1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-11 21:48:50 +01:00

* options.h, g10.c (main): Add new --default-sig-expire and

--default-cert-expire options.  Suggested by Florian Weimer.

* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
defaults passed in, or "0" to control what default expiration is.

* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
sign_symencrypt_file): Call them here, so that default expiration
is used when --ask-xxxxx-expire is off.
This commit is contained in:
David Shaw 2005-05-05 19:21:40 +00:00
parent cf7c0feca4
commit c71639cfff
7 changed files with 128 additions and 47 deletions

View File

@ -1,3 +1,15 @@
2005-05-05 David Shaw <dshaw@jabberwocky.com>
* options.h, g10.c (main): Add new --default-sig-expire and
--default-cert-expire options. Suggested by Florian Weimer.
* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
defaults passed in, or "0" to control what default expiration is.
* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
sign_symencrypt_file): Call them here, so that default expiration
is used when --ask-xxxxx-expire is off.
2005-05-03 Werner Koch <wk@g10code.com> 2005-05-03 Werner Koch <wk@g10code.com>
* passphrase.c (agent_get_passphrase): Add new arg CACHEID. * passphrase.c (agent_get_passphrase): Add new arg CACHEID.

View File

@ -1,6 +1,6 @@
/* g10.c - The GnuPG utility (main for gpg) /* g10.c - The GnuPG utility (main for gpg)
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
* 2004, 2005 Free Software Foundation, Inc. * 2005 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -157,18 +157,20 @@ enum cmd_and_opt_values
oNoTextmode, oNoTextmode,
oExpert, oExpert,
oNoExpert, oNoExpert,
oDefSigExpire,
oAskSigExpire, oAskSigExpire,
oNoAskSigExpire, oNoAskSigExpire,
oDefCertExpire,
oAskCertExpire, oAskCertExpire,
oNoAskCertExpire, oNoAskCertExpire,
oDefCertLevel,
oMinCertLevel,
oAskCertLevel, oAskCertLevel,
oNoAskCertLevel, oNoAskCertLevel,
oFingerprint, oFingerprint,
oWithFingerprint, oWithFingerprint,
oAnswerYes, oAnswerYes,
oAnswerNo, oAnswerNo,
oDefCertLevel,
oMinCertLevel,
oKeyring, oKeyring,
oPrimaryKeyring, oPrimaryKeyring,
oSecretKeyring, oSecretKeyring,
@ -443,10 +445,14 @@ static ARGPARSE_OPTS opts[] = {
{ oNoTextmode, "no-textmode", 0, "@"}, { oNoTextmode, "no-textmode", 0, "@"},
{ oExpert, "expert", 0, "@"}, { oExpert, "expert", 0, "@"},
{ oNoExpert, "no-expert", 0, "@"}, { oNoExpert, "no-expert", 0, "@"},
{ oDefSigExpire, "default-sig-expire", 2, "@"},
{ oAskSigExpire, "ask-sig-expire", 0, "@"}, { oAskSigExpire, "ask-sig-expire", 0, "@"},
{ oNoAskSigExpire, "no-ask-sig-expire", 0, "@"}, { oNoAskSigExpire, "no-ask-sig-expire", 0, "@"},
{ oDefCertExpire, "default-cert-expire", 2, "@"},
{ oAskCertExpire, "ask-cert-expire", 0, "@"}, { oAskCertExpire, "ask-cert-expire", 0, "@"},
{ oNoAskCertExpire, "no-ask-cert-expire", 0, "@"}, { oNoAskCertExpire, "no-ask-cert-expire", 0, "@"},
{ oDefCertLevel, "default-cert-level", 1, "@"},
{ oMinCertLevel, "min-cert-level", 1, "@"},
{ oAskCertLevel, "ask-cert-level", 0, "@"}, { oAskCertLevel, "ask-cert-level", 0, "@"},
{ oNoAskCertLevel, "no-ask-cert-level", 0, "@"}, { oNoAskCertLevel, "no-ask-cert-level", 0, "@"},
