mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
* helptext.c, pkclist.c (do_we_trust): It is not possible to get here with
a revoked or expired key, so BUG() that case. Remove question about overriding revoked/expired. Also --keyid-format-ify. (do_we_trust_pre): Use print_pubkey_info() instead of printing the info ourselves. * passphrase.c (passphrase_to_dek): Improve translatability of user ID prompts. * keylist.c (print_pubkey_info): Use the user ID the pk was selected by, if any.
This commit is contained in:
parent
27b2c9356a
commit
b1e2c5398f
@ -1,5 +1,18 @@
|
||||
2004-10-06 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* helptext.c, pkclist.c (do_we_trust): It is not possible to get
|
||||
here with a revoked or expired key, so BUG() that case. Remove
|
||||
question about overriding revoked/expired. Also
|
||||
--keyid-format-ify.
|
||||
(do_we_trust_pre): Use print_pubkey_info() instead of printing the
|
||||
info ourselves.
|
||||
|
||||
* passphrase.c (passphrase_to_dek): Improve translatability of
|
||||
user ID prompts.
|
||||
|
||||
* keylist.c (print_pubkey_info): Use the user ID the pk was
|
||||
selected by, if any.
|
||||
|
||||
* keyedit.c (sign_uids, ask_revoke_sig): Improve translatability
|
||||
of user ID prompts.
|
||||
(ask_revoke_sig, menu_revsig): Try and use common strings for
|
||||
|
@ -57,10 +57,6 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
|
||||
"ultimately trusted\n"
|
||||
)},
|
||||
|
||||
{ "revoked_key.override", N_(
|
||||
"If you want to use this revoked key anyway, answer \"yes\"."
|
||||
)},
|
||||
|
||||
{ "untrusted_key.override", N_(
|
||||
"If you want to use this untrusted key anyway, answer \"yes\"."
|
||||
)},
|
||||
|
@ -119,7 +119,7 @@ print_seckey_info (PKT_secret_key *sk)
|
||||
keyid_from_sk (sk, keyid);
|
||||
p=get_user_id_native(keyid);
|
||||
|
||||
tty_printf ("\nsec %4u%c/%s %s %s\n",
|
||||
tty_printf ("\nsec %4u%c/%s %s %s\n",
|
||||
nbits_from_sk (sk),
|
||||
pubkey_letter (sk->pubkey_algo),
|
||||
keystr(keyid), datestr_from_sk (sk), p);
|
||||
@ -137,15 +137,21 @@ print_pubkey_info (FILE *fp, PKT_public_key *pk)
|
||||
char *p;
|
||||
|
||||
keyid_from_pk (pk, keyid);
|
||||
p=get_user_id_native(keyid);
|
||||
|
||||
/* If the pk was chosen by a particular user ID, that is the one to
|
||||
print. */
|
||||
if(pk->user_id)
|
||||
p=utf8_to_native(pk->user_id->name,pk->user_id->len,0);
|
||||
else
|
||||
p=get_user_id_native(keyid);
|
||||
|
||||
if (fp)
|
||||
fprintf (fp, "pub %4u%c/%s %s %s\n",
|
||||
fprintf (fp, "pub %4u%c/%s %s %s\n",
|
||||
nbits_from_pk (pk),
|
||||
pubkey_letter (pk->pubkey_algo),
|
||||
keystr(keyid), datestr_from_pk (pk), p);
|
||||
else
|
||||
tty_printf ("\npub %4u%c/%s %s %s\n",
|
||||
tty_printf ("\npub %4u%c/%s %s %s\n",
|
||||
nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
|
||||
keystr(keyid), datestr_from_pk (pk), p);
|
||||
|
||||
|
@ -1133,15 +1133,13 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
|
||||
information on that key. */
|
||||
if( keyid && !opt.batch && !next_pw && mode!=1 ) {
|
||||
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
|
||||
size_t n;
|
||||
char *p;
|
||||
|
||||
tty_printf(_("\nYou need a passphrase to unlock the secret key for\n"
|
||||
"user: \"") );
|
||||
p = get_user_id( keyid, &n );
|
||||
tty_print_utf8_string( p, n );
|
||||
p=get_user_id_native(keyid);
|
||||
tty_printf("\n");
|
||||
tty_printf(_("You need a passphrase to unlock the secret key for\n"
|
||||
"user: \"%s\"\n"),p);
|
||||
m_free(p);
|
||||
tty_printf("\"\n");
|
||||
|
||||
if( !get_pubkey( pk, keyid ) ) {
|
||||
const char *s = pubkey_algo_to_string( pk->pubkey_algo );
|
||||
|
177
g10/pkclist.c
177
g10/pkclist.c
@ -371,93 +371,54 @@ edit_ownertrust (PKT_public_key *pk, int mode )
|
||||
* Returns: true if we trust.
