security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-05-31 22:18:03 +02:00
Code Activity

gpg: Simplify command --gen-key and add --full-gen-key.

Browse Source 
* g10/gpg.c (aFullKeygen): New.
(opts): Add command --full-key-gen.
(main): Implement it.
* g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although
the value is identical.
(DEFAULT_STD_CURVE): New.
(DEFAULT_STD_SUBALGO): New.
(DEFAULT_STD_SUBKEYSIZE): New.
(DEFAULT_STD_SUBCURVE): New.
(quick_generate_keypair): Use new macros here.
(generate_keypair): Add arg "full" and fix call callers. Do not ask
for keysize in non-full node.
(ask_user_id): Add arg "full" and simplify for non-full mode.
This commit is contained in:
Werner Koch 2014-09-27 15:14:13 +02:00
parent f16e76cfb8
commit f3625bb018
5 changed files with 97 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
doc/gpg.texi
View File

@ -622,12 +622,19 @@ force the creation of the key will show up.
@item --gen-key @item --gen-key
@opindex gen-key @opindex gen-key
Generate a new key pair. This command is normally only used Generate a new key pair using teh current default parameters. This is
interactively. the standard command to create a new key.
@ifset gpgtwoone
@item --full-gen-key
@opindex gen-key
Generate a new key pair with dialogs for all options. This is an
extended version of @option{--gen-key}.
@end ifset
There is also a feature which allows you to create keys in batch There is also a feature which allows you to create keys in batch
mode. See the file @file{doc/DETAILS} in the source distribution on mode. See the the manual section ``Unattended key generation'' on how
how to use this. to use this.
@item --gen-revoke @code{name} @item --gen-revoke @code{name}
@opindex gen-revoke @opindex gen-revoke

2
g10/card-util.c
View File

@ -1440,7 +1440,7 @@ generate_card_keys (ctrl_t ctrl)
the serialnumber and thus it won't harm. */ the serialnumber and thus it won't harm. */
} }
generate_keypair (ctrl, NULL, info.serialno, want_backup); generate_keypair (ctrl, 1, NULL, info.serialno, want_backup);
leave: leave:
agent_release_card_info (&info); agent_release_card_info (&info);

29
g10/gpg.c
View File

@ -107,6 +107,7 @@ enum cmd_and_opt_values
aClearsign, aClearsign,
aStore, aStore,
aQuickKeygen, aQuickKeygen,
aFullKeygen,
aKeygen, aKeygen,
aSignEncr, aSignEncr,
aSignEncrSym, aSignEncrSym,
@ -407,9 +408,12 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (aCheckKeys, "check-sigs",N_("list and check key signatures")), ARGPARSE_c (aCheckKeys, "check-sigs",N_("list and check key signatures")),
ARGPARSE_c (oFingerprint, "fingerprint", N_("list keys and fingerprints")), ARGPARSE_c (oFingerprint, "fingerprint", N_("list keys and fingerprints")),
ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")), ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
ARGPARSE_c (aQuickKeygen, "quick-gen-key" , ARGPARSE_c (aKeygen, "gen-key",
N_("generate a new key pair")),
ARGPARSE_c (aQuickKeygen, "quick-gen-key" ,
N_("quickly generate a new key pair")), N_("quickly generate a new key pair")),
ARGPARSE_c (aKeygen, "gen-key", N_("generate a new key pair")), ARGPARSE_c (aFullKeygen, "full-gen-key" ,
N_("full featured key pair generation")),
ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")), ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
ARGPARSE_c (aDeleteKeys,"delete-keys", ARGPARSE_c (aDeleteKeys,"delete-keys",
N_("remove keys from the public keyring")), N_("remove keys from the public keyring")),
@ -2307,6 +2311,7 @@ main (int argc, char **argv)
break; break;
case aKeygen: case aKeygen:
case aFullKeygen:
case aEditKey: case aEditKey:
case aDeleteSecretKeys: case aDeleteSecretKeys:
case aDeleteSecretAndPublicKeys: case aDeleteSecretAndPublicKeys:
@ -3564,6 +3569,7 @@ main (int argc, char **argv)
case aDeleteSecretKeys: case aDeleteSecretKeys:
case aDeleteSecretAndPublicKeys: case aDeleteSecretAndPublicKeys:
case aQuickKeygen: case aQuickKeygen:
case aFullKeygen:
case aKeygen: case aKeygen:
case aImport: case aImport:
case aExportSecret: case aExportSecret:
@ -3859,12 +3865,27 @@ main (int argc, char **argv)
if( opt.batch ) { if( opt.batch ) {
if( argc > 1 ) if( argc > 1 )
wrong_args("--gen-key [parameterfile]"); wrong_args("--gen-key [parameterfile]");
generate_keypair (ctrl, argc? *argv : NULL, NULL, 0); generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0);
} }
else { else {
if( argc ) if( argc )
wrong_args("--gen-key"); wrong_args("--gen-key");
generate_keypair (ctrl, NULL, NULL, 0); generate_keypair (ctrl, 0, NULL, NULL, 0);
}
break;
case aFullKeygen: /* Generate a key with all options. */
if (opt.batch)
{
if (argc > 1)
wrong_args ("--full-gen-key [parameterfile]");
generate_keypair (ctrl, 1, argc? *argv : NULL, NULL, 0);
}
else
{
if (argc)
wrong_args("--full-gen-key");
generate_keypair (ctrl, 1, NULL, NULL, 0);
} }
break; break;

