security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Implement --keyid-format=none. 

* g10/gpg.c (main): Add option "none" to --keyid-format.
* g10/options.h (KF_NONE): New.
* g10/keyid.c (format_keyid): Implement that.
(keystr): Use format "long" is KF_NONE is in use.
(keystr_with_sub): Ditto.
* g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE.
Factor some code out to ...
(print_key_line): new.
(print_fingerprint): Add mode 20.
* g10/mainproc.c (list_node): Use print_key_line.  Replace MAINKEY by
flags.primary in the PK.  Fix putting a " revoked..." string into the
colons format.
* g10/pkclist.c (do_edit_ownertrust): Use print_key_line.  This
slightly changes the putput format.
* g10/revoke.c (gen_standard_revoke): Use print_key_line.  This may
also put "expires: " into the output.
--

Due to user experience problems with the keyid and we better allow to
show the fingerprint instead.  Note that we do not support v3 keys
anymore and thus there is no technical need for a user to know the
keyid.

GnuPG-bug-id: 2379
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-06-06 16:00:50 +02:00
parent e792eb1bb4
commit b047388d57
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
9 changed files with 153 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
doc/gpg.texi
View File

@ -1679,13 +1679,14 @@ mechanisms, in the order they are to be tried:
@end table
@item --keyid-format @code{short|0xshort|long|0xlong}
@item --keyid-format @code{none|short|0xshort|long|0xlong}
@opindex keyid-format
Select how to display key IDs. "short" is the traditional 8-character
key ID. "long" is the more accurate (but less convenient)
16-character key ID. Add an "0x" to either to include an "0x" at the
beginning of the key ID, as in 0x99242560. Note that this option is
ignored if the option --with-colons is used.
Select how to display key IDs. "none" does not show the key ID at all
but shows the fingerprint in a separate line. "short" is the
traditional 8-character key ID. "long" is the more accurate (but less
convenient) 16-character key ID. Add an "0x" to either to include an
"0x" at the beginning of the key ID, as in 0x99242560. Note that this
option is ignored if the option @option{--with-colons} is used.
@item --keyserver @code{name}
@opindex keyserver

2
g10/gpg.c
View File

@ -3256,6 +3256,8 @@ main (int argc, char **argv)
opt.keyid_format=KF_0xSHORT;
else if(ascii_strcasecmp(pargs.r.ret_str,"0xlong")==0)
opt.keyid_format=KF_0xLONG;
else if(ascii_strcasecmp(pargs.r.ret_str,"none")==0)
opt.keyid_format = KF_NONE;
else
log_error("unknown keyid-format '%s'\n",pargs.r.ret_str);
break;

23
g10/keyid.c
View File

@ -337,6 +337,11 @@ format_keyid (u32 *keyid, int format, char *buffer, int len)
switch (format)
{
case KF_NONE:
if (len)
*buffer = 0;
break;
case KF_SHORT:
snprintf (buffer, len, "%08lX", (ulong)keyid[1]);
break;
@ -401,22 +406,32 @@ const char *
keystr (u32 *keyid)
{
static char keyid_str[KEYID_STR_SIZE];
return format_keyid (keyid, opt.keyid_format, keyid_str, sizeof (keyid_str));
int format = opt.keyid_format;
if (format == KF_NONE)
format = KF_LONG;
return format_keyid (keyid, format, keyid_str, sizeof (keyid_str));
}
/* This function returns the key id of the main and possible the
* subkey as one string. It is used by error messages. */
const char *
keystr_with_sub (u32 *main_kid, u32 *sub_kid)
{
static char buffer[KEYID_STR_SIZE+1+KEYID_STR_SIZE];
char *p;
int format = opt.keyid_format;
mem2str (buffer, keystr (main_kid), KEYID_STR_SIZE);
if (format == KF_NONE)
format = KF_LONG;
format_keyid (main_kid, format, buffer, KEYID_STR_SIZE);
if (sub_kid)
{
p = buffer + strlen (buffer);
*p++ = '/';
mem2str (p, keystr (sub_kid), KEYID_STR_SIZE);
format_keyid (sub_kid, format, p, KEYID_STR_SIZE);
}
return buffer;
}

