From ad55de70930543c1681b11e4bd624be074122b23 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 26 Feb 2020 12:53:22 -0500 Subject: [PATCH] gpg: Update --trusted-key to accept fingerprint as well as long key id. * g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well as long key ID. * doc/gpg.texi: document that --trusted-key can accept a fingerprint. -- GnuPG-bug-id: 4855 Signed-off-by: Daniel Kahn Gillmor --- doc/gpg.texi | 4 ++-- g10/trustdb.c | 15 ++++++++++----- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 988835d22..9dabf46a8 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1651,10 +1651,10 @@ certification level below this as invalid. Defaults to 2, which disregards level 1 signatures. Note that level 0 "no particular claim" signatures are always accepted. -@item --trusted-key @var{long key ID} +@item --trusted-key @var{long key ID or fingerprint} @opindex trusted-key Assume that the specified key (which must be given -as a full 8 byte key ID) is as trustworthy as one of +as a full 8 byte key ID or 20 byte fingerprint) is as trustworthy as one of your own secret keys. This option is useful if you don't want to keep your secret keys (or one of them) online but still want to be able to check the validity of a given diff --git a/g10/trustdb.c b/g10/trustdb.c index 64e6ec349..2c096357c 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -210,15 +210,20 @@ tdb_register_trusted_key( const char *string ) { gpg_error_t err; KEYDB_SEARCH_DESC desc; + u32 kid[2]; err = classify_user_id (string, &desc, 1); - if (err || desc.mode != KEYDB_SEARCH_MODE_LONG_KID ) + if (!err) { - log_error(_("'%s' is not a valid long keyID\n"), string ); - return; + if (desc.mode == KEYDB_SEARCH_MODE_LONG_KID) + return register_trusted_keyid(desc.u.kid); + if (desc.mode == KEYDB_SEARCH_MODE_FPR && desc.fprlen == 20) { + kid[0] = buf32_to_u32 (desc.u.fpr+12); + kid[1] = buf32_to_u32 (desc.u.fpr+16); + return register_trusted_keyid(kid); + } } - - register_trusted_keyid(desc.u.kid); + log_error(_("'%s' is not a valid long keyID or fingerprint\n"), string ); } /*