security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-01 16:33:02 +01:00
Code Activity

* options.h, g10.c (main): Add new --default-sig-expire and

Browse Source 
--default-cert-expire options.  Suggested by Florian Weimer.

* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
defaults passed in, or "0" to control what default expiration is.

* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
sign_symencrypt_file): Call them here, so that default expiration
is used when --ask-xxxxx-expire is off.
This commit is contained in:
David Shaw 2005-05-05 19:21:40 +00:00
parent cf7c0feca4
commit c71639cfff
7 changed files with 128 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
g10/ChangeLog
View File

@ -1,3 +1,15 @@
2005-05-05 David Shaw <dshaw@jabberwocky.com>
* options.h, g10.c (main): Add new --default-sig-expire and
--default-cert-expire options. Suggested by Florian Weimer.
* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
defaults passed in, or "0" to control what default expiration is.
* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
sign_symencrypt_file): Call them here, so that default expiration
is used when --ask-xxxxx-expire is off.
2005-05-03 Werner Koch <wk@g10code.com>
* passphrase.c (agent_get_passphrase): Add new arg CACHEID.

42
g10/g10.c
View File

@ -1,6 +1,6 @@
/* g10.c - The GnuPG utility (main for gpg)
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
* 2004, 2005 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
* 2005 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -157,18 +157,20 @@ enum cmd_and_opt_values
oNoTextmode,
oExpert,
oNoExpert,
oDefSigExpire,
oAskSigExpire,
oNoAskSigExpire,
oDefCertExpire,
oAskCertExpire,
oNoAskCertExpire,
oDefCertLevel,
oMinCertLevel,
oAskCertLevel,
oNoAskCertLevel,
oFingerprint,
oWithFingerprint,
oAnswerYes,
oAnswerNo,
oDefCertLevel,
oMinCertLevel,
oKeyring,
oPrimaryKeyring,
oSecretKeyring,
@ -443,10 +445,14 @@ static ARGPARSE_OPTS opts[] = {
{ oNoTextmode, "no-textmode", 0, "@"},
{ oExpert, "expert", 0, "@"},
{ oNoExpert, "no-expert", 0, "@"},
{ oDefSigExpire, "default-sig-expire", 2, "@"},
{ oAskSigExpire, "ask-sig-expire", 0, "@"},
{ oNoAskSigExpire, "no-ask-sig-expire", 0, "@"},
{ oDefCertExpire, "default-cert-expire", 2, "@"},
{ oAskCertExpire, "ask-cert-expire", 0, "@"},
{ oNoAskCertExpire, "no-ask-cert-expire", 0, "@"},
{ oDefCertLevel, "default-cert-level", 1, "@"},
{ oMinCertLevel, "min-cert-level", 1, "@"},
{ oAskCertLevel, "ask-cert-level", 0, "@"},
{ oNoAskCertLevel, "no-ask-cert-level", 0, "@"},
{ oOutput, "output", 2, N_("use as output file")},
@ -579,8 +585,6 @@ static ARGPARSE_OPTS opts[] = {
{ oCompressKeys, "compress-keys",0, "@"},
{ oCompressSigs, "compress-sigs",0, "@"},
{ oDefCertLevel, "default-cert-check-level", 1, "@"}, /* Old option */
{ oDefCertLevel, "default-cert-level", 1, "@"},
{ oMinCertLevel, "min-cert-level", 1, "@"},
{ oAlwaysTrust, "always-trust", 0, "@"},
{ oTrustModel, "trust-model", 2, "@"},
{ oForceOwnertrust, "force-ownertrust", 2, "@"},
@ -1673,6 +1677,8 @@ main( int argc, char **argv )
set_screen_dimensions();
opt.keyid_format=KF_SHORT;
opt.rfc2440_text=1;
opt.def_sig_expire="0";
opt.def_cert_expire="0";
set_homedir ( default_homedir () );
#ifdef ENABLE_CARD_SUPPORT
@ -2020,8 +2026,6 @@ main( int argc, char **argv )
break;
case oNoArmor: opt.no_armor=1; opt.armor=0; break;
case oNoDefKeyring: default_keyring = 0; break;
case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
case oNoGreeting: nogreeting = 1; break;
case oNoVerbose: g10_opt_verbose = 0;
opt.verbose = 0; opt.list_sigs=0; break;
@ -2227,10 +2231,32 @@ main( int argc, char **argv )
case oNoTextmode: opt.textmode=0; break;
case oExpert: opt.expert = 1; break;
case oNoExpert: opt.expert = 0; break;
case oDefSigExpire:
if(*pargs.r.ret_str!='\0')
{
if(parse_expire_string(pargs.r.ret_str)==-1)
log_error(_("`%s' is not a valid signature expiration\n"),
pargs.r.ret_str);
else
opt.def_sig_expire=pargs.r.ret_str;
}
break;
case oAskSigExpire: opt.ask_sig_expire = 1; break;
case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
case oDefCertExpire:
if(*pargs.r.ret_str!='\0')
{
if(parse_expire_string(pargs.r.ret_str)==-1)
log_error(_("`%s' is not a valid signature expiration\n"),
pargs.r.ret_str);
else
opt.def_cert_expire=pargs.r.ret_str;
}
break;
case oAskCertExpire: opt.ask_cert_expire = 1; break;
case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
case oAskCertLevel: opt.ask_cert_level = 1; break;
case oNoAskCertLevel: opt.ask_cert_level = 0; break;
case oUser: /* store the local users */