85
g10/keygen.c
View File

@ -47,8 +47,12 @@
/* The default algorithms. If you change them remember to change them /* The default algorithms. If you change them remember to change them
also in gpg.c:gpgconf_list. You should also check that the value also in gpg.c:gpgconf_list. You should also check that the value
is inside the bounds enforced by ask_keysize and gen_xxx. */ is inside the bounds enforced by ask_keysize and gen_xxx. */
#define DEFAULT_STD_ALGO GCRY_PK_RSA #define DEFAULT_STD_ALGO PUBKEY_ALGO_RSA
#define DEFAULT_STD_KEYSIZE 2048 #define DEFAULT_STD_KEYSIZE 2048
#define DEFAULT_STD_CURVE NULL
#define DEFAULT_STD_SUBALGO PUBKEY_ALGO_RSA
#define DEFAULT_STD_SUBKEYSIZE 2048
#define DEFAULT_STD_SUBCURVE NULL
/* Flag bits used during key generation. */ /* Flag bits used during key generation. */
#define KEYGEN_FLAG_NO_PROTECTION 1 #define KEYGEN_FLAG_NO_PROTECTION 1
@ -2435,9 +2439,9 @@ uid_from_string (const char *string)
/* Ask for a user ID. With a MODE of 1 an extra help prompt is /* Ask for a user ID. With a MODE of 1 an extra help prompt is
printed for use during a new key creation. If KEYBLOCK is not NULL printed for use during a new key creation. If KEYBLOCK is not NULL
the function prevents the creation of an already existing user the function prevents the creation of an already existing user
ID. */ ID. IF FULL is not set some prompts are not shown. */
static char * static char *
ask_user_id (int mode, KBNODE keyblock) ask_user_id (int mode, int full, KBNODE keyblock)
{ {
char *answer; char *answer;
char *aname, *acomment, *amail, *uid; char *aname, *acomment, *amail, *uid;
@ -2447,7 +2451,7 @@ ask_user_id (int mode, KBNODE keyblock)
/* TRANSLATORS: This is the new string telling the user what /* TRANSLATORS: This is the new string telling the user what
gpg is now going to do (i.e. ask for the parts of the user gpg is now going to do (i.e. ask for the parts of the user
ID). Note that if you do not translate this string, a ID). Note that if you do not translate this string, a
different string will be used used, which might still have different string will be used, which might still have
a correct translation. */ a correct translation. */
const char *s1 = const char *s1 =
N_("\n" N_("\n"
@ -2515,7 +2519,8 @@ ask_user_id (int mode, KBNODE keyblock)
break; break;
} }
} }
if( !acomment ) { if (!acomment) {
if (full) {
for(;;) { for(;;) {
xfree(acomment); xfree(acomment);
acomment = cpr_get("keygen.comment",_("Comment: ")); acomment = cpr_get("keygen.comment",_("Comment: "));
@ -2528,6 +2533,11 @@ ask_user_id (int mode, KBNODE keyblock)
else else
break; break;
} }
}
else {
xfree (acomment);
acomment = xstrdup ("");
}
} }
@ -2596,11 +2606,17 @@ ask_user_id (int mode, KBNODE keyblock)
answer = xstrdup (ansstr + (fail?8:6)); answer = xstrdup (ansstr + (fail?8:6));
answer[1] = 0; answer[1] = 0;
} }
else { else if (full) {
