security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

gpg: New option --quick-update-pref.

Browse Source 
* g10/gpg.c (aQuickUpdatePref): New.
(opts): Add --quick-update-pref.
(main): Implement.
* g10/keyedit.c (keyedit_quick_update_pref): New.
(menu_set_preferences): Add arg 'unattended' and adjust caller.
--

This new quick command is in particular useful to update existing keys
so that they can be used with OCB mode.
This commit is contained in:
Werner Koch 2022-11-04 15:26:15 +01:00
parent 811cfa34cb
commit d40d23b233
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
5 changed files with 77 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
doc/gpg.texi
View File

@ -968,7 +968,8 @@ signing.
--version} to get a list of available algorithms. Note that while you --version} to get a list of available algorithms. Note that while you
can change the preferences on an attribute user ID (aka "photo ID"), can change the preferences on an attribute user ID (aka "photo ID"),
GnuPG does not select keys via attribute user IDs so these preferences GnuPG does not select keys via attribute user IDs so these preferences
will not be used by GnuPG. will not be used by GnuPG. Note that an unattended version of this
command is available as @option{--quick-update-pref}.
When setting preferences, you should list the algorithms in the order When setting preferences, you should list the algorithms in the order
which you'd like to see them used by someone else when encrypting a which you'd like to see them used by someone else when encrypting a
@ -1196,6 +1197,16 @@ user ID which shall be flagged as the primary user ID. The primary
user ID flag is removed from all other user ids and the timestamp of user ID flag is removed from all other user ids and the timestamp of
all affected self-signatures is set one second ahead. all affected self-signatures is set one second ahead.
@item --quick-update-pref @var{user-id}
@opindex quick-update-pref
This command updates the preference list of the key to the current
default value (either built-in or set via
@option{--default-preference-list}). This is the unattended version
of of using "setpref" in the @option{--key-edit} menu without giving a
list. Note that you can show the preferences in a key listing by
using @option{--list-options show-pref} or @option{--list-options
show-pref-verbose}. You should also re-distribute updated keys to
your peers.
@item --change-passphrase @var{user-id} @item --change-passphrase @var{user-id}
@opindex change-passphrase @opindex change-passphrase

4
g10/encrypt.c
View File

@ -351,7 +351,7 @@ use_aead (pk_list_t pk_list, int algo)
{ {
if (!can_use) if (!can_use)
{ {
log_info ("Warning: request to use AEAD ignored for cipher '%s'\n", log_info ("Warning: request to use OCB ignored for cipher '%s'\n",
openpgp_cipher_algo_name (algo)); openpgp_cipher_algo_name (algo));
return 0; return 0;
} }
@ -470,7 +470,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
if (use_seskey && s2k->mode != 1 && s2k->mode != 3) if (use_seskey && s2k->mode != 1 && s2k->mode != 3)
{ {
use_seskey = 0; use_seskey = 0;
log_info (_("can't use a symmetric ESK packet " log_info (_("can't use a SKESK packet"
"due to the S2K mode\n")); "due to the S2K mode\n"));
} }

14
g10/gpg.c
View File

@ -1,7 +1,7 @@
/* gpg.c - The GnuPG OpenPGP tool /* gpg.c - The GnuPG OpenPGP tool
* Copyright (C) 1998-2020 Free Software Foundation, Inc. * Copyright (C) 1998-2020 Free Software Foundation, Inc.
* Copyright (C) 1997-2019 Werner Koch * Copyright (C) 1997-2019 Werner Koch
* Copyright (C) 2015-2021 g10 Code GmbH * Copyright (C) 2015-2022 g10 Code GmbH
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -133,6 +133,7 @@ enum cmd_and_opt_values
aQuickRevUid, aQuickRevUid,
aQuickSetExpire, aQuickSetExpire,
aQuickSetPrimaryUid, aQuickSetPrimaryUid,
aQuickUpdatePref,
aListConfig, aListConfig,
aListGcryptConfig, aListGcryptConfig,
aGPGConfList, aGPGConfList,
@ -489,6 +490,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_c (aQuickSetExpire, "quick-set-expire", ARGPARSE_c (aQuickSetExpire, "quick-set-expire",
N_("quickly set a new expiration date")), N_("quickly set a new expiration date")),
ARGPARSE_c (aQuickSetPrimaryUid, "quick-set-primary-uid", "@"), ARGPARSE_c (aQuickSetPrimaryUid, "quick-set-primary-uid", "@"),
ARGPARSE_c (aQuickUpdatePref, "quick-update-pref", "@"),
ARGPARSE_c (aFullKeygen, "full-generate-key" , ARGPARSE_c (aFullKeygen, "full-generate-key" ,
N_("full featured key pair generation")), N_("full featured key pair generation")),
ARGPARSE_c (aFullKeygen, "full-gen-key", "@"), ARGPARSE_c (aFullKeygen, "full-gen-key", "@"),
@ -2677,6 +2679,7 @@ main (int argc, char **argv)
case aQuickRevUid: case aQuickRevUid:
case aQuickSetExpire: case aQuickSetExpire:
case aQuickSetPrimaryUid: case aQuickSetPrimaryUid:
case aQuickUpdatePref:
case aExportOwnerTrust: case aExportOwnerTrust:
case aImportOwnerTrust: case aImportOwnerTrust:
case aRebuildKeydbCaches: case aRebuildKeydbCaches:
@ -4280,6 +4283,7 @@ main (int argc, char **argv)
case aQuickAddKey: case aQuickAddKey:
case aQuickRevUid: case aQuickRevUid:
case aQuickSetPrimaryUid: case aQuickSetPrimaryUid:
case aQuickUpdatePref:
case aFullKeygen: case aFullKeygen:
case aKeygen: case aKeygen:
case aImport: case aImport:
@ -4780,6 +4784,14 @@ main (int argc, char **argv)
} }
break; break;
case aQuickUpdatePref:
{
if (argc != 1)
wrong_args ("--quick-update-pref USER-ID");
keyedit_quick_update_pref (ctrl, *argv);
}
break;
case aFastImport: case aFastImport:
opt.import_options |= IMPORT_FAST; /* fall through */ opt.import_options |= IMPORT_FAST; /* fall through */
case aImport: case aImport:

