From b047388d57443f584f1c1d6333aac5218b685042 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 6 Jun 2016 16:00:50 +0200 Subject: [PATCH] gpg: Implement --keyid-format=none. * g10/gpg.c (main): Add option "none" to --keyid-format. * g10/options.h (KF_NONE): New. * g10/keyid.c (format_keyid): Implement that. (keystr): Use format "long" is KF_NONE is in use. (keystr_with_sub): Ditto. * g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE. Factor some code out to ... (print_key_line): new. (print_fingerprint): Add mode 20. * g10/mainproc.c (list_node): Use print_key_line. Replace MAINKEY by flags.primary in the PK. Fix putting a " revoked..." string into the colons format. * g10/pkclist.c (do_edit_ownertrust): Use print_key_line. This slightly changes the putput format. * g10/revoke.c (gen_standard_revoke): Use print_key_line. This may also put "expires: " into the output. -- Due to user experience problems with the keyid and we better allow to show the fingerprint instead. Note that we do not support v3 keys anymore and thus there is no technical need for a user to know the keyid. GnuPG-bug-id: 2379 Signed-off-by: Werner Koch --- doc/gpg.texi | 13 ++-- g10/gpg.c | 2 + g10/keyid.c | 23 +++++-- g10/keylist.c | 180 ++++++++++++++++++++++++++----------------------- g10/main.h | 1 + g10/mainproc.c | 47 +++++-------- g10/options.h | 2 +- g10/pkclist.c | 14 ++-- g10/revoke.c | 14 ++-- 9 files changed, 153 insertions(+), 143 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 455995884..f19058146 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1679,13 +1679,14 @@ mechanisms, in the order they are to be tried: @end table -@item --keyid-format @code{short|0xshort|long|0xlong} +@item --keyid-format @code{none|short|0xshort|long|0xlong} @opindex keyid-format -Select how to display key IDs. "short" is the traditional 8-character -key ID. "long" is the more accurate (but less convenient) -16-character key ID. Add an "0x" to either to include an "0x" at the -beginning of the key ID, as in 0x99242560. Note that this option is -ignored if the option --with-colons is used. +Select how to display key IDs. "none" does not show the key ID at all +but shows the fingerprint in a separate line. "short" is the +traditional 8-character key ID. "long" is the more accurate (but less +convenient) 16-character key ID. Add an "0x" to either to include an +"0x" at the beginning of the key ID, as in 0x99242560. Note that this +option is ignored if the option @option{--with-colons} is used. @item --keyserver @code{name} @opindex keyserver diff --git a/g10/gpg.c b/g10/gpg.c index b193fcdfd..d0be4ba3f 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -3256,6 +3256,8 @@ main (int argc, char **argv) opt.keyid_format=KF_0xSHORT; else if(ascii_strcasecmp(pargs.r.ret_str,"0xlong")==0) opt.keyid_format=KF_0xLONG; + else if(ascii_strcasecmp(pargs.r.ret_str,"none")==0) + opt.keyid_format = KF_NONE; else log_error("unknown keyid-format '%s'\n",pargs.r.ret_str); break; diff --git a/g10/keyid.c b/g10/keyid.c index bd808d21e..20efa01b7 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -337,6 +337,11 @@ format_keyid (u32 *keyid, int format, char *buffer, int len) switch (format) { + case KF_NONE: + if (len) + *buffer = 0; + break; + case KF_SHORT: snprintf (buffer, len, "%08lX", (ulong)keyid[1]); break; @@ -401,22 +406,32 @@ const char * keystr (u32 *keyid) { static char keyid_str[KEYID_STR_SIZE]; - return format_keyid (keyid, opt.keyid_format, keyid_str, sizeof (keyid_str)); + int format = opt.keyid_format; + + if (format == KF_NONE) + format = KF_LONG; + + return format_keyid (keyid, format, keyid_str, sizeof (keyid_str)); } - +/* This function returns the key id of the main and possible the + * subkey as one string. It is used by error messages. */ const char * keystr_with_sub (u32 *main_kid, u32 *sub_kid) { static char buffer[KEYID_STR_SIZE+1+KEYID_STR_SIZE]; char *p; + int format = opt.keyid_format; - mem2str (buffer, keystr (main_kid), KEYID_STR_SIZE); + if (format == KF_NONE) + format = KF_LONG; + + format_keyid (main_kid, format, buffer, KEYID_STR_SIZE); if (sub_kid) { p = buffer + strlen (buffer); *p++ = '/'; - mem2str (p, keystr (sub_kid), KEYID_STR_SIZE); + format_keyid (sub_kid, format, p, KEYID_STR_SIZE); } return buffer; } diff --git a/g10/keylist.c b/g10/keylist.c index 2a1ef2e12..abd5ffa3e 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1022,10 +1022,8 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, KBNODE node; PKT_public_key *pk; int skip_sigs = 0; - int s2k_char; char *hexgrip = NULL; char *serialno = NULL; - char pkstrbuf[PUBKEY_STRING_SIZE]; /* Get the keyid from the keyblock. */ node = find_kbnode (keyblock, PKT_PUBLIC_KEY); @@ -1047,62 +1045,19 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, if (secret) { + /* Encode some info about the secret key in SECRET. */ if (!agent_get_keyinfo (NULL, hexgrip, &serialno)) - s2k_char = serialno? '>':' '; + secret = serialno? 3 : 1; else - s2k_char = '#'; /* Key not found. */ + secret = 2; /* Key not found. */ } - else - s2k_char = ' '; check_trustdb_stale (ctrl); + /* Print the "pub" line and in KF_NONE mode the fingerprint. */ + print_key_line (es_stdout, pk, secret); - es_fprintf (es_stdout, "%s%c %s/%s %s", - secret? "sec":"pub", - s2k_char, - pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), - keystr_from_pk (pk), datestr_from_pk (pk)); - - if ((opt.list_options & LIST_SHOW_USAGE)) - { - es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk, 0)); - } - if (pk->flags.revoked) - { - es_fprintf (es_stdout, " ["); - es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk)); - es_fprintf (es_stdout, "]"); - } - else if (pk->has_expired) - { - es_fprintf (es_stdout, " ["); - es_fprintf (es_stdout, _("expired: %s"), expirestr_from_pk (pk)); - es_fprintf (es_stdout, "]"); - } - else if (pk->expiredate) - { - es_fprintf (es_stdout, " ["); - es_fprintf (es_stdout, _("expires: %s"), expirestr_from_pk (pk)); - es_fprintf (es_stdout, "]"); - } - -#if 0 - /* I need to think about this some more. It's easy enough to - include, but it looks sort of confusing in the listing... */ - if (opt.list_options & LIST_SHOW_VALIDITY) - { - int validity = get_validity (ctrl, pk, NULL, NULL, 0); - es_fprintf (es_stdout, " [%s]", trust_value_to_string (validity)); - } -#endif - - if (pk->pubkey_algo >= 100) - es_fprintf (es_stdout, " [experimental algorithm %d]", pk->pubkey_algo); - - es_fprintf (es_stdout, "\n"); - - if (fpr) + if (fpr && opt.keyid_format != KF_NONE) print_fingerprint (NULL, pk, 0); if (opt.with_keygrip && hexgrip) @@ -1120,6 +1075,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, { PKT_user_id *uid = node->pkt->pkt.user_id; int indent; + int kl = opt.keyid_format == KF_NONE? 10 : keystrlen (); if ((uid->is_expired || uid->is_revoked) && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS)) @@ -1139,7 +1095,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, const char *validity; validity = uid_trust_string_fixed (ctrl, pk, uid); - indent = ((keystrlen () + (opt.legacy_list_mode? 9:11)) + indent = ((kl + (opt.legacy_list_mode? 9:11)) - atoi (uid_trust_string_fixed (ctrl, NULL, NULL))); if (indent < 0 || indent > 40) indent = 0; @@ -1148,7 +1104,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, } else { - indent = keystrlen () + (opt.legacy_list_mode? 10:12); + indent = kl + (opt.legacy_list_mode? 10:12); es_fprintf (es_stdout, "uid%*s", indent, ""); } @@ -1205,42 +1161,13 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, if (secret) { if (!agent_get_keyinfo (NULL, hexgrip, &serialno)) - s2k_char = serialno? '>':' '; + secret = serialno? 