{ oOutput, "output", 2, N_("use as output file")}, { oOutput, "output", 2, N_("use as output file")},
@ -579,8 +585,6 @@ static ARGPARSE_OPTS opts[] = {
{ oCompressKeys, "compress-keys",0, "@"}, { oCompressKeys, "compress-keys",0, "@"},
{ oCompressSigs, "compress-sigs",0, "@"}, { oCompressSigs, "compress-sigs",0, "@"},
{ oDefCertLevel, "default-cert-check-level", 1, "@"}, /* Old option */ { oDefCertLevel, "default-cert-check-level", 1, "@"}, /* Old option */
{ oDefCertLevel, "default-cert-level", 1, "@"},
{ oMinCertLevel, "min-cert-level", 1, "@"},
{ oAlwaysTrust, "always-trust", 0, "@"}, { oAlwaysTrust, "always-trust", 0, "@"},
{ oTrustModel, "trust-model", 2, "@"}, { oTrustModel, "trust-model", 2, "@"},
{ oForceOwnertrust, "force-ownertrust", 2, "@"}, { oForceOwnertrust, "force-ownertrust", 2, "@"},
@ -1673,6 +1677,8 @@ main( int argc, char **argv )
set_screen_dimensions(); set_screen_dimensions();
opt.keyid_format=KF_SHORT; opt.keyid_format=KF_SHORT;
opt.rfc2440_text=1; opt.rfc2440_text=1;
opt.def_sig_expire="0";
opt.def_cert_expire="0";
set_homedir ( default_homedir () ); set_homedir ( default_homedir () );
#ifdef ENABLE_CARD_SUPPORT #ifdef ENABLE_CARD_SUPPORT
@ -2020,8 +2026,6 @@ main( int argc, char **argv )
break; break;
case oNoArmor: opt.no_armor=1; opt.armor=0; break; case oNoArmor: opt.no_armor=1; opt.armor=0; break;
case oNoDefKeyring: default_keyring = 0; break; case oNoDefKeyring: default_keyring = 0; break;
case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
case oNoGreeting: nogreeting = 1; break; case oNoGreeting: nogreeting = 1; break;
case oNoVerbose: g10_opt_verbose = 0; case oNoVerbose: g10_opt_verbose = 0;
opt.verbose = 0; opt.list_sigs=0; break; opt.verbose = 0; opt.list_sigs=0; break;
@ -2227,10 +2231,32 @@ main( int argc, char **argv )
case oNoTextmode: opt.textmode=0; break; case oNoTextmode: opt.textmode=0; break;
case oExpert: opt.expert = 1; break; case oExpert: opt.expert = 1; break;
case oNoExpert: opt.expert = 0; break; case oNoExpert: opt.expert = 0; break;
case oDefSigExpire:
if(*pargs.r.ret_str!='\0')
{
if(parse_expire_string(pargs.r.ret_str)==-1)
log_error(_("`%s' is not a valid signature expiration\n"),
pargs.r.ret_str);
else
opt.def_sig_expire=pargs.r.ret_str;
}
break;
case oAskSigExpire: opt.ask_sig_expire = 1; break; case oAskSigExpire: opt.ask_sig_expire = 1; break;
case oNoAskSigExpire: opt.ask_sig_expire = 0; break; case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
case oDefCertExpire:
if(*pargs.r.ret_str!='\0')
{
if(parse_expire_string(pargs.r.ret_str)==-1)
log_error(_("`%s' is not a valid signature expiration\n"),
pargs.r.ret_str);
else
opt.def_cert_expire=pargs.r.ret_str;
}
break;
case oAskCertExpire: opt.ask_cert_expire = 1; break; case oAskCertExpire: opt.ask_cert_expire = 1; break;
case oNoAskCertExpire: opt.ask_cert_expire = 0; break; case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
case oAskCertLevel: opt.ask_cert_level = 1; break; case oAskCertLevel: opt.ask_cert_level = 1; break;
case oNoAskCertLevel: opt.ask_cert_level = 0; break; case oNoAskCertLevel: opt.ask_cert_level = 0; break;
case oUser: /* store the local users */ case oUser: /* store the local users */

