1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Allow unattended deletion of secret keys.

* agent/command.c (cmd_delete_key): Make the --force option depend on
--disallow-loopback-passphrase.
* g10/call-agent.c (agent_delete_key): Add arg FORCE.
* g10/delkey.c (do_delete_key): Pass opt.answer_yes to
agent_delete_key.
--

Unless the agent has been configured with
--disallow-loopback-passpharse an unattended deletion of a secret key
is now possible with gpg by using --batch _and_ --yes.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-05-10 11:01:42 +02:00
parent 693838f012
commit ac9ff644b1
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
6 changed files with 45 additions and 10 deletions

View File

@ -2333,8 +2333,9 @@ cmd_export_key (assuan_context_t ctx, char *line)
static const char hlp_delete_key[] =
"DELETE_KEY [--force] <hexstring_with_keygrip>\n"
"\n"
"Delete a secret key from the key store.\n"
"Unless --force is used the agent asks the user for confirmation.\n";
"Delete a secret key from the key store. If --force is used\n"
"and a loopback pinentry is allowed, the agent will not ask\n"
"the user for confirmation.";
static gpg_error_t
cmd_delete_key (assuan_context_t ctx, char *line)
{
@ -2349,6 +2350,11 @@ cmd_delete_key (assuan_context_t ctx, char *line)
force = has_option (line, "--force");
line = skip_options (line);
/* If the use of a loopback pinentry has been disabled, we assume
* that a silent deletion of keys shall also not be allowed. */
if (!opt.allow_loopback_pinentry)
force = 0;
err = parse_keygrip (ctx, line, grip);
if (err)
goto leave;

View File

@ -337,6 +337,10 @@ internal cache of @command{gpg-agent} with passphrases.
Disallow or allow clients to use the loopback pinentry features; see
the option @option{pinentry-mode} for details. Allow is the default.
The @option{--force} option of the Assuan command @command{DELETE_KEY}
is also controlled by this option: The option is ignored if a loopback
pinentry is disallowed.
@item --no-allow-external-cache
@opindex no-allow-external-cache
Tell Pinentry not to enable features which use an external cache for
@ -820,8 +824,17 @@ fi
@section Agent's Assuan Protocol
Note: this section does only document the protocol, which is used by
GnuPG components; it does not deal with the ssh-agent protocol.
GnuPG components; it does not deal with the ssh-agent protocol. To
see the full specification of each command, use
@example
gpg-connect-agent 'help COMMAND' /bye
@end example
@noindent
or just 'help' to list all available commands.
@noindent
The @command{gpg-agent} daemon is started on demand by the GnuPG
components.

View File

@ -376,13 +376,20 @@ safeguard against accidental deletion of multiple keys.
@item --delete-secret-keys @code{name}
@opindex delete-secret-keys
Remove key from the secret keyring. In batch mode the key
must be specified by fingerprint.
gRemove key from the secret keyring. In batch mode the key must be
specified by fingerprint. The option @option{--yes} can be used to
advice gpg-agent not to request a confirmation. This extra
pre-caution is done because @command{gpg} can't be sure that the
secret key (as controlled by gpg-agent) is only used for the given
OpenPGP public key.
@item --delete-secret-and-public-key @code{name}
@opindex delete-secret-and-public-key
Same as @option{--delete-key}, but if a secret key exists, it will be
removed first. In batch mode the key must be specified by fingerprint.
The option @option{--yes} can be used to advice gpg-agent not to
request a confirmation.
@item --export
@opindex export

View File

@ -2349,9 +2349,11 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
/* Ask the agent to delete the key identified by HEXKEYGRIP. If DESC
is not NULL, display DESC instead of the default description
message. */
message. If FORCE is true the agent is advised not to ask for
confirmation. */
gpg_error_t
agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
int force)
{
gpg_error_t err;
char line[ASSUAN_LINELENGTH];
@ -2376,7 +2378,8 @@ agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
return err;
}
snprintf (line, DIM(line)-1, "DELETE_KEY %s", hexkeygrip);
snprintf (line, DIM(line)-1, "DELETE_KEY%s %s",
force? " --force":"", hexkeygrip);
err = assuan_transact (agent_ctx, line, NULL, NULL,
default_inq_cb, &dfltparm,
NULL, NULL);

View File

@ -196,7 +196,7 @@ gpg_error_t agent_export_key (ctrl_t ctrl, const char *keygrip,
/* Delete a key from the agent. */
gpg_error_t agent_delete_key (ctrl_t ctrl, const char *hexkeygrip,
const char *desc);
const char *desc, int force);
/* Change the passphrase of a key. */
gpg_error_t agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc,

View File

@ -184,8 +184,14 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail )
prompt = gpg_format_keydesc (node->pkt->pkt.public_key,
FORMAT_KEYDESC_DELKEY, 1);
err = hexkeygrip_from_pk (node->pkt->pkt.public_key, &hexgrip);
/* NB: We require --yes to advise the agent not to
* request a confirmation. The rationale for this extra
* pre-caution is that since 2.1 the secret key may also
* be used for other protocols and thus deleting it from
* the gpg would also delete the key for other tools. */
if (!err)
err = agent_delete_key (NULL, hexgrip, prompt);
err = agent_delete_key (NULL, hexgrip, prompt,
opt.answer_yes);
xfree (prompt);
xfree (hexgrip);
if (err)