180
g10/keylist.c
View File

@ -1022,10 +1022,8 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
KBNODE node;
PKT_public_key *pk;
int skip_sigs = 0;
int s2k_char;
char *hexgrip = NULL;
char *serialno = NULL;
char pkstrbuf[PUBKEY_STRING_SIZE];
/* Get the keyid from the keyblock. */
node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
@ -1047,62 +1045,19 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
if (secret)
{
/* Encode some info about the secret key in SECRET. */
if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
s2k_char = serialno? '>':' ';
secret = serialno? 3 : 1;
else
s2k_char = '#'; /* Key not found. */
secret = 2; /* Key not found. */
}
else
s2k_char = ' ';
check_trustdb_stale (ctrl);
/* Print the "pub" line and in KF_NONE mode the fingerprint. */
print_key_line (es_stdout, pk, secret);
es_fprintf (es_stdout, "%s%c %s/%s %s",
secret? "sec":"pub",
s2k_char,
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
keystr_from_pk (pk), datestr_from_pk (pk));
if ((opt.list_options & LIST_SHOW_USAGE))
{
es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk, 0));
}
if (pk->flags.revoked)
{
es_fprintf (es_stdout, " [");
es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk));
es_fprintf (es_stdout, "]");
}
else if (pk->has_expired)
{
es_fprintf (es_stdout, " [");
es_fprintf (es_stdout, _("expired: %s"), expirestr_from_pk (pk));
es_fprintf (es_stdout, "]");
}
else if (pk->expiredate)
{
es_fprintf (es_stdout, " [");
es_fprintf (es_stdout, _("expires: %s"), expirestr_from_pk (pk));
es_fprintf (es_stdout, "]");
}
#if 0
/* I need to think about this some more. It's easy enough to
include, but it looks sort of confusing in the listing... */
if (opt.list_options & LIST_SHOW_VALIDITY)
{
int validity = get_validity (ctrl, pk, NULL, NULL, 0);
es_fprintf (es_stdout, " [%s]", trust_value_to_string (validity));
}
#endif
if (pk->pubkey_algo >= 100)
es_fprintf (es_stdout, " [experimental algorithm %d]", pk->pubkey_algo);
es_fprintf (es_stdout, "\n");
if (fpr)
if (fpr && opt.keyid_format != KF_NONE)
print_fingerprint (NULL, pk, 0);
if (opt.with_keygrip && hexgrip)
@ -1120,6 +1075,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
{
PKT_user_id *uid = node->pkt->pkt.user_id;
int indent;
int kl = opt.keyid_format == KF_NONE? 10 : keystrlen ();
if ((uid->is_expired || uid->is_revoked)
&& !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
@ -1139,7 +1095,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
const char *validity;
validity = uid_trust_string_fixed (ctrl, pk, uid);
indent = ((keystrlen () + (opt.legacy_list_mode? 9:11))
indent = ((kl + (opt.legacy_list_mode? 9:11))
- atoi (uid_trust_string_fixed (ctrl, NULL, NULL)));
if (indent < 0 || indent > 40)
indent = 0;
@ -1148,7 +1104,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
}
else
{
indent = keystrlen () + (opt.legacy_list_mode? 10:12);
indent = kl + (opt.legacy_list_mode? 10:12);
es_fprintf (es_stdout, "uid%*s", indent, "");
}
@ -1205,42 +1161,13 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
if (secret)
{
if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
s2k_char = serialno? '>':' ';
secret = serialno? 3 : 1;
else
s2k_char = '#'; /* Key not found. */
secret = '2'; /* Key not found. */
}
else
s2k_char = ' ';
es_fprintf (es_stdout, "%s%c %s/%s %s",
secret? "ssb":"sub",
s2k_char,
pubkey_string (pk2, pkstrbuf, sizeof pkstrbuf),
keystr_from_pk (pk2), datestr_from_pk (pk2));
if ((opt.list_options & LIST_SHOW_USAGE))
{
es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk2, 0));
}
if (pk2->flags.revoked)
{
es_fprintf (es_stdout, " [");