View File

@ -860,8 +860,13 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
/* Only ask for duration if we haven't already set it to match /* Only ask for duration if we haven't already set it to match
the expiration of the pk */ the expiration of the pk */
if(opt.ask_cert_expire && !duration && !selfsig) if(!duration && !selfsig)
duration=ask_expire_interval(1); {
if(opt.ask_cert_expire)
duration=ask_expire_interval(1,opt.def_cert_expire);
else
duration=parse_expire_string(opt.def_cert_expire)*86400L;
}
if(duration) if(duration)
force_v4=1; force_v4=1;

View File

@ -1,6 +1,6 @@
/* keygen.c - generate a key pair /* keygen.c - generate a key pair
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
* 2004, 2005 Free Software Foundation, Inc. * 2005 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -1498,7 +1498,7 @@ ask_keysize( int algo )
* Parse an expire string and return it's value in days. * Parse an expire string and return it's value in days.
* Returns -1 on error. * Returns -1 on error.
*/ */
static int int
parse_expire_string( const char *string ) parse_expire_string( const char *string )
{ {
int mult; int mult;
@ -1530,7 +1530,7 @@ parse_expire_string( const char *string )
/* object == 0 for a key, and 1 for a sig */ /* object == 0 for a key, and 1 for a sig */
u32 u32
ask_expire_interval(int object) ask_expire_interval(int object,const char *def_expire)
{ {
char *answer; char *answer;
int valid_days=0; int valid_days=0;
@ -1539,6 +1539,8 @@ ask_expire_interval(int object)
switch(object) switch(object)
{ {
case 0: case 0:
if(def_expire)
BUG();
tty_printf(_("Please specify how long the key should be valid.\n" tty_printf(_("Please specify how long the key should be valid.\n"
" 0 = key does not expire\n" " 0 = key does not expire\n"
" <n> = key expires in n days\n" " <n> = key expires in n days\n"
@ -1548,6 +1550,8 @@ ask_expire_interval(int object)
break; break;
case 1: case 1:
if(!def_expire)
BUG();
tty_printf(_("Please specify how long the signature should be valid.\n" tty_printf(_("Please specify how long the signature should be valid.\n"
" 0 = signature does not expire\n" " 0 = signature does not expire\n"
" <n> = signature expires in n days\n" " <n> = signature expires in n days\n"
@ -1565,14 +1569,30 @@ ask_expire_interval(int object)
* date */ * date */
answer = NULL; answer = NULL;
for(;;) { for(;;)
{
u32 curtime=make_timestamp(); u32 curtime=make_timestamp();
m_free(answer); m_free(answer);
if(object==0) if(object==0)
answer = cpr_get("keygen.valid",_("Key is valid for? (0) ")); answer = cpr_get("keygen.valid",_("Key is valid for? (0) "));
else else
answer = cpr_get("siggen.valid",_("Signature is valid for? (0) ")); {
char *prompt;
#define PROMPTSTRING _("Signature is valid for? (%s) ")
/* This will actually end up larger than necessary because
of the 2 bytes for '%s' */
prompt=m_alloc(strlen(PROMPTSTRING)+strlen(def_expire)+1);
sprintf(prompt,PROMPTSTRING,def_expire);
#undef PROMPTSTRING
answer = cpr_get("siggen.valid",prompt);
m_free(prompt);
if(*answer=='\0')
answer=m_strdup(def_expire);
}
cpr_kill_prompt(); cpr_kill_prompt();
trim_spaces(answer); trim_spaces(answer);
valid_days = parse_expire_string( answer ); valid_days = parse_expire_string( answer );
@ -1614,7 +1634,7 @@ ask_expire_interval(int object)
u32 u32
ask_expiredate() ask_expiredate()
{ {
u32 x = ask_expire_interval(0); u32 x = ask_expire_interval(0,NULL);
return x? make_timestamp() + x : 0; return x? make_timestamp() + x : 0;
} }
@ -2572,7 +2592,7 @@ generate_keypair (const char *fname, const char *card_serialno,
para = r; para = r;
} }
expire = ask_expire_interval(0); expire = ask_expire_interval(0,NULL);
r = m_alloc_clear( sizeof *r + 20 ); r = m_alloc_clear( sizeof *r + 20 );
r->key = pKEYEXPIRE; r->key = pKEYEXPIRE;
r->u.expire = expire; r->u.expire = expire;
@ -3085,7 +3105,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
algo = ask_algo( 1, &use ); algo = ask_algo( 1, &use );
assert(algo); assert(algo);
nbits = ask_keysize( algo ); nbits = ask_keysize( algo );
expire = ask_expire_interval(0); expire = ask_expire_interval(0,NULL);
if( !cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay", if( !cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",
_("Really create? (y/N) "))) _("Really create? (y/N) ")))
goto leave; goto leave;
@ -3203,7 +3223,7 @@ generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
goto leave; goto leave;
algo = PUBKEY_ALGO_RSA; algo = PUBKEY_ALGO_RSA;
expire = ask_expire_interval (0); expire = ask_expire_interval (0,NULL);
if (keyno == 1) if (keyno == 1)
use = PUBKEY_USAGE_SIG; use = PUBKEY_USAGE_SIG;
else if (keyno == 2) else if (keyno == 2)

