mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Print NO_SECKEY status line in gpgsm.
This fixes bug#1020.
This commit is contained in:
Werner Koch
parent
6dc17a2b4d
commit
ceb42db4dd
@ -1,5 +1,8 @@
|
||||
2009-03-25 Werner Koch <wk@g10code.com>
|
||||
|
||||
* pkdecrypt.c (agent_pkdecrypt): Return a specific error message
|
||||
if the key is not available.
|
||||
|
||||
* gpg-agent.c (main): Print a started message to show the real pid.
|
||||
|
||||
2009-03-20 Werner Koch <wk@g10code.com>
|
||||
|
||||
@ -69,7 +69,10 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
|
||||
CACHE_MODE_NORMAL, &s_skey);
|
||||
if (rc)
|
||||
{
|
||||
log_error ("failed to read the secret key\n");
|
||||
if (gpg_err_code (rc) == GPG_ERR_ENOENT)
|
||||
rc = gpg_error (GPG_ERR_NO_SECKEY);
|
||||
else
|
||||
log_error ("failed to read the secret key\n");
|
||||
goto leave;
|
||||
}
|
||||
|
||||
|
||||
12
doc/DETAILS
12
doc/DETAILS
@ -309,12 +309,12 @@ more arguments in future versions.
|
||||
since epoch or an ISO 8601 string which can be detected by the
|
||||
presence of the letter 'T' inside.
|
||||
|
||||
|
||||
ENC_TO <long keyid> <keytype> <keylength>
|
||||
The message is encrypted to this keyid.
|
||||
keytype is the numerical value of the public key algorithm,
|
||||
keylength is the length of the key or 0 if it is not known
|
||||
(which is currently always the case).
|
||||
ENC_TO <long_keyid> <keytype> <keylength>
|
||||
The message is encrypted to this LONG_KEYID. KEYTYPE is the
|
||||
numerical value of the public key algorithm or 0 if it is not
|
||||
known, KEYLENGTH is the length of the key or 0 if it is not
|
||||
known (which is currently always the case). Gpg prints this
|
||||
line always; Gpgsm only if it knows the certificate.
|
||||
|
||||
NODATA <what>
|
||||
No data has been found. Codes for what are:
|
||||
|
||||
@ -1,3 +1,7 @@
|
||||
2009-03-25 Werner Koch <wk@g10code.com>
|
||||
|
||||
* mainproc.c (print_pkenc_list): Use snprintf.
|
||||
|
||||
2009-03-17 Werner Koch <wk@g10code.com>
|
||||
|
||||
* call-agent.c (my_percent_plus_escape): Remove.
|
||||
|
||||
@ -469,8 +469,8 @@ print_pkenc_list( struct kidlist_item *list, int failed )
|
||||
if( list->reason == G10ERR_NO_SECKEY ) {
|
||||
if( is_status_enabled() ) {
|
||||
char buf[20];
|
||||
sprintf(buf,"%08lX%08lX", (ulong)list->kid[0],
|
||||
(ulong)list->kid[1] );
|
||||
snprintf (buf, sizeof buf, "%08lX%08lX",
|
||||
(ulong)list->kid[0], (ulong)list->kid[1]);
|
||||
write_status_text( STATUS_NO_SECKEY, buf );
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,3 +1,10 @@
|
||||
2009-03-25 Werner Koch <wk@g10code.com>
|
||||
|
||||
* decrypt.c (gpgsm_decrypt): Print ENC_TO and NO_SECKEY
|
||||
stati. Fixes bug#1020.
|
||||
* fingerprint.c (gpgsm_get_short_fingerprint): Add arg R_HIGH and
|
||||
change all callers.
