gpg: Avoid extra pinentries for each subkey in --export-secret-keys.

* agent/command.c (cmd_export_key): Actually implement the cache_nonce feature. * g10/export.c (do_export_stream): Make use of a cache_nonce. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2014-11-02 17:51:30 +01:00 · 2014-11-02 17:51:30 +01:00 · f8c993fbe2
commit f8c993fbe2
parent d95f05c314
3 changed files with 35 additions and 7 deletions
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@ -2152,8 +2152,10 @@ agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr,

 /* Receive a secret key from the agent.  HEXKEYGRIP is the hexified
   keygrip, DESC a prompt to be displayed with the agent's passphrase
-   question (needs to be plus+percent escaped).  On success the key is
-   stored as a canonical S-expression at R_RESULT and R_RESULTLEN.  */
+   question (needs to be plus+percent escaped).  If CACHE_NONCE_ADDR
+   is not NULL the agent is advised to first try a passphrase
+   associated with that nonce.  On success the key is stored as a
+   canonical S-expression at R_RESULT and R_RESULTLEN.  */
 gpg_error_t
 agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
                  char **cache_nonce_addr,
--- a/g10/export.c
+++ b/g10/export.c
@ -777,6 +777,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
  strlist_t sl;
  int indent = 0;
  gcry_cipher_hd_t cipherhd = NULL;
+  char *cache_nonce = NULL;

  *any = 0;
  init_packet (&pkt);
@ -914,6 +915,8 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
        clean_key (keyblock, opt.verbose, (options&EXPORT_MINIMAL), NULL, NULL);

      /* And write it. */
+      xfree (cache_nonce);
+      cache_nonce = NULL;
      for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); )
        {
          if (skip_until_subkey)
@ -1124,7 +1127,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
                  {
                    char *prompt = gpg_format_keydesc (pk,
                                                       FORMAT_KEYDESC_EXPORT,1);
-                    err = agent_export_key (ctrl, hexgrip, prompt, NULL,
+                    err = agent_export_key (ctrl, hexgrip, prompt, &cache_nonce,
                                            &wrappedkey, &wrappedkeylen);
                    xfree (prompt);
                  }
@ -1246,6 +1249,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
  keydb_release (kdbhd);
  if (err || !keyblock_out)
    release_kbnode( keyblock );
+  xfree (cache_nonce);
  if( !*any )
    log_info(_("WARNING: nothing exported\n"));
  return err;