es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk2));
es_fprintf (es_stdout, "]");
}
else if (pk2->has_expired)
{
es_fprintf (es_stdout, " [");
es_fprintf (es_stdout, _("expired: %s"), expirestr_from_pk (pk2));
es_fprintf (es_stdout, "]");
}
else if (pk2->expiredate)
{
es_fprintf (es_stdout, " [");
es_fprintf (es_stdout, _("expires: %s"), expirestr_from_pk (pk2));
es_fprintf (es_stdout, "]");
}
es_putc ('\n', es_stdout);
/* Print the "sub" line. */
print_key_line (es_stdout, pk2, secret);
if (fpr > 1)
{
print_fingerprint (NULL, pk2, 0);
@ -1861,6 +1788,7 @@ print_icao_hexdigit (estream_t fp, int c)
* 3: direct use of tty but only primary key.
* 4: direct use of tty but only subkey.
* 10: Same as 0 but with_colons etc is ignored.
* 20: Same as 0 but using a compact format.
*
* Modes 1 and 2 will try and print both subkey and primary key
* fingerprints. A MODE with bit 7 set is used internally. If
@ -1878,6 +1806,7 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode)
int primary = 0;
int with_colons = opt.with_colons;
int with_icao = opt.with_icao_spelling;
int compact = 0;
if (mode == 10)
{
@ -1885,6 +1814,12 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode)
with_colons = 0;
with_icao = 0;
}
else if (mode == 20)
{
mode = 0;
with_colons = 0;
compact = 1;
}
if (pk->main_keyid[0] == pk->keyid[0]
&& pk->main_keyid[1] == pk->keyid[1])
@ -1946,6 +1881,10 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode)
{
es_fprintf (fp, "fpr:::::::::%s:", hexfpr);
}
else if (compact)
{
tty_fprintf (fp, "%*s%s", 6, "", hexfpr);
}
else
{
char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1];
@ -1997,6 +1936,75 @@ print_card_serialno (const char *serialno)
}
/* Print a public or secret (sub)key line. Example:
*
* pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31]
* 80615870F5BAD690333686D0F2AD85AC1E42B367
*
* Some global options may result in a different output format. If
* SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and
* depending on the value a flag character is shown:
*
* 1 := ' ' Regular secret key
* 2 := '#' Stub secret key
* 3 := '>' Secret key is on a token.
*/
void
print_key_line (estream_t fp, PKT_public_key *pk, int secret)
{
char pkstrbuf[PUBKEY_STRING_SIZE];
tty_fprintf (fp, "%s%c %s",
pk->flags.primary? (secret? "sec":"pub")
/**/ : (secret? "ssb":"sub"),
secret == 2? '#' : secret == 3? '>' : ' ',
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf));
if (opt.keyid_format != KF_NONE)
tty_fprintf (fp, "/%s", keystr_from_pk (pk));
tty_fprintf (fp, " %s", datestr_from_pk (pk));
if ((opt.list_options & LIST_SHOW_USAGE))
{
tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0));
}
if (pk->flags.revoked)
{
tty_fprintf (fp, " [");
tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk));
tty_fprintf (fp, "]");
}
else if (pk->has_expired)
{
tty_fprintf (fp, " [");
tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk));
tty_fprintf (fp, "]");
}
else if (pk->expiredate)
{
tty_fprintf (fp, " [");
tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
tty_fprintf (fp, "]");
}
#if 0
/* I need to think about this some more. It's easy enough to
include, but it looks sort of confusing in the listing... */
if (opt.list_options & LIST_SHOW_VALIDITY)
{
int validity = get_validity (ctrl, pk, NULL, NULL, 0);
tty_fprintf (fp, " [%s]", trust_value_to_string (validity));
}
#endif
if (pk->pubkey_algo >= 100)
tty_fprintf (fp, " [experimental algorithm %d]", pk->pubkey_algo);
tty_fprintf (fp, "\n");
if (pk->flags.primary && opt.keyid_format == KF_NONE)
print_fingerprint (fp, pk, 20);
}
void
set_attrib_fd (int fd)

