diff --git a/g10/ChangeLog b/g10/ChangeLog index b6ba5462e..c999e3ffd 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,13 @@ +2005-01-01 David Shaw + + * options.h, import.c (parse_import_options, delete_inv_parts): + Add import-unusable-sigs flag to enable importing unusable + (currently: expired) sigs. + + * options.h, export.c (parse_export_options, do_export_stream): + Add export-unusable-sigs flag to enable exporting unusable + (currently: expired) sigs. + 2004-12-29 David Shaw * packet.h, getkey.c (merge_selfsigs_main, sig_to_revoke_info), diff --git a/g10/export.c b/g10/export.c index 86bc6546c..73aa750e9 100644 --- a/g10/export.c +++ b/g10/export.c @@ -49,6 +49,7 @@ parse_export_options(char *str,unsigned int *options,int noisy) {"export-attributes",EXPORT_ATTRIBUTES,NULL}, {"export-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL}, {"export-minimal",EXPORT_MINIMAL,NULL}, + {"export-unusable-sigs",EXPORT_UNUSABLE_SIGS,NULL}, /* Aliases for backward compatibility */ {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL}, {"include-attributes",EXPORT_ATTRIBUTES,NULL}, @@ -314,7 +315,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, if( node->pkt->pkttype == PKT_SIGNATURE ) { - /* If we have minimal-export turned on, do not include + /* If we have export-minimal turned on, do not include any signature that isn't a selfsig. Note that this only applies to uid sigs (0x10, 0x11, 0x12, and 0x13). A designated revocation is not stripped. */ @@ -324,6 +325,16 @@ do_export_stream( IOBUF out, STRLIST users, int secret, || node->pkt->pkt.signature->keyid[1]!=keyid[1])) continue; + /* We do basically the same thing for + export-unusable-sigs. It only applies to expired + uid sigs that aren't selfsigs. */ + if(!(options&EXPORT_UNUSABLE_SIGS) + && IS_UID_SIG(node->pkt->pkt.signature) + && node->pkt->pkt.signature->flags.expired + && (node->pkt->pkt.signature->keyid[0]!=keyid[0] + || node->pkt->pkt.signature->keyid[1]!=keyid[1])) + continue; + /* do not export packets which are marked as not exportable */ if(!(options&EXPORT_LOCAL_SIGS) && !node->pkt->pkt.signature->flags.exportable) diff --git a/g10/import.c b/g10/import.c index 283be207d..e0d57a508 100644 --- a/g10/import.c +++ b/g10/import.c @@ -93,6 +93,7 @@ parse_import_options(char *str,unsigned int *options,int noisy) {"fast-import",IMPORT_FAST,NULL}, {"convert-sk-to-pk",IMPORT_SK2PK,NULL}, {"merge-only",IMPORT_MERGE_ONLY,NULL}, + {"import-unusable-sigs",IMPORT_UNUSABLE_SIGS,NULL}, /* Aliases for backward compatibility */ {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL}, {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL}, @@ -1557,8 +1558,26 @@ delete_inv_parts( const char *fname, KBNODE keyblock, node->pkt->pkt.signature->sig_class); delete_kbnode(node); } + else if(node->pkt->pkttype==PKT_SIGNATURE + && IS_UID_SIG(node->pkt->pkt.signature) + && node->pkt->pkt.signature->flags.expired + && (node->pkt->pkt.signature->keyid[0]!=keyid[0] + || node->pkt->pkt.signature->keyid[1]!=keyid[1]) + && !(options&IMPORT_UNUSABLE_SIGS)) + { + if(opt.verbose) + { + char *kid=m_strdup(keystr(keyid)); + log_info(_("key %s: expired signature from key %s -" + " skipped\n"),kid, + keystr(node->pkt->pkt.signature->keyid)); + m_free(kid); + } + + delete_kbnode(node); + } else if( (node->flag & 4) ) /* marked for deletion */ - delete_kbnode( node ); + delete_kbnode( node ); } /* note: because keyblock is the public key, it is never marked diff --git a/g10/options.h b/g10/options.h index 1ad6b44a2..2f7b03e15 100644 --- a/g10/options.h +++ b/g10/options.h @@ -252,11 +252,13 @@ struct { #define IMPORT_FAST (1<<2) #define IMPORT_SK2PK (1<<3) #define IMPORT_MERGE_ONLY (1<<4) +#define IMPORT_UNUSABLE_SIGS (1<<5) #define EXPORT_LOCAL_SIGS (1<<0) #define EXPORT_ATTRIBUTES (1<<1) #define EXPORT_SENSITIVE_REVKEYS (1<<2) #define EXPORT_MINIMAL (1<<3) +#define EXPORT_UNUSABLE_SIGS (1<<4) #define LIST_SHOW_PHOTOS (1<<0) #define LIST_SHOW_POLICY_URLS (1<<1)