answer = cpr_get("keygen.userid.cmd", fail? answer = cpr_get("keygen.userid.cmd", fail?
_("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") : _("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") :
_("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? ")); _("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "));
cpr_kill_prompt(); cpr_kill_prompt();
}
else {
answer = cpr_get("keygen.userid.cmd", fail?
_("Change (N)ame, (E)mail, or (Q)uit? ") :
_("Change (N)ame, (E)mail, or (O)kay/(Q)uit? "));
cpr_kill_prompt();
} }
if( strlen(answer) > 1 ) if( strlen(answer) > 1 )
; ;
@ -2745,7 +2761,7 @@ generate_user_id (KBNODE keyblock)
{ {
char *p; char *p;
p = ask_user_id (1, keyblock); p = ask_user_id (1, 1, keyblock);
if (!p) if (!p)
return NULL; /* Canceled. */ return NULL; /* Canceled. */
return uid_from_string (p); return uid_from_string (p);
@ -2822,7 +2838,7 @@ get_parameter_algo( struct para_data_s *para, enum para_name key,
i = atoi( r->u.value ); i = atoi( r->u.value );
else if (!strcmp (r->u.value, "ELG-E") else if (!strcmp (r->u.value, "ELG-E")
|| !strcmp (r->u.value, "ELG")) || !strcmp (r->u.value, "ELG"))
i = GCRY_PK_ELG_E; i = PUBKEY_ALGO_ELGAMAL_E;
else else
i = map_pk_gcry_to_openpgp (gcry_pk_map_name (r->u.value)); i = map_pk_gcry_to_openpgp (gcry_pk_map_name (r->u.value));
@ -3528,10 +3544,12 @@ quick_generate_keypair (const char *uid)
} }
} }
para = quickgen_set_para (para, 0, PUBKEY_ALGO_RSA, 2048, NULL); para = quickgen_set_para (para, 0,
para = quickgen_set_para (para, 1, PUBKEY_ALGO_RSA, 2048, NULL); DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
/* para = quickgen_set_para (para, 0, PUBKEY_ALGO_EDDSA, 0, "Ed25519"); */ DEFAULT_STD_CURVE);
/* para = quickgen_set_para (para, 1, PUBKEY_ALGO_ECDH, 0, "Curve25519"); */ para = quickgen_set_para (para, 1,
DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
DEFAULT_STD_SUBCURVE);
proc_parameter_file (para, "[internal]", &outctrl, 0); proc_parameter_file (para, "[internal]", &outctrl, 0);
leave: leave:
@ -3544,11 +3562,13 @@ quick_generate_keypair (const char *uid)
* CARD_SERIALNO is not NULL the function will create the keys on an * CARD_SERIALNO is not NULL the function will create the keys on an
* OpenPGP Card. If CARD_BACKUP_KEY has been set and CARD_SERIALNO is * OpenPGP Card. If CARD_BACKUP_KEY has been set and CARD_SERIALNO is
* NOT NULL, the encryption key for the card is generated on the host, * NOT NULL, the encryption key for the card is generated on the host,
* imported to the card and a backup file created by gpg-agent. * imported to the card and a backup file created by gpg-agent. If
* FULL is not set only the basic prompts are used (except for batch
* mode).
*/ */
void void
generate_keypair (ctrl_t ctrl, const char *fname, const char *card_serialno, generate_keypair (ctrl_t ctrl, int full, const char *fname,
int card_backup_key) const char *card_serialno, int card_backup_key)