1
g10/main.h
View File

@ -426,6 +426,7 @@ char *format_seckey_info (PKT_public_key *pk);
void print_seckey_info (PKT_public_key *pk);
void print_pubkey_info (estream_t fp, PKT_public_key *pk);
void print_card_key_info (estream_t fp, KBNODE keyblock);
void print_key_line (estream_t fp, PKT_public_key *pk, int secret);
/*-- verify.c --*/
void print_file_status( int status, const char *name, int what );

47
g10/mainproc.c
View File

@ -985,13 +985,10 @@ print_userid (PACKET *pkt)
static void
list_node (CTX c, kbnode_t node)
{
int mainkey;
char pkstrbuf[PUBKEY_STRING_SIZE];
if (!node)
;
else if ((mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY))
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
else if (node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
PKT_public_key *pk = node->pkt->pkt.public_key;
@ -1000,10 +997,10 @@ list_node (CTX c, kbnode_t node)
u32 keyid[2];
keyid_from_pk( pk, keyid );
if (mainkey)
if (pk->flags.primary)
c->trustletter = (opt.fast_list_mode?
0 : get_validity_info (c->ctrl, pk, NULL));
es_printf ("%s:", mainkey? "pub":"sub" );
es_printf ("%s:", pk->flags.primary? "pub":"sub" );
if (c->trustletter)
es_putc (c->trustletter, es_stdout);
es_printf (":%u:%d:%08lX%08lX:%s:%s::",
@ -1012,33 +1009,19 @@ list_node (CTX c, kbnode_t node)
(ulong)keyid[0],(ulong)keyid[1],
colon_datestr_from_pk( pk ),
colon_strtime (pk->expiredate) );
if (mainkey && !opt.fast_list_mode)
if (pk->flags.primary && !opt.fast_list_mode)
es_putc (get_ownertrust_info (pk), es_stdout);
es_putc (':', es_stdout);
es_putc ('\n', es_stdout);
}
else
es_printf ("%s %s/%s %s",
mainkey? "pub":"sub",
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
keystr_from_pk (pk),
datestr_from_pk (pk));
if (pk->flags.revoked)
{
es_printf (" [");
es_printf (_("revoked: %s"), revokestr_from_pk (pk));
es_printf ("]\n");
print_key_line (es_stdout, pk, 0);
}
else if( pk->expiredate && !opt.with_colons)
{
es_printf (" [");
es_printf (_("expires: %s"), expirestr_from_pk (pk));
es_printf ("]\n");
}
else
es_putc ('\n', es_stdout);
if ((mainkey && opt.fingerprint) || opt.fingerprint > 1)
if (opt.keyid_format == KF_NONE && !opt.with_colons)
; /* Already printed. */
else if ((pk->flags.primary && opt.fingerprint) || opt.fingerprint > 1)
print_fingerprint (NULL, pk, 0);
if (opt.with_colons)
@ -1048,8 +1031,10 @@ list_node (CTX c, kbnode_t node)
node->next->pkt->pkt.ring_trust->trustval);
}
if (mainkey)
if (pk->flags.primary)
{
int kl = opt.keyid_format == KF_NONE? 0 : keystrlen ();
/* Now list all userids with their signatures. */
for (node = node->next; node; node = node->next)
{
@ -1064,7 +1049,7 @@ list_node (CTX c, kbnode_t node)
node->pkt->pkt.user_id->attrib_data?"uat":"uid");
else
es_printf ("uid%*s",
(int)keystrlen ()+(opt.legacy_list_mode? 9:11),
kl + (opt.legacy_list_mode? 9:11),
"" );
print_userid (node->pkt);
if (opt.with_colons)
@ -1086,7 +1071,7 @@ list_node (CTX c, kbnode_t node)
}
}
}
else if ((mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
else if (node->pkt->pkttype == PKT_SECRET_KEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY)
{
@ -1719,7 +1704,7 @@ check_sig_and_print (CTX c, kbnode_t node)
{
log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
log_info (_(" using %s key %s\n"),
astr? astr: "?",keystr(sig->keyid));
astr? astr: "?", keystr(sig->keyid));
}
else
log_info (_("Signature made %s using %s key ID %s\n"),

2
g10/options.h
View File

@ -137,7 +137,7 @@ struct
} compliance;
enum
{
KF_DEFAULT, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG
KF_DEFAULT, KF_NONE, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG
} keyid_format;
int shm_coprocess;
const char *set_filename;

14
g10/pkclist.c
View File

@ -189,7 +189,6 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode,
int min_num;
int did_help=defer_help;
unsigned int minimum = tdb_get_min_ownertrust (pk);
char pkstrbuf[PUBKEY_STRING_SIZE];
switch(minimum)
{
@ -222,13 +221,12 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode,
{
KBNODE keyblock, un;
tty_printf(_("No trust value assigned to:\n"));
tty_printf("%s/%s %s\n",
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
keystr(keyid), datestr_from_pk( pk ) );
p=get_user_id_native(keyid);
tty_printf(_(" \"%s\"\n"),p);
xfree(p);
tty_printf (_("No trust value assigned to:\n"));
print_key_line (NULL, pk, 0);
p = get_user_id_native(keyid);
tty_printf (_(" \"%s\"\n"),p);
xfree (p);
keyblock = get_pubkeyblock (keyid);
if (!keyblock)

14
g10/revoke.c
View File

@ -530,7 +530,7 @@ gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce)
void *leadin;
size_t len;
u32 keyid[2];
char pkstrbuf[PUBKEY_STRING_SIZE];
int kl;
char *orig_codeset;
dir = get_openpgp_revocdir (opt.homedir);
@ -550,16 +550,16 @@ gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce)
es_fprintf (memfp, "%s\n\n",
_("This is a revocation certificate for the OpenPGP key:"));
es_fprintf (memfp, "pub %s/%s %s\n",
pubkey_string (psk, pkstrbuf, sizeof pkstrbuf),
keystr (keyid),
datestr_from_pk (psk));
print_key_line (memfp, psk, 0);
print_fingerprint (memfp, psk, 3);
if (opt.keyid_format != KF_NONE)
print_fingerprint (memfp, psk, 3);
kl = opt.keyid_format == KF_NONE? 0 : keystrlen ();
tmpstr = get_user_id (keyid, &len);
es_fprintf (memfp, "uid%*s%.*s\n\n",
(int)keystrlen () + 10, "",
kl + 10, "",
(int)len, tmpstr);
xfree (tmpstr);