mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
gpg: New option --key-origin.
* g10/keydb.h (KEYORG_): Rename to KEYORG_. * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust users. (PKT_public_key): Ditto. (PKT_ring_trust): Ditto. * g10/options.h (struct opt): Add field key_origin. * g10/getkey.c (parse_key_origin): New. * g10/gpg.c (oKeyOrigin): New. (opts): Add "keys-origin". (main): Set option. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
877a321d01
commit
fa1155e89e
11
doc/DETAILS
11
doc/DETAILS
@ -1347,12 +1347,13 @@ CREATE TABLE signatures (
|
||||
- 2 :: Key source on a user id (UID)
|
||||
- 1 octet :: Key Source; i.e. the origin of the key:
|
||||
- 0 :: Unknown source.
|
||||
- 1 :: Direct import from a file.
|
||||
- 2 :: Public keyserver.
|
||||
- 3 :: Preferred keysrver.
|
||||
- 1 :: Public keyserver.
|
||||
- 2 :: Preferred keysrver.
|
||||
- 3 :: OpenPGP DANE.
|
||||
- 4 :: Web Key Directory.
|
||||
- 5 :: Web Key Directory via sub-domain.
|
||||
- 6 :: OpenPGP DANE.
|
||||
- 5 :: Import from a trusted URL.
|
||||
- 6 :: Import from a trusted file.
|
||||
- 7 :: Self generated.
|
||||
- 4 octets :: Time of last update. This is a a four-octet scalar
|
||||
with the seconds since Epoch.
|
||||
- 1 octet :: Scalar with the length of the following field.
|
||||
|
@ -2254,6 +2254,13 @@ hint to optimize its buffer allocation strategy. It is also used by
|
||||
the @option{--status-fd} line ``PROGRESS'' to provide a value for
|
||||
``total'' if that is not available by other means.
|
||||
|
||||
@item --key-origin @var{string}
|
||||
@opindex key-origin
|
||||
gpg can track the origin of a key. Certain origins are implicitly
|
||||
known (e.g. keyserver, web key directory) and set. For a standard
|
||||
import the origin of the keys imported can be set with this optionb.
|
||||
To list the possible values use "help" for @var{string}.
|
||||
|
||||
@item --import-options @code{parameters}
|
||||
@opindex import-options
|
||||
This is a space or comma delimited string that gives options for
|
||||
|
@ -213,7 +213,7 @@ build_packet_and_meta (iobuf_t out, PACKET *pkt)
|
||||
PKT_user_id *uid = pkt->pkt.user_id;
|
||||
|
||||
rt.subtype = RING_TRUST_UID;
|
||||
rt.keysrc = uid->keysrc;
|
||||
rt.keyorg = uid->keyorg;
|
||||
rt.keyupdate = uid->keyupdate;
|
||||
rt.url = uid->updateurl;
|
||||
err = do_ring_trust (out, &rt);
|
||||
@ -225,7 +225,7 @@ build_packet_and_meta (iobuf_t out, PACKET *pkt)
|
||||
PKT_public_key *pk = pkt->pkt.public_key;
|
||||
|
||||
rt.subtype = RING_TRUST_KEY;
|
||||
rt.keysrc = pk->keysrc;
|
||||
rt.keyorg = pk->keyorg;
|
||||
rt.keyupdate = pk->keyupdate;
|
||||
rt.url = pk->updateurl;
|
||||
err = do_ring_trust (out, &rt);
|
||||
@ -395,7 +395,7 @@ do_ring_trust (iobuf_t out, PKT_ring_trust *rt)
|
||||
iobuf_put (out, rt->subtype);
|
||||
if (rt->subtype == RING_TRUST_KEY || rt->subtype == RING_TRUST_UID)
|
||||
{
|
||||
iobuf_put (out, rt->keysrc);
|
||||
iobuf_put (out, rt->keyorg);
|
||||
write_32 (out, rt->keyupdate);
|
||||
iobuf_put (out, namelen);
|
||||
if (namelen)
|
||||
|
@ -379,6 +379,7 @@ ks_status_cb (void *opaque, const char *line)
|
||||
|
||||
if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE")))
|
||||
{
|
||||
/* Note that the arg for "S SOURCE" is the URL of a keyserver. */
|
||||
if (!parm->source)
|
||||
