diff --git a/sm/ChangeLog b/sm/ChangeLog index 9ca988635..171d2b04a 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,10 @@ +2001-12-04 Werner Koch + + * call-agent.c (read_from_agent): Check for inquire responses. + (request_reply): Handle them using a new callback arg, changed all + callers. + (gpgsm_agent_pkdecrypt): New. + 2001-11-27 Werner Koch * base64.c: New. Changed all other functions to use this instead diff --git a/sm/Makefile.am b/sm/Makefile.am index fbfe31af4..48257ce83 100644 --- a/sm/Makefile.am +++ b/sm/Makefile.am @@ -39,6 +39,7 @@ gpgsm_SOURCES = \ verify.c \ sign.c \ encrypt.c \ + decrypt.c \ import.c diff --git a/sm/call-agent.c b/sm/call-agent.c index 714021787..0c0b48bf3 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -46,21 +46,13 @@ #define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) -static pid_t agent_pid = -1; -/* fixme: replace this code by calling assuna functions */ -static int inbound_fd = -1; -static int outbound_fd = -1; -static struct { - int eof; - char line[LINELENGTH]; - int linelen; /* w/o CR, LF - might not be the same as - strlen(line) due to embedded nuls. However a nul - is always written at this pos */ - struct { - char line[LINELENGTH]; - int linelen ; - } attic; -} inbound; +static ASSUAN_CONTEXT agent_ctx = NULL; + +struct cipher_parm_s { + ASSUAN_CONTEXT ctx; + const char *ciphertext; + size_t ciphertextlen; +}; struct membuf { @@ -132,162 +124,6 @@ get_membuf (struct membuf *mb, size_t *len) } - -static int -writen (int fd, const void *buf, size_t nbytes) -{ - size_t nleft = nbytes; - int nwritten; - - while (nleft > 0) - { - nwritten = write (fd, buf, nleft); - if (nwritten < 0) - { - if (errno == EINTR) - nwritten = 0; - else - { - log_error ("write() failed: %s\n", strerror (errno)); - return seterr (Write_Error); - } - } - nleft -= nwritten; - buf = (const char*)buf + nwritten; - } - - return 0; -} - - - -/* read an entire line */ -static int -readline (int fd, char *buf, size_t buflen, int *r_nread, int *eof) -{ - size_t nleft = buflen; - int n; - char *p; - - *eof = 0; - *r_nread = 0; - while (nleft > 0) - { - do - n = read (fd, buf, nleft); - while (n < 0 && errno == EINTR); - if (n < 0) - { - log_error ("read() error: %s\n", strerror (errno) ); - return seterr (Read_Error); - } - - if (!n) - { - *eof = 1; - break; /* allow incomplete lines */ - } - p = buf; - nleft -= n; - buf += n; - *r_nread += n; - - for (; n && *p != '\n'; n--, p++) - ; - if (n) - break; /* at least one full line available - that's enough for now */ - } - - return 0; -} - - -static int -read_from_agent (int *okay) -{ - char *line = inbound.line; - int n, nread; - int rc; - - *okay = 0; - restart: - if (inbound.eof) - return -1; - - if (inbound.attic.linelen) - { - memcpy (line, inbound.attic.line, inbound.attic.linelen); - nread = inbound.attic.linelen; - inbound.attic.linelen = 0; - for (n=0; n < nread && line[n] != '\n'; n++) - ; - if (n < nread) - rc = 0; /* found another line in the attic */ - else - { /* read the rest */ - n = nread; - assert (n < LINELENGTH); - rc = readline (inbound_fd, line + n, LINELENGTH - n, - &nread, &inbound.eof); - } - } - else - rc = readline (inbound_fd, line, LINELENGTH, - &nread, &inbound.eof); - if (rc) - return seterr(Read_Error); - if (!nread) - { - assert (inbound.eof); - return -1; /* eof */ - } - - for (n=0; n < nread; n++) - { - if (line[n] == '\n') - { - if (n+1 < nread) - { - n++; - /* we have