View File

@ -1,6 +1,6 @@
/* main.h /* main.h
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
* 2004 Free Software Foundation, Inc. * 2005 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -165,7 +165,8 @@ void keyedit_menu( const char *username, STRLIST locusr,
void show_basic_key_info (KBNODE keyblock); void show_basic_key_info (KBNODE keyblock);
/*-- keygen.c --*/ /*-- keygen.c --*/
u32 ask_expire_interval(int object); int parse_expire_string(const char *string);
u32 ask_expire_interval(int object,const char *def_expire);
u32 ask_expiredate(void); u32 ask_expiredate(void);
void generate_keypair( const char *fname, const char *card_serialno, void generate_keypair( const char *fname, const char *card_serialno,
const char *backup_encryption_dir ); const char *backup_encryption_dir );

View File

@ -50,7 +50,9 @@ struct
int list_only; int list_only;
int textmode; int textmode;
int expert; int expert;
const char *def_sig_expire;
int ask_sig_expire; int ask_sig_expire;
const char *def_cert_expire;
int ask_cert_expire; int ask_cert_expire;
int batch; /* run in batch mode */ int batch; /* run in batch mode */
int answer_yes; /* answer yes on most questions */ int answer_yes; /* answer yes on most questions */

View File

@ -1,6 +1,6 @@
/* sign.c - sign data /* sign.c - sign data
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
* 2004 Free Software Foundation, Inc. * 2005 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -744,8 +744,13 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
goto leave; goto leave;
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991) if(!opt.force_v3_sigs && !opt.batch && !RFC1991)
duration=ask_expire_interval(1); {
if(opt.ask_sig_expire)
duration=ask_expire_interval(1,opt.def_sig_expire);
else
duration=parse_expire_string(opt.def_sig_expire)*86400L;
}
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave; goto leave;
@ -1009,8 +1014,13 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
memset( &afx, 0, sizeof afx); memset( &afx, 0, sizeof afx);
init_packet( &pkt ); init_packet( &pkt );
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991) if(!opt.force_v3_sigs && !opt.batch && !RFC1991)
duration=ask_expire_interval(1); {
if(opt.ask_sig_expire)
duration=ask_expire_interval(1,opt.def_sig_expire);
else
duration=parse_expire_string(opt.def_sig_expire)*86400L;
}
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave; goto leave;
@ -1163,8 +1173,13 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
memset( &cfx, 0, sizeof cfx); memset( &cfx, 0, sizeof cfx);
init_packet( &pkt ); init_packet( &pkt );
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991) if(!opt.force_v3_sigs && !opt.batch && !RFC1991)
duration=ask_expire_interval(1); {
if(opt.ask_sig_expire)
duration=ask_expire_interval(1,opt.def_sig_expire);
else
duration=parse_expire_string(opt.def_sig_expire)*86400L;
}
rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG); rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
if (rc) if (rc)