See ChangeLog: Wed Apr 28 13:03:03 CEST 1999 Werner Koch

g10/ChangeLog

@@ -1,3 +1,9 @@
+Wed Apr 28 13:03:03 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* keyedit.c (keyedit_menu): Add new command revkey.
+	* (menu_revkey): New.
+
+
 Mon Apr 26 17:48:15 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 	* parse-packet.c (parse_signature): Add the MDC hack.

g10/export.c

@@ -204,4 +204,3 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any )
     return rc;
 }
 
-

g10/keyedit.c

@@ -57,6 +57,7 @@ static int count_keys_with_flag( KBNODE keyblock, unsigned flag );
 static int count_selected_uids( KBNODE keyblock );
 static int count_selected_keys( KBNODE keyblock );
 static int menu_revsig( KBNODE keyblock );
+static int menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
 
 #define CONTROL_D ('D' - 'A' + 1)
 
@@ -523,7 +524,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 {
     enum cmdids { cmdNONE = 0,
 	   cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
-	   cmdLSIGN, cmdREVSIG,
+	   cmdLSIGN, cmdREVSIG, cmdREVKEY,
 	   cmdDEBUG, cmdSAVE, cmdADDUID, cmdDELUID, cmdADDKEY, cmdDELKEY,
 	   cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE,
 	   cmdNOP };
@@ -560,6 +561,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	{ N_("passwd")  , cmdPASSWD , 1, N_("change the passphrase") },
 	{ N_("trust")   , cmdTRUST , 0, N_("change the ownertrust") },
 	{ N_("revsig")  , cmdREVSIG , 0, N_("revoke signatures") },
+	{ N_("revkey")  , cmdREVKEY , 1, N_("revoke a secondary key") },
 
     { NULL, cmdNONE } };
     enum cmdids cmd;
@@ -830,6 +832,28 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	    }
 	    break;
 
+	  case cmdREVKEY: {
+		int n1;
+
+		if( !(n1=count_selected_keys( keyblock )) )
+		    tty_printf(_("You must select at least one key.\n"));
+		else if( sec_keyblock && !cpr_get_answer_is_yes(
+			    "keyedit.revoke.subkey.okay",
+		       n1 > 1?
+			_("Do you really want to revoke the selected keys? "):
+			_("Do you really want to revoke this key? ")
+		       ))
+		    ;
+		else {
+		    if( menu_revkey( keyblock, sec_keyblock ) ) {
+			modified = 1;
+			/*sec_modified = 1;*/
+		    }
+		    redisplay = 1;
+		}
+	    }
+	    break;
+
 	  case cmdEXPIRE:
 	    if( menu_expire( keyblock, sec_keyblock ) ) {
 		merge_keys_and_selfsig( sec_keyblock );
@@ -1663,4 +1687,56 @@ menu_revsig( KBNODE keyblock )
     return changed;
 }
 
+/****************
+ * Revoke some of the secondary keys.
+ * Hmmm: Should we add a revocation to the secret keyring too?
+ *	 Does its all make sense to duplicate most of the information?
+ */
+static int
+menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
+{
+    PKT_public_key *mainpk;
+    KBNODE node;
+    int changed = 0;
+    int upd_trust = 0;
+    int rc;
+
+  reloop: /* (better this way becuase we are modifing the keyring) */
+    mainpk = pub_keyblock->pkt->pkt.public_key;
+    for( node = pub_keyblock; node; node = node->next ) {
+	if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+	    && (node->flag & NODFLG_SELKEY) ) {
+	    PACKET *pkt;
+	    PKT_signature *sig;
+	    PKT_secret_key *sk;
+	    PKT_public_key *subpk = node->pkt->pkt.public_key;
+
+	    node->flag &= ~NODFLG_SELKEY;
+	    sk = copy_secret_key( NULL, sec_keyblock->pkt->pkt.secret_key );
+	    rc = make_keysig_packet( &sig, mainpk, NULL, subpk, sk, 0x28, 0,
+				     NULL, NULL );
+	    free_secret_key(sk);
+	    if( rc ) {
+		log_error(_("signing failed: %s\n"), g10_errstr(rc));
+		return changed;
+	    }
+	    changed = 1; /* we changed the keyblock */
+	    upd_trust = 1;
+
+	    pkt = m_alloc_clear( sizeof *pkt );
+	    pkt->pkttype = PKT_SIGNATURE;
+	    pkt->pkt.signature = sig;
+	    insert_kbnode( node, new_kbnode(pkt), PKT_SIGNATURE );
+	    goto reloop;
+	}
+    }
+    commit_kbnode( &pub_keyblock );
+    /*commit_kbnode( &sec_keyblock );*/
+
+    if( upd_trust )
+	clear_trust_checked_flag( mainpk );
+
+    return changed;
+}
+
 

g10/keylist.c

@@ -329,6 +329,8 @@ list_keyblock( KBNODE keyblock, int secret )
 		    puts("[revoked]");
 		else if( sig->sig_class == 0x18 )
 		    puts("[key binding]");
+		else if( sig->sig_class == 0x28 )
+		    puts("[subkey revoked]");
 		else
 		    putchar('\n');
 		if( opt.fingerprint )
@@ -336,7 +338,8 @@ list_keyblock( KBNODE keyblock, int secret )
 		any=1;
 	    }
 
-	    if( sig->sig_class == 0x20 || sig->sig_class == 0x30 )
+	    if( sig->sig_class == 0x20 || sig->sig_class == 0x28
+				       || sig->sig_class == 0x30 )
 		fputs("rev", stdout);
 	    else if( (sig->sig_class&~3) == 0x10 )
 		fputs("sig", stdout);

g10/mainproc.c

@@ -307,7 +307,7 @@ proc_plaintext( CTX c, PACKET *pkt )
 	md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
 	md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
     }
-  #if 0
+  #if 1
     #warning md_start_debug is enabled
     md_start_debug( c->mfx.md, "verify" );
   #endif

g10/sign.c

@@ -656,7 +656,8 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
     MD_HANDLE md;
 
     assert( (sigclass >= 0x10 && sigclass <= 0x13)
-	    || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x30 );
+	    || sigclass == 0x20 || sigclass == 0x18
+	    || sigclass == 0x30 || sigclass == 0x28 );
     if( !digest_algo ) {
 	switch( sk->pubkey_algo ) {
 	  case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break;
@@ -669,7 +670,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
 
     /* hash the public key certificate and the user id */
     hash_public_key( md, pk );
-    if( sigclass == 0x18 ) { /* subkey binding */
+    if( sigclass == 0x18 || sigclass == 0x28 ) { /* subkey binding/revocation*/
 	hash_public_key( md, subpk );
     }
     else if( sigclass != 0x20 ) {