to copy the rest because the handlers are - allowed to modify the passed buffer */ - memcpy (inbound.attic.line, line+n, nread-n); - inbound.attic.linelen = nread-n; - n--; - } - if (n && line[n-1] == '\r') - n--; - line[n] = 0; - inbound.linelen = n; - if (n && *line == '#') - goto restart; - - rc = 0; - if (n >= 1 - && line[0] == 'D' && line[1] == ' ') - *okay = 2; /* data line */ - else if (n >= 2 - && line[0] == 'O' && line[1] == 'K' - && (line[2] == '\0' || line[2] == ' ')) - *okay = 1; - else if (n >= 3 - && line[0] == 'E' && line[1] == 'R' && line[2] == 'R' - && (line[3] == '\0' || line[3] == ' ')) - *okay = 0; - else - rc = seterr (Invalid_Response); - return rc; - } - } - - *line = 0; - inbound.linelen = 0; - return inbound.eof? seterr (Incomplete_Line):seterr (Invalid_Response); -} - - - - /* Try to connect to the agent via socket or fork it off and work by pipes. Handle the server's initial greeting */ @@ -296,16 +132,18 @@ start_agent (void) { int rc; char *infostr, *p; - int okay; - if (agent_pid != -1) - return 0; + if (agent_ctx) + return 0; /* fixme: We need a context for each thread or serialize + the access to the agent (which is suitable given that + the agent is not MT */ infostr = getenv ("GPG_AGENT_INFO"); if (!infostr) { - pid_t pid; - int inpipe[2], outpipe[2]; + const char *pgmname; + ASSUAN_CONTEXT ctx; + const char *argv[3]; log_info (_("no running gpg-agent - starting one\n")); @@ -315,86 +153,25 @@ start_agent (void) return seterr (Write_Error); } - if (pipe (inpipe)) + if (!opt.agent_program || !*opt.agent_program) + opt.agent_program = "../agent/gpg-agent"; + if ( !(pgmname = strrchr (opt.agent_program, '/'))) + pgmname = opt.agent_program; + else + pgmname++; + + argv[0] = pgmname; + argv[1] = "--server"; + argv[2] = NULL; + + /* connect to the agent and perform initial handshaking */ + rc = assuan_pipe_connect (&ctx, opt.agent_program, (char**)argv); + if (rc) { - log_error ("error creating pipe: %s\n", strerror (errno)); - return seterr (General_Error); + log_error ("can't connect to the agent: %s\n", assuan_strerror (rc)); + return seterr (No_Agent); } - if (pipe (outpipe)) - { - log_error ("error creating pipe: %s\n", strerror (errno)); - close (inpipe[0]); - close (inpipe[1]); - return seterr (General_Error); - } - - pid = fork (); - if (pid == -1) - return seterr (General_Error); - - if (!pid) - { /* child */ - int i, n; - char errbuf[512]; - int log_fd = log_get_fd (); - const char *pgmname; - - /* close all files which will not be duped but keep stderr - and log_stream for now */ - n = sysconf (_SC_OPEN_MAX); - if (n < 0) - n = MAX_OPEN_FDS; - for (i=0; i < n; i++) - { - if (i != fileno (stderr) && i != log_fd - && i != inpipe[1] && i != outpipe[0]) - close(i); - } - errno = 0; - - if (inpipe[1] != 1) - { - if (dup2 (inpipe[1], 1) == -1) - { - log_error ("dup2 failed in child: %s\n", strerror (errno)); - _exit (4); - } - close (inpipe[1]); - } - if (outpipe[0] != 0) - { - if (dup2 (outpipe[0], 0) == -1) - { - log_error ("dup2 failed in child: %s\n", strerror (errno)); - _exit (4); - } - close (outpipe[0]); - } - - /* and start it */ - if (!opt.agent_program || !*opt.agent_program) - opt.agent_program = "../agent/gpg-agent"; - if ( !