave;
}
@ -272,7 +274,7 @@ sign_key( const char *username, STRLIST locusr )
pk = node->pkt->pkt.public_key;
keyid_from_pk( pk, pk_keyid );
log_info("Checking signatures of this public key certificate:\n");
tty_printf(_("Checking signatures of this public key certificate:\n"));
tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ),
@ -289,7 +291,8 @@ sign_key( const char *username, STRLIST locusr )
if( check_all_keysigs( keyblock ) ) {
if( !opt.batch ) {
/* ask whether we really should do anything */
answer = tty_get("To you want to remove some of the invalid sigs? ");
answer = tty_get(
_("To you want to remove some of the invalid sigs? "));
tty_kill_prompt();
if( answer_is_yes(answer) )
remove_keysigs( keyblock, pk_keyid, 0 );
@ -309,7 +312,7 @@ sign_key( const char *username, STRLIST locusr )
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
if( akeyid[0] == node->pkt->pkt.signature->keyid[0]
&& akeyid[1] == node->pkt->pkt.signature->keyid[1] ) {
log_info("Already signed by keyid %08lX\n",
log_info(_("Already signed by keyid %08lX\n"),
(ulong)akeyid[1] );
sk_rover->mark = 0;
}
@ -321,7 +324,7 @@ sign_key( const char *username, STRLIST locusr )
break;
}
if( !sk_rover ) {
log_info("Nothing to sign\n");
log_info(_("Nothing to sign\n"));
goto leave;
}
@ -390,7 +393,7 @@ edit_keysigs( const char *username )
/* search the userid */
rc = find_keyblock_byname( &kbpos, username );
if( rc ) {
log_error("%s: user not found\n", username );
log_error(_("%s: user not found\n"), username );
goto leave;
}
@ -411,7 +414,7 @@ edit_keysigs( const char *username )
pk = node->pkt->pkt.public_key;
keyid_from_pk( pk, pk_keyid );
log_info("Checking signatures of this public key certificate:\n");
tty_printf(_("Checking signatures of this public key certificate:\n"));
tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ),
@ -459,7 +462,7 @@ delete_key( const char *username, int secret )
rc = secret? find_secret_keyblock_byname( &kbpos, username )
: find_keyblock_byname( &kbpos, username );
if( rc ) {
log_error("%s: user not found\n", username );
log_error(_("%s: user not found\n"), username );
goto leave;
}
@ -622,10 +625,10 @@ change_passphrase( const char *username )
rc = G10ERR_PUBKEY_ALGO;
break;
case 0:
tty_printf("This key is not protected.\n");
tty_printf(_("This key is not protected.\n"));
break;
default:
tty_printf("Key is protected.\n");
tty_printf(_("Key is protected.\n"));
rc = check_secret_key( sk );
if( !rc )
passphrase = get_last_passphrase();
@ -644,7 +647,7 @@ change_passphrase( const char *username )
}
if( rc )
tty_printf("Can't edit this key: %s\n", g10_errstr(rc));
tty_printf(_("Can't edit this key: %s\n"), g10_errstr(rc));
else {
DEK *dek = NULL;
STRING2KEY *s2k = m_alloc_secure( sizeof *s2k );

1
g10/main.h
View file

@ -43,6 +43,7 @@ typedef struct {
#else
void g10_exit(int rc);
#endif
void do_not_use_RSA(void);
/*-- misc.c --*/
void trap_unaligned(void);

2
g10/options.h
View file

@ -37,7 +37,7 @@ struct {
int no_armor;
int list_packets; /* list-packets mode */
int def_cipher_algo;
int def_pubkey_algo;
int reserved;
int def_digest_algo;
int def_compress_algo;
int no_comment;

2
g10/packet.h
View file

@ -109,6 +109,7 @@ typedef struct {
byte hdrbytes; /* number of header bytes */
byte version;
byte pubkey_algo; /* algorithm used for public key scheme */
byte pubkey_usage; /* for now only used to pass it to getkey() */
ulong local_id; /* internal use, valid if > 0 */
MPI pkey[PUBKEY_MAX_NPKEY];
} PKT_public_key;
@ -119,6 +120,7 @@ typedef struct {
byte hdrbytes; /* number of header bytes */
byte version;
byte pubkey_algo; /* algorithm used for public key scheme */
byte pubkey_usage;
byte is_protected; /* The secret info is protected and must */
/* be decrypted before use, the protected */
/* MPIs are simply (void*) pointers to memory */