{ {
unsigned int nbits; unsigned int nbits;
char *uid = NULL; char *uid = NULL;
@ -3628,7 +3648,7 @@ generate_keypair (ctrl_t ctrl, const char *fname, const char *card_serialno,
} }
#endif /*ENABLE_CARD_SUPPORT*/ #endif /*ENABLE_CARD_SUPPORT*/
} }
else else if (full) /* Full featured key generation. */
{ {
int subkey_algo; int subkey_algo;
char *curve = NULL; char *curve = NULL;
@ -3764,34 +3784,47 @@ generate_keypair (ctrl_t ctrl, const char *fname, const char *card_serialno,
xfree (curve); xfree (curve);
} }
else /* Default key generation. */
{
tty_printf ( _("Note: Use \"%s %s\""
" for a full featured key generation dialog.\n"),
GPG_NAME, "--full-gen-key" );
para = quickgen_set_para (para, 0,
DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
DEFAULT_STD_CURVE);
para = quickgen_set_para (para, 1,
DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
DEFAULT_STD_SUBCURVE);
}
expire = ask_expire_interval(0,NULL);
r = xmalloc_clear( sizeof *r + 20 ); expire = full? ask_expire_interval (0, NULL) : 0;
r = xcalloc (1, sizeof *r + 20);
r->key = pKEYEXPIRE; r->key = pKEYEXPIRE;
r->u.expire = expire; r->u.expire = expire;
r->next = para; r->next = para;
para = r; para = r;
r = xmalloc_clear( sizeof *r + 20 ); r = xcalloc (1, sizeof *r + 20);
r->key = pSUBKEYEXPIRE; r->key = pSUBKEYEXPIRE;
r->u.expire = expire; r->u.expire = expire;
r->next = para; r->next = para;
para = r; para = r;
uid = ask_user_id (0, NULL); uid = ask_user_id (0, full, NULL);
if( !uid ) if (!uid)
{ {
log_error(_("Key generation canceled.\n")); log_error(_("Key generation canceled.\n"));
release_parameter_list( para ); release_parameter_list( para );
return; return;
} }
r = xmalloc_clear( sizeof *r + strlen(uid) ); r = xcalloc (1, sizeof *r + strlen (uid));
r->key = pUSERID; r->key = pUSERID;
strcpy( r->u.value, uid ); strcpy (r->u.value, uid);
r->next = para; r->next = para;
para = r; para = r;
proc_parameter_file( para, "[internal]", &outctrl, !!card_serialno); proc_parameter_file (para, "[internal]", &outctrl, !!card_serialno);
release_parameter_list( para ); release_parameter_list (para);
} }

2
g10/main.h
View File

@ -259,7 +259,7 @@ u32 parse_expire_string(const char *string);
u32 ask_expire_interval(int object,const char *def_expire); u32 ask_expire_interval(int object,const char *def_expire);
u32 ask_expiredate(void); u32 ask_expiredate(void);
void quick_generate_keypair (const char *uid); void quick_generate_keypair (const char *uid);
void generate_keypair (ctrl_t ctrl, const char *fname, void generate_keypair (ctrl_t ctrl, int full, const char *fname,
const char *card_serialno, int card_backup_key); const char *card_serialno, int card_backup_key);
int keygen_set_std_prefs (const char *string,int personal); int keygen_set_std_prefs (const char *string,int personal);
PKT_user_id *keygen_get_std_prefs (void); PKT_user_id *keygen_get_std_prefs (void);