[svn] GnuPG - r3849 - trunk/g10
svn author wk
cvs at cvs.gnupg.org
Thu Aug 4 11:53:22 CEST 2005
Author: wk
Date: 2005-08-04 11:53:21 +0200 (Thu, 04 Aug 2005)
New Revision: 3849
Modified:
trunk/g10/ChangeLog
trunk/g10/cardglue.c
trunk/g10/export.c
trunk/g10/pkclist.c
trunk/g10/revoke.c
trunk/g10/seckey-cert.c
Log:
Fixes pertaining to revocation creation with subkey-only exported card keys
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2005-08-04 03:59:16 UTC (rev 3848)
+++ trunk/g10/ChangeLog 2005-08-04 09:53:21 UTC (rev 3849)
@@ -1,3 +1,17 @@
+2005-08-04 Werner Koch <wk at g10code.com>
+
+ * export.c (do_export_stream): Skip on-card keys when only subkeys
+ are to be exported. It does not make sense to replace the on-card
+ key stub by a no-key stub.
+
+ * revoke.c (gen_revoke): Check for non-online keys.
+
+ * seckey-cert.c (is_secret_key_protected): Return -3 for
+ non-online key stubs. The old code assumes that a protection
+ algorithm is still set but in some cases this one is 0 and thus it
+ won't be possible to decide whether it is unprotected or
+ protected.
+
2005-07-28 Werner Koch <wk at g10code.com>
* Makefile.am (other_libs): Add SRVLIBS.
Modified: trunk/g10/cardglue.c
===================================================================
--- trunk/g10/cardglue.c 2005-08-04 03:59:16 UTC (rev 3848)
+++ trunk/g10/cardglue.c 2005-08-04 09:53:21 UTC (rev 3849)
@@ -533,7 +533,7 @@
const char *s;
int ask = 0;
int n;
-
+
for (s = serialno, n=0; *s != '/' && hexdigitp (s); s++, n++)
;
if (n != 32)
Modified: trunk/g10/export.c
===================================================================
--- trunk/g10/export.c 2005-08-04 03:59:16 UTC (rev 3848)
+++ trunk/g10/export.c 2005-08-04 09:53:21 UTC (rev 3849)
@@ -230,6 +230,17 @@
keystr(sk_keyid));
continue;
}
+
+ /* It does not make sense to export a key with a primary
+ key on card using a non-key stub. We simply skip those
+ keys when used with --export-secret-subkeys. */
+ if (secret == 2 && sk->is_protected
+ && sk->protect.s2k.mode == 1002 )
+ {
+ log_info(_("key %s: key material on-card - skipped\n"),
+ keystr(sk_keyid));
+ continue;
+ }
}
else
{
Modified: trunk/g10/pkclist.c
===================================================================
--- trunk/g10/pkclist.c 2005-08-04 03:59:16 UTC (rev 3848)
+++ trunk/g10/pkclist.c 2005-08-04 09:53:21 UTC (rev 3849)
@@ -540,7 +540,6 @@
size_t fprlen;
int okay;
- log_info (_("Note: Verified address is `%s'\n"), sig->pka_info->email);
primary_pk = xmalloc_clear (sizeof *primary_pk);
get_pubkey (primary_pk, pk->main_keyid);
@@ -548,9 +547,17 @@
free_public_key (primary_pk);
if ( fprlen == 20 && !memcmp (sig->pka_info->fpr, fpr, 20) )
- okay = 1;
+ {
+ okay = 1;
+ log_info (_("Note: Verified signer's address is `%s'\n"),
+ sig->pka_info->email);
+ }
else
- okay = 0;
+ {
+ okay = 0;
+ log_info (_("Note: Signer's address `%s' "
+ "does not match DNS entry\n"), sig->pka_info->email);
+ }
switch ( (trustlevel & TRUST_MASK) )
{
Modified: trunk/g10/revoke.c
===================================================================
--- trunk/g10/revoke.c 2005-08-04 03:59:16 UTC (rev 3848)
+++ trunk/g10/revoke.c 2005-08-04 09:53:21 UTC (rev 3849)
@@ -497,11 +497,15 @@
log_error(_("unknown protection algorithm\n"));
rc = G10ERR_PUBKEY_ALGO;
break;
+ case -3:
+ tty_printf (_("Secret parts of primary key are not available.\n"));
+ rc = G10ERR_NO_SECKEY;
+ break;
case 0:
tty_printf(_("NOTE: This key is not protected!\n"));
break;
default:
- rc = check_secret_key( sk, 0 );
+ rc = check_secret_key( sk, 0 );
break;
}
if( rc )
Modified: trunk/g10/seckey-cert.c
===================================================================
--- trunk/g10/seckey-cert.c 2005-08-04 03:59:16 UTC (rev 3848)
+++ trunk/g10/seckey-cert.c 2005-08-04 09:53:21 UTC (rev 3849)
@@ -289,13 +289,14 @@
* check whether the secret key is protected.
* Returns: 0 not protected, -1 on error or the protection algorithm
* -2 indicates a card stub.
+ * -3 indicates a not-online stub.
*/
int
is_secret_key_protected( PKT_secret_key *sk )
{
return sk->is_protected?
- sk->protect.s2k.mode == 1002? -2
- : sk->protect.algo : 0;
+ sk->protect.s2k.mode == 1002? -2 :
+ sk->protect.s2k.mode == 1001? -3 : sk->protect.algo : 0;
}
More information about the Gnupg-commits
mailing list