mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
* misc.c (openpgp_pk_algo_usage): Default to allowing CERT for signing
algorithms. * keyedit.c (sign_uids): Don't request a signing key to make a certification. * keygen.c (do_add_key_flags): Force the certify flag on for all primary keys, as the spec requires primary keys must be able to certify (if nothing else, which key is going to issue the user ID signature?) (print_key_flags): Show certify flag. (ask_key_flags, ask_algo): Don't allow setting the C flag for subkeys. * keyid.c (usagestr_from_pk), getkey.c (parse_key_usage): Distinguish between a sign/certify key and a certify-only key.
This commit is contained in:
parent
752d64bffc
commit
f74282bee0
@ -1,5 +1,22 @@
|
|||||||
2005-08-26 David Shaw <dshaw@jabberwocky.com>
|
2005-08-26 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* misc.c (openpgp_pk_algo_usage): Default to allowing CERT for
|
||||||
|
signing algorithms.
|
||||||
|
|
||||||
|
* keyedit.c (sign_uids): Don't request a signing key to make a
|
||||||
|
certification.
|
||||||
|
|
||||||
|
* keygen.c (do_add_key_flags): Force the certify flag on for all
|
||||||
|
primary keys, as the spec requires primary keys must be able to
|
||||||
|
certify (if nothing else, which key is going to issue the user ID
|
||||||
|
signature?)
|
||||||
|
(print_key_flags): Show certify flag.
|
||||||
|
(ask_key_flags, ask_algo): Don't allow setting the C flag for
|
||||||
|
subkeys.
|
||||||
|
|
||||||
|
* keyid.c (usagestr_from_pk), getkey.c (parse_key_usage):
|
||||||
|
Distinguish between a sign/certify key and a certify-only key.
|
||||||
|
|
||||||
* keyedit.c (ask_revoke_sig): Add a revsig --with-colons mode.
|
* keyedit.c (ask_revoke_sig): Add a revsig --with-colons mode.
|
||||||
Suggested by Michael Schierl.
|
Suggested by Michael Schierl.
|
||||||
|
|
||||||
|
18
g10/getkey.c
18
g10/getkey.c
@ -1331,16 +1331,24 @@ parse_key_usage(PKT_signature *sig)
|
|||||||
/* first octet of the keyflags */
|
/* first octet of the keyflags */
|
||||||
flags=*p;
|
flags=*p;
|
||||||
|
|
||||||
if(flags & 3)
|
if(flags & 1)
|
||||||
{
|
{
|
||||||
key_usage |= PUBKEY_USAGE_SIG;
|
key_usage |= PUBKEY_USAGE_CERT;
|
||||||
flags&=~3;
|
flags&=~1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(flags & 12)
|
if(flags & 2)
|
||||||
|
{
|
||||||
|
key_usage |= PUBKEY_USAGE_SIG;
|
||||||
|
flags&=~2;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* We do not distinguish between encrypting communications and
|
||||||
|
encrypting storage. */
|
||||||
|
if(flags & (0x04|0x08))
|
||||||
{
|
{
|
||||||
key_usage |= PUBKEY_USAGE_ENC;
|
key_usage |= PUBKEY_USAGE_ENC;
|
||||||
flags&=~12;
|
flags&=~(0x04|0x08);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(flags & 0x20)
|
if(flags & 0x20)
|
||||||
|
@ -529,8 +529,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||||||
* be one which is capable of signing keys. I can't see a reason
|
* be one which is capable of signing keys. I can't see a reason
|
||||||
* why to sign keys using a subkey. Implementation of USAGE_CERT
|
* why to sign keys using a subkey. Implementation of USAGE_CERT
|
||||||
* is just a hack in getkey.c and does not mean that a subkey
|
* is just a hack in getkey.c and does not mean that a subkey
|
||||||
* marked as certification capable will be used */
|
