mirror of git://git.gnupg.org/gnupg.git
gpg: Print a warning if the subkey expiration may not be what you want.
* g10/keyedit.c (subkey_expire_warning): New. (keyedit_menu): Call it when needed. -- GnuPG-bug-id: 1715 The heuristic to detect a problem is not very advanced but it should catch the most common cases.
This commit is contained in:
Werner Koch
parent
457bce5cd3
commit
ae3d1bbb65
|
|
@ -59,6 +59,7 @@ static void show_key_with_all_names (estream_t fp,
|
|||
int with_subkeys, int with_prefs,
|
||||
int nowarn);
|
||||
static void show_key_and_fingerprint (KBNODE keyblock);
|
||||
static void subkey_expire_warning (kbnode_t keyblock);
|
||||
static int menu_adduid (KBNODE keyblock, int photo, const char *photo_name);
|
||||
static void menu_deluid (KBNODE pub_keyblock);
|
||||
static int menu_delsig (KBNODE pub_keyblock);
|
||||
|
|
@ -1463,6 +1464,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
|
|||
char *answer = NULL;
|
||||
int redisplay = 1;
|
||||
int modified = 0;
|
||||
int run_subkey_warnings = 0;
|
||||
int toggle;
|
||||
int have_commands = !!commands;
|
||||
|
||||
|
|
@ -1530,6 +1532,14 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
|
|||
tty_printf ("\n");
|
||||
redisplay = 0;
|
||||
}
|
||||
|
||||
if (run_subkey_warnings)
|
||||
{
|
||||
run_subkey_warnings = 0;
|
||||
if (!count_selected_keys (keyblock))
|
||||
subkey_expire_warning (keyblock);
|
||||
}
|
||||
|
||||
do
|
||||
{
|
||||
xfree (answer);
|
||||
|
|
@ -2030,6 +2040,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
|
|||
if (menu_expire (keyblock))
|
||||
{
|
||||
merge_keys_and_selfsig (keyblock);
|
||||
run_subkey_warnings = 1;
|
||||
modified = 1;
|
||||
redisplay = 1;
|
||||
}
|
||||
|
|
@ -3156,6 +3167,58 @@ no_primary_warning (KBNODE keyblock)
|
|||
}
|
||||
|
||||
|
||||
/* Print a warning if the latest encryption subkey expires soon. This
|
||||
function is called after the expire data of the primary key has
|
||||
been changed. */
|
||||
static void
|
||||
subkey_expire_warning (kbnode_t keyblock)
|
||||
{
|
||||
u32 curtime = make_timestamp ();
|
||||
kbnode_t node;
|
||||
PKT_public_key *pk;
|
||||
/* u32 mainexpire = 0; */
|
||||
u32 subexpire = 0;
|
||||
u32 latest_date = 0;
|
||||
|
||||
for (node = keyblock; node; node = node->next)
|
||||
{
|
||||
/* if (node->pkt->pkttype == PKT_PUBLIC_KEY) */
|
||||
/* { */
|
||||
/* pk = node->pkt->pkt.public_key; */
|
||||
/* mainexpire = pk->expiredate; */
|
||||
/* } */
|
||||
|
||||
if (node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
|
||||
continue;
|
||||
pk = node->pkt->pkt.public_key;
|
||||
|
||||
if (!pk->flags.valid)
|
||||
continue;
|
||||
if (pk->flags.revoked)
|
||||
continue;
|
||||
if (pk->timestamp > curtime)
|
||||
continue; /* Ignore future keys. */
|
||||
if (!(pk->pubkey_usage & PUBKEY_USAGE_ENC))
|
||||
continue; /* Not an encryption key. */
|
||||
|
||||
if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date))
|
||||
{
|
||||
latest_date = pk->timestamp;
|
||||
subexpire = pk->expiredate;
|
||||
}
|
||||
}
|
||||
|
||||
if (!subexpire)
|
||||
return; /* No valid subkey with an expiration time. */
|
||||
|
||||
if (curtime + (10*86400) > subexpire)
|
||||
{
|
||||
log_info (_("WARNING: Your encryption subkey expires soon.\n"));
|
||||
log_info (_("You may want to change its expiration date too.\n"));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Ask for a new user id, add the self-signature and update the keyblock.
|
||||
* Return true if there is a new user id
|
||||
|
|
|
|||
Loading…
Reference in New Issue