(pgmname = strrchr (opt.agent_program, '/'))) - pgmname = opt.agent_program; - else - pgmname++; - execl (opt.agent_program, pgmname, "--server", NULL); - /* oops - tell the parent about it */ - snprintf (errbuf, DIM(errbuf)-1, "ERR %d can't exec `%s': %.50s\n", - ASSUAN_Problem_Starting_Server, opt.agent_program, - strerror (errno)); - errbuf[DIM(errbuf)-1] = 0; - writen (1, errbuf, strlen (errbuf)); - _exit (4); - } /* end child */ - - agent_pid = pid; - - inbound_fd = inpipe[0]; - close (inpipe[1]); - - close (outpipe[0]); - outbound_fd = outpipe[1]; + agent_ctx = ctx; } else { @@ -411,89 +188,26 @@ start_agent (void) return seterr (Not_Implemented); } - inbound.eof = 0; - inbound.linelen = 0; - inbound.attic.linelen = 0; + log_debug ("connection to agent established\n"); + + log_debug ("waiting for debugger .....\n"); + getchar (); + log_debug ("okay\n"); - /* The server is available - read the greeting */ - rc = read_from_agent (&okay); - if (rc) - { - log_error ("can't connect to the agent: %s\n", gnupg_strerror (rc)); - } - else if (!okay) - { - log_error ("can't connect to the agent: %s\n", inbound.line); - rc = seterr (No_Agent); - } - else - log_debug ("connection to agent established\n"); return 0; } -static int -request_reply (const char *line, struct membuf *membuf) +static AssuanError +membuf_data_cb (void *opaque, const void *buffer, size_t length) { - int rc, okay; + struct membuf *data = opaque; - if (DBG_AGENT) - log_debug ("agent-request=`%.*s'", (int)(*line? strlen(line)-1:0), line); - rc = writen (outbound_fd, line, strlen (line)); - if (rc) - return rc; - again: - rc = read_from_agent (&okay); - if (rc) - log_error ("error reading from agent: %s\n", gnupg_strerror (rc)); - else if (!okay) - { - log_error ("got error from agent: %s\n", inbound.line); - rc = seterr (Agent_Error); - } - else if (okay == 2 && !membuf) - { - log_error ("got unexpected data line\n"); - rc = seterr (Agent_Error); - } - else - { - if (DBG_AGENT) - log_debug ("agent-reply=`%s'", inbound.line); - } - - if (!rc && okay == 2 && inbound.linelen >= 2) - { /* handle data line */ - unsigned char *buf = inbound.line; - size_t len = inbound.linelen; - unsigned char *p; - - buf += 2; - len -= 2; - - p = buf; - while (len) - { - for (;len && *p != '%'; len--, p++) - ; - put_membuf (membuf, buf, p-buf); - if (len>2) - { /* handle escaping */ - unsigned char tmp[1]; - p++; - *tmp = xtoi_2 (p); - p += 2; - len -= 3; - put_membuf (membuf, tmp, 1); - } - buf = p; - } - goto again; - } - return rc; + put_membuf (data, buffer, length); + return 0; } - + @@ -517,48 +231,97 @@ gpgsm_agent_pksign (const char *keygrip, if (digestlen*2 + 50 > DIM(line)) return seterr (General_Error); - rc = request_reply ("RESET\n", NULL); + rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL); if (rc) - return rc; + return map_assuan_err (rc); - snprintf (line, DIM(line)-1, "SIGKEY %s\n", keygrip); + snprintf (line, DIM(line)-1, "SIGKEY %s", keygrip); line[DIM(line)-1] = 0; - rc = request_reply (line, NULL); + rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL); if (rc) - return rc; + return map_assuan_err (rc); sprintf (line, "SETHASH %d ", digestalgo); p = line + strlen (line); for (i=0; i < digestlen ; i++, p += 2 ) sprintf (p, "%02X", digest[i]); - strcpy (p, "\n"); - rc = request_reply (line, NULL); + rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL); if (rc) - return rc; + return map_assuan_err (rc); init_membuf (&data, 1024); - rc = request_reply ("PKSIGN\n", &data); + rc = assuan_transact (agent_ctx, "PKSIGN", + membuf_data_cb, &data, NULL, NULL); if (rc) { xfree (get_membuf (&data, &len)); - return