* marked as certification capable will be used. */
|
||||||
rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT);
|
rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_CERT);
|
||||||
if( rc )
|
if( rc )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
|
24
g10/keygen.c
24
g10/keygen.c
@ -190,9 +190,6 @@ do_add_key_flags (PKT_signature *sig, unsigned int use)
|
|||||||
{
|
{
|
||||||
byte buf[1];
|
byte buf[1];
|
||||||
|
|
||||||
if (!use)
|
|
||||||
return;
|
|
||||||
|
|
||||||
buf[0] = 0;
|
buf[0] = 0;
|
||||||
|
|
||||||
/* The spec says that all primary keys MUST be able to certify. */
|
/* The spec says that all primary keys MUST be able to certify. */
|
||||||
@ -205,6 +202,10 @@ do_add_key_flags (PKT_signature *sig, unsigned int use)
|
|||||||
buf[0] |= 0x04 | 0x08;
|
buf[0] |= 0x04 | 0x08;
|
||||||
if (use & PUBKEY_USAGE_AUTH)
|
if (use & PUBKEY_USAGE_AUTH)
|
||||||
buf[0] |= 0x20;
|
buf[0] |= 0x20;
|
||||||
|
|
||||||
|
if (!buf[0])
|
||||||
|
return;
|
||||||
|
|
||||||
build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
|
build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1238,6 +1239,9 @@ print_key_flags(int flags)
|
|||||||
if(flags&PUBKEY_USAGE_SIG)
|
if(flags&PUBKEY_USAGE_SIG)
|
||||||
tty_printf("%s ",_("Sign"));
|
tty_printf("%s ",_("Sign"));
|
||||||
|
|
||||||
|
if(flags&PUBKEY_USAGE_CERT)
|
||||||
|
tty_printf("%s ",_("Certify"));
|
||||||
|
|
||||||
if(flags&PUBKEY_USAGE_ENC)
|
if(flags&PUBKEY_USAGE_ENC)
|
||||||
tty_printf("%s ",_("Encrypt"));
|
tty_printf("%s ",_("Encrypt"));
|
||||||
|
|
||||||
@ -1248,7 +1252,7 @@ print_key_flags(int flags)
|
|||||||
|
|
||||||
/* Returns the key flags */
|
/* Returns the key flags */
|
||||||
static unsigned int
|
static unsigned int
|
||||||
ask_key_flags(int algo)
|
ask_key_flags(int algo,int subkey)
|
||||||
{
|
{
|
||||||
const char *togglers=_("SsEeAaQq");
|
const char *togglers=_("SsEeAaQq");
|
||||||
char *answer=NULL;
|
char *answer=NULL;
|
||||||
@ -1258,6 +1262,10 @@ ask_key_flags(int algo)
|
|||||||
if(strlen(togglers)!=8)
|
if(strlen(togglers)!=8)
|
||||||
BUG();
|
BUG();
|
||||||
|
|
||||||
|
/* Only primary keys may certify. */
|
||||||
|
if(subkey)
|
||||||
|
possible&=~PUBKEY_USAGE_CERT;
|
||||||
|
|
||||||
/* Preload the current set with the possible set, minus
|
/* Preload the current set with the possible set, minus
|
||||||
authentication, since nobody really uses auth yet. */
|
authentication, since nobody really uses auth yet. */
|
||||||
current=possible&~PUBKEY_USAGE_AUTH;
|
current=possible&~PUBKEY_USAGE_AUTH;
|
||||||
@ -1291,7 +1299,7 @@ ask_key_flags(int algo)
|
|||||||
cpr_kill_prompt();
|
cpr_kill_prompt();
|
||||||
|
|
||||||
if(strlen(answer)>1)
|
if(strlen(answer)>1)
|
||||||
continue;
|
tty_printf(_("Invalid selection.\n"));
|
||||||
else if(*answer=='\0' || *answer==togglers[6] || *answer==togglers[7])
|
else if(*answer=='\0' || *answer==togglers[6] || *answer==togglers[7])
|
||||||
break;
|
break;
|
||||||
else if((*answer==togglers[0] || *answer==togglers[1])
|
else if((*answer==togglers[0] || *answer==togglers[1])
|
||||||
@ -1318,6 +1326,8 @@ ask_key_flags(int algo)
|
|||||||
else
|
else
|
||||||
current|=PUBKEY_USAGE_AUTH;
|
current|=PUBKEY_USAGE_AUTH;
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
tty_printf(_("Invalid selection.\n"));
|
||||||
}
|
}
|
||||||
|
