diff --git a/agent/ChangeLog b/agent/ChangeLog index a2e878db6..e84d1eb06 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,5 +1,8 @@ 2009-03-25 Werner Koch + * pkdecrypt.c (agent_pkdecrypt): Return a specific error message + if the key is not available. + * gpg-agent.c (main): Print a started message to show the real pid. 2009-03-20 Werner Koch diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c index 80f92dd0c..75e8e8f73 100644 --- a/agent/pkdecrypt.c +++ b/agent/pkdecrypt.c @@ -69,7 +69,10 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text, CACHE_MODE_NORMAL, &s_skey); if (rc) { - log_error ("failed to read the secret key\n"); + if (gpg_err_code (rc) == GPG_ERR_ENOENT) + rc = gpg_error (GPG_ERR_NO_SECKEY); + else + log_error ("failed to read the secret key\n"); goto leave; } diff --git a/doc/DETAILS b/doc/DETAILS index 6168264fe..7118b0fb1 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -309,12 +309,12 @@ more arguments in future versions. since epoch or an ISO 8601 string which can be detected by the presence of the letter 'T' inside. - - ENC_TO - The message is encrypted to this keyid. - keytype is the numerical value of the public key algorithm, - keylength is the length of the key or 0 if it is not known - (which is currently always the case). + ENC_TO + The message is encrypted to this LONG_KEYID. KEYTYPE is the + numerical value of the public key algorithm or 0 if it is not + known, KEYLENGTH is the length of the key or 0 if it is not + known (which is currently always the case). Gpg prints this + line always; Gpgsm only if it knows the certificate. NODATA No data has been found. Codes for what are: diff --git a/g10/ChangeLog b/g10/ChangeLog index 959655f35..d7db690fc 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,7 @@ +2009-03-25 Werner Koch + + * mainproc.c (print_pkenc_list): Use snprintf. + 2009-03-17 Werner Koch * call-agent.c (my_percent_plus_escape): Remove. diff --git a/g10/mainproc.c b/g10/mainproc.c index 4678c1bfd..84a9de5f1 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -469,8 +469,8 @@ print_pkenc_list( struct kidlist_item *list, int failed ) if( list->reason == G10ERR_NO_SECKEY ) { if( is_status_enabled() ) { char buf[20]; - sprintf(buf,"%08lX%08lX", (ulong)list->kid[0], - (ulong)list->kid[1] ); + snprintf (buf, sizeof buf, "%08lX%08lX", + (ulong)list->kid[0], (ulong)list->kid[1]); write_status_text( STATUS_NO_SECKEY, buf ); } } diff --git a/sm/ChangeLog b/sm/ChangeLog index a98ce4d86..6b435dac8 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,10 @@ +2009-03-25 Werner Koch + + * decrypt.c (gpgsm_decrypt): Print ENC_TO and NO_SECKEY + stati. Fixes bug#1020. + * fingerprint.c (gpgsm_get_short_fingerprint): Add arg R_HIGH and + change all callers. + 2009-03-23 Werner Koch * delete.c (delete_one): Also delete ephemeral certificates if diff --git a/sm/certdump.c b/sm/certdump.c index c8854054b..d3390702d 100644 --- a/sm/certdump.c +++ b/sm/certdump.c @@ -952,7 +952,7 @@ gpgsm_format_keydesc (ksba_cert_t cert) "created %s, expires %s.\n" ), subject? subject:"?", sn? sn: "?", - gpgsm_get_short_fingerprint (cert), + gpgsm_get_short_fingerprint (cert, NULL), created, expires); i18n_switchback (orig_codeset); diff --git a/sm/decrypt.c b/sm/decrypt.c index 9ed47366a..8fb9f2dfd 100644 --- a/sm/decrypt.c +++ b/sm/decrypt.c @@ -362,6 +362,9 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp) ksba_sexp_t enc_val; char *hexkeygrip = NULL; char *desc = NULL; + char kidbuf[16+1]; + + *kidbuf = 0; rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial); if (rc == -1 && recp) @@ -394,6 +397,25 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp) log_error ("failed to get cert: %s\n", gpg_strerror (rc)); goto oops; } + + /* Print the ENC_TO status line. Note that we can + do so only if we have the certificate. This is + in