|
||||
*/
|
||||
static int
|
||||
do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
|
||||
do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
|
||||
{
|
||||
unsigned int trustmask = 0;
|
||||
/* We should not be able to get here with a revoked or expired
|
||||
key */
|
||||
if(trustlevel & TRUST_FLAG_REVOKED
|
||||
|| trustlevel & TRUST_FLAG_SUB_REVOKED
|
||||
|| (trustlevel & TRUST_MASK) == TRUST_EXPIRED)
|
||||
BUG();
|
||||
|
||||
/* FIXME: get_pubkey_byname already checks the validity and won't
|
||||
* return keys which are either expired or revoked - so these
|
||||
* question here won't get triggered. We have to find a solution
|
||||
* for this. It might make sense to have a function in getkey.c
|
||||
* which does only the basic checks and returns even revoked and
|
||||
* expired keys. This fnction could then also returhn a list of
|
||||
* keys if the speicified name is ambiguous
|
||||
*/
|
||||
if( (*trustlevel & TRUST_FLAG_REVOKED) ) {
|
||||
log_info(_("key %08lX: key has been revoked!\n"),
|
||||
(ulong)keyid_from_pk( pk, NULL) );
|
||||
show_revocation_reason( pk, 0 );
|
||||
if( opt.batch )
|
||||
return 0; /* no */
|
||||
|
||||
if( !cpr_get_answer_is_yes("revoked_key.override",
|
||||
_("Use this key anyway? ")) )
|
||||
return 0; /* no */
|
||||
trustmask |= TRUST_FLAG_REVOKED;
|
||||
}
|
||||
if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
|
||||
log_info(_("key %08lX: subkey has been revoked!\n"),
|
||||
(ulong)keyid_from_pk( pk, NULL) );
|
||||
show_revocation_reason( pk, 0 );
|
||||
if( opt.batch )
|
||||
return 0;
|
||||
|
||||
if( !cpr_get_answer_is_yes("revoked_key.override",
|
||||
_("Use this key anyway? ")) )
|
||||
return 0;
|
||||
trustmask |= TRUST_FLAG_SUB_REVOKED;
|
||||
}
|
||||
*trustlevel &= ~trustmask;
|
||||
|
||||
if( opt.trust_model==TM_ALWAYS ) {
|
||||
if( opt.verbose )
|
||||
log_info("No trust check due to --trust-model always option\n");
|
||||
return 1;
|
||||
if( opt.trust_model==TM_ALWAYS )
|
||||
{
|
||||
if( opt.verbose )
|
||||
log_info("No trust check due to `--trust-model always' option\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
switch( (*trustlevel & TRUST_MASK) ) {
|
||||
case TRUST_EXPIRED:
|
||||
log_info(_("%08lX: key has expired\n"),
|
||||
(ulong)keyid_from_pk( pk, NULL) );
|
||||
return 0; /* no */
|
||||
switch(trustlevel & TRUST_MASK)
|
||||
{
|
||||
default:
|
||||
log_error ("invalid trustlevel %u returned from validation layer\n",
|
||||
trustlevel);
|
||||
/* fall thru */
|
||||
case TRUST_UNKNOWN:
|
||||
case TRUST_UNDEFINED:
|
||||
log_info(_("%s: There is no assurance this key belongs"
|
||||
" to the named user\n"),keystr_from_pk(pk));
|
||||
return 0; /* no */
|
||||
|
||||
default:
|
||||
log_error ("invalid trustlevel %u returned from validation layer\n",
|
||||
*trustlevel);
|
||||
/* fall thru */
|
||||
case TRUST_UNKNOWN:
|
||||
case TRUST_UNDEFINED:
|
||||
log_info(_("%08lX: There is no assurance this key belongs "
|
||||
"to the named user\n"),(ulong)keyid_from_pk( pk, NULL) );
|
||||
return 0; /* no */
|
||||
case TRUST_MARGINAL:
|
||||
log_info(_("%s: There is limited assurance this key belongs"
|
||||
" to the named user\n"),keystr_from_pk(pk));
|
||||
return 1; /* yes */
|
||||
|
||||
/* No way to get here? */
|
||||
case TRUST_NEVER:
|
||||
log_info(_("%08lX: We do NOT trust this key\n"),
|
||||
(ulong)keyid_from_pk( pk, NULL) );
|
||||
return 0; /* no */
|
||||
case TRUST_FULLY:
|
||||