30
g10/parse-packet.c
View file

@ -203,7 +203,7 @@ static int
parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
int *skip, IOBUF out, int do_skip )
{
int rc, c, ctb, pkttype, lenbytes;
int rc=0, c, ctb, pkttype, lenbytes;
unsigned long pktlen;
byte hdr[8];
int hdrlen;
@ -213,13 +213,16 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
assert( !pkt->pkt.generic );
if( retpos )
*retpos = iobuf_tell(inp);
if( (ctb = iobuf_get(inp)) == -1 )
return -1;
if( (ctb = iobuf_get(inp)) == -1 ) {
rc = -1;
goto leave;
}
hdrlen=0;
hdr[hdrlen++] = ctb;
if( !(ctb & 0x80) ) {
log_error("%s: invalid packet (ctb=%02x)\n", iobuf_where(inp), ctb );
return G10ERR_INVALID_PACKET;
rc = G10ERR_INVALID_PACKET;
goto leave;
}
pktlen = 0;
new_ctb = !!(ctb & 0x40);
@ -227,7 +230,8 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
pkttype = ctb & 0x3f;
if( (c = iobuf_get(inp)) == -1 ) {
log_error("%s: 1st length byte missing\n", iobuf_where(inp) );
return G10ERR_INVALID_PACKET;
rc = G10ERR_INVALID_PACKET;
goto leave;
}
hdr[hdrlen++] = c;
if( c < 192 )
@ -236,7 +240,8 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
pktlen = (c - 192) * 256;
if( (c = iobuf_get(inp)) == -1 ) {
log_error("%s: 2nd length byte missing\n", iobuf_where(inp) );
return G10ERR_INVALID_PACKET;
rc = G10ERR_INVALID_PACKET;
goto leave;
}
hdr[hdrlen++] = c;
pktlen += c + 192;
@ -247,7 +252,8 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 8;
if( (c = iobuf_get(inp)) == -1 ) {
log_error("%s: 4 byte length invalid\n", iobuf_where(inp) );
return G10ERR_INVALID_PACKET;
rc = G10ERR_INVALID_PACKET;
goto leave;
}
pktlen |= (hdr[hdrlen++] = c );
}
@ -277,13 +283,14 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
rc = G10ERR_WRITE_FILE;
else
rc = copy_packet(inp, out, pkttype, pktlen );
return rc;
goto leave;
}
if( do_skip || !pkttype || (reqtype && pkttype != reqtype) ) {
skip_packet(inp, pkttype, pktlen);
*skip = 1;
return 0;
rc = 0;
goto leave;
}
if( DBG_PACKET )
@ -341,6 +348,9 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
break;
}
leave:
if( rc == -1 && iobuf_error(inp) )
rc = G10ERR_INV_KEYRING;
return rc;
}
@ -925,6 +935,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
sk->hdrbytes = hdrlen;
sk->version = version;
sk->pubkey_algo = algorithm;
sk->pubkey_usage = 0; /* not yet used */
}
else {
PKT_public_key *pk = pkt->pkt.public_key;
@ -934,6 +945,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
pk->hdrbytes = hdrlen;
pk->version = version;
pk->pubkey_algo = algorithm;
pk->pubkey_usage = 0; /* not yet used */
}
nskey = pubkey_get_nskey( algorithm );
npkey = pubkey_get_npkey( algorithm );

12
g10/pkclist.c
View file

@ -317,9 +317,10 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage )
if( pk )
free_public_key( pk );
pk = m_alloc_clear( sizeof *pk );
pk->pubkey_usage = usage;
rc = get_pubkey_byname( pk, answer );
if( rc )
tty_printf("No such user ID.\n");
tty_printf(_("No such user ID.\n"));
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage)) ) {
int trustlevel;
@ -350,9 +351,10 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage )
for(; remusr; remusr = remusr->next ) {
pk = m_alloc_clear( sizeof *pk );
pk->pubkey_usage = usage;
if( (rc = get_pubkey_byname( pk, remusr->d )) ) {
free_public_key( pk ); pk = NULL;
log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) );
log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) );
}
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage )) ) {
int trustlevel;
@ -360,7 +362,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage )
rc = check_trust( pk, &trustlevel );
if( rc ) {
free_public_key( pk ); pk = NULL;
log_error("error checking pk of '%s': %s\n",
log_error(_("%s: error checking key: %s\n"),
remusr->d, g10_errstr(rc) );
}
else if( do_we_trust_pre( pk, trustlevel ) ) {
@ -379,14 +381,14 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage )
}
else {
free_public_key( pk ); pk = NULL;
log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) );
log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) );
}
}
}
if( !rc && !pk_list ) {
log_error("no valid addressees\n");
log_error(_("no valid addressees\n"));
rc = G10ERR_NO_USER_ID;
}

