diff --git a/agent/command.c b/agent/command.c index c94fdd37a..dfbb83194 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2333,8 +2333,9 @@ cmd_export_key (assuan_context_t ctx, char *line) static const char hlp_delete_key[] = "DELETE_KEY [--force] \n" "\n" - "Delete a secret key from the key store.\n" - "Unless --force is used the agent asks the user for confirmation.\n"; + "Delete a secret key from the key store. If --force is used\n" + "and a loopback pinentry is allowed, the agent will not ask\n" + "the user for confirmation."; static gpg_error_t cmd_delete_key (assuan_context_t ctx, char *line) { @@ -2349,6 +2350,11 @@ cmd_delete_key (assuan_context_t ctx, char *line) force = has_option (line, "--force"); line = skip_options (line); + /* If the use of a loopback pinentry has been disabled, we assume + * that a silent deletion of keys shall also not be allowed. */ + if (!opt.allow_loopback_pinentry) + force = 0; + err = parse_keygrip (ctx, line, grip); if (err) goto leave; diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 2989d3b52..b45874d52 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -337,6 +337,10 @@ internal cache of @command{gpg-agent} with passphrases. Disallow or allow clients to use the loopback pinentry features; see the option @option{pinentry-mode} for details. Allow is the default. +The @option{--force} option of the Assuan command @command{DELETE_KEY} +is also controlled by this option: The option is ignored if a loopback +pinentry is disallowed. + @item --no-allow-external-cache @opindex no-allow-external-cache Tell Pinentry not to enable features which use an external cache for @@ -820,8 +824,17 @@ fi @section Agent's Assuan Protocol Note: this section does only document the protocol, which is used by -GnuPG components; it does not deal with the ssh-agent protocol. +GnuPG components; it does not deal with the ssh-agent protocol. To +see the full specification of each command, use +@example + gpg-connect-agent 'help COMMAND' /bye +@end example + +@noindent +or just 'help' to list all available commands. + +@noindent The @command{gpg-agent} daemon is started on demand by the GnuPG components. diff --git a/doc/gpg.texi b/doc/gpg.texi index 3cad36179..a09e610c2 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -376,13 +376,20 @@ safeguard against accidental deletion of multiple keys. @item --delete-secret-keys @code{name} @opindex delete-secret-keys -Remove key from the secret keyring. In batch mode the key -must be specified by fingerprint. +gRemove key from the secret keyring. In batch mode the key must be +specified by fingerprint. The option @option{--yes} can be used to +advice gpg-agent not to request a confirmation. This extra +pre-caution is done because @command{gpg} can't be sure that the +secret key (as controlled by gpg-agent) is only used for the given +OpenPGP public key. + @item --delete-secret-and-public-key @code{name} @opindex delete-secret-and-public-key Same as @option{--delete-key}, but if a secret key exists, it will be removed first. In batch mode the key must be specified by fingerprint. +The option @option{--yes} can be used to advice gpg-agent not to +request a confirmation. @item --export @opindex export diff --git a/g10/call-agent.c b/g10/call-agent.c index c5bd694f0..d8c6dede3 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -2349,9 +2349,11 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc, /* Ask the agent to delete the key identified by HEXKEYGRIP. If DESC is not NULL, display DESC instead of the default description - message. */ + message. If FORCE is true the agent is advised not to ask for + confirmation. */ gpg_error_t -agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc) +agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc, + int force) { gpg_error_t err; char line[ASSUAN_LINELENGTH]; @@ -2376,7 +2378,8 @@ agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc) return err; } - snprintf (line, DIM(line)-1, "DELETE_KEY %s", hexkeygrip); + snprintf (line, DIM(line)-1, "DELETE_KEY%s %s", + force? " --force":"", hexkeygrip); err = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &dfltparm, NULL, NULL); diff --git a/g10/call-agent.h b/g10/call-agent.h index 208b75b2d..06a19d47b 100644 --- a/g10/call-agent.h +++ b/g10/call-agent.h @@ -196,7 +196,7 @@ gpg_error_t agent_export_key (ctrl_t ctrl, const char *keygrip, /* Delete a key from the agent. */ gpg_error_t agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, - const char *desc); + const char *desc, int force); /* Change the passphrase of a key. */ gpg_error_t agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, diff --git a/g10/delkey.c b/g10/delkey.c index f76277c5a..966c5712f 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -184,8 +184,14 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) prompt = gpg_format_keydesc (node->pkt->pkt.public_key, FORMAT_KEYDESC_DELKEY, 1); err = hexkeygrip_from_pk (node->pkt->pkt.public_key, &hexgrip); + /* NB: We require --yes to advise the agent not to + * request a confirmation. The rationale for this extra + * pre-caution is that since 2.1 the secret key may also + * be used for other protocols and thus deleting it from + * the gpg would also delete the key for other tools. */ if (!err) - err = agent_delete_key (NULL, hexgrip, prompt); + err = agent_delete_key (NULL, hexgrip, prompt, + opt.answer_yes); xfree (prompt); xfree (hexgrip); if (err)