* options.h, g10.c (main): Add new --default-sig-expire and

--default-cert-expire options.  Suggested by Florian Weimer.

* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
defaults passed in, or "0" to control what default expiration is.

* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
sign_symencrypt_file): Call them here, so that default expiration
is used when --ask-xxxxx-expire is off.

g10/ChangeLog

@@ -1,3 +1,15 @@
+2005-05-05  David Shaw  <dshaw@jabberwocky.com>
+
+	* options.h, g10.c (main): Add new --default-sig-expire and
+	--default-cert-expire options.  Suggested by Florian Weimer.
+
+	* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
+	defaults passed in, or "0" to control what default expiration is.
+
+	* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
+	sign_symencrypt_file): Call them here, so that default expiration
+	is used when --ask-xxxxx-expire is off.
+
 2005-05-03  Werner Koch  <wk@g10code.com>
 
 	* passphrase.c (agent_get_passphrase): Add new arg CACHEID.

g10/g10.c

@@ -1,6 +1,6 @@
 /* g10.c - The GnuPG utility (main for gpg)
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
- *               2004, 2005 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ *               2005 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -157,18 +157,20 @@ enum cmd_and_opt_values
     oNoTextmode,
     oExpert,
     oNoExpert,
+    oDefSigExpire,
     oAskSigExpire,
     oNoAskSigExpire,
+    oDefCertExpire,
     oAskCertExpire,
     oNoAskCertExpire,
+    oDefCertLevel,
+    oMinCertLevel,
     oAskCertLevel,
     oNoAskCertLevel,
     oFingerprint,
     oWithFingerprint,
     oAnswerYes,
     oAnswerNo,
-    oDefCertLevel,
-    oMinCertLevel,
     oKeyring,
     oPrimaryKeyring,
     oSecretKeyring,
@@ -443,10 +445,14 @@ static ARGPARSE_OPTS opts[] = {
     { oNoTextmode, "no-textmode",  0, "@"},
     { oExpert, "expert",   0, "@"},
     { oNoExpert, "no-expert",   0, "@"},
+    { oDefSigExpire, "default-sig-expire", 2, "@"},
     { oAskSigExpire, "ask-sig-expire",   0, "@"},
     { oNoAskSigExpire, "no-ask-sig-expire",   0, "@"},
+    { oDefCertExpire, "default-cert-expire", 2, "@"},
     { oAskCertExpire, "ask-cert-expire",   0, "@"},
     { oNoAskCertExpire, "no-ask-cert-expire",   0, "@"},
+    { oDefCertLevel, "default-cert-level", 1, "@"},
+    { oMinCertLevel, "min-cert-level", 1, "@"},
     { oAskCertLevel, "ask-cert-level",   0, "@"},
     { oNoAskCertLevel, "no-ask-cert-level",   0, "@"},
     { oOutput, "output",    2, N_("use as output file")},
@@ -579,8 +585,6 @@ static ARGPARSE_OPTS opts[] = {
     { oCompressKeys, "compress-keys",0, "@"},
     { oCompressSigs, "compress-sigs",0, "@"},
     { oDefCertLevel, "default-cert-check-level", 1, "@"}, /* Old option */
-    { oDefCertLevel, "default-cert-level", 1, "@"},
-    { oMinCertLevel, "min-cert-level", 1, "@"},
     { oAlwaysTrust, "always-trust", 0, "@"},
     { oTrustModel, "trust-model", 2, "@"},
     { oForceOwnertrust, "force-ownertrust", 2, "@"},
@@ -1673,6 +1677,8 @@ main( int argc, char **argv )
     set_screen_dimensions();
     opt.keyid_format=KF_SHORT;
     opt.rfc2440_text=1;
+    opt.def_sig_expire="0";
+    opt.def_cert_expire="0";
     set_homedir ( default_homedir () );
 