rc; + return map_assuan_err (rc); } *r_buf = get_membuf (&data, r_buflen); -/* if (DBG_AGENT && *r_buf) */ -/* { */ -/* FILE *fp; */ -/* char fname[100]; */ - -/* memcpy (fname, keygrip, 40); */ -/* strcpy (fname+40, "_pksign-dump.tmp"); */ -/* fp = fopen (fname, "wb"); */ -/* fwrite (*r_buf, *r_buflen, 1, fp); */ -/* fclose (fp); */ -/* } */ - return *r_buf? 0 : GNUPG_Out_Of_Core; } + +/* Handle a CIPHERTEXT inquiry. Note, we only send the data, + assuan_transact talkes care of flushing and writing the end */ +static AssuanError +inq_ciphertext_cb (void *opaque, const char *keyword) +{ + struct cipher_parm_s *parm = opaque; + AssuanError rc; + + rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen); + return rc; +} + + +/* Call the agent to do a decrypt operation using the key identified by + the hex string KEYGRIP. */ +int +gpgsm_agent_pkdecrypt (const char *keygrip, + const char *ciphertext, size_t ciphertextlen, + char **r_buf, size_t *r_buflen ) +{ + int rc; + char line[LINELENGTH]; + struct membuf data; + struct cipher_parm_s cipher_parm; + size_t len; + + if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen) + return GNUPG_Invalid_Value; + *r_buf = NULL; + + rc = start_agent (); + if (rc) + return rc; + + rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL); + if (rc) + return map_assuan_err (rc); + + assert ( DIM(line) >= 50 ); + snprintf (line, DIM(line)-1, "SETKEY %s", keygrip); + line[DIM(line)-1] = 0; + rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL); + if (rc) + return map_assuan_err (rc); + + init_membuf (&data, 1024); + cipher_parm.ctx = agent_ctx; + cipher_parm.ciphertext = ciphertext; + cipher_parm.ciphertextlen = ciphertextlen; + rc = assuan_transact (agent_ctx, "PKDECRYPT", + membuf_data_cb, &data, + inq_ciphertext_cb, &cipher_parm); + if (rc) + { + xfree (get_membuf (&data, &len)); + return map_assuan_err (rc); + } + *r_buf = get_membuf (&data, r_buflen); + return *r_buf? 0 : GNUPG_Out_Of_Core; +} diff --git a/sm/decrypt.c b/sm/decrypt.c new file mode 100644 index 000000000..6748b2ad1 --- /dev/null +++ b/sm/decrypt.c @@ -0,0 +1,223 @@ +/* decrypt.c - Decrypt a message + * Copyright (C) 2001 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "gpgsm.h" +#include "keydb.h" +#include "i18n.h" + +static void +print_integer (unsigned char *p) +{ + unsigned long len; + + if (!p) + log_printf ("none"); + else + { + len = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + for (p+=4; len; len--, p++) + log_printf ("%02X", *p); + } +} + + + + +/* Perform a decrypt operation. */ +int +gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp) +{ + int rc; + KsbaError err; + Base64Context b64reader = NULL; + Base64Context b64writer = NULL; + KsbaReader reader; + KsbaWriter writer; + KsbaCMS cms = NULL; + KsbaStopReason stopreason; + KEYDB_HANDLE kh; + int recp; + FILE *in_fp = NULL; + + kh = keydb_new (0); + if (!kh) + { + log_error (_("failed to allocated keyDB handle\n")); + rc = GNUPG_General_Error; + goto leave; + } + + + in_fp = fdopen ( dup (in_fd), "rb"); + if (!in_fp) + { + log_error ("fdopen() failed: %s\n", strerror (errno)); + rc = seterr (IO_Error); + goto leave; + } + + rc = gpgsm_create_reader (&b64reader, ctrl, in_fp, &reader); + if (rc) + { + log_error ("can't create reader: %s\n", gnupg_strerror (rc)); + goto leave; + } + + rc = gpgsm_create_writer (&b64reader, ctrl, out_fp, &writer); + if (rc) + { + log_error ("can't create writer: %s\n", gnupg_strerror (rc)); + goto leave; + } + + cms = ksba_cms_new (); + if (!cms) + { + rc = seterr (Out_Of_Core); + goto leave; + } + + err = ksba_cms_set_reader_writer (cms, reader, writer); + if (err) + { + log_debug ("ksba_cms_set_reader_writer failed: %s\n", + ksba_strerror (err)); + rc = map_ksba_err (err); + goto leave; + } + + /* parser loop */ + do + { + err = ksba_cms_parse (cms, &stopreason); + if (err) + { + log_debug ("ksba_cms_parse failed: %s\n", ksba_strerror (err)); + rc = map_ksba_err (err); + goto leave; + } + log_debug ("ksba_cms_parse - stop reason %d\n", stopreason); + + if (stopreason == KSBA_SR_BEGIN_DATA + || stopreason == KSBA_SR_DETACHED_DATA) + { + for (recp=0; recp < 1; recp++) + { + char *issuer; + unsigned char *serial; + char *enc_val; + char *hexkeygrip = NULL; + + err = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial); + if (err) + log_error ("recp %d - error getting info: %s\n", + recp, ksba_strerror (err)); + else + { + KsbaCert cert = NULL; + + log_debug ("recp %d - issuer: `%s'\n", + recp, issuer? issuer:"[NONE]"); + log_debug ("recp %d - serial: ", recp); + print_integer (serial); + log_printf ("\n"); + + keydb_search_reset (kh); + rc = keydb_search_issuer_sn (kh, issuer, serial); + if (rc) + { + log_debug ("failed to find the certificate: %s\n", + gnupg_strerror(rc)); + goto oops; + } + + rc = keydb_get_cert (kh, &cert); + if (rc) + { + log_debug ("failed to get cert: %s\n", gnupg_strerror (rc)); + goto oops; + } + + hexkeygrip = gpgsm_get_keygrip_hexstring (cert); + + oops: + xfree (issuer); + xfree (serial); + ksba_cert_release (cert); + } + + enc_val = ksba_cms_get_enc_val (cms, recp); + if (!enc_val) + log_error ("recp %d - error getting encrypted session key\n", + recp); + else + { + char *seskey; + size_t seskeylen; + + log_debug ("recp %d - enc-val: `%s'\n", + recp, enc_val); + + rc = gpgsm_agent_pkdecrypt (hexkeygrip, + enc_val, strlen (enc_val), + &seskey, &seskeylen); + if (rc) + log_debug ("problem: %s\n", gnupg_strerror (rc)); + else + { + unsigned char *p; + log_debug ("plaintext="); + for (p=seskey; seskeylen; seskeylen--, p++) + log_printf (" %02X", *p); + log_printf ("\n"); + } + xfree (enc_val); + } + } + } + + + + } + while (stopreason != KSBA_SR_READY); + + leave: + ksba_cms_release (cms); + gpgsm_destroy_reader (b64reader); + gpgsm_destroy_writer (b64writer); + keydb_release (kh); + if (in_fp) + fclose (in_fp); + return rc; +} + + diff --git a/sm/fingerprint.c b/sm/fingerprint.c index 29023c2ce..ead5cec50 100644 --- a/sm/fingerprint.c +++ b/sm/fingerprint.c @@ -141,7 +141,7 @@ gpgsm_get_keygrip (KsbaCert cert, char *array) return NULL; /* oops */ if (DBG_X509) - log_debug ("get_keygrip, public key: %s\n", p); + log_debug ("get_keygrip for public key: %s\n", p); rc = gcry_sexp_sscan ( &s_pkey, NULL, p, strlen(p)); if (rc) { @@ -161,6 +161,8 @@ gpgsm_get_keygrip (KsbaCert cert, char *array) gcry_md_hash_buffer (GCRY_MD_SHA1, array, buf, len); xfree (buf); + if (DBG_X509) + log_printhex ("keygrip=", array, 20); return array; } diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 78d1a435f..9379a4b92 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -523,7 +523,7 @@ main ( int argc, char **argv) /* Please note that we may running SUID(ROOT), so be very CAREFUL when adding any stuff between here and the call to secmem_init() somewhere after the option parsing */ - /* FIXME: log_set_name ("gpgsm");*/ + log_set_prefix ("gpgsm", 1); /* check that the libraries are suitable. Do it here because the option parse may need services of the library */ if (!gcry_check_version ( "1.1.4" ) ) @@ -885,14 +885,13 @@ main ( int argc, char **argv) break; case aEncr: /* encrypt the given file */ -#if 0 - if (argc > 1) - wrong_args(_("--encrypt [filename]")); - if ((rc = encode_crypt(fname,remusr)) ) - log_error ("%s: encryption failed: %s\n", - print_fname_stdin(fname), gpg_errstr(rc) ); + if (!argc) + gpgsm_encrypt (&ctrl, 0, stdout); /* from stdin */ + else if (argc == 1) + gpgsm_encrypt (&ctrl, open_read (*argv), stdout); /* from file */ + else + wrong_args (_("--encrypt [datafile]")); break; -#endif case aSign: /* sign the given file */ /* FIXME: we can only do detached sigs for now and we don't @@ -974,10 +973,12 @@ main ( int argc, char **argv) break; case aDecrypt: -/* if (argc > 1) */ -/* wrong_args (_("--decrypt [filename]")); */ -/* if ((rc = decrypt_message( fname ) )) */ -/* log_error ("decrypt_message failed: %s\n", gpg_errstr(rc) ); */ + if (!argc) + gpgsm_decrypt (&ctrl, 0, stdout); /* from stdin */ + else if (argc == 1) + gpgsm_decrypt (&ctrl, open_read (*argv), stdout); /* from file */ + else + wrong_args (_("--decrypt [filename]")); break; case aDeleteKey: diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 7655eae47..14c5683a6 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -146,7 +146,6 @@ int gpgsm_validate_path (KsbaCert cert); /*-- keylist.c --*/ void gpgsm_list_keys (CTRL ctrl, STRLIST names, FILE *fp); - /*-- import.c --*/ int gpgsm_import (CTRL ctrl, int in_fd); @@ -156,6 +155,11 @@ int gpgsm_verify (CTRL ctrl, int in_fd, int data_fd); /*-- sign.c --*/ int gpgsm_sign (CTRL ctrl, int data_fd, int detached, FILE *out_fp); +/*-- encrypt.c --*/ +int gpgsm_encrypt (CTRL ctrl, int in_fd, FILE *out_fp); + +/*-- decrypt.c --*/ +int gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp); /*-- call-agent.c --*/ int gpgsm_agent_pksign (const char *keygrip, diff --git a/sm/server.c b/sm/server.c index f4bb409f5..5ac14bd2d 100644 --- a/sm/server.c +++ b/sm/server.c @@ -59,6 +59,7 @@ rc_to_assuan_status (int rc) case GNUPG_Agent_Error: rc = ASSUAN_Agent_Error; break; case GNUPG_No_Public_Key: rc = ASSUAN_No_Public_Key; break; case GNUPG_No_Secret_Key: rc = ASSUAN_No_Secret_Key; break; + case GNUPG_Invalid_Data: rc = ASSUAN_Invalid_Data; break; case GNUPG_Read_Error: case GNUPG_Write_Error: diff --git a/sm/sign.c b/sm/sign.c index 3101892f7..4adffe613 100644 --- a/sm/sign.c +++ b/sm/sign.c @@ -64,7 +64,10 @@ hash_data (int fd, GCRY_MD_HD md) static KsbaCert get_default_signer (void) { - const char key[] = "1.2.840.113549.1.9.1=#7472757374407765622E6465#,CN=WEB.DE TrustCenter,OU=TrustCenter,O=WEB.DE AG,L=D-76227 Karlsruhe,C=DE"; + // const char key[] = "1.2.840.113549.1.9.1=#7472757374407765622E6465#,CN=WEB.DE TrustCenter,OU=TrustCenter,O=WEB.DE AG,L=D-76227 Karlsruhe,C=DE"; + const char key[] = + "CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=#44FC7373656C646F7266#,C=DE"; + KsbaCert cert = NULL; KEYDB_HANDLE kh = NULL; int rc; @@ -248,7 +251,7 @@ gpgsm_sign (CTRL ctrl, int data_fd, int detached, FILE *out_fp) goto leave; } } - +#if 0 err = ksba_cms_set_signing_time (cms, signer, 0 /*now*/); if (err) { @@ -257,7 +260,7 @@ gpgsm_sign (CTRL ctrl, int data_fd, int detached, FILE *out_fp) rc = map_ksba_err (err); goto leave; } - +#endif do { err = ksba_cms_build (cms, &stopreason);