if( opt.verbose )
|
||||
log_info(_("This key probably belongs to the named user\n"));
|
||||
return 1; /* yes */
|
||||
|
||||
case TRUST_MARGINAL:
|
||||
log_info(_("%08lX: There is limited assurance this key belongs "
|
||||
"to the named user\n"),(ulong)keyid_from_pk(pk,NULL));
|
||||
return 1; /* yes */
|
||||
|
||||
case TRUST_FULLY:
|
||||
if( opt.verbose )
|
||||
log_info(_("This key probably belongs to the named user\n"));
|
||||
return 1; /* yes */
|
||||
|
||||
case TRUST_ULTIMATE:
|
||||
if( opt.verbose )
|
||||
log_info(_("This key belongs to us\n"));
|
||||
return 1; /* yes */
|
||||
case TRUST_ULTIMATE:
|
||||
if( opt.verbose )
|
||||
log_info(_("This key belongs to us\n"));
|
||||
return 1; /* yes */
|
||||
}
|
||||
|
||||
return 1; /* yes */
|
||||
return 1; /* yes */
|
||||
}
|
||||
|
||||
|
||||
|
||||
/****************
|
||||
* wrapper around do_we_trust, so we can ask whether to use the
|
||||
* key anyway.
|
||||
@ -465,58 +426,34 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
|
||||
static int
|
||||
do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
|
||||
{
|
||||
int rc;
|
||||
int rc;
|
||||
|
||||
rc = do_we_trust( pk, &trustlevel );
|
||||
rc = do_we_trust( pk, trustlevel );
|
||||
|
||||
if( (trustlevel & TRUST_FLAG_REVOKED) && !rc )
|
||||
return 0;
|
||||
if( (trustlevel & TRUST_FLAG_SUB_REVOKED) && !rc )
|
||||
return 0;
|
||||
if( !opt.batch && !rc )
|
||||
{
|
||||
print_pubkey_info(NULL,pk);
|
||||
print_fingerprint (pk, NULL, 2);
|
||||
tty_printf("\n");
|
||||
|
||||
if( !opt.batch && !rc ) {
|
||||
u32 keyid[2];
|
||||
tty_printf(
|
||||
_("It is NOT certain that the key belongs to the person named\n"
|
||||
"in the user ID. If you *really* know what you are doing,\n"
|
||||
"you may answer the next question with yes.\n"));
|
||||
|
||||
keyid_from_pk( pk, keyid);
|
||||
tty_printf( "%4u%c/%08lX %s \"",
|
||||
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
|
||||
(ulong)keyid[1], datestr_from_pk( pk ) );
|
||||
/* If the pk was chosen by a particular user ID, this is the
|
||||
one to ask about. */
|
||||
if(pk->user_id)
|
||||
tty_print_utf8_string(pk->user_id->name,pk->user_id->len);
|
||||
else
|
||||
{
|
||||
size_t n;
|
||||
char *p = get_user_id( keyid, &n );
|
||||
tty_print_utf8_string( p, n );
|
||||
m_free(p);
|
||||
}
|
||||
tty_printf("\"\n");
|
||||
print_fingerprint (pk, NULL, 2);
|
||||
tty_printf("\n");
|
||||
tty_printf("\n");
|
||||
|
||||
tty_printf(_(
|
||||
"It is NOT certain that the key belongs to the person named\n"
|
||||
"in the user ID. If you *really* know what you are doing,\n"
|
||||
"you may answer the next question with yes\n\n"));
|
||||
|
||||
if( cpr_get_answer_is_yes("untrusted_key.override",
|
||||
_("Use this key anyway? ")) )
|
||||
rc = 1;
|
||||
|
||||
/* Hmmm: Should we set a flag to tell the user about
|
||||
* his decision the next time he encrypts for this recipient?
|
||||
*/
|
||||
}
|
||||
else if( opt.trust_model==TM_ALWAYS && !rc ) {
|
||||
if( !opt.quiet )
|
||||
log_info(_("WARNING: Using untrusted key!\n"));
|
||||
if( cpr_get_answer_is_yes("untrusted_key.override",
|
||||
_("Use this key anyway? ")) )
|
||||
rc = 1;
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Hmmm: Should we set a flag to tell the user about
|
||||
* his decision the next time he encrypts for this recipient?
|
||||
*/
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
|
Loading…
x
Reference in New Issue
Block a user