1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Update --trusted-key to accept fingerprint as well as long key id.

* g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well
as long key ID.
* doc/gpg.texi: document that --trusted-key can accept a fingerprint.
--

GnuPG-bug-id: 4855
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
Daniel Kahn Gillmor 2020-02-26 12:53:22 -05:00
parent 0904b8ef34
commit ad55de7093
2 changed files with 12 additions and 7 deletions

View File

@ -1651,10 +1651,10 @@ certification level below this as invalid. Defaults to 2, which
disregards level 1 signatures. Note that level 0 "no particular
claim" signatures are always accepted.
@item --trusted-key @var{long key ID}
@item --trusted-key @var{long key ID or fingerprint}
@opindex trusted-key
Assume that the specified key (which must be given
as a full 8 byte key ID) is as trustworthy as one of
as a full 8 byte key ID or 20 byte fingerprint) is as trustworthy as one of
your own secret keys. This option is useful if you
don't want to keep your secret keys (or one of them)
online but still want to be able to check the validity of a given

View File

@ -210,15 +210,20 @@ tdb_register_trusted_key( const char *string )
{
gpg_error_t err;
KEYDB_SEARCH_DESC desc;
u32 kid[2];
err = classify_user_id (string, &desc, 1);
if (err || desc.mode != KEYDB_SEARCH_MODE_LONG_KID )
if (!err)
{
log_error(_("'%s' is not a valid long keyID\n"), string );
return;
if (desc.mode == KEYDB_SEARCH_MODE_LONG_KID)
return register_trusted_keyid(desc.u.kid);
if (desc.mode == KEYDB_SEARCH_MODE_FPR && desc.fprlen == 20) {
kid[0] = buf32_to_u32 (desc.u.fpr+12);
kid[1] = buf32_to_u32 (desc.u.fpr+16);
return register_trusted_keyid(kid);
}
}
register_trusted_keyid(desc.u.kid);
log_error(_("'%s' is not a valid long keyID or fingerprint\n"), string );
}
/*