81
g10/pref.c Normal file
View file

@ -0,0 +1,81 @@
/* pref.c
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#define DEFINES_PREF_LIST 1
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include "errors.h"
#include "memory.h"
#include "util.h"
#include "ttyio.h"
#include "i18n.h"
#include "pref.h"
#define N_CIPHERS 3
#define N_DIGESTS 4
#define N_COMPRS 3
struct pref_list_s {
PREF_LIST *extend; /* if we need more, we link them together */
byte cipher[N_CIPHERS]; /* cipher algos */
byte digest[N_DIGESTS]; /* digest algos */
byte compr [N_COMPRS ]; /* compress algos (a 255 denotes no compression)*/
};
#if 0
PREF_LIST
new_pref_list()
{
return m_alloc_clear( sizeof(*PREF_LIST) );
}
void
release_pref_list( PREF_LIST pref )
{
while( pref ) {
PREF_LIST tmp = pref->extend;
m_free( pref );
pref = tmp;
}
}
PREF_LIST
copy_pref_list( PREF_LIST s )
{
PREF_LIST ss, ss, d = new_pref_list();
*d = *s;
for( ss = s->extend; ss; ss = ss->extend ) {
WORK WORK WORK
d->extend = new_pref_list();
*d->extend = *ss;
}
return d;
}
#endif

42
g10/pref.h Normal file
View file

@ -0,0 +1,42 @@
/* pref.h
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifndef G10_PREF_H
#define G10_PREF_H 1
/* a structure to hold information abopu preferred algorithms */
typedef struct pref_list_s *PREF_LIST;
#ifndef DEFINES_PREF_LIST
struct pref_list_s { char preference_stuff[1]; };
#endif
PREF_LIST new_pref_list(void);
void release_pref_list( PREF_LIST pref );
#endif /*G10_PREF_H*/

13
g10/ringedit.c
View file

@ -117,6 +117,17 @@ add_keyblock_resource( const char *filename, int force, int secret )
if( !iobuf && !force )
return G10ERR_OPEN_FILE;
#endif
if( !iobuf ) {
iobuf = iobuf_create( filename );
if( !iobuf ) {
log_error("%s: can't create: %s\n", filename, strerror(errno));
return G10ERR_OPEN_FILE;
}
else
log_info("%s: keyring created\n", filename );
}
resource_table[i].used = 1;
resource_table[i].secret = !!secret;
resource_table[i].fname = m_strdup(filename);
@ -726,6 +737,8 @@ keyring_copy( KBPOS *kbpos, int mode, KBNODE root )
log_error("%s: can't create: %s\n", rentry->fname, strerror(errno));
return G10ERR_OPEN_FILE;
}
else
log_info("%s: keyring created\n", rentry->fname );
kbctx=NULL;
while( (node = walk_kbnode( root, &kbctx, 0 )) ) {

45
g10/sign.c
View file

@ -46,6 +46,9 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
byte *dp;
int rc;
if( is_RSA(sk->pubkey_algo) )
do_not_use_RSA();
if( !digest_algo )
digest_algo = md_get_algo(md);
@ -166,12 +169,12 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
if( fname && filenames->next && (!detached || encrypt) )
log_bug("multiple files can only be detached signed");
if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) )
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave;
if( !old_style )
old_style = only_old_style( sk_list );
if( encrypt ) {
if( (rc=build_pk_list( remusr, &pk_list, 2 )) )
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) )
goto leave;
}
@ -314,6 +317,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
pt->timestamp = make_timestamp();
pt->mode = opt.textmode && !outfile ? 't':'b';
pt->len = filesize;
pt->new_ctb = !pt->len && !opt.rfc1991;
pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt;
@ -461,12 +465,13 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
SK_LIST sk_list = NULL;
SK_LIST sk_rover = NULL;
int old_style = opt.rfc1991;
int only_md5 = 0;
memset( &afx, 0, sizeof afx);
memset( &tfx, 0, sizeof tfx);
init_packet( &pkt );
if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) )
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave;
if( !old_style )
old_style = only_old_style( sk_list );
@ -493,18 +498,36 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
goto leave;
}
/* FIXME: This stuff is not correct if multiple hash algos are used*/
iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----\n" );
if( old_style
|| (opt.def_digest_algo?opt.def_digest_algo:DEFAULT_DIGEST_ALGO)
== DIGEST_ALGO_MD5 )
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk = sk_rover->sk;
if( hash_for(sk->pubkey_algo) == DIGEST_ALGO_MD5 )
only_md5 = 1;
else {
only_md5 = 0;
break;
}
}
if( old_style || only_md5 )
iobuf_writestr(out, "\n" );
else {
const char *s = digest_algo_to_string(opt.def_digest_algo?
opt.def_digest_algo:DEFAULT_DIGEST_ALGO);
assert(s);
const char *s;
int any = 0;
iobuf_writestr(out, "Hash: " );
iobuf_writestr(out, s );
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk = sk_rover->sk;
s = digest_algo_to_string( hash_for(sk->pubkey_algo) );
if( s ) {
if( any )
iobuf_put(out, ',' );
iobuf_writestr(out, s );
any = 1;
}
}
assert(any);
iobuf_writestr(out, "\n\n" );
}

