mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-08 12:44:23 +01:00
* helptext.c, pkclist.c (do_we_trust): It is not possible to get here with
a revoked or expired key, so BUG() that case. Remove question about overriding revoked/expired. Also --keyid-format-ify. (do_we_trust_pre): Use print_pubkey_info() instead of printing the info ourselves. * passphrase.c (passphrase_to_dek): Improve translatability of user ID prompts. * keylist.c (print_pubkey_info): Use the user ID the pk was selected by, if any.
This commit is contained in:
parent
27b2c9356a
commit
b1e2c5398f
@ -1,5 +1,18 @@
|
|||||||
2004-10-06 David Shaw <dshaw@jabberwocky.com>
|
2004-10-06 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* helptext.c, pkclist.c (do_we_trust): It is not possible to get
|
||||||
|
here with a revoked or expired key, so BUG() that case. Remove
|
||||||
|
question about overriding revoked/expired. Also
|
||||||
|
--keyid-format-ify.
|
||||||
|
(do_we_trust_pre): Use print_pubkey_info() instead of printing the
|
||||||
|
info ourselves.
|
||||||
|
|
||||||
|
* passphrase.c (passphrase_to_dek): Improve translatability of
|
||||||
|
user ID prompts.
|
||||||
|
|
||||||
|
* keylist.c (print_pubkey_info): Use the user ID the pk was
|
||||||
|
selected by, if any.
|
||||||
|
|
||||||
* keyedit.c (sign_uids, ask_revoke_sig): Improve translatability
|
* keyedit.c (sign_uids, ask_revoke_sig): Improve translatability
|
||||||
of user ID prompts.
|
of user ID prompts.
|
||||||
(ask_revoke_sig, menu_revsig): Try and use common strings for
|
(ask_revoke_sig, menu_revsig): Try and use common strings for
|
||||||
|
@ -57,10 +57,6 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
|
|||||||
"ultimately trusted\n"
|
"ultimately trusted\n"
|
||||||
)},
|
)},
|
||||||
|
|
||||||
{ "revoked_key.override", N_(
|
|
||||||
"If you want to use this revoked key anyway, answer \"yes\"."
|
|
||||||
)},
|
|
||||||
|
|
||||||
{ "untrusted_key.override", N_(
|
{ "untrusted_key.override", N_(
|
||||||
"If you want to use this untrusted key anyway, answer \"yes\"."
|
"If you want to use this untrusted key anyway, answer \"yes\"."
|
||||||
)},
|
)},
|
||||||
|
@ -119,7 +119,7 @@ print_seckey_info (PKT_secret_key *sk)
|
|||||||
keyid_from_sk (sk, keyid);
|
keyid_from_sk (sk, keyid);
|
||||||
p=get_user_id_native(keyid);
|
p=get_user_id_native(keyid);
|
||||||
|
|
||||||
tty_printf ("\nsec %4u%c/%s %s %s\n",
|
tty_printf ("\nsec %4u%c/%s %s %s\n",
|
||||||
nbits_from_sk (sk),
|
nbits_from_sk (sk),
|
||||||
pubkey_letter (sk->pubkey_algo),
|
pubkey_letter (sk->pubkey_algo),
|
||||||
keystr(keyid), datestr_from_sk (sk), p);
|
keystr(keyid), datestr_from_sk (sk), p);
|
||||||
@ -137,15 +137,21 @@ print_pubkey_info (FILE *fp, PKT_public_key *pk)
|
|||||||
char *p;
|
char *p;
|
||||||
|
|
||||||
keyid_from_pk (pk, keyid);
|
keyid_from_pk (pk, keyid);
|
||||||
p=get_user_id_native(keyid);
|
|
||||||
|
/* If the pk was chosen by a particular user ID, that is the one to
|
||||||
|
print. */
|
||||||
|
if(pk->user_id)
|
||||||
|
p=utf8_to_native(pk->user_id->name,pk->user_id->len,0);
|
||||||
|
else
|
||||||
|
p=get_user_id_native(keyid);
|
||||||
|
|
||||||
if (fp)
|
if (fp)
|
||||||
fprintf (fp, "pub %4u%c/%s %s %s\n",
|
fprintf (fp, "pub %4u%c/%s %s %s\n",
|
||||||
nbits_from_pk (pk),
|
nbits_from_pk (pk),
|
||||||
pubkey_letter (pk->pubkey_algo),
|
pubkey_letter (pk->pubkey_algo),
|
||||||
keystr(keyid), datestr_from_pk (pk), p);
|
keystr(keyid), datestr_from_pk (pk), p);
|
||||||
else
|
else
|
||||||
tty_printf ("\npub %4u%c/%s %s %s\n",
|
tty_printf ("\npub %4u%c/%s %s %s\n",
|
||||||
nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
|
nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
|
||||||
keystr(keyid), datestr_from_pk (pk), p);
|
keystr(keyid), datestr_from_pk (pk), p);
|
||||||
|
|
||||||
|
@ -1133,15 +1133,13 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
|
|||||||
information on that key. */
|
information on that key. */
|
||||||
if( keyid && !opt.batch && !next_pw && mode!=1 ) {
|
if( keyid && !opt.batch && !next_pw && mode!=1 ) {
|
||||||
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
|
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
|
||||||
size_t n;
|
|
||||||
char *p;
|
char *p;
|
||||||
|
|
||||||
tty_printf(_("\nYou need a passphrase to unlock the secret key for\n"
|
p=get_user_id_native(keyid);
|
||||||
"user: \"") );
|
tty_printf("\n");
|
||||||
p = get_user_id( keyid, &n );
|
tty_printf(_("You need a passphrase to unlock the secret key for\n"
|
||||||
tty_print_utf8_string( p, n );
|
"user: \"%s\"\n"),p);
|
||||||
m_free(p);
|
m_free(p);
|
||||||
tty_printf("\"\n");
|
|
||||||
|
|
||||||
if( !get_pubkey( pk, keyid ) ) {
|
if( !get_pubkey( pk, keyid ) ) {
|
||||||
const char *s = pubkey_algo_to_string( pk->pubkey_algo );
|
const char *s = pubkey_algo_to_string( pk->pubkey_algo );
|
||||||
|
177
g10/pkclist.c
177
g10/pkclist.c
@ -371,93 +371,54 @@ edit_ownertrust (PKT_public_key *pk, int mode )
|
|||||||
* Returns: true if we trust.
|
* Returns: true if we trust.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
|
do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
|
||||||
{
|
{
|
||||||
unsigned int trustmask = 0;
|
/* We should not be able to get here with a revoked or expired
|
||||||
|
key */
|
||||||
|
if(trustlevel & TRUST_FLAG_REVOKED
|
||||||
|
|| trustlevel & TRUST_FLAG_SUB_REVOKED
|
||||||
|
|| (trustlevel & TRUST_MASK) == TRUST_EXPIRED)
|
||||||
|
BUG();
|
||||||
|
|
||||||
/* FIXME: get_pubkey_byname already checks the validity and won't
|
if( opt.trust_model==TM_ALWAYS )
|
||||||
* return keys which are either expired or revoked - so these
|
{
|
||||||
* question here won't get triggered. We have to find a solution
|
if( opt.verbose )
|
||||||
* for this. It might make sense to have a function in getkey.c
|
log_info("No trust check due to `--trust-model always' option\n");
|
||||||
* which does only the basic checks and returns even revoked and
|
return 1;
|
||||||
* expired keys. This fnction could then also returhn a list of
|
|
||||||
* keys if the speicified name is ambiguous
|
|
||||||
*/
|
|
||||||
if( (*trustlevel & TRUST_FLAG_REVOKED) ) {
|
|
||||||
log_info(_("key %08lX: key has been revoked!\n"),
|
|
||||||
(ulong)keyid_from_pk( pk, NULL) );
|
|
||||||
show_revocation_reason( pk, 0 );
|
|
||||||
if( opt.batch )
|
|
||||||
return 0; /* no */
|
|
||||||
|
|
||||||
if( !cpr_get_answer_is_yes("revoked_key.override",