3 : 1; else - s2k_char = '#'; /* Key not found. */ + secret = '2'; /* Key not found. */ } - else - s2k_char = ' '; - es_fprintf (es_stdout, "%s%c %s/%s %s", - secret? "ssb":"sub", - s2k_char, - pubkey_string (pk2, pkstrbuf, sizeof pkstrbuf), - keystr_from_pk (pk2), datestr_from_pk (pk2)); - - if ((opt.list_options & LIST_SHOW_USAGE)) - { - es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk2, 0)); - } - if (pk2->flags.revoked) - { - es_fprintf (es_stdout, " ["); - es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk2)); - es_fprintf (es_stdout, "]"); - } - else if (pk2->has_expired) - { - es_fprintf (es_stdout, " ["); - es_fprintf (es_stdout, _("expired: %s"), expirestr_from_pk (pk2)); - es_fprintf (es_stdout, "]"); - } - else if (pk2->expiredate) - { - es_fprintf (es_stdout, " ["); - es_fprintf (es_stdout, _("expires: %s"), expirestr_from_pk (pk2)); - es_fprintf (es_stdout, "]"); - } - es_putc ('\n', es_stdout); + /* Print the "sub" line. */ + print_key_line (es_stdout, pk2, secret); if (fpr > 1) { print_fingerprint (NULL, pk2, 0); @@ -1861,6 +1788,7 @@ print_icao_hexdigit (estream_t fp, int c) * 3: direct use of tty but only primary key. * 4: direct use of tty but only subkey. * 10: Same as 0 but with_colons etc is ignored. + * 20: Same as 0 but using a compact format. * * Modes 1 and 2 will try and print both subkey and primary key * fingerprints. A MODE with bit 7 set is used internally. If @@ -1878,6 +1806,7 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) int primary = 0; int with_colons = opt.with_colons; int with_icao = opt.with_icao_spelling; + int compact = 0; if (mode == 10) { @@ -1885,6 +1814,12 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) with_colons = 0; with_icao = 0; } + else if (mode == 20) + { + mode = 0; + with_colons = 0; + compact = 1; + } if (pk->main_keyid[0] == pk->keyid[0] && pk->main_keyid[1] == pk->keyid[1]) @@ -1946,6 +1881,10 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) { es_fprintf (fp, "fpr:::::::::%s:", hexfpr); } + else if (compact) + { + tty_fprintf (fp, "%*s%s", 6, "", hexfpr); + } else { char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1]; @@ -1997,6 +1936,75 @@ print_card_serialno (const char *serialno) } +/* Print a public or secret (sub)key line. Example: + * + * pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31] + * 80615870F5BAD690333686D0F2AD85AC1E42B367 + * + * Some global options may result in a different output format. If + * SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and + * depending on the value a flag character is shown: + * + * 1 := ' ' Regular secret key + * 2 := '#' Stub secret key + * 3 := '>' Secret key is on a token. + */ +void +print_key_line (estream_t fp, PKT_public_key *pk, int secret) +{ + char pkstrbuf[PUBKEY_STRING_SIZE]; + + tty_fprintf (fp, "%s%c %s", + pk->flags.primary? (secret? "sec":"pub") + /**/ : (secret? "ssb":"sub"), + secret == 2? '#' : secret == 3? '>' : ' ', + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf)); + if (opt.keyid_format != KF_NONE) + tty_fprintf (fp, "/%s", keystr_from_pk (pk)); + tty_fprintf (fp, " %s", datestr_from_pk (pk)); + + if ((opt.list_options & LIST_SHOW_USAGE)) + { + tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0)); + } + if (pk->flags.revoked) + { + tty_fprintf (fp, " ["); + tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk)); + tty_fprintf (fp, "]"); + } + else if (pk->has_expired) + { + tty_fprintf (fp, " ["); + tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk)); + tty_fprintf (fp, "]"); + } + else if (pk->expiredate) + { + tty_fprintf (fp, " ["); + tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk)); + tty_fprintf (fp, "]"); + } + +#if 0 + /* I need to think about this some more. It's easy enough to + include, but it looks sort of confusing in the listing... */ + if (opt.list_options & LIST_SHOW_VALIDITY) + { + int validity = get_validity (ctrl, pk, NULL, NULL, 0); + tty_fprintf (fp, " [%s]", trust_value_to_string (validity)); + } +#endif + + if (pk->pubkey_algo >= 100) + tty_fprintf (fp, " [experimental algorithm %d]", pk->pubkey_algo); + + tty_fprintf (fp, "\n"); + + if (pk->flags.primary && opt.keyid_format == KF_NONE) + print_fingerprint (fp, pk, 20); +} + void set_attrib_fd (int fd) diff --git a/g10/main.h b/g10/main.h index 46b4ead9d..bda0bc188 100644 --- a/g10/main.h +++ b/g10/main.h @@ -426,6 +426,7 @@ char *format_seckey_info (PKT_public_key *pk); void print_seckey_info (PKT_public_key *pk); void print_pubkey_info (estream_t fp, PKT_public_key *pk); void print_card_key_info (estream_t fp, KBNODE keyblock); +void print_key_line (estream_t fp, PKT_public_key *pk, int secret); /*-- verify.c --*/ void print_file_status( int status, const char *name, int what ); diff --git a/g10/mainproc.c b/g10/mainproc.c index a2bfae3f4..15dc4b9c0 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -985,13 +985,10 @@ print_userid (PACKET *pkt) static void list_node (CTX c, kbnode_t node) { - int mainkey; - char pkstrbuf[PUBKEY_STRING_SIZE]; - if (!node) ; - else if ((mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY)) - || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + else if (node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) { PKT_public_key *pk = node->pkt->pkt.public_key; @@ -1000,10 +997,10 @@ list_node (CTX c, kbnode_t node) u32 keyid[2]; keyid_from_pk( pk, keyid ); - if (mainkey) + if (pk->flags.primary) c->trustletter = (opt.fast_list_mode? 0 : get_validity_info (c->ctrl, pk, NULL)); - es_printf ("%s:", mainkey? "pub":"sub" ); + es_printf ("%s:", pk->flags.primary? "pub":"sub" ); if (c->trustletter) es_putc (c->trustletter, es_stdout); es_printf (":%u:%d:%08lX%08lX:%s:%s::", @@ -1012,33 +1009,19 @@ list_node (CTX c, kbnode_t node) (ulong)keyid[0],(ulong)keyid[1], colon_datestr_from_pk( pk ), colon_strtime (pk->expiredate) ); - if (mainkey && !opt.fast_list_mode) + if (pk->flags.primary && !opt.fast_list_mode) es_putc (get_ownertrust_info (pk), es_stdout); es_putc (':', es_stdout); + es_putc ('\n', es_stdout); } else - es_printf ("%s %s/%s %s", - mainkey? "pub":"sub", - pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), - keystr_from_pk (pk), - datestr_from_pk (pk)); - - if (pk->flags.revoked) { - es_printf (" ["); - es_printf (_("revoked: %s"), revokestr_from_pk (pk)); - es_printf ("]\n"); + print_key_line (es_stdout, pk, 0); } - else if( pk->expiredate && !opt.with_colons) - { - es_printf (" ["); - es_printf (_("expires: %s"), expirestr_from_pk (pk)); - es_printf ("]\n"); - } - else - es_putc ('\n', es_stdout); - if ((mainkey && opt.fingerprint) || opt.fingerprint > 1) + if (opt.keyid_format == KF_NONE && !opt.with_colons) + ; /* Already printed. */ + else if ((pk->flags.primary && opt.fingerprint) || opt.fingerprint > 1) print_fingerprint (NULL, pk, 0); if (opt.with_colons) @@ -1048,8 +1031,10 @@ list_node (CTX c, kbnode_t node) node->next->pkt->pkt.ring_trust->trustval); } - if (mainkey) + if (pk->flags.primary) { + int kl = opt.keyid_format == KF_NONE? 0 : keystrlen (); + /* Now list all userids with their signatures. */ for (node = node->next; node; node = node->next) { @@ -1064,7 +1049,7 @@ list_node (CTX c, kbnode_t node) node->pkt->pkt.user_id->attrib_data?"uat":"uid"); else es_printf ("uid%*s", - (int)keystrlen ()+(opt.legacy_list_mode? 9:11), + kl + (opt.legacy_list_mode? 9:11), "" ); print_userid (node->pkt); if (opt.with_colons) @@ -1086,7 +1071,7 @@ list_node (CTX c, kbnode_t node) } } } - else if ((mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) ) + else if (node->pkt->pkttype == PKT_SECRET_KEY || node->pkt->pkttype == PKT_SECRET_SUBKEY) { @@ -1719,7 +1704,7 @@ check_sig_and_print (CTX c, kbnode_t node) { log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp)); log_info (_(" using %s key %s\n"), - astr? astr: "?",keystr(sig->keyid)); + astr? astr: "?", keystr(sig->keyid)); } else log_info (_("Signature made %s using %s key ID %s\n"), diff --git a/g10/options.h b/g10/options.h index 0de04188d..55f974a8f 100644 --- a/g10/options.h +++ b/g10/options.h @@ -137,7 +137,7 @@ struct } compliance; enum { - KF_DEFAULT, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG + KF_DEFAULT, KF_NONE, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG } keyid_format; int shm_coprocess; const char *set_filename; diff --git a/g10/pkclist.c b/g10/pkclist.c index f28410731..8efa95432 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -189,7 +189,6 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode, int min_num; int did_help=defer_help; unsigned int minimum = tdb_get_min_ownertrust (pk); - char pkstrbuf[PUBKEY_STRING_SIZE]; switch(minimum) { @@ -222,13 +221,12 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode, { KBNODE keyblock, un; - tty_printf(_("No trust value assigned to:\n")); - tty_printf("%s/%s %s\n", - pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), - keystr(keyid), datestr_from_pk( pk ) ); - p=get_user_id_native(keyid); - tty_printf(_(" \"%s\"\n"),p); - xfree(p); + tty_printf (_("No trust value assigned to:\n")); + print_key_line (NULL, pk, 0); + + p = get_user_id_native(keyid); + tty_printf (_(" \"%s\"\n"),p); + xfree (p); keyblock = get_pubkeyblock (keyid); if (!keyblock) diff --git a/g10/revoke.c b/g10/revoke.c index 3c6e158fe..33dac5ba2 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -530,7 +530,7 @@ gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce) void *leadin; size_t len; u32 keyid[2]; - char pkstrbuf[PUBKEY_STRING_SIZE]; + int kl; char *orig_codeset; dir = get_openpgp_revocdir (opt.homedir); @@ -550,16 +550,16 @@ gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce) es_fprintf (memfp, "%s\n\n", _("This is a revocation certificate for the OpenPGP key:")); - es_fprintf (memfp, "pub %s/%s %s\n", - pubkey_string (psk, pkstrbuf, sizeof pkstrbuf), - keystr (keyid), - datestr_from_pk (psk)); + print_key_line (memfp, psk, 0); - print_fingerprint (memfp, psk, 3); + if (opt.keyid_format != KF_NONE) + print_fingerprint (memfp, psk, 3); + + kl = opt.keyid_format == KF_NONE? 0 : keystrlen (); tmpstr = get_user_id (keyid, &len); es_fprintf (memfp, "uid%*s%.*s\n\n", - (int)keystrlen () + 10, "", + kl + 10, "", (int)len, tmpstr); xfree (tmpstr);