|
||||||
xfree(answer);
|
xfree(answer);
|
||||||
@ -1362,7 +1372,7 @@ ask_algo (int addmode, unsigned int *r_usage)
|
|||||||
}
|
}
|
||||||
else if( algo == 7 && opt.expert ) {
|
else if( algo == 7 && opt.expert ) {
|
||||||
algo = PUBKEY_ALGO_RSA;
|
algo = PUBKEY_ALGO_RSA;
|
||||||
*r_usage=ask_key_flags(algo);
|
*r_usage=ask_key_flags(algo,addmode);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
else if( algo == 6 && addmode ) {
|
else if( algo == 6 && addmode ) {
|
||||||
@ -1382,7 +1392,7 @@ ask_algo (int addmode, unsigned int *r_usage)
|
|||||||
}
|
}
|
||||||
else if( algo == 3 && opt.expert ) {
|
else if( algo == 3 && opt.expert ) {
|
||||||
algo = PUBKEY_ALGO_DSA;
|
algo = PUBKEY_ALGO_DSA;
|
||||||
*r_usage=ask_key_flags(algo);
|
*r_usage=ask_key_flags(algo,addmode);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
else if( algo == 2 ) {
|
else if( algo == 2 ) {
|
||||||
|
@ -547,10 +547,13 @@ usagestr_from_pk( PKT_public_key *pk )
|
|||||||
if ( use & PUBKEY_USAGE_SIG )
|
if ( use & PUBKEY_USAGE_SIG )
|
||||||
{
|
{
|
||||||
if (pk->is_primary)
|
if (pk->is_primary)
|
||||||
buffer[i++] = 'C';
|
use|=PUBKEY_USAGE_CERT;
|
||||||
buffer[i++] = 'S';
|
buffer[i++] = 'S';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( use & PUBKEY_USAGE_CERT )
|
||||||
|
buffer[i++] = 'C';
|
||||||
|
|
||||||
if ( use & PUBKEY_USAGE_ENC )
|
if ( use & PUBKEY_USAGE_ENC )
|
||||||
buffer[i++] = 'E';
|
buffer[i++] = 'E';
|
||||||
|
|
||||||
|
@ -853,6 +853,8 @@ keyserver_typemap(const char *type)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef GPGKEYS_CURL
|
#ifdef GPGKEYS_CURL
|
||||||
|
/* The PGP LDAP and the curl fetch-a-LDAP-object methodologies are
|
||||||
|
sufficiently different that we can't use curl to do LDAP. */
|
||||||
static int
|
static int
|
||||||
curl_cant_handle(const char *scheme)
|
curl_cant_handle(const char *scheme)
|
||||||
{
|
{
|
||||||
|
@ -407,19 +407,19 @@ openpgp_pk_algo_usage ( int algo )
|
|||||||
/* they are hardwired in gpg 1.0 */
|
/* they are hardwired in gpg 1.0 */
|
||||||
switch ( algo ) {
|
switch ( algo ) {
|
||||||
case PUBKEY_ALGO_RSA:
|
case PUBKEY_ALGO_RSA:
|
||||||
use = PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH;
|
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH;
|
||||||
break;
|
break;
|
||||||
case PUBKEY_ALGO_RSA_E:
|
case PUBKEY_ALGO_RSA_E:
|
||||||
use = PUBKEY_USAGE_ENC;
|
use = PUBKEY_USAGE_ENC;
|
||||||
break;
|
break;
|
||||||
case PUBKEY_ALGO_RSA_S:
|
case PUBKEY_ALGO_RSA_S:
|
||||||
use = PUBKEY_USAGE_SIG;
|
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG;
|
||||||
break;
|
break;
|
||||||
case PUBKEY_ALGO_ELGAMAL_E:
|
case PUBKEY_ALGO_ELGAMAL_E:
|
||||||
use = PUBKEY_USAGE_ENC;
|
use = PUBKEY_USAGE_ENC;
|
||||||
break;
|
break;
|
||||||
case PUBKEY_ALGO_DSA:
|
case PUBKEY_ALGO_DSA:
|
||||||
use = PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
|
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
@ -1224,6 +1224,7 @@ get_libexecdir (void)
|
|||||||
return GNUPG_LIBEXECDIR;
|
return GNUPG_LIBEXECDIR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Similar to access(2), but uses PATH to find the file. */
|
||||||
int
|
int
|
||||||
path_access(const char *file,int mode)
|
path_access(const char *file,int mode)
|
||||||
{
|
{
|
||||||
|
Loading…
x
Reference in New Issue
Block a user