|
|
||||||
_("Use this key anyway? ")) )
|
|
||||||
return 0; /* no */
|
|
||||||
trustmask |= TRUST_FLAG_REVOKED;
|
|
||||||
}
|
|
||||||
if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
|
|
||||||
log_info(_("key %08lX: subkey has been revoked!\n"),
|
|
||||||
(ulong)keyid_from_pk( pk, NULL) );
|
|
||||||
show_revocation_reason( pk, 0 );
|
|
||||||
if( opt.batch )
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
if( !cpr_get_answer_is_yes("revoked_key.override",
|
|
||||||
_("Use this key anyway? ")) )
|
|
||||||
return 0;
|
|
||||||
trustmask |= TRUST_FLAG_SUB_REVOKED;
|
|
||||||
}
|
|
||||||
*trustlevel &= ~trustmask;
|
|
||||||
|
|
||||||
if( opt.trust_model==TM_ALWAYS ) {
|
|
||||||
if( opt.verbose )
|
|
||||||
log_info("No trust check due to --trust-model always option\n");
|
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
switch( (*trustlevel & TRUST_MASK) ) {
|
switch(trustlevel & TRUST_MASK)
|
||||||
case TRUST_EXPIRED:
|
{
|
||||||
log_info(_("%08lX: key has expired\n"),
|
default:
|
||||||
(ulong)keyid_from_pk( pk, NULL) );
|
log_error ("invalid trustlevel %u returned from validation layer\n",
|
||||||
return 0; /* no */
|
trustlevel);
|
||||||
|
/* fall thru */
|
||||||
|
case TRUST_UNKNOWN:
|
||||||
|
case TRUST_UNDEFINED:
|
||||||
|
log_info(_("%s: There is no assurance this key belongs"
|
||||||
|
" to the named user\n"),keystr_from_pk(pk));
|
||||||
|
return 0; /* no */
|
||||||
|
|
||||||
default:
|
case TRUST_MARGINAL:
|
||||||
log_error ("invalid trustlevel %u returned from validation layer\n",
|
log_info(_("%s: There is limited assurance this key belongs"
|
||||||
*trustlevel);
|
" to the named user\n"),keystr_from_pk(pk));
|
||||||
/* fall thru */
|
return 1; /* yes */
|
||||||
case TRUST_UNKNOWN:
|
|
||||||
case TRUST_UNDEFINED:
|
|
||||||
log_info(_("%08lX: There is no assurance this key belongs "
|
|
||||||
"to the named user\n"),(ulong)keyid_from_pk( pk, NULL) );
|
|
||||||
return 0; /* no */
|
|
||||||
|
|
||||||
/* No way to get here? */
|
case TRUST_FULLY:
|
||||||
case TRUST_NEVER:
|
if( opt.verbose )
|
||||||
log_info(_("%08lX: We do NOT trust this key\n"),
|
log_info(_("This key probably belongs to the named user\n"));
|
||||||
(ulong)keyid_from_pk( pk, NULL) );
|
return 1; /* yes */
|
||||||
return 0; /* no */
|
|
||||||
|
|
||||||
case TRUST_MARGINAL:
|
case TRUST_ULTIMATE:
|
||||||
log_info(_("%08lX: There is limited assurance this key belongs "
|
if( opt.verbose )
|
||||||
"to the named user\n"),(ulong)keyid_from_pk(pk,NULL));
|
log_info(_("This key belongs to us\n"));
|
||||||
return 1; /* yes */
|
return 1; /* yes */
|
||||||
|
|
||||||
case TRUST_FULLY:
|
|
||||||
if( opt.verbose )
|
|
||||||
log_info(_("This key probably belongs to the named user\n"));
|
|
||||||
return 1; /* yes */
|
|
||||||
|
|
||||||
case TRUST_ULTIMATE:
|
|
||||||
if( opt.verbose )
|
|
||||||
log_info(_("This key belongs to us\n"));
|
|
||||||
return 1; /* yes */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1; /* yes */
|
return 1; /* yes */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
* wrapper around do_we_trust, so we can ask whether to use the
|
* wrapper around do_we_trust, so we can ask whether to use the
|
||||||
* key anyway.
