mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-03 22:56:33 +02:00
New option --allow-secret-key-import
This commit is contained in:
Werner Koch
parent
bb1bab488f
commit
ed33264fe2
7 changed files with 43 additions and 8 deletions
|
|
@ -1,3 +1,11 @@
|
|||
2000-12-07 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* g10.c: New option --allow-secret-key-import.
|
||||
* import.c (import_keys,import_keys_stream): Honor this option.
|
||||
(import): New arg allow_secret and pass that arg down to ...
|
||||
(import_secret_one): to this and print a warnign if secret key
|
||||
importing is not allowed.
|
||||
|
||||
2000-12-05 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* cipher.c (cipher_filter): Moved the end_encryption status ...
|
||||
|
|
|
|||
|
|
@ -183,6 +183,7 @@ enum cmd_and_opt_values { aNull = 0,
|
|||
oDisablePubkeyAlgo,
|
||||
oAllowNonSelfsignedUID,
|
||||
oAllowFreeformUID,
|
||||
oAllowSecretKeyImport,
|
||||
oEnableSpecialFilenames,
|
||||
oNoLiteral,
|
||||
oSetFilesize,
|
||||
|
|
@ -389,6 +390,7 @@ static ARGPARSE_OPTS opts[] = {
|
|||
{ oNoRandomSeedFile, "no-random-seed-file", 0, "@" },
|
||||
{ oNoAutoKeyRetrieve, "no-auto-key-retrieve", 0, "@" },
|
||||
{ oMergeOnly, "merge-only", 0, "@" },
|
||||
{ oAllowSecretKeyImport, "allow-secret-key-import", 0, "@" },
|
||||
{ oTryAllSecrets, "try-all-secrets", 0, "@" },
|
||||
{ oEnableSpecialFilenames, "enable-special-filenames", 0, "@" },
|
||||
{ oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"},
|
||||
|
|
@ -954,6 +956,7 @@ main( int argc, char **argv )
|
|||
opt.override_session_key = pargs.r.ret_str;
|
||||
break;
|
||||
case oMergeOnly: opt.merge_only = 1; break;
|
||||
case oAllowSecretKeyImport: opt.allow_secret_key_import = 1; break;
|
||||
case oTryAllSecrets: opt.try_all_secrets = 1; break;
|
||||
case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
|
||||
case oEnableSpecialFilenames:
|
||||
|
|
|
|||
26
g10/import.c
26
g10/import.c
|
|
@ -54,11 +54,11 @@ static struct {
|
|||
} stats;
|
||||
|
||||
|
||||
static int import( IOBUF inp, int fast, const char* fname );
|
||||
static int import( IOBUF inp, int fast, const char* fname, int allow_secret );
|
||||
static void print_stats(void);
|
||||
static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
|
||||
static int import_one( const char *fname, KBNODE keyblock, int fast );
|
||||
static int import_secret_one( const char *fname, KBNODE keyblock );
|
||||
static int import_secret_one( const char *fname, KBNODE keyblock, int allow );
|
||||
static int import_revoke_cert( const char *fname, KBNODE node );
|
||||
static int chk_self_sigs( const char *fname, KBNODE keyblock,
|
||||
PKT_public_key *pk, u32 *keyid );
|
||||
|
|
@ -127,7 +127,7 @@ import_keys( char **fnames, int nnames, int fast )
|
|||
if( !inp )
|
||||
log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
|
||||
else {
|
||||
int rc = import( inp, fast, fname );
|
||||
int rc = import( inp, fast, fname, opt.allow_secret_key_import );
|
||||
iobuf_close(inp);
|
||||
if( rc )
|
||||
log_error("import from `%s' failed: %s\n", fname,
|
||||
|
|
@ -148,7 +148,7 @@ import_keys_stream( IOBUF inp, int fast )
|
|||
|
||||
/* fixme: don't use static variables */
|
||||
memset( &stats, 0, sizeof( stats ) );
|
||||
rc = import( inp, fast, "[stream]" );
|
||||
rc = import( inp, fast, "[stream]", opt.allow_secret_key_import );
|
||||
print_stats();
|
||||
if( !fast )
|
||||
sync_trustdb();
|
||||
|
|
@ -156,7 +156,7 @@ import_keys_stream( IOBUF inp, int fast )
|
|||
}
|
||||
|
||||
static int
|
||||
import( IOBUF inp, int fast, const char* fname )
|
||||
import( IOBUF inp, int fast, const char* fname, int allow_secret )
|
||||
{
|
||||
PACKET *pending_pkt = NULL;
|
||||
KBNODE keyblock;
|
||||
|
|
@ -173,8 +173,8 @@ import( IOBUF inp, int fast, const char* fname )
|
|||
while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) {
|
||||
if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
|
||||
rc = import_one( fname, keyblock, fast );
|
||||
else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
|
||||
rc = import_secret_one( fname, keyblock );
|
||||
else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
|
||||
rc = import_secret_one( fname, keyblock, allow_secret );
|
||||
else if( keyblock->pkt->pkttype == PKT_SIGNATURE
|
||||
&& keyblock->pkt->pkt.signature->sig_class == 0x20 )
|
||||
rc = import_revoke_cert( fname, keyblock );
|
||||
|
|
@ -556,9 +556,12 @@ import_one( const char *fname, KBNODE keyblock, int fast )
|
|||
|
||||
/****************
|
||||
* Ditto for secret keys. Handling is simpler than for public keys.
|
||||
* We allow secret key importing only when allow is true, this is so
|
||||
* that a secret key can not be imported accidently and thereby tampering
|
||||
* with the trust calculation.
|
||||
*/
|
||||
static int
|
||||
import_secret_one( const char *fname, KBNODE keyblock )
|
||||
import_secret_one( const char *fname, KBNODE keyblock, int allow )
|
||||
{
|
||||
PKT_secret_key *sk;
|
||||
KBNODE node, uidnode;
|
||||
|
|
@ -586,6 +589,13 @@ import_secret_one( const char *fname, KBNODE keyblock )
|
|||
putc('\n', stderr);
|
||||
}
|
||||
stats.secret_read++;
|
||||
if (!allow) {
|
||||
log_info ( _("secret key %08lX not imported "
|
||||
"(use %s to allow for it)\n"),
|
||||
(ulong)keyid[1], "--allow-secret-key-import");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if( !uidnode ) {
|
||||
log_error( _("key %08lX: no user ID\n"), (ulong)keyid[1]);
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -97,6 +97,7 @@ struct {
|
|||
int show_session_key;
|
||||
int use_agent;
|
||||
int merge_only;
|
||||
int allow_secret_key_import;
|
||||
int try_all_secrets;
|
||||
} opt;
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue