mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Fixes pertaining to revocation creation with subkey-only exported card keys
This commit is contained in:
parent
1990aacce0
commit
cd4c621017
@ -1,3 +1,17 @@
|
||||
2005-08-04 Werner Koch <wk@g10code.com>
|
||||
|
||||
* export.c (do_export_stream): Skip on-card keys when only subkeys
|
||||
are to be exported. It does not make sense to replace the on-card
|
||||
key stub by a no-key stub.
|
||||
|
||||
* revoke.c (gen_revoke): Check for non-online keys.
|
||||
|
||||
* seckey-cert.c (is_secret_key_protected): Return -3 for
|
||||
non-online key stubs. The old code assumes that a protection
|
||||
algorithm is still set but in some cases this one is 0 and thus it
|
||||
won't be possible to decide whether it is unprotected or
|
||||
protected.
|
||||
|
||||
2005-07-28 Werner Koch <wk@g10code.com>
|
||||
|
||||
* Makefile.am (other_libs): Add SRVLIBS.
|
||||
|
@ -533,7 +533,7 @@ check_card_serialno (app_t app, const char *serialno)
|
||||
const char *s;
|
||||
int ask = 0;
|
||||
int n;
|
||||
|
||||
|
||||
for (s = serialno, n=0; *s != '/' && hexdigitp (s); s++, n++)
|
||||
;
|
||||
if (n != 32)
|
||||
|
11
g10/export.c
11
g10/export.c
@ -230,6 +230,17 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
|
||||
keystr(sk_keyid));
|
||||
continue;
|
||||
}
|
||||
|
||||
/* It does not make sense to export a key with a primary
|
||||
key on card using a non-key stub. We simply skip those
|
||||
keys when used with --export-secret-subkeys. */
|
||||
if (secret == 2 && sk->is_protected
|
||||
&& sk->protect.s2k.mode == 1002 )
|
||||
{
|
||||
log_info(_("key %s: key material on-card - skipped\n"),
|
||||
keystr(sk_keyid));
|
||||
continue;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -540,7 +540,6 @@ check_signatures_trust( PKT_signature *sig )
|
||||
size_t fprlen;
|
||||
int okay;
|
||||
|
||||
log_info (_("Note: Verified address is `%s'\n"), sig->pka_info->email);
|
||||
|
||||
primary_pk = xmalloc_clear (sizeof *primary_pk);
|
||||
get_pubkey (primary_pk, pk->main_keyid);
|
||||
@ -548,9 +547,17 @@ check_signatures_trust( PKT_signature *sig )
|
||||
free_public_key (primary_pk);
|
||||
|
||||
if ( fprlen == 20 && !memcmp (sig->pka_info->fpr, fpr, 20) )
|
||||
okay = 1;
|
||||
{
|
||||
okay = 1;
|
||||
log_info (_("Note: Verified signer's address is `%s'\n"),
|
||||
sig->pka_info->email);
|
||||
}
|
||||
else
|
||||
okay = 0;
|
||||
{
|
||||
okay = 0;
|
||||
log_info (_("Note: Signer's address `%s' "
|
||||
"does not match DNS entry\n"), sig->pka_info->email);
|
||||
}
|
||||
|
||||
switch ( (trustlevel & TRUST_MASK) )
|
||||
{
|
||||
|
@ -497,11 +497,15 @@ gen_revoke( const char *uname )
|
||||
log_error(_("unknown protection algorithm\n"));
|
||||
rc = G10ERR_PUBKEY_ALGO;
|
||||
break;
|
||||
case -3:
|
||||
tty_printf (_("Secret parts of primary key are not available.\n"));
|
||||
rc = G10ERR_NO_SECKEY;
|
||||
break;
|
||||
case 0:
|
||||
tty_printf(_("NOTE: This key is not protected!\n"));
|
||||
break;
|
||||
default:
|
||||
rc = check_secret_key( sk, 0 );
|
||||
rc = check_secret_key( sk, 0 );
|
||||
break;
|
||||
}
|
||||
if( rc )
|
||||
|
@ -289,13 +289,14 @@ check_secret_key( PKT_secret_key *sk, int n )
|
||||
* check whether the secret key is protected.
|
||||
* Returns: 0 not protected, -1 on error or the protection algorithm
|
||||
* -2 indicates a card stub.
|
||||
* -3 indicates a not-online stub.
|
||||
*/
|
||||
int
|
||||
is_secret_key_protected( PKT_secret_key *sk )
|
||||
{
|
||||
return sk->is_protected?
|
||||
sk->protect.s2k.mode == 1002? -2
|
||||
: sk->protect.algo : 0;
|
||||
sk->protect.s2k.mode == 1002? -2 :
|
||||
sk->protect.s2k.mode == 1001? -3 : sk->protect.algo : 0;
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user