diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 384a36593..2f1033e3f 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -381,7 +381,7 @@ values include up to @var{n} certificates starting with the signer cert. @node Esoteric Options -@subsection Doing things one usually don't want todo. +@subsection Doing things one usually don't want to do. @table @gnupgtabopt @@ -392,6 +392,10 @@ This option is only useful for testing; it sets the system time back or forth to @var{epoch} which is the number of seconds elapsed since the year 1970. +@item --with-ephemeral-keys +@opindex with-ephemeral-keys +Include ephemeral flagged keys in the output of key listings. + @item --debug-level @var{level} @opindex debug-level Select the debug level for investigating problems. @var{level} may be diff --git a/sm/ChangeLog b/sm/ChangeLog index b21a5faff..74b22b295 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,10 @@ +2004-08-06 Werner Koch + + * gpgsm.c: New option --with-ephemeral-keys. + * keylist.c (list_internal_keys): Set it here. + (list_cert_raw): And indicate those keys. Changed all our callers + to pass the new arg HD through. + 2004-07-23 Werner Koch * certreqgen.c (proc_parameters): Do not allow key length below diff --git a/sm/gpgsm.c b/sm/gpgsm.c index bf053b7a5..5fb80a0de 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -170,6 +170,7 @@ enum cmd_and_opt_values { oWithColons, oWithKeyData, oWithValidation, + oWithEphemeralKeys, oSkipVerify, oCompressKeys, oCompressSigs, @@ -404,6 +405,7 @@ static ARGPARSE_OPTS opts[] = { { oWithKeyData,"with-key-data", 0, "@"}, { oWithValidation, "with-validation", 0, "@"}, { oWithMD5Fingerprint, "with-md5-fingerprint", 0, "@"}, + { oWithEphemeralKeys, "with-ephemeral-keys", 0, "@"}, { aListKeys, "list-key", 0, "@" }, /* alias */ { aListSigs, "list-sig", 0, "@" }, /* alias */ { aListSigs, "check-sig",0, "@" }, /* alias */ @@ -1078,6 +1080,7 @@ main ( int argc, char **argv) case oWithKeyData: opt.with_key_data=1; /* fall thru */ case oWithColons: ctrl.with_colons = 1; break; case oWithValidation: ctrl.with_validation=1; break; + case oWithEphemeralKeys: opt.with_ephemeral_keys=1; break; case oSkipVerify: opt.skip_verify=1; break; diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 786a97353..a1813462f 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -65,6 +65,9 @@ struct { int with_md5_fingerprint; /* Also print an MD5 fingerprint for standard key listings. */ + int with_ephemeral_keys; /* Include ephemeral flagged keys in the + keylisting. */ + int armor; /* force base64 armoring (see also ctrl.with_base64) */ int no_armor; /* don't try to figure out whether data is base64 armored*/ diff --git a/sm/keylist.c b/sm/keylist.c index 0fd06ca13..0c8ebd33e 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -503,7 +503,8 @@ print_names_raw (FILE *fp, int indent, ksba_name_t name) the certificate. This one does no beautification and only minimal output sanitation. It is mainly useful for debugging. */ static void -list_cert_raw (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret, +list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd, + ksba_cert_t cert, FILE *fp, int have_secret, int with_validation) { gpg_error_t err; @@ -807,6 +808,18 @@ list_cert_raw (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret, else fprintf (fp, " [certificate is bad: %s]\n", gpg_strerror (err)); } + + if (opt.with_ephemeral_keys && hd) + { + unsigned int blobflags; + + err = keydb_get_flags (hd, KEYBOX_FLAG_BLOB, 0, &blobflags); + if (err) + fprintf (fp, " [error getting keyflags: %s]\n", gpg_strerror (err)); + else if ((blobflags & 2)) + fprintf (fp, " [stored as ephemeral]\n"); + } + } @@ -992,13 +1005,14 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret, /* Same as standard mode mode list all certifying certs too. */ static void -list_cert_chain (ctrl_t ctrl, ksba_cert_t cert, int raw_mode, +list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd, + ksba_cert_t cert, int raw_mode, FILE *fp, int with_validation) { ksba_cert_t next = NULL; if (raw_mode) - list_cert_raw (ctrl, cert, fp, 0, with_validation); + list_cert_raw (ctrl, hd, cert, fp, 0, with_validation); else list_cert_std (ctrl, cert, fp, 0, with_validation); ksba_cert_ref (cert); @@ -1007,7 +1021,7 @@ list_cert_chain (ctrl_t ctrl, ksba_cert_t cert, int raw_mode, ksba_cert_release (cert); fputs ("Certified by\n", fp); if (raw_mode) - list_cert_raw (ctrl, next, fp, 0, with_validation); + list_cert_raw (ctrl, hd, next, fp, 0, with_validation); else list_cert_std (ctrl, next, fp, 0, with_validation); cert = next; @@ -1079,6 +1093,9 @@ list_internal_keys (ctrl_t ctrl, STRLIST names, FILE *fp, } + if (opt.with_ephemeral_keys) + keydb_set_ephemeral (hd, 1); + /* It would be nice to see which of the given users did actually match one in the keyring. To implement this we need to have a found flag for each entry in desc and to set this we must check @@ -1146,11 +1163,12 @@ list_internal_keys (ctrl_t ctrl, STRLIST names, FILE *fp, if (ctrl->with_colons) list_cert_colon (ctrl, cert, validity, fp, have_secret); else if (ctrl->with_chain) - list_cert_chain (ctrl, cert, raw_mode, fp, ctrl->with_validation); + list_cert_chain (ctrl, hd, cert, + raw_mode, fp, ctrl->with_validation); else { if (raw_mode) - list_cert_raw (ctrl, cert, fp, have_secret, + list_cert_raw (ctrl, hd, cert, fp, have_secret, ctrl->with_validation); else list_cert_std (ctrl, cert, fp, have_secret, @@ -1198,11 +1216,11 @@ list_external_cb (void *cb_value, ksba_cert_t cert) if (parm->with_colons) list_cert_colon (parm->ctrl, cert, 0, parm->fp, 0); else if (parm->with_chain) - list_cert_chain (parm->ctrl, cert, parm->raw_mode, parm->fp, 0); + list_cert_chain (parm->ctrl, NULL, cert, parm->raw_mode, parm->fp, 0); else { if (parm->raw_mode) - list_cert_raw (parm->ctrl, cert, parm->fp, 0, 0); + list_cert_raw (parm->ctrl, NULL, cert, parm->fp, 0, 0); else list_cert_std (parm->ctrl, cert, parm->fp, 0, 0); putc ('\n', parm->fp);