|
||||
|
||||
2009-03-23 Werner Koch <wk@g10code.com>
|
||||
|
||||
* delete.c (delete_one): Also delete ephemeral certificates if
|
||||
|
||||
@ -952,7 +952,7 @@ gpgsm_format_keydesc (ksba_cert_t cert)
|
||||
"created %s, expires %s.\n" ),
|
||||
subject? subject:"?",
|
||||
sn? sn: "?",
|
||||
gpgsm_get_short_fingerprint (cert),
|
||||
gpgsm_get_short_fingerprint (cert, NULL),
|
||||
created, expires);
|
||||
|
||||
i18n_switchback (orig_codeset);
|
||||
|
||||
24
sm/decrypt.c
24
sm/decrypt.c
@ -362,6 +362,9 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
|
||||
ksba_sexp_t enc_val;
|
||||
char *hexkeygrip = NULL;
|
||||
char *desc = NULL;
|
||||
char kidbuf[16+1];
|
||||
|
||||
*kidbuf = 0;
|
||||
|
||||
rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial);
|
||||
if (rc == -1 && recp)
|
||||
@ -394,6 +397,25 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
|
||||
log_error ("failed to get cert: %s\n", gpg_strerror (rc));
|
||||
goto oops;
|
||||
}
|
||||
|
||||
/* Print the ENC_TO status line. Note that we can
|
||||
do so only if we have the certificate. This is
|
||||
in contrast to gpg where the keyID is commonly
|
||||
included in the encrypted messages. It is too
|
||||
cumbersome to retrieve the used algorithm, thus
|
||||
we don't print it for now. We also record the
|
||||
keyid for later use. */
|
||||
{
|
||||
unsigned long kid[2];
|
||||
|
||||
kid[0] = gpgsm_get_short_fingerprint (cert, kid+1);
|
||||
snprintf (kidbuf, sizeof kidbuf, "%08lX%08lX",
|
||||
kid[1], kid[0]);
|
||||
gpgsm_status2 (ctrl, STATUS_ENC_TO,
|
||||
kidbuf, "0", "0", NULL);
|
||||
}
|
||||
|
||||
|
||||
/* Just in case there is a problem with the own
|
||||
certificate we print this message - should never
|
||||
happen of course */
|
||||
@ -430,6 +452,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
|
||||
{
|
||||
log_info ("decrypting session key failed: %s\n",
|
||||
gpg_strerror (rc));
|
||||
if (gpg_err_code (rc) == GPG_ERR_NO_SECKEY && *kidbuf)
|
||||
gpgsm_status2 (ctrl, STATUS_NO_SECKEY, kidbuf, NULL);
|
||||
}
|
||||
else
|
||||
{ /* setup the bulk decrypter */
|
||||
|
||||
@ -140,13 +140,16 @@ gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo)
|
||||
}
|
||||
|
||||
/* Return a certificate ID. These are the last 4 bytes of the SHA-1
|
||||
fingerprint. */
|
||||
fingerprint. If R_HIGH is not NULL the next 4 bytes are stored
|
||||
there. */
|
||||
unsigned long
|
||||
gpgsm_get_short_fingerprint (ksba_cert_t cert)
|
||||
gpgsm_get_short_fingerprint (ksba_cert_t cert, unsigned long *r_high)
|
||||
{
|
||||
unsigned char digest[20];
|
||||
|
||||
gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL);
|
||||
if (r_high)
|
||||
*r_high = ((digest[12]<<24)|(digest[13]<<16)|(digest[14]<< 8)|digest[15]);
|
||||
return ((digest[16]<<24)|(digest[17]<<16)|(digest[18]<< 8)|digest[19]);
|
||||
}
|
||||
|
||||
|
||||
@ -229,7 +229,7 @@ int gpgsm_parse_validation_model (const char *model);
|
||||
/*-- server.c --*/
|
||||
void gpgsm_server (certlist_t default_recplist);
|
||||
gpg_error_t gpgsm_status (ctrl_t ctrl, int no, const char *text);
|
||||
gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...);
|
||||
gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...) GNUPG_GCC_A_SENTINEL(0);
|
||||
gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
|
||||
gpg_err_code_t ec);
|
||||
gpg_error_t gpgsm_proxy_pinentry_notify (ctrl_t ctrl,
|
||||
@ -240,7 +240,8 @@ unsigned char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
|
||||
unsigned char *array, int *r_len);
|
||||
char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo);
|
||||
char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
|
||||
unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert);
|
||||
unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert,
|
||||
unsigned long *r_high);
|
||||
unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array);
|
||||
char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
|
||||
int gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
|
||||
|
||||
@ -672,7 +672,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
|
||||
(void)have_secret;
|
||||
|
||||
es_fprintf (fp, " ID: 0x%08lX\n",
|
||||
gpgsm_get_short_fingerprint (cert));
|
||||
gpgsm_get_short_fingerprint (cert, NULL));
|
||||
|
||||
sexp = ksba_cert_get_serial (cert);
|
||||
es_fputs (" S/N: ", fp);
|
||||
@ -1042,7 +1042,7 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
|
||||
(void)have_secret;
|
||||
|
||||
es_fprintf (fp, " ID: 0x%08lX\n",
|
||||
gpgsm_get_short_fingerprint (cert));
|
||||
gpgsm_get_short_fingerprint (cert, NULL));
|
||||
|
||||
sexp = ksba_cert_get_serial (cert);
|
||||
es_fputs (" S/N: ", fp);
|
||||
|
||||
@ -450,7 +450,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
|
||||
else
|
||||
log_printf (_("[date not given]"));
|
||||
log_printf (_(" using certificate ID 0x%08lX\n"),
|
||||
gpgsm_get_short_fingerprint (cert));
|
||||
gpgsm_get_short_fingerprint (cert, NULL));
|
||||
|
||||
|
||||
if (msgdigest)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user