security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-05 12:31:50 +01:00
Code Activity

gpg: Update --trusted-key to accept fingerprint as well as long key id.

Browse Source 
* g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well
as long key ID.
* doc/gpg.texi: document that --trusted-key can accept a fingerprint.
--

GnuPG-bug-id: 4855
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Fixed uses or return and kept the old string to avoid breaking
translations.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb)

Remove the test for FPRLEN which we do not have in 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Daniel Kahn Gillmor 2020-02-26 12:53:22 -05:00 committed by Werner Koch
parent e77f332b01
commit b6d89d1944
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/gpg.texi
View File

@ -1642,10 +1642,10 @@ certification level below this as invalid. Defaults to 2, which
disregards level 1 signatures. Note that level 0 "no particular disregards level 1 signatures. Note that level 0 "no particular
claim" signatures are always accepted. claim" signatures are always accepted.
@item --trusted-key @var{long key ID} @item --trusted-key @var{long key ID or fingerprint}
@opindex trusted-key @opindex trusted-key
Assume that the specified key (which must be given Assume that the specified key (which must be given
as a full 8 byte key ID) is as trustworthy as one of as a full 8 byte key ID or 20 byte fingerprint) is as trustworthy as one of
your own secret keys. This option is useful if you your own secret keys. This option is useful if you
don't want to keep your secret keys (or one of them) don't want to keep your secret keys (or one of them)
online but still want to be able to check the validity of a given online but still want to be able to check the validity of a given

24
g10/trustdb.c
View File

@ -205,22 +205,34 @@ tdb_register_trusted_keyid (u32 *keyid)
user_utk_list = k; user_utk_list = k;
} }
void void
tdb_register_trusted_key( const char *string ) tdb_register_trusted_key (const char *string)
{ {
gpg_error_t err; gpg_error_t err;
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
u32 kid[2];
err = classify_user_id (string, &desc, 1); err = classify_user_id (string, &desc, 1);
if (err || desc.mode != KEYDB_SEARCH_MODE_LONG_KID ) if (!err)
{ {
log_error(_("'%s' is not a valid long keyID\n"), string ); if (desc.mode == KEYDB_SEARCH_MODE_LONG_KID)
return; {
register_trusted_keyid (desc.u.kid);
return;
}
if (desc.mode == KEYDB_SEARCH_MODE_FPR)
{
kid[0] = buf32_to_u32 (desc.u.fpr+12);
kid[1] = buf32_to_u32 (desc.u.fpr+16);
register_trusted_keyid (kid);
return;
}
} }
log_error (_("'%s' is not a valid long keyID\n"), string );
register_trusted_keyid(desc.u.kid);
} }
/* /*
* Helper to add a key to the global list of ultimately trusted keys. * Helper to add a key to the global list of ultimately trusted keys.
* Returns: true = inserted, false = already in list. * Returns: true = inserted, false = already in list.