 #ifdef ENABLE_CARD_SUPPORT
@@ -2020,8 +2026,6 @@ main( int argc, char **argv )
 	    break;
 	  case oNoArmor: opt.no_armor=1; opt.armor=0; break;
 	  case oNoDefKeyring: default_keyring = 0; break;
-          case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
-          case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
 	  case oNoGreeting: nogreeting = 1; break;
 	  case oNoVerbose: g10_opt_verbose = 0;
 			   opt.verbose = 0; opt.list_sigs=0; break;
@@ -2227,10 +2231,32 @@ main( int argc, char **argv )
 	  case oNoTextmode: opt.textmode=0;  break;
 	  case oExpert: opt.expert = 1; break;
 	  case oNoExpert: opt.expert = 0; break;
+	  case oDefSigExpire:
+	    if(*pargs.r.ret_str!='\0')
+	      {
+		if(parse_expire_string(pargs.r.ret_str)==-1)
+		  log_error(_("`%s' is not a valid signature expiration\n"),
+			    pargs.r.ret_str);
+		else
+		  opt.def_sig_expire=pargs.r.ret_str;
+	      }
+	    break;
 	  case oAskSigExpire: opt.ask_sig_expire = 1; break;
 	  case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
+	  case oDefCertExpire:
+	    if(*pargs.r.ret_str!='\0')
+	      {
+		if(parse_expire_string(pargs.r.ret_str)==-1)
+		  log_error(_("`%s' is not a valid signature expiration\n"),
+			    pargs.r.ret_str);
+		else
+		  opt.def_cert_expire=pargs.r.ret_str;
+	      }
+	    break;
 	  case oAskCertExpire: opt.ask_cert_expire = 1; break;
 	  case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
+          case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
+          case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
 	  case oAskCertLevel: opt.ask_cert_level = 1; break;
 	  case oNoAskCertLevel: opt.ask_cert_level = 0; break;
 	  case oUser: /* store the local users */

g10/keyedit.c

@@ -860,8 +860,13 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 
 	/* Only ask for duration if we haven't already set it to match
            the expiration of the pk */
-	if(opt.ask_cert_expire && !duration && !selfsig)
-	  duration=ask_expire_interval(1);
+	if(!duration && !selfsig)
+	  {
+	    if(opt.ask_cert_expire)
+	      duration=ask_expire_interval(1,opt.def_cert_expire);
+	    else
+	      duration=parse_expire_string(opt.def_cert_expire)*86400L;
+	  }
 
 	if(duration)
 	  force_v4=1;

g10/keygen.c

@@ -1,6 +1,6 @@
 /* keygen.c - generate a key pair
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
- *               2004, 2005 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ *               2005 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -1498,7 +1498,7 @@ ask_keysize( int algo )
  * Parse an expire string and return it's value in days.
  * Returns -1 on error.
  */
-static int
+int
 parse_expire_string( const char *string )
 {
     int mult;
@@ -1530,7 +1530,7 @@ parse_expire_string( const char *string )
 
 /* object == 0 for a key, and 1 for a sig */
 u32
-ask_expire_interval(int object)
+ask_expire_interval(int object,const char *def_expire)
 {
     char *answer;
     int valid_days=0;
@@ -1539,6 +1539,8 @@ ask_expire_interval(int object)
     switch(object)
       {
       case 0:
+	if(def_expire)
+	  BUG();
 	tty_printf(_("Please specify how long the key should be valid.\n"
 		     "         0 = key does not expire\n"
 		     "      <n>  = key expires in n days\n"
@@ -1548,6 +1550,8 @@ ask_expire_interval(int object)
 	break;
 
       case 1:
+	if(!def_expire)
+	  BUG();
 	tty_printf(_("Please specify how long the signature should be valid.\n"
 		     "         0 = signature does not expire\n"
 		     "      <n>  = signature expires in n days\n"
@@ -1565,14 +1569,30 @@ ask_expire_interval(int object)
      * date */
 
     answer = NULL;
-    for(;;) {
+    for(;;)
+      {
 	u32 curtime=make_timestamp();
 