54
g10/keyedit.c
View File

@ -1,7 +1,7 @@
/* keyedit.c - Edit properties of a key /* keyedit.c - Edit properties of a key
* Copyright (C) 1998-2010 Free Software Foundation, Inc. * Copyright (C) 1998-2010 Free Software Foundation, Inc.
* Copyright (C) 1998-2017 Werner Koch * Copyright (C) 1998-2017 Werner Koch
* Copyright (C) 2015, 2016 g10 Code GmbH * Copyright (C) 2015, 2016, 2022 g10 Code GmbH
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -78,7 +78,8 @@ static gpg_error_t menu_expire (ctrl_t ctrl, kbnode_t pub_keyblock,
static int menu_changeusage (ctrl_t ctrl, kbnode_t keyblock); static int menu_changeusage (ctrl_t ctrl, kbnode_t keyblock);
static int menu_backsign (ctrl_t ctrl, kbnode_t pub_keyblock); static int menu_backsign (ctrl_t ctrl, kbnode_t pub_keyblock);
static int menu_set_primary_uid (ctrl_t ctrl, kbnode_t pub_keyblock); static int menu_set_primary_uid (ctrl_t ctrl, kbnode_t pub_keyblock);
static int menu_set_preferences (ctrl_t ctrl, kbnode_t pub_keyblock); static int menu_set_preferences (ctrl_t ctrl, kbnode_t pub_keyblock,
int unattended);
static int menu_set_keyserver_url (ctrl_t ctrl, static int menu_set_keyserver_url (ctrl_t ctrl,
const char *url, kbnode_t pub_keyblock); const char *url, kbnode_t pub_keyblock);
static int menu_set_notation (ctrl_t ctrl, static int menu_set_notation (ctrl_t ctrl,
@ -2157,7 +2158,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
" for the selected user IDs? (y/N) ") " for the selected user IDs? (y/N) ")
: _("Really update the preferences? (y/N) "))) : _("Really update the preferences? (y/N) ")))
{ {
if (menu_set_preferences (ctrl, keyblock)) if (menu_set_preferences (ctrl, keyblock, 0))
{ {
merge_keys_and_selfsig (ctrl, keyblock); merge_keys_and_selfsig (ctrl, keyblock);
modified = 1; modified = 1;
@ -2654,6 +2655,45 @@ keyedit_quick_set_primary (ctrl_t ctrl, const char *username,
} }
/* Unattended updating of the preference tro the standard preferences.
* USERNAME specifies the key. This is basically the same as
* gpg --edit-key <<userif> updpref save
*/
void
keyedit_quick_update_pref (ctrl_t ctrl, const char *username)
{
gpg_error_t err;
KEYDB_HANDLE kdbhd = NULL;
kbnode_t keyblock = NULL;
#ifdef HAVE_W32_SYSTEM
/* See keyedit_menu for why we need this. */
check_trustdb_stale (ctrl);
#endif
err = quick_find_keyblock (ctrl, username, 1, &kdbhd, &keyblock);
if (err)
goto leave;
if (menu_set_preferences (ctrl, keyblock, 1))
{
merge_keys_and_selfsig (ctrl, keyblock);
err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
if (err)
{
log_error (_("update failed: %s\n"), gpg_strerror (err));
goto leave;
}
}
leave:
if (err)
write_status_error ("keyedit.updpref", err);
release_kbnode (keyblock);
keydb_release (kdbhd);
}
/* Find a keyblock by fingerprint because only this uniquely /* Find a keyblock by fingerprint because only this uniquely
* identifies a key and may thus be used to select a key for * identifies a key and may thus be used to select a key for
* unattended subkey creation os key signing. */ * unattended subkey creation os key signing. */
@ -5112,10 +5152,11 @@ menu_set_primary_uid (ctrl_t ctrl, kbnode_t pub_keyblock)
/* /*
* Set preferences to new values for the selected user IDs * Set preferences to new values for the selected user IDs.
* --quick-update-pred calls this with UNATTENDED set.
*/ */
static int static int
menu_set_preferences (ctrl_t ctrl, kbnode_t pub_keyblock) menu_set_preferences (ctrl_t ctrl, kbnode_t pub_keyblock, int unattended)
{ {
PKT_public_key *main_pk; PKT_public_key *main_pk;
PKT_user_id *uid; PKT_user_id *uid;
@ -5124,9 +5165,10 @@ menu_set_preferences (ctrl_t ctrl, kbnode_t pub_keyblock)
int selected, select_all; int selected, select_all;
int modified = 0; int modified = 0;
if (!unattended)
no_primary_warning (pub_keyblock); no_primary_warning (pub_keyblock);
select_all = !count_selected_uids (pub_keyblock); select_all = unattended? 1 : !count_selected_uids (pub_keyblock);
/* Now we can actually change the self signature(s) */ /* Now we can actually change the self signature(s) */
main_pk = NULL; main_pk = NULL;

1
g10/keyedit.h
View File

@ -55,6 +55,7 @@ void keyedit_quick_set_expire (ctrl_t ctrl,
char **subkeyfprs); char **subkeyfprs);
void keyedit_quick_set_primary (ctrl_t ctrl, const char *username, void keyedit_quick_set_primary (ctrl_t ctrl, const char *username,
const char *primaryuid); const char *primaryuid);
void keyedit_quick_update_pref (ctrl_t ctrl, const char *username);
void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec); void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec);
int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp, int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
int rc, kbnode_t keyblock, int rc, kbnode_t keyblock,