{
|
||||
parm->source = xtrystrdup (s);
|
||||
|
35
g10/getkey.c
35
g10/getkey.c
@ -4294,6 +4294,41 @@ parse_auto_key_locate (char *options)
|
||||
}
|
||||
|
||||
|
||||
/* Parse the argument for --key-origin. Return false on error. */
|
||||
int
|
||||
parse_key_origin (char *string)
|
||||
{
|
||||
struct { const char *name; int origin; } list[] = {
|
||||
{ "self", KEYORG_SELF },
|
||||
{ "file", KEYORG_FILE },
|
||||
{ "url", KEYORG_URL },
|
||||
{ "wkd", KEYORG_WKD },
|
||||
{ "dane", KEYORG_DANE },
|
||||
{ "ks-pref", KEYORG_KS_PREF },
|
||||
{ "ks", KEYORG_KS },
|
||||
{ "unknown", KEYORG_UNKNOWN }
|
||||
};
|
||||
int i;
|
||||
|
||||
if (!ascii_strcasecmp (string, "help"))
|
||||
{
|
||||
log_info (_("valid values for option '%s':\n"), "--key-origin");
|
||||
for (i=0; i < DIM (list); i++)
|
||||
log_info (" %s\n", list[i].name);
|
||||
g10_exit (1);
|
||||
}
|
||||
|
||||
for (i=0; i < DIM (list); i++)
|
||||
if (!ascii_strcasecmp (string, list[i].name))
|
||||
{
|
||||
opt.key_origin = list[i].origin;
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Returns true if a secret key is available for the public key with
|
||||
key id KEYID; returns false if not. This function ignores legacy
|
||||
keys. Note: this is just a fast check and does not tell us whether
|
||||
|
14
g10/gpg.c
14
g10/gpg.c
@ -419,6 +419,7 @@ enum cmd_and_opt_values
|
||||
oOnlySignTextIDs,
|
||||
oDisableSignerUID,
|
||||
oSender,
|
||||
oKeyOrigin,
|
||||
|
||||
oNoop
|
||||
};
|
||||
@ -615,6 +616,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
|
||||
ARGPARSE_s_s (oKeyServer, "keyserver", "@"),
|
||||
ARGPARSE_s_s (oKeyServerOptions, "keyserver-options", "@"),
|
||||
ARGPARSE_s_s (oKeyOrigin, "key-origin", "@"),
|
||||
ARGPARSE_s_s (oImportOptions, "import-options", "@"),
|
||||
ARGPARSE_s_s (oImportFilter, "import-filter", "@"),
|
||||
ARGPARSE_s_s (oExportOptions, "export-options", "@"),
|
||||
@ -2845,9 +2847,9 @@ main (int argc, char **argv)
|
||||
|
||||
case oCompliance:
|
||||
{
|
||||
int compliance = gnupg_parse_compliance_option (pargs.r.ret_str,
|
||||
compliance_options,
|
||||
DIM (compliance_options),
|
||||
int compliance = gnupg_parse_compliance_option
|
||||
(pargs.r.ret_str,
|
||||
compliance_options, DIM (compliance_options),
|
||||
opt.quiet);
|
||||
if (compliance < 0)
|
||||
g10_exit (1);
|
||||
@ -3462,6 +3464,12 @@ main (int argc, char **argv)
|
||||
release_akl();
|
||||
break;
|
||||
|
||||
case oKeyOrigin:
|
||||
if(!parse_key_origin (pargs.r.ret_str))
|
||||
log_error (_("invalid argument for option \"%.50s\"\n"),
|
||||
"--key-origin");
|
||||
break;
|
||||
|
||||
case oEnableLargeRSA:
|
||||
#if SECMEM_BUFFER_SIZE >= 65536
|
||||
opt.flags.large_rsa=1;
|
||||
|
16
g10/keydb.h
16
g10/keydb.h
@ -119,13 +119,14 @@ union pref_hint
|
||||
/* Constants to describe from where a key was fetched or updated. */
|
||||
enum
|
||||
{
|
||||
KEYSRC_UNKNOWN = 0,
|
||||
KEYSRC_FILE = 1, /* Direct import from a file. */
|
||||
KEYSRC_KS = 2, /* Public keyserver. */
|
||||
KEYSRC_PREF_KS = 3, /* Preferred keysrver. */
|
||||
KEYSRC_WKD = 4, /* Web Key Directory. */
|
||||
KEYSRC_WKD_SD = 5, /* Web Key Directory but from a sub domain. */
|
||||
KEYSRC_DANE = 6 /* OpenPGP DANE. */
|
||||
KEYORG_UNKNOWN = 0,
|
||||
KEYORG_KS = 1, /* Public keyserver. */
|
||||