contrast to gpg where the keyID is commonly + included in the encrypted messages. It is too + cumbersome to retrieve the used algorithm, thus + we don't print it for now. We also record the + keyid for later use. */ + { + unsigned long kid[2]; + + kid[0] = gpgsm_get_short_fingerprint (cert, kid+1); + snprintf (kidbuf, sizeof kidbuf, "%08lX%08lX", + kid[1], kid[0]); + gpgsm_status2 (ctrl, STATUS_ENC_TO, + kidbuf, "0", "0", NULL); + } + + /* Just in case there is a problem with the own certificate we print this message - should never happen of course */ @@ -430,6 +452,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp) { log_info ("decrypting session key failed: %s\n", gpg_strerror (rc)); + if (gpg_err_code (rc) == GPG_ERR_NO_SECKEY && *kidbuf) + gpgsm_status2 (ctrl, STATUS_NO_SECKEY, kidbuf, NULL); } else { /* setup the bulk decrypter */ diff --git a/sm/fingerprint.c b/sm/fingerprint.c index addf56296..4704f5972 100644 --- a/sm/fingerprint.c +++ b/sm/fingerprint.c @@ -140,13 +140,16 @@ gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo) } /* Return a certificate ID. These are the last 4 bytes of the SHA-1 - fingerprint. */ + fingerprint. If R_HIGH is not NULL the next 4 bytes are stored + there. */ unsigned long -gpgsm_get_short_fingerprint (ksba_cert_t cert) +gpgsm_get_short_fingerprint (ksba_cert_t cert, unsigned long *r_high) { unsigned char digest[20]; gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); + if (r_high) + *r_high = ((digest[12]<<24)|(digest[13]<<16)|(digest[14]<< 8)|digest[15]); return ((digest[16]<<24)|(digest[17]<<16)|(digest[18]<< 8)|digest[19]); } diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 0b16e51c2..e9327d217 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -229,7 +229,7 @@ int gpgsm_parse_validation_model (const char *model); /*-- server.c --*/ void gpgsm_server (certlist_t default_recplist); gpg_error_t gpgsm_status (ctrl_t ctrl, int no, const char *text); -gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...); +gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...) GNUPG_GCC_A_SENTINEL(0); gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text, gpg_err_code_t ec); gpg_error_t gpgsm_proxy_pinentry_notify (ctrl_t ctrl, @@ -240,7 +240,8 @@ unsigned char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo, unsigned char *array, int *r_len); char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo); char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo); -unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert); +unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert, + unsigned long *r_high); unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array); char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert); int gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits); diff --git a/sm/keylist.c b/sm/keylist.c index 78f919d8f..2de1708a8 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -672,7 +672,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd, (void)have_secret; es_fprintf (fp, " ID: 0x%08lX\n", - gpgsm_get_short_fingerprint (cert)); + gpgsm_get_short_fingerprint (cert, NULL)); sexp = ksba_cert_get_serial (cert); es_fputs (" S/N: ", fp); @@ -1042,7 +1042,7 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret, (void)have_secret; es_fprintf (fp, " ID: 0x%08lX\n", - gpgsm_get_short_fingerprint (cert)); + gpgsm_get_short_fingerprint (cert, NULL)); sexp = ksba_cert_get_serial (cert); es_fputs (" S/N: ", fp); diff --git a/sm/verify.c b/sm/verify.c index 11f147db5..77517c61f 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -450,7 +450,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) else log_printf (_("[date not given]")); log_printf (_(" using certificate ID 0x%08lX\n"), - gpgsm_get_short_fingerprint (cert)); + gpgsm_get_short_fingerprint (cert, NULL)); if (msgdigest)