 	m_free(answer);
 	if(object==0)
 	  answer = cpr_get("keygen.valid",_("Key is valid for? (0) "));
 	else
-	  answer = cpr_get("siggen.valid",_("Signature is valid for? (0) "));
+	  {
+	    char *prompt;
+
+#define PROMPTSTRING _("Signature is valid for? (%s) ")
+	    /* This will actually end up larger than necessary because
+	       of the 2 bytes for '%s' */
+	    prompt=m_alloc(strlen(PROMPTSTRING)+strlen(def_expire)+1);
+	    sprintf(prompt,PROMPTSTRING,def_expire);
+#undef PROMPTSTRING
+
+	    answer = cpr_get("siggen.valid",prompt);
+	    m_free(prompt);
+
+	    if(*answer=='\0')
+	      answer=m_strdup(def_expire);
+	  }
 	cpr_kill_prompt();
 	trim_spaces(answer);
 	valid_days = parse_expire_string( answer );
@@ -1614,7 +1634,7 @@ ask_expire_interval(int object)
 u32
 ask_expiredate()
 {
-    u32 x = ask_expire_interval(0);
+    u32 x = ask_expire_interval(0,NULL);
     return x? make_timestamp() + x : 0;
 }
 
@@ -2572,7 +2592,7 @@ generate_keypair (const char *fname, const char *card_serialno,
       para = r;
     }
    
-  expire = ask_expire_interval(0);
+  expire = ask_expire_interval(0,NULL);
   r = m_alloc_clear( sizeof *r + 20 );
   r->key = pKEYEXPIRE;
   r->u.expire = expire;
@@ -3085,7 +3105,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
     algo = ask_algo( 1, &use );
     assert(algo);
     nbits = ask_keysize( algo );
-    expire = ask_expire_interval(0);
+    expire = ask_expire_interval(0,NULL);
     if( !cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",
 						  _("Really create? (y/N) ")))
 	goto leave;
@@ -3203,7 +3223,7 @@ generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
     goto leave;
 
   algo = PUBKEY_ALGO_RSA;
-  expire = ask_expire_interval (0);
+  expire = ask_expire_interval (0,NULL);
   if (keyno == 1)
     use = PUBKEY_USAGE_SIG;
   else if (keyno == 2)

g10/main.h

@@ -1,6 +1,6 @@
 /* main.h
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
- *               2004 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ *               2005 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -165,7 +165,8 @@ void keyedit_menu( const char *username, STRLIST locusr,
 void show_basic_key_info (KBNODE keyblock);
 
 /*-- keygen.c --*/
-u32 ask_expire_interval(int object);
+int parse_expire_string(const char *string);
+u32 ask_expire_interval(int object,const char *def_expire);
 u32 ask_expiredate(void);
 void generate_keypair( const char *fname, const char *card_serialno,
                        const char *backup_encryption_dir );

g10/options.h

@@ -50,7 +50,9 @@ struct
   int list_only;
   int textmode;
   int expert;
+  const char *def_sig_expire;
   int ask_sig_expire;
+  const char *def_cert_expire;
   int ask_cert_expire;
   int batch;	    /* run in batch mode */
   int answer_yes; /* answer yes on most questions */

g10/sign.c

@@ -1,6 +1,6 @@
 /* sign.c - sign data
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
- *               2004 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ *               2005 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -744,8 +744,13 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
        && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
       goto leave;
 
-    if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
-      duration=ask_expire_interval(1);
+    if(!opt.force_v3_sigs && !opt.batch && !RFC1991)
+      {
+	if(opt.ask_sig_expire)
+	  duration=ask_expire_interval(1,opt.def_sig_expire);
+	else
+	  duration=parse_expire_string(opt.def_sig_expire)*86400L;
+      }
 
     if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
 	goto leave;
@@ -1009,8 +1014,13 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
     memset( &afx, 0, sizeof afx);
     init_packet( &pkt );
 
-    if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
-      duration=ask_expire_interval(1);
+    if(!opt.force_v3_sigs && !opt.batch && !RFC1991)
+      {
+	if(opt.ask_sig_expire)
+	  duration=ask_expire_interval(1,opt.def_sig_expire);
+	else
+	  duration=parse_expire_string(opt.def_sig_expire)*86400L;
+      }
 
     if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
 	goto leave;
@@ -1163,8 +1173,13 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
     memset( &cfx, 0, sizeof cfx);
     init_packet( &pkt );
 
-    if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
-      duration=ask_expire_interval(1);
+    if(!opt.force_v3_sigs && !opt.batch && !RFC1991)
+      {
+	if(opt.ask_sig_expire)
+	  duration=ask_expire_interval(1,opt.def_sig_expire);
+	else
+	  duration=parse_expire_string(opt.def_sig_expire)*86400L;
+      }
 
     rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
     if (rc)