gpg: Update --trusted-key to accept fingerprint as well as long key id.

* g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well as long key ID. * doc/gpg.texi: document that --trusted-key can accept a fingerprint. -- GnuPG-bug-id: 4855 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fixed uses or return and kept the old string to avoid breaking translations. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 810ea2cc68) Remove the test for FPRLEN which we do not have in 2.2 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-26 12:53:22 -05:00 · 2020-02-26 12:53:22 -05:00 · b6d89d1944
parent e77f332b01
commit b6d89d1944
2 changed files with 20 additions and 8 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -1642,10 +1642,10 @@ certification level below this as invalid. Defaults to 2, which
 disregards level 1 signatures. Note that level 0 "no particular
 claim" signatures are always accepted.

-@item --trusted-key @var{long key ID}
+@item --trusted-key @var{long key ID or fingerprint}
@opindex trusted-key
 Assume that the specified key (which must be given
-as a full 8 byte key ID) is as trustworthy as one of
+as a full 8 byte key ID or 20 byte fingerprint) is as trustworthy as one of
 your own secret keys. This option is useful if you
 don't want to keep your secret keys (or one of them)
 online but still want to be able to check the validity of a given
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -205,22 +205,34 @@ tdb_register_trusted_keyid (u32 *keyid)
  user_utk_list = k;
 }

+
 void
-tdb_register_trusted_key( const char *string )
+tdb_register_trusted_key (const char *string)
 {
  gpg_error_t err;
  KEYDB_SEARCH_DESC desc;
+  u32 kid[2];

  err = classify_user_id (string, &desc, 1);
-  if (err || desc.mode != KEYDB_SEARCH_MODE_LONG_KID )
+  if (!err)
    {
-      log_error(_("'%s' is not a valid long keyID\n"), string );
-      return;
+      if (desc.mode == KEYDB_SEARCH_MODE_LONG_KID)
+        {
+          register_trusted_keyid (desc.u.kid);
+          return;
+        }
+      if (desc.mode == KEYDB_SEARCH_MODE_FPR)
+        {
+          kid[0] = buf32_to_u32 (desc.u.fpr+12);
+          kid[1] = buf32_to_u32 (desc.u.fpr+16);
+          register_trusted_keyid (kid);
+          return;
+        }
    }
-
-  register_trusted_keyid(desc.u.kid);
+  log_error (_("'%s' is not a valid long keyID\n"), string );
 }

+
 /*
 * Helper to add a key to the global list of ultimately trusted keys.
 * Returns: true = inserted, false = already in list.