KEYORG_KS_PREF = 2, /* Preferred keysrver. */
|
||||
KEYORG_DANE = 3, /* OpenPGP DANE. */
|
||||
KEYORG_WKD = 4, /* Web Key Directory. */
|
||||
KEYORG_URL = 5, /* Trusted URL. */
|
||||
KEYORG_FILE = 6, /* Trusted file. */
|
||||
KEYORG_SELF = 7, /* We generated it. */
|
||||
};
|
||||
|
||||
|
||||
@ -396,6 +397,7 @@ char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr);
|
||||
|
||||
void release_akl(void);
|
||||
int parse_auto_key_locate(char *options);
|
||||
int parse_key_origin (char *string);
|
||||
|
||||
/*-- keyid.c --*/
|
||||
int pubkey_letter( int algo );
|
||||
|
@ -263,6 +263,9 @@ struct
|
||||
struct akl *next;
|
||||
} *auto_key_locate;
|
||||
|
||||
/* The value of --key-origin. See parse_key_origin(). */
|
||||
int key_origin;
|
||||
|
||||
int passphrase_repeat;
|
||||
int pinentry_mode;
|
||||
|
||||
|
@ -285,7 +285,7 @@ typedef struct
|
||||
u32 created; /* according to the self-signature */
|
||||
u32 keyupdate; /* From the ring trust packet. */
|
||||
char *updateurl; /* NULL or the URL of the last update origin. */
|
||||
byte keysrc; /* From the ring trust packet. */
|
||||
byte keyorg; /* From the ring trust packet. */
|
||||
byte selfsigversion;
|
||||
struct
|
||||
{
|
||||
@ -407,7 +407,7 @@ typedef struct
|
||||
u32 trust_timestamp;
|
||||
byte trust_depth;
|
||||
byte trust_value;
|
||||
byte keysrc; /* From the ring trust packet. */
|
||||
byte keyorg; /* From the ring trust packet. */
|
||||
u32 keyupdate; /* From the ring trust packet. */
|
||||
char *updateurl; /* NULL or the URL of the last update origin. */
|
||||
const byte *trust_regexp;
|
||||
@ -498,7 +498,7 @@ typedef struct {
|
||||
unsigned int trustval;
|
||||
unsigned int sigcache;
|
||||
unsigned char subtype; /* The subtype of this ring trust packet. */
|
||||
unsigned char keysrc; /* The origin of the key (KEYSRC_*). */
|
||||
unsigned char keyorg; /* The origin of the key (KEYSRC_*). */
|
||||
u32 keyupdate; /* The wall time the key was last updated. */
|
||||
char *url; /* NULL or the URL of the source. */
|
||||
} PKT_ring_trust;
|
||||
|
@ -2942,7 +2942,7 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen)
|
||||
int i;
|
||||
unsigned int namelen;
|
||||
|
||||
rt.keysrc = iobuf_get_noeof (inp);
|
||||
rt.keyorg = iobuf_get_noeof (inp);
|
||||
pktlen--;
|
||||
rt.keyupdate = read_32 (inp);
|
||||
pktlen -= 4;
|
||||
@ -2974,7 +2974,7 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen)
|
||||
es_fprintf (listfp, ":trust packet: %s upd=%lu src=%d%s",
|
||||
(rt.subtype == RING_TRUST_UID? "uid" : "key"),
|
||||
(unsigned long)rt.keyupdate,
|
||||
rt.keysrc,
|
||||
rt.keyorg,
|
||||
(rt.url? " url=":""));
|
||||
if (rt.url)
|
||||
{
|
||||
@ -3016,7 +3016,7 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen)
|
||||
{
|
||||
PKT_user_id *uid = ctx->last_pkt.pkt.user_id;
|
||||
|
||||
uid->keysrc = rt.keysrc;
|
||||
uid->keyorg = rt.keyorg;
|
||||
uid->keyupdate = rt.keyupdate;
|
||||
uid->updateurl = rt.url;
|
||||
rt.url = NULL;
|
||||
@ -3027,7 +3027,7 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen)
|
||||
{
|
||||
PKT_public_key *pk = ctx->last_pkt.pkt.public_key;
|
||||
|
||||
pk->keysrc = rt.keysrc;
|
||||
pk->keyorg = rt.keyorg;
|
||||
pk->keyupdate = rt.keyupdate;
|
||||
pk->updateurl = rt.url;
|
||||
rt.url = NULL;
|
||||
|
Loading…
x
Reference in New Issue
Block a user