9
g10/keyedit.c
View File

@ -860,8 +860,13 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
/* Only ask for duration if we haven't already set it to match
the expiration of the pk */
if(opt.ask_cert_expire && !duration && !selfsig)
duration=ask_expire_interval(1);
if(!duration && !selfsig)
{
if(opt.ask_cert_expire)
duration=ask_expire_interval(1,opt.def_cert_expire);
else
duration=parse_expire_string(opt.def_cert_expire)*86400L;
}
if(duration)
force_v4=1;

72
g10/keygen.c
View File

@ -1,6 +1,6 @@
/* keygen.c - generate a key pair
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
* 2004, 2005 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
* 2005 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -1498,7 +1498,7 @@ ask_keysize( int algo )
* Parse an expire string and return it's value in days.
* Returns -1 on error.
*/
static int
int
parse_expire_string( const char *string )
{
int mult;
@ -1530,7 +1530,7 @@ parse_expire_string( const char *string )
/* object == 0 for a key, and 1 for a sig */
u32
ask_expire_interval(int object)
ask_expire_interval(int object,const char *def_expire)
{
char *answer;
int valid_days=0;
@ -1539,6 +1539,8 @@ ask_expire_interval(int object)
switch(object)
{
case 0:
if(def_expire)
BUG();
tty_printf(_("Please specify how long the key should be valid.\n"
" 0 = key does not expire\n"
" <n> = key expires in n days\n"
@ -1548,6 +1550,8 @@ ask_expire_interval(int object)
break;
case 1:
if(!def_expire)
BUG();
tty_printf(_("Please specify how long the signature should be valid.\n"
" 0 = signature does not expire\n"
" <n> = signature expires in n days\n"
@ -1565,20 +1569,36 @@ ask_expire_interval(int object)
* date */
answer = NULL;
for(;;) {
for(;;)
{
u32 curtime=make_timestamp();
m_free(answer);
if(object==0)
answer = cpr_get("keygen.valid",_("Key is valid for? (0) "));
else
answer = cpr_get("siggen.valid",_("Signature is valid for? (0) "));
{
char *prompt;
#define PROMPTSTRING _("Signature is valid for? (%s) ")
/* This will actually end up larger than necessary because
of the 2 bytes for '%s' */
prompt=m_alloc(strlen(PROMPTSTRING)+strlen(def_expire)+1);
sprintf(prompt,PROMPTSTRING,def_expire);
#undef PROMPTSTRING
answer = cpr_get("siggen.valid",prompt);
m_free(prompt);
if(*answer=='\0')
answer=m_strdup(def_expire);
}
cpr_kill_prompt();
trim_spaces(answer);
valid_days = parse_expire_string( answer );
if( valid_days < 0 ) {
tty_printf(_("invalid value\n"));
continue;
tty_printf(_("invalid value\n"));
continue;
}
if( !valid_days )
@ -1589,24 +1609,24 @@ ask_expire_interval(int object)
interval = 0;
}
else {
interval = valid_days * 86400L;
interval = valid_days * 86400L;
tty_printf(object==0
? _("Key expires at %s\n")
: _("Signature expires at %s\n"),
asctimestamp((ulong)(curtime + interval) ) );
/* FIXME: This check yields warning on alhas: Write a
configure check and to this check here only for 32 bit
machines */
if( (time_t)((ulong)(curtime+interval)) < 0 )
tty_printf(_("Your system can't display dates beyond 2038.\n"
"However, it will be correctly handled up to 2106.\n"));
tty_printf(object==0
? _("Key expires at %s\n")
: _("Signature expires at %s\n"),
asctimestamp((ulong)(curtime + interval) ) );
/* FIXME: This check yields warning on alhas: Write a
configure check and to this check here only for 32 bit
machines */
if( (time_t)((ulong)(curtime+interval)) < 0 )
tty_printf(_("Your system can't display dates beyond 2038.\n"
"However, it will be correctly handled up to 2106.\n"));
}
if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay",
_("Is this correct? (y/N) ")) )
break;
}
_("Is this correct? (y/N) ")) )
break;
}
m_free(answer);
return interval;
}
@ -1614,7 +1634,7 @@ ask_expire_interval(int object)
u32
ask_expiredate()
{
u32 x = ask_expire_interval(0);
u32 x = ask_expire_interval(0,NULL);
return x? make_timestamp() + x : 0;
}
@ -2572,7 +2592,7 @@ generate_keypair (const char *fname, const char *card_serialno,
para = r;
}
expire = ask_expire_interval(0);
expire = ask_expire_interval(0,NULL);
r = m_alloc_clear( sizeof *r + 20 );
r->key = pKEYEXPIRE;
r->u.expire = expire;
@ -3085,7 +3105,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
algo = ask_algo( 1, &use );
assert(algo);
nbits = ask_keysize( algo );
expire = ask_expire_interval(0);
expire = ask_expire_interval(0,NULL);
if( !cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",
_("Really create? (y/N) ")))
goto leave;
@ -3203,7 +3223,7 @@ generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
goto leave;
algo = PUBKEY_ALGO_RSA;
expire = ask_expire_interval (0);
expire = ask_expire_interval (0,NULL);
if (keyno == 1)
use = PUBKEY_USAGE_SIG;
else if (keyno == 2)

