security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: New option --quick-update-pref. 

* g10/gpg.c (aQuickUpdatePref): New.
(opts): Add --quick-update-pref.
(main): Implement.
* g10/keyedit.c (keyedit_quick_update_pref): New.
(menu_set_preferences): Add arg 'unattended' and adjust caller.
--

This new quick command is in particular useful to update existing keys
so that they can be used with OCB mode.
This commit is contained in:
Werner Koch 2022-11-04 15:26:15 +01:00
parent 811cfa34cb
commit d40d23b233
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
5 changed files with 77 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
doc/gpg.texi
View File

@ -968,7 +968,8 @@ signing.
--version} to get a list of available algorithms. Note that while you
can change the preferences on an attribute user ID (aka "photo ID"),
GnuPG does not select keys via attribute user IDs so these preferences
will not be used by GnuPG.
will not be used by GnuPG. Note that an unattended version of this
command is available as @option{--quick-update-pref}.
When setting preferences, you should list the algorithms in the order
which you'd like to see them used by someone else when encrypting a
@ -1196,6 +1197,16 @@ user ID which shall be flagged as the primary user ID. The primary
user ID flag is removed from all other user ids and the timestamp of
all affected self-signatures is set one second ahead.
@item --quick-update-pref @var{user-id}
@opindex quick-update-pref
This command updates the preference list of the key to the current
default value (either built-in or set via
@option{--default-preference-list}). This is the unattended version
of of using "setpref" in the @option{--key-edit} menu without giving a
list. Note that you can show the preferences in a key listing by
using @option{--list-options show-pref} or @option{--list-options
show-pref-verbose}. You should also re-distribute updated keys to
your peers.
@item --change-passphrase @var{user-id}
@opindex change-passphrase

4
g10/encrypt.c
View File

@ -351,7 +351,7 @@ use_aead (pk_list_t pk_list, int algo)
{
if (!can_use)
{
log_info ("Warning: request to use AEAD ignored for cipher '%s'\n",
log_info ("Warning: request to use OCB ignored for cipher '%s'\n",
openpgp_cipher_algo_name (algo));
return 0;
}
@ -470,7 +470,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
if (use_seskey && s2k->mode != 1 && s2k->mode != 3)
{
use_seskey = 0;
log_info (_("can't use a symmetric ESK packet "
log_info (_("can't use a SKESK packet"
"due to the S2K mode\n"));
}

14
g10/gpg.c
View File

@ -1,7 +1,7 @@
/* gpg.c - The GnuPG OpenPGP tool
* Copyright (C) 1998-2020 Free Software Foundation, Inc.
* Copyright (C) 1997-2019 Werner Koch
* Copyright (C) 2015-2021 g10 Code GmbH
* Copyright (C) 2015-2022 g10 Code GmbH
*
* This file is part of GnuPG.
*
@ -133,6 +133,7 @@ enum cmd_and_opt_values
aQuickRevUid,
aQuickSetExpire,
aQuickSetPrimaryUid,
aQuickUpdatePref,
aListConfig,
aListGcryptConfig,
aGPGConfList,
@ -489,6 +490,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_c (aQuickSetExpire, "quick-set-expire",
N_("quickly set a new expiration date")),
ARGPARSE_c (aQuickSetPrimaryUid, "quick-set-primary-uid", "@"),
ARGPARSE_c (aQuickUpdatePref, "quick-update-pref", "@"),
ARGPARSE_c (aFullKeygen, "full-generate-key" ,
N_("full featured key pair generation")),
ARGPARSE_c (aFullKeygen, "full-gen-key", "@"),
@ -2677,6 +2679,7 @@ main (int argc, char **argv)
case aQuickRevUid:
case aQuickSetExpire:
case aQuickSetPrimaryUid:
case aQuickUpdatePref:
case aExportOwnerTrust:
case aImportOwnerTrust:
case aRebuildKeydbCaches:
@ -4280,6 +4283,7 @@ main (int argc, char **argv)
case aQuickAddKey:
case aQuickRevUid:
case aQuickSetPrimaryUid:
case aQuickUpdatePref:
case aFullKeygen:
case aKeygen:
case aImport:
@ -4780,6 +4784,14 @@ main (int argc, char **argv)
}
break;
case aQuickUpdatePref:
{
if (argc != 1)
wrong_args ("--quick-update-pref USER-ID");
keyedit_quick_update_pref (ctrl, *argv);
}
break;
case aFastImport:
opt.import_options |= IMPORT_FAST; /* fall through */
case aImport:

56
g10/keyedit.c
View File

@ -1,7 +1,7 @@
/* keyedit.c - Edit properties of a key
* Copyright (C) 1998-2010 Free Software Foundation, Inc.
* Copyright (C) 1998-2017 Werner Koch
* Copyright (C) 2015, 2016 g10 Code GmbH
* Copyright (C) 2015, 2016, 2022 g10 Code GmbH
*
* This file is part of GnuPG.
*
@ -78,7 +78,8 @@ static gpg_error_t menu_expire (ctrl_t ctrl, kbnode_t pub_keyblock,
static int menu_changeusage (ctrl_t ctrl, kbnode_t keyblock);
static int menu_backsign (ctrl_t ctrl, kbnode_t pub_keyblock);
static int menu_set_primary_uid (ctrl_t ctrl, kbnode_t pub_keyblock);
static int menu_set_preferences (ctrl_t ctrl, kbnode_t pub_keyblock);
static int menu_set_preferences (ctrl_t ctrl, kbnode_t pub_keyblock,
int unattended);
static int menu_set_keyserver_url (ctrl_t ctrl,
const char *url, kbnode_t pub_keyblock);
static int menu_set_notation (ctrl_t ctrl,
@ -2157,7 +2158,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
" for the selected user IDs? (y/N) ")
: _("Really update the preferences? (y/N) ")))
{
if (menu_set_preferences (ctrl, keyblock))
if (menu_set_preferences (ctrl, keyblock, 0))
{
merge_keys_and_selfsig (ctrl, keyblock);
modified = 1;
@ -2654,6 +2655,45 @@ keyedit_quick_set_primary (ctrl_t ctrl, const char *username,
}
/* Unattended updating of the preference tro the standard preferences.
* USERNAME specifies the key. This is basically the same as
* gpg --edit-key <<userif> updpref save
*/
void
keyedit_quick_update_pref (ctrl_t ctrl, const char *username)
{
gpg_error_t err;
KEYDB_HANDLE kdbhd = NULL;
kbnode_t keyblock = NULL;
#ifdef HAVE_W32_SYSTEM
/* See keyedit_menu for why we need this. */
check_trustdb_stale (ctrl);
#endif
err = quick_find_keyblock (ctrl, username, 1, &kdbhd, &keyblock);
if (err)
goto leave;
if (menu_set_preferences (ctrl, keyblock, 1))
{
merge_keys_and_selfsig (ctrl, keyblock);
err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
if (err)
{
log_error (_("update failed: %s\n"), gpg_strerror (err));
goto leave;
}
}
leave:
if (err)
write_status_error ("keyedit.updpref", err);
release_kbnode (keyblock);
keydb_release (kdbhd);
}
/* Find a keyblock by fingerprint because only this uniquely
* identifies a key and may thus be used to select a key for
* unattended subkey creation os key signing. */
@ -5112,10 +5152,11 @@ menu_set_primary_uid (ctrl_t ctrl, kbnode_t pub_keyblock)
/*
* Set preferences to new values for the selected user IDs
* Set preferences to new values for the selected user IDs.
* --quick-update-pred calls this with UNATTENDED set.
*/
static int
menu_set_preferences (ctrl_t ctrl, kbnode_t pub_keyblock)
menu_set_preferences (ctrl_t ctrl, kbnode_t pub_keyblock, int unattended)
{
PKT_public_key *main_pk;
PKT_user_id *uid;
@ -5124,9 +5165,10 @@ menu_set_preferences (ctrl_t ctrl, kbnode_t pub_keyblock)
int selected, select_all;
int modified = 0;
no_primary_warning (pub_keyblock);
if (!unattended)
no_primary_warning (pub_keyblock);
select_all = !count_selected_uids (pub_keyblock);
select_all = unattended? 1 : !count_selected_uids (pub_keyblock);
/* Now we can actually change the self signature(s) */
main_pk = NULL;

1
g10/keyedit.h
View File

@ -55,6 +55,7 @@ void keyedit_quick_set_expire (ctrl_t ctrl,
char **subkeyfprs);
void keyedit_quick_set_primary (ctrl_t ctrl, const char *username,
const char *primaryuid);
void keyedit_quick_update_pref (ctrl_t ctrl, const char *username);
void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec);
int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
int rc, kbnode_t keyblock,