|
* key anyway.
|
||||||
@ -465,58 +426,34 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
|
|||||||
static int
|
static int
|
||||||
do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
|
do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
rc = do_we_trust( pk, &trustlevel );
|
rc = do_we_trust( pk, trustlevel );
|
||||||
|
|
||||||
if( (trustlevel & TRUST_FLAG_REVOKED) && !rc )
|
if( !opt.batch && !rc )
|
||||||
return 0;
|
{
|
||||||
if( (trustlevel & TRUST_FLAG_SUB_REVOKED) && !rc )
|
print_pubkey_info(NULL,pk);
|
||||||
return 0;
|
print_fingerprint (pk, NULL, 2);
|
||||||
|
tty_printf("\n");
|
||||||
|
|
||||||
if( !opt.batch && !rc ) {
|
tty_printf(
|
||||||
u32 keyid[2];
|
_("It is NOT certain that the key belongs to the person named\n"
|
||||||
|
"in the user ID. If you *really* know what you are doing,\n"
|
||||||
|
"you may answer the next question with yes.\n"));
|
||||||
|
|
||||||
keyid_from_pk( pk, keyid);
|
tty_printf("\n");
|
||||||
tty_printf( "%4u%c/%08lX %s \"",
|
|
||||||
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
|
|
||||||
(ulong)keyid[1], datestr_from_pk( pk ) );
|
|
||||||
/* If the pk was chosen by a particular user ID, this is the
|
|
||||||
one to ask about. */
|
|
||||||
if(pk->user_id)
|
|
||||||
tty_print_utf8_string(pk->user_id->name,pk->user_id->len);
|
|
||||||
else
|
|
||||||
{
|
|
||||||
size_t n;
|
|
||||||
char *p = get_user_id( keyid, &n );
|
|
||||||
tty_print_utf8_string( p, n );
|
|
||||||
m_free(p);
|
|
||||||
}
|
|
||||||
tty_printf("\"\n");
|
|
||||||
print_fingerprint (pk, NULL, 2);
|
|
||||||
tty_printf("\n");
|
|
||||||
|
|
||||||
tty_printf(_(
|
if( cpr_get_answer_is_yes("untrusted_key.override",
|
||||||
"It is NOT certain that the key belongs to the person named\n"
|
_("Use this key anyway? ")) )
|
||||||
"in the user ID. If you *really* know what you are doing,\n"
|
|
||||||
"you may answer the next question with yes\n\n"));
|
|
||||||
|
|
||||||
if( cpr_get_answer_is_yes("untrusted_key.override",
|
|
||||||
_("Use this key anyway? ")) )
|
|
||||||
rc = 1;
|
|
||||||
|
|
||||||
/* Hmmm: Should we set a flag to tell the user about
|
|
||||||
* his decision the next time he encrypts for this recipient?
|
|
||||||
*/
|
|
||||||
}
|
|
||||||
else if( opt.trust_model==TM_ALWAYS && !rc ) {
|
|
||||||
if( !opt.quiet )
|
|
||||||
log_info(_("WARNING: Using untrusted key!\n"));
|
|
||||||
rc = 1;
|
rc = 1;
|
||||||
}
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
/* Hmmm: Should we set a flag to tell the user about
|
||||||
|
* his decision the next time he encrypts for this recipient?
|
||||||
|
*/
|
||||||
|
}
|
||||||
|
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
|
Loading…
x
Reference in New Issue
Block a user