7
g10/main.h
View File

@ -1,6 +1,6 @@
/* main.h
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
* 2004 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
* 2005 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -165,7 +165,8 @@ void keyedit_menu( const char *username, STRLIST locusr,
void show_basic_key_info (KBNODE keyblock);
/*-- keygen.c --*/
u32 ask_expire_interval(int object);
int parse_expire_string(const char *string);
u32 ask_expire_interval(int object,const char *def_expire);
u32 ask_expiredate(void);
void generate_keypair( const char *fname, const char *card_serialno,
const char *backup_encryption_dir );

2
g10/options.h
View File

@ -50,7 +50,9 @@ struct
int list_only;
int textmode;
int expert;
const char *def_sig_expire;
int ask_sig_expire;
const char *def_cert_expire;
int ask_cert_expire;
int batch; /* run in batch mode */
int answer_yes; /* answer yes on most questions */

31
g10/sign.c
View File

@ -1,6 +1,6 @@
/* sign.c - sign data
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
* 2004 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
* 2005 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -744,8 +744,13 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
goto leave;
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
duration=ask_expire_interval(1);
if(!opt.force_v3_sigs && !opt.batch && !RFC1991)
{
if(opt.ask_sig_expire)
duration=ask_expire_interval(1,opt.def_sig_expire);
else
duration=parse_expire_string(opt.def_sig_expire)*86400L;
}
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave;
@ -1009,8 +1014,13 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
memset( &afx, 0, sizeof afx);
init_packet( &pkt );
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
duration=ask_expire_interval(1);
if(!opt.force_v3_sigs && !opt.batch && !RFC1991)
{
if(opt.ask_sig_expire)
duration=ask_expire_interval(1,opt.def_sig_expire);
else
duration=parse_expire_string(opt.def_sig_expire)*86400L;
}
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave;
@ -1163,8 +1173,13 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
memset( &cfx, 0, sizeof cfx);
init_packet( &pkt );
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
duration=ask_expire_interval(1);
if(!opt.force_v3_sigs && !opt.batch && !RFC1991)
{
if(opt.ask_sig_expire)
duration=ask_expire_interval(1,opt.def_sig_expire);
else
duration=parse_expire_string(opt.def_sig_expire)*86400L;
}
rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
if (rc)