mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
* keygen.c (generate_subkeypair): Detect primary key on-card and
ask for the passphrase. Return an error if the primary key is a plain stub. * keyedit.c (change_passphrase): Don't ever change any stub key. Print a note if a key consists of only stub keys. Reported by Dany Nativel. These are bugs #401 and #402.
This commit is contained in:
Werner Koch
parent
963748d1b5
commit
d96f816f89
3 changed files with 75 additions and 18 deletions
|
|
@ -1069,6 +1069,7 @@ change_passphrase( KBNODE keyblock )
|
|||
PKT_secret_key *sk;
|
||||
char *passphrase = NULL;
|
||||
int no_primary_secrets = 0;
|
||||
int any;
|
||||
|
||||
node = find_kbnode( keyblock, PKT_SECRET_KEY );
|
||||
if( !node ) {
|
||||
|
|
@ -1077,6 +1078,25 @@ change_passphrase( KBNODE keyblock )
|
|||
}
|
||||
sk = node->pkt->pkt.secret_key;
|
||||
|
||||
for (any = 0, node=keyblock; node; node = node->next) {
|
||||
if (node->pkt->pkttype == PKT_SECRET_KEY
|
||||
|| node->pkt->pkttype == PKT_SECRET_SUBKEY) {
|
||||
PKT_secret_key *tmpsk = node->pkt->pkt.secret_key;
|
||||
if (!(tmpsk->is_protected
|
||||
&& (tmpsk->protect.s2k.mode == 1001
|
||||
|| tmpsk->protect.s2k.mode == 1002))) {
|
||||
any = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!any) {
|
||||
tty_printf (_("Key has only stub or on-card key items - "
|
||||
"no passphrase to change.\n"));
|
||||
goto leave;
|
||||
}
|
||||
|
||||
/* See how to handle this key. */
|
||||
switch( is_secret_key_protected( sk ) ) {
|
||||
case -1:
|
||||
rc = G10ERR_PUBKEY_ALGO;
|
||||
|
|
@ -1089,6 +1109,10 @@ change_passphrase( KBNODE keyblock )
|
|||
tty_printf(_("Secret parts of primary key are not available.\n"));
|
||||
no_primary_secrets = 1;
|
||||
}
|
||||
else if( sk->protect.s2k.mode == 1002 ) {
|
||||
tty_printf(_("Secret parts of primary key are store on-card.\n"));
|
||||
no_primary_secrets = 1;
|
||||
}
|
||||
else {
|
||||
tty_printf(_("Key is protected.\n"));
|
||||
rc = check_secret_key( sk, 0 );
|
||||
|
|
@ -1098,14 +1122,18 @@ change_passphrase( KBNODE keyblock )
|
|||
break;
|
||||
}
|
||||
|
||||
/* unprotect all subkeys (use the supplied passphrase or ask)*/
|
||||
/* Unprotect all subkeys (use the supplied passphrase or ask)*/
|
||||
for(node=keyblock; !rc && node; node = node->next ) {
|
||||
if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
|
||||
PKT_secret_key *subsk = node->pkt->pkt.secret_key;
|
||||
set_next_passphrase( passphrase );
|
||||
rc = check_secret_key( subsk, 0 );
|
||||
if( !rc && !passphrase )
|
||||
passphrase = get_last_passphrase();
|
||||
if ( !(subsk->is_protected
|
||||
&& (subsk->protect.s2k.mode == 1001
|
||||
|| subsk->protect.s2k.mode == 1002))) {
|
||||
set_next_passphrase( passphrase );
|
||||
rc = check_secret_key( subsk, 0 );
|
||||
if( !rc && !passphrase )
|
||||
passphrase = get_last_passphrase();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1149,13 +1177,18 @@ change_passphrase( KBNODE keyblock )
|
|||
for(node=keyblock; !rc && node; node = node->next ) {
|
||||
if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
|
||||
PKT_secret_key *subsk = node->pkt->pkt.secret_key;
|
||||
subsk->protect.algo = dek->algo;
|
||||
subsk->protect.s2k = *s2k;
|
||||
rc = protect_secret_key( subsk, dek );
|
||||
if ( !(subsk->is_protected
|
||||
&& (subsk->protect.s2k.mode == 1001
|
||||
|| subsk->protect.s2k.mode == 1002))) {
|
||||
subsk->protect.algo = dek->algo;
|
||||
subsk->protect.s2k = *s2k;
|
||||
rc = protect_secret_key( subsk, dek );
|
||||
}
|
||||
}
|
||||
}
|
||||
if( rc )
|
||||
log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );
|
||||
log_error("protect_secret_key failed: %s\n",
|
||||
g10_errstr(rc) );
|
||||
else
|
||||
changed++;
|
||||
break;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue