security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-20 14:37:08 +01:00
Code Activity

gpg: Print a warning if the subkey expiration may not be what you want.

Browse Source 
* g10/keyedit.c (subkey_expire_warning): New.
(keyedit_menu): Call it when needed.
--
GnuPG-bug-id: 1715

The heuristic to detect a problem is not very advanced but it should
catch the most common cases.
This commit is contained in:
Werner Koch 2014-09-17 16:27:37 +02:00
parent 457bce5cd3
commit ae3d1bbb65
1 changed files with 63 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
g10/keyedit.c
View File

@ -59,6 +59,7 @@ static void show_key_with_all_names (estream_t fp,
int with_subkeys, int with_prefs, int with_subkeys, int with_prefs,
int nowarn); int nowarn);
static void show_key_and_fingerprint (KBNODE keyblock); static void show_key_and_fingerprint (KBNODE keyblock);
static void subkey_expire_warning (kbnode_t keyblock);
static int menu_adduid (KBNODE keyblock, int photo, const char *photo_name); static int menu_adduid (KBNODE keyblock, int photo, const char *photo_name);
static void menu_deluid (KBNODE pub_keyblock); static void menu_deluid (KBNODE pub_keyblock);
static int menu_delsig (KBNODE pub_keyblock); static int menu_delsig (KBNODE pub_keyblock);
@ -1463,6 +1464,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
char *answer = NULL; char *answer = NULL;
int redisplay = 1; int redisplay = 1;
int modified = 0; int modified = 0;
int run_subkey_warnings = 0;
int toggle; int toggle;
int have_commands = !!commands; int have_commands = !!commands;
@ -1530,6 +1532,14 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
tty_printf ("\n"); tty_printf ("\n");
redisplay = 0; redisplay = 0;
} }
if (run_subkey_warnings)
{
run_subkey_warnings = 0;
if (!count_selected_keys (keyblock))
subkey_expire_warning (keyblock);
}
do do
{ {
xfree (answer); xfree (answer);
@ -2030,6 +2040,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
if (menu_expire (keyblock)) if (menu_expire (keyblock))
{ {
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (keyblock);
run_subkey_warnings = 1;
modified = 1; modified = 1;
redisplay = 1; redisplay = 1;
} }
@ -3156,6 +3167,58 @@ no_primary_warning (KBNODE keyblock)
} }
/* Print a warning if the latest encryption subkey expires soon. This
function is called after the expire data of the primary key has
been changed. */
static void
subkey_expire_warning (kbnode_t keyblock)
{
u32 curtime = make_timestamp ();
kbnode_t node;
PKT_public_key *pk;
/* u32 mainexpire = 0; */
u32 subexpire = 0;
u32 latest_date = 0;
for (node = keyblock; node; node = node->next)
{
/* if (node->pkt->pkttype == PKT_PUBLIC_KEY) */
/* { */
/* pk = node->pkt->pkt.public_key; */
/* mainexpire = pk->expiredate; */
/* } */
if (node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
continue;
pk = node->pkt->pkt.public_key;
if (!pk->flags.valid)
continue;
if (pk->flags.revoked)
continue;
if (pk->timestamp > curtime)
continue; /* Ignore future keys. */
if (!(pk->pubkey_usage & PUBKEY_USAGE_ENC))
continue; /* Not an encryption key. */
if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date))
{
latest_date = pk->timestamp;
subexpire = pk->expiredate;
}
}
if (!subexpire)
return; /* No valid subkey with an expiration time. */
if (curtime + (10*86400) > subexpire)
{
log_info (_("WARNING: Your encryption subkey expires soon.\n"));
log_info (_("You may want to change its expiration date too.\n"));
}
}
/* /*
* Ask for a new user id, add the self-signature and update the keyblock. * Ask for a new user id, add the self-signature and update the keyblock.
* Return true if there is a new user id * Return true if there is a new user id