6
g10/skclist.c
View file

@ -56,13 +56,14 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
PKT_secret_key *sk;
sk = m_alloc_clear( sizeof *sk );
sk->pubkey_usage = usage;
if( (rc = get_seckey_byname( sk, NULL, unlock )) ) {
free_secret_key( sk ); sk = NULL;
log_error("no default secret key: %s\n", g10_errstr(rc) );
}
else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) {
SK_LIST r;
if( sk->version == 4 && (usage & 1)
if( sk->version == 4 && (usage & PUBKEY_USAGE_SIG)
&& sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_error("this is a PGP generated "
"ElGamal key which is NOT secure for signatures!\n");
@ -86,13 +87,14 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
PKT_secret_key *sk;
sk = m_alloc_clear( sizeof *sk );
sk->pubkey_usage = usage;
if( (rc = get_seckey_byname( sk, locusr->d, unlock )) ) {
free_secret_key( sk ); sk = NULL;
log_error("skipped '%s': %s\n", locusr->d, g10_errstr(rc) );
}
else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) {
SK_LIST r;
if( sk->version == 4 && (usage & 1)
if( sk->version == 4 && (usage & PUBKEY_USAGE_SIG)
&& sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_info("skipped '%s': this is a PGP generated "
"ElGamal key which is not secure for signatures!\n",

83
g10/trustdb.c
View file

@ -1540,18 +1540,13 @@ init_trustdb( int level, const char *dbname )
if( !level )
return 0;
/* we can verify a signature about our local data (secring and trustdb)
* in ~/.gnupg/ here */
rc = verify_private_data();
if( !rc ) {
/* verify that our own keys are in the trustDB
* or move them to the trustdb. */
rc = verify_own_keys();
/* verify that our own keys are in the trustDB
* or move them to the trustdb. */
rc = verify_own_keys();
/* should we check whether there is no other ultimately trusted
* key in the database? */
/* should we check whether there is no other ultimately trusted
* key in the database? */
}
}
else
BUG();
@ -1593,6 +1588,27 @@ list_trustdb( const char *username )
}
}
/****************
* make a list of all owner trust value.
*/
void
list_ownertrust()
{
TRUSTREC rec;
ulong recnum;
int i;
byte *p;
for(recnum=0; !read_record( recnum, &rec, 0); recnum++ ) {
if( rec.rectype == RECTYPE_KEY ) {
p = rec.r.key.fingerprint;
for(i=0; i < rec.r.key.fingerprint_len; i++, p++ )
printf("%02X", *p );
printf(":%u:\n", (unsigned)rec.r.key.ownertrust );
}
}
}
void
list_trust_path( int max_depth, const char *username )
{
@ -2012,50 +2028,3 @@ update_no_sigs( ulong lid, int no_sigs )
}
int
verify_private_data()
{
int rc = 0;
char *sigfile = make_filename(opt.homedir, "gnupg.sig", NULL );
if( access( sigfile, R_OK ) ) {
if( errno != ENOENT ) {
log_error("can't access %s: %s\n", sigfile, strerror(errno) );
rc = G10ERR_TRUSTDB;
goto leave;
}
log_info("private data signature missing; creating ...\n");
rc = sign_private_data();
if( rc ) {
log_error("error creating %s: %s\n", sigfile, g10_errstr(rc) );
goto leave;
}
}
/* FIXME: verify this signature */
leave:
m_free(sigfile);
return rc;
}
int
sign_private_data()
{
int rc;
char *sigfile = make_filename(opt.homedir, "gnupg.sig", NULL );
char *secring = make_filename(opt.homedir, "secring.gpg", NULL );
STRLIST list = NULL;
add_to_strlist( &list, db_name );
add_to_strlist( &list, secring );
rc = sign_file( list, 1, NULL, 0, NULL, sigfile);
m_free(sigfile);
m_free(secring);
free_strlist(list);
return rc;
}

3
g10/trustdb.h
View file

@ -38,6 +38,7 @@
/*-- trustdb.c --*/
void list_trustdb(const char *username);
void list_trust_path( int max_depth, const char *username );
void list_ownertrust(void);
int init_trustdb( int level, const char *dbname );
int check_trust( PKT_public_key *pk, unsigned *r_trustlevel );
int query_trust_info( PKT_public_key *pk );
@ -47,7 +48,5 @@ int keyid_from_trustdb( ulong lid, u32 *keyid );
int query_trust_record( PKT_public_key *pk );
int insert_trust_record( PKT_public_key *pk );
int update_ownertrust( ulong lid, unsigned new_trust );
int verify_private_data(void);
int sign_private_data(void);
#endif /*G10_TRUSTDB_H*/