* keyedit.c (keyedit_menu, menu_addrevoker): Allow specifying "sensitive"

as an argument to an addrevoker command.  This sets the 0x40 sensitive
revoker flag.

* revoke.c (gen_desig_revoke): When generating a designated revocation,
include the direct key sig that contains the designated revoker subpacket.
This allows sensitive designated revocation subpackets to be exported.
Also indicate which revokers are sensitive in the first place.

g10/ChangeLog

@@ -1,3 +1,15 @@
+2002-07-18  David Shaw  <dshaw@jabberwocky.com>
+
+	* keyedit.c (keyedit_menu, menu_addrevoker): Allow specifying
+	"sensitive" as an argument to an addrevoker command.  This sets
+	the 0x40 sensitive revoker flag.
+
+	* revoke.c (gen_desig_revoke): When generating a designated
+	revocation, include the direct key sig that contains the
+	designated revoker subpacket.  This allows sensitive designated
+	revocation subpackets to be exported.  Also indicate which
+	revokers are sensitive in the first place.
+
 2002-07-17  David Shaw  <dshaw@jabberwocky.com>
 
 	* keyedit.c (show_key_with_all_names_colon): The 0x40 class bit in

g10/keyedit.c

@@ -49,7 +49,8 @@ static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock, int photo );
 static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int  menu_delsig( KBNODE pub_keyblock );
 static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
-static int menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int menu_addrevoker( KBNODE pub_keyblock,
+			    KBNODE sec_keyblock, int sensitive );
 static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int menu_set_primary_uid( KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock );
@@ -1255,11 +1256,17 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
 	    break;
 
 	  case cmdADDREVOKER:
-	    if( menu_addrevoker( keyblock, sec_keyblock ) ) {
+	    {
+	      int sensitive=0;
+
+	      if(arg_string && ascii_strcasecmp(arg_string,"sensitive")==0)
+		sensitive=1;
+	      if( menu_addrevoker( keyblock, sec_keyblock, sensitive ) ) {
 		redisplay = 1;
 		sec_modified = modified = 1;
 		merge_keys_and_selfsig( sec_keyblock );
 		merge_keys_and_selfsig( keyblock );
+	      }
 	    }
 	    break;
 
@@ -2169,7 +2176,7 @@ menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
  * Return true if there is a new revoker
  */
 static int
-menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock )
+menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
 {
   PKT_public_key *pk=NULL,*revoker_pk=NULL;
   PKT_secret_key *sk=NULL;
@@ -2254,8 +2261,9 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock )
 				"key as a designated revoker? (y/N): "))
 	continue;
 
-      /* todo: handle 0x40 sensitive flag here */
       revkey.class=0x80;
+      if(sensitive)
+	revkey.class|=0x40;
       revkey.algid=revoker_pk->pubkey_algo;
       free_public_key(revoker_pk);
       break;

g10/revoke.c

@@ -147,7 +147,7 @@ gen_desig_revoke( const char *uname )
 	    char *p;
 	    u32 sk_keyid[2];
 	    PKT_user_id *uid=NULL;
-	    PKT_signature *selfsig=NULL;
+	    PKT_signature *selfsig=NULL,*revsig=NULL;
 
 	    any=1;
 	    keyid_from_sk(sk,sk_keyid);
@@ -172,7 +172,10 @@ gen_desig_revoke( const char *uname )
 	    p = get_user_id( sk_keyid, &n );
 	    tty_print_utf8_string( p, n );
 	    m_free(p);
-	    tty_printf("\n\n");
+	    tty_printf("\n");
+	    if(pk->revkey[i].class&0x40)
+	      tty_printf(_("(This is a sensitive revocation key)\n"));
+	    tty_printf("\n");
 
 	    if( !cpr_get_answer_is_yes("gen_desig_revoke.okay",
 		       _("Create a revocation certificate for this key? ")) )
@@ -225,6 +228,57 @@ gen_desig_revoke( const char *uname )
 	      goto leave;
 	    }
 
+	    /* Include the direct key signature that contains this
+               revocation key.  We're allowed to include sensitive
+               revocation keys along with a revocation, and this may
+               be the only time the recipient has seen it. */
+	    while(!revsig)
+	      {
+		KBNODE signode;
+
+		signode=find_next_kbnode(node,PKT_SIGNATURE);
+		if(!signode)
+		  break;
+
+		node=signode;
+
+		if(keyid[0]==signode->pkt->pkt.signature->keyid[0] &&
+		   keyid[1]==signode->pkt->pkt.signature->keyid[1] &&
+		   IS_KEY_SIG(signode->pkt->pkt.signature))
+		  {
+		    int j;
+
+		    for(j=0;j<signode->pkt->pkt.signature->numrevkeys;j++)
+		      {
+			if(pk->revkey[i].class==
+			   signode->pkt->pkt.signature->revkey[j]->class &&
+			   pk->revkey[i].algid==
+			   signode->pkt->pkt.signature->revkey[j]->algid &&
+			   memcmp(pk->revkey[i].fpr,
+				  signode->pkt->pkt.signature->revkey[j]->fpr,
+				  MAX_FINGERPRINT_LEN)==0)
+			  {
+			    revsig=signode->pkt->pkt.signature;
+			    break;
+			  }
+		      }
+		  }
+	      }
+
+	    if(revsig)
+	      {
+		pkt.pkttype = PKT_SIGNATURE;
+		pkt.pkt.signature = revsig;
+
+		rc = build_packet( out, &pkt );
+		if( rc ) {
+		  log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
+		  goto leave;
+		}
+	      }
+	    else
+	      BUG();
+
 	    init_packet( &pkt );
 	    pkt.pkttype = PKT_SIGNATURE;
 	    pkt.pkt.signature = sig;