security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: Allow deletion of subkeys with --delete-[secret-]key.

Browse source 
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
--

GnuPG-bug-id: 4457
This commit is contained in:
Werner Koch 2019-05-27 10:40:38 +02:00
parent 9ccdd59e4e
commit d9b31d3a20
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 113 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

103
g10/delkey.c
View file

@ -1,7 +1,7 @@
/* delkey.c - delete keys
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004,
* 2005, 2006 Free Software Foundation, Inc.
* Copyright (C) 2014 Werner Koch
* Copyright (C) 2014, 2019 Werner Koch
*
* This file is part of GnuPG.
*
@ -53,13 +53,15 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
gpg_error_t err;
kbnode_t keyblock = NULL;
kbnode_t node, kbctx;
kbnode_t targetnode;
KEYDB_HANDLE hd;
PKT_public_key *pk = NULL;
u32 keyid[2];
int okay=0;
int yes;
KEYDB_SEARCH_DESC desc;
int exactmatch;
int exactmatch; /* True if key was found by fingerprint. */
int thiskeyonly; /* 0 = false, 1 = is primary key, 2 = is a subkey. */
*r_sec_avail = 0;
@ -72,6 +74,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
exactmatch = (desc.mode == KEYDB_SEARCH_MODE_FPR
|| desc.mode == KEYDB_SEARCH_MODE_FPR16
|| desc.mode == KEYDB_SEARCH_MODE_FPR20);
thiskeyonly = desc.exact;
if (!err)
err = keydb_search (hd, &desc, 1, NULL);
if (err)
@ -97,7 +100,35 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
pk = node->pkt->pkt.public_key;
/* If an operation only on a subkey is requested, find that subkey
* now. */
if (thiskeyonly)
{
kbnode_t tmpnode;
for (kbctx=NULL; (tmpnode = walk_kbnode (keyblock, &kbctx, 0)); )
{
if (!(tmpnode->pkt->pkttype == PKT_PUBLIC_KEY
|| tmpnode->pkt->pkttype == PKT_PUBLIC_SUBKEY))
continue;
if (exact_subkey_match_p (&desc, tmpnode))
break;
}
if (!tmpnode)
{
log_error ("Oops; requested subkey not found anymore!\n");
err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
/* Set NODE to this specific subkey or primary key. */
thiskeyonly = node == tmpnode? 1 : 2;
targetnode = tmpnode;
}
else
targetnode = node;
pk = targetnode->pkt->pkt.public_key;
keyid_from_pk (pk, keyid);
if (!secret && !force)
@ -143,6 +174,32 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
print_pubkey_info (ctrl, NULL, pk );
tty_printf( "\n" );
if (thiskeyonly == 1 && !secret)
{
/* We need to delete the entire public key despite the use
* of the thiskeyonly request. */
tty_printf (_("Note: The public primary key and all its subkeys"
" will be deleted.\n"));
}
else if (thiskeyonly == 2 && !secret)
{
tty_printf (_("Note: Only the shown public subkey"
" will be deleted.\n"));
}
if (thiskeyonly == 1 && secret)
{
tty_printf (_("Note: Only the secret part of the shown primary"
" key will be deleted.\n"));
}
else if (thiskeyonly == 2 && secret)
{
tty_printf (_("Note: Only the secret part of the shown subkey"
" will be deleted.\n"));
}
if (thiskeyonly)
tty_printf ("\n");
yes = cpr_get_answer_is_yes
(secret? "delete_key.secret.okay": "delete_key.okay",
_("Delete this key from the keyring? (y/N) "));
@ -178,6 +235,9 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY))
continue;
if (thiskeyonly && targetnode != node)
continue;
if (agent_probe_secret_key (NULL, node->pkt->pkt.public_key))
continue; /* No secret key for that public (sub)key. */
@ -219,9 +279,38 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
if (firsterr)
goto leave;
}
else if (thiskeyonly == 2)
{
int selected = 0;
/* Delete the specified public subkey. */
for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); )
{
if (thiskeyonly && targetnode != node)
continue;
if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
selected = targetnode == node;
if (selected)
delete_kbnode (node);
}
else if (selected && node->pkt->pkttype == PKT_SIGNATURE)
delete_kbnode (node);
else
selected = 0;
}
commit_kbnode (&keyblock);
err = keydb_update_keyblock (ctrl, hd, keyblock);
if (err)
{
log_error (_("update failed: %s\n"), gpg_strerror (err));
goto leave;
}
}
else
{
err = opt.dry_run? 0 : keydb_delete_keyblock (hd);
err = keydb_delete_keyblock (hd);
if (err)
{
log_error (_("deleting keyblock failed: %s\n"),
@ -234,7 +323,8 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
revalidation_mark(). This makes sense - only deleting keys
that have ownertrust set should trigger this. */
if (!secret && pk && !opt.dry_run && clear_ownertrusts (ctrl, pk))
if (!secret && pk && !opt.dry_run && thiskeyonly != 2
&& clear_ownertrusts (ctrl, pk))
{
if (opt.verbose)
log_info (_("ownertrust information cleared\n"));
@ -247,7 +337,8 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
return err;
}
/****************
/*
* Delete a public or secret key from a keyring.
*/
gpg_error_t