[svn] GnuPG - r3912 - in trunk: . doc g10
svn author wk
cvs at cvs.gnupg.org
Mon Oct 17 19:21:22 CEST 2005
Author: wk
Date: 2005-10-17 19:21:15 +0200 (Mon, 17 Oct 2005)
New Revision: 3912
Modified:
trunk/NEWS
trunk/THANKS
trunk/doc/ChangeLog
trunk/doc/gpg.texi
trunk/doc/gpgv.sgml
trunk/doc/gpgv.texi
trunk/g10/ChangeLog
trunk/g10/export.c
Log:
exported subkeys are now merged into one output keyblock
Modified: trunk/NEWS
===================================================================
--- trunk/NEWS 2005-10-14 15:38:05 UTC (rev 3911)
+++ trunk/NEWS 2005-10-17 17:21:15 UTC (rev 3912)
@@ -17,6 +17,9 @@
associate a mail address with an OpenPGP key. See: XXXX for a
description.
+ * When exporting subkeys, those specified with a key ID or
+ fingerpint and the '!' suffix are now merged into one keyblock.
+
* Added "gpg-zip", a program to create encrypted archives that can
interoperate with PGP Zip.
Modified: trunk/THANKS
===================================================================
--- trunk/THANKS 2005-10-14 15:38:05 UTC (rev 3911)
+++ trunk/THANKS 2005-10-17 17:21:15 UTC (rev 3912)
@@ -145,6 +145,7 @@
Michael Sobolev mss at despair.transas.com
Michael Tokarev mjt at tls.msk.ru
Nicolas Graner Nicolas.Graner at cri.u-psud.fr
+Mike Dowling ML.Dowling at tu-bs.de
Mike McEwan mike at lotusland.demon.co.uk
Neal H Walfield neal at cs.uml.edu
Nelson H. F. Beebe beebe at math.utah.edu
Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog 2005-10-14 15:38:05 UTC (rev 3911)
+++ trunk/doc/ChangeLog 2005-10-17 17:21:15 UTC (rev 3912)
@@ -1,3 +1,7 @@
+2005-10-07 Werner Koch <wk at g10code.com>
+
+ * gpgv.sgml: Small spelling corrections by Mike Dowling.
+
2005-09-21 David Shaw <dshaw at jabberwocky.com>
* gpg.sgml: Note that --display-charset is just for display and
Modified: trunk/doc/gpg.texi
===================================================================
--- trunk/doc/gpg.texi 2005-10-14 15:38:05 UTC (rev 3911)
+++ trunk/doc/gpg.texi 2005-10-17 17:21:15 UTC (rev 3912)
@@ -322,22 +322,16 @@
are not already included in the preference list.
@item setpref @code{string}
-Set the list of user ID preferences to @code{string}, this should be a
-string similar to the one printed by "pref". Using an empty string
-will set the default preference string, using "none" will remove the
-preferences. Use "gpg --version" to get a list of available
-algorithms. This command just initializes an internal list and does
-not change anything unless another command (such as "updpref") which
-changes the self-signatures is used.
+Set the list of user ID preferences to @code{string} for all (or just
+the selected) user IDs. Calling setpref with no arguments sets the
+preference list to the default (either built-in or set via
+--default-preference-list), and calling setpref with "none" as the
+argument sets an empty preference list. Use "gpg --version" to get a
+list of available algorithms. Note that while you can change the
+preferences on an attribute user ID (aka "photo ID"), GnuPG does not
+select keys via attribute user IDs so these preferences will not be
+used by GnuPG.
- at item updpref
-Change the preferences of all user IDs (or just of the selected ones
-to the current list of preferences. The timestamp of all affected
-self-signatures will be advanced by one second. Note that while you
-can change the preferences on an attribute user ID (aka "photo ID"),
-GnuPG does not select keys via attribute user IDs so these preferences
-will not be used by GnuPG.
-
@item keyserver
Set a preferred keyserver for the specified user ID(s). This allows
other users to know where you prefer they get your key from. See
@@ -506,6 +500,10 @@
Search the keyserver for the given names. Multiple names given here
will be joined together to create the search string for the keyserver.
Option --keyserver must be used to give the name of this keyserver.
+Keyservers that support different search methods allow using the
+syntax specified in "How to specify a user ID" below. Note that
+different keyserver types support different search methods. Currently
+only LDAP supports them all.
@item --update-trustdb
Do trust database maintenance. This command iterates over all keys
@@ -935,6 +933,9 @@
After import, compact (remove all signatures from) any user IDs from
the new key that are not usable. This is the same as running the
--edit-key command "clean uids" after import. Defaults to no.
+
+ at item import-clean
+Identical to "import-clean-sigs import-clean-uids".
@end table
@item --export-options @code{parameters}
@@ -975,8 +976,8 @@
@item export-reset-subkey-passwd
When using the "--export-secret-subkeys" command, this option resets
the passphrases for all exported subkeys to empty. This is useful
-when the exported subkey is to be used on an unattended amchine where
-a passphrase won't make sense. Defaults to no.
+when the exported subkey is to be used on an unattended machine where
+a passphrase doesn't necessarily make sense. Defaults to no.
@end table
@item --list-options @code{parameters}
@@ -1160,10 +1161,12 @@
@item --display-charset @code{name}
Set the name of the native character set. This is used to convert
-some informational strings like user IDs to the proper UTF-8
-encoding. If this option is not used, the default character set is
-determined from the current locale. A verbosity level of 3 shows the
-chosen set. Valid values for @code{name} are:
+some informational strings like user IDs to the proper UTF-8 encoding.
+Note that this has nothing to do with the character set of data to be
+encrypted or signed; GnuPG does not recode user supplied data. If
+this option is not used, the default character set is determined from
+the current locale. A verbosity level of 3 shows the chosen set.
+Valid values for @code{name} are:
@table @asis
@@ -1231,15 +1234,27 @@
Write special status strings to the file descriptor @code{n}.
See the file DETAILS in the documentation for a listing of them.
+ at item --status-file @code{file}
+Same as --status-fd, except the status data is written to file
+ at code{file}.
+
@item --logger-fd @code{n}
Write log output to file descriptor @code{n} and not to stderr.
+ at item --logger-file @code{file}
+Same as --logger-fd, except the logger data is written to file
+ at code{file}.
+
@item --attribute-fd @code{n}
Write attribute subpackets to the file descriptor @code{n}. This is
most useful for use with --status-fd, since the status messages are
needed to separate out the various subpackets from the stream
delivered to the file descriptor.
+ at item --attribute-file @code{file}
+Same as --attribute-fd, except the attribute data is written to file
+ at code{file}.
+
@item --comment @code{string}
@itemx --no-comments
Use @code{string} as a comment string in clear text signatures and
@@ -1475,6 +1490,17 @@
can only be used if only one passphrase is supplied.
Don't use this option if you can avoid it.
+ at item --passphrase-file @code{file}
+Read the passphrase from file @code{file}. This can only be used if
+only one passphrase is supplied. Obviously, a passphrase stored in a
+file is of questionable security. Don't use this option if you can
+avoid it.
+
+ at item --passphrase @code{string}
+Use @code{string} as the passphrase. This can only be used if only one
+passphrase is supplied. Obviously, this is of very questionable
+security. Don't use this option if you can avoid it.
+
@item --command-fd @code{n}
This is a replacement for the deprecated shared-memory IPC mode.
If this option is enabled, user input on questions is not expected
@@ -1482,6 +1508,10 @@
together with --status-fd. See the file doc/DETAILS in the source
distribution for details on how to use it.
+ at item --command-file @code{file}
+Same as --command-fd, except the commands are read out of file
+ at code{file}
+
@item --use-agent
@itemx --no-use-agent
Try to use the GnuPG-Agent. Please note that this agent is still under
@@ -1871,10 +1901,9 @@
used when there are no recipient keys to consider (e.g. --symmetric).
@item --default-preference-list @code{string}
-Set the list of default preferences to @code{string}, this list should
-be a string similar to the one printed by the command "pref" in the
-edit menu. This affects both key generation and "updpref" in the edit
-menu.
+Set the list of default preferences to @code{string}. This preference
+list is used for new keys and becomes the default for "setpref" in the
+edit menu.
@item --list-config
Display various internal configuration parameters of GnuPG. This
@@ -1921,10 +1950,9 @@
Using the email address part which must match exactly. The left angle bracket
indicates this email address mode.
- at item +Heinrich Heine duesseldorf
-All words must match exactly (not case sensitive) but can appear in
-any order in the user ID. Words are any sequences of letters,
-digits, the underscore and all characters with bit 7 set.
+ at item @@heinrichh
+Match within the <email.address> part of a user ID. The at sign
+indicates this email address mode.
@item Heine
@itemx *Heine
Modified: trunk/doc/gpgv.sgml
===================================================================
--- trunk/doc/gpgv.sgml 2005-10-14 15:38:05 UTC (rev 3911)
+++ trunk/doc/gpgv.sgml 2005-10-17 17:21:15 UTC (rev 3912)
@@ -70,16 +70,16 @@
<command/gpgv/ is the OpenPGP signature checking tool.
</para>
<para>
-This program is a stripped down version of <command/gpg/ which is only
-able
-to check signatures. It is somewhat smaller than the full blown
-<command/gpg/ and uses a different (and more simple way) to check that
-the public keys used to made the signature are trustworth. There is
+This program is a stripped down version of <command/gpg/ which is able
+only
+to check signatures. It is somewhat smaller than the fully blown
+<command/gpg/ and uses a different (and simpler) way to check that
+the public keys used to make the signature are trustworthy. There are
no options files and only very few options are implemented.
</para>
<para>
-<command/gpgv/ assumes that all keys in the keyring are trustworty.
-It uses by default a keyring named <filename/trustedkeys.gpg/ which is
+<command/gpgv/ assumes that all keys in the keyring are trustworthy.
+By default it uses a keyring named <filename/trustedkeys.gpg/ which is
assumed to be in the home directory as defined by GnuPG or set by an
option or an environment variable. An option may be used to specify
another keyring or even multiple keyrings.
@@ -98,7 +98,7 @@
<varlistentry>
<term>-v, --verbose</term>
<listitem><para>
-Give more information during processing. If used
+Gives more information during processing. If used
twice, the input data is listed in detail.
</para></listitem></varlistentry>
@@ -127,8 +127,8 @@
<term>--homedir &ParmDir;</term>
<listitem><para>
Set the name of the home directory to &ParmDir; If this
-option is not used it defaults to "~/.gnupg". It does
-not make sense to use this in a options file. This
+option is not used, it defaults to "~/.gnupg". It does
+not make sense to use this in an options file. This
also overrides the environment variable "GNUPGHOME".
</para></listitem></varlistentry>
@@ -154,7 +154,7 @@
GnuPG normally checks that the timestamps associated with keys and
signatures have plausible values. However, sometimes a signature seems to
be older than the key due to clock problems. This option makes these
-checks just a warning.
+checks just warnings.
</para></listitem></varlistentry>
Modified: trunk/doc/gpgv.texi
===================================================================
--- trunk/doc/gpgv.texi 2005-10-14 15:38:05 UTC (rev 3911)
+++ trunk/doc/gpgv.texi 2005-10-17 17:21:15 UTC (rev 3912)
@@ -22,15 +22,15 @@
@code{gpgv} is the OpenPGP signature checking tool.
-This program is a stripped down version of @code{gpg} which is only
-able
-to check signatures. It is somewhat smaller than the full blown
- at code{gpg} and uses a different (and more simple way) to check that
-the public keys used to made the signature are trustworth. There is
+This program is a stripped down version of @code{gpg} which is able
+only
+to check signatures. It is somewhat smaller than the fully blown
+ at code{gpg} and uses a different (and simpler) way to check that
+the public keys used to make the signature are trustworthy. There are
no options files and only very few options are implemented.
- at code{gpgv} assumes that all keys in the keyring are trustworty.
-It uses by default a keyring named @file{trustedkeys.gpg} which is
+ at code{gpgv} assumes that all keys in the keyring are trustworthy.
+By default it uses a keyring named @file{trustedkeys.gpg} which is
assumed to be in the home directory as defined by GnuPG or set by an
option or an environment variable. An option may be used to specify
another keyring or even multiple keyrings.
@@ -41,7 +41,7 @@
@table @asis
@item -v, --verbose
-Give more information during processing. If used
+Gives more information during processing. If used
twice, the input data is listed in detail.
@item -q, --quiet
@@ -59,8 +59,8 @@
@item --homedir @code{directory}
Set the name of the home directory to @code{directory} If this
-option is not used it defaults to "~/.gnupg". It does
-not make sense to use this in a options file. This
+option is not used, it defaults to "~/.gnupg". It does
+not make sense to use this in an options file. This
also overrides the environment variable "GNUPGHOME".
@item --status-fd @code{n}
@@ -74,7 +74,7 @@
GnuPG normally checks that the timestamps associated with keys and
signatures have plausible values. However, sometimes a signature seems to
be older than the key due to clock problems. This option makes these
-checks just a warning.
+checks just warnings.
@end table
@chapheading RETURN VALUE
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2005-10-14 15:38:05 UTC (rev 3911)
+++ trunk/g10/ChangeLog 2005-10-17 17:21:15 UTC (rev 3912)
@@ -1,3 +1,12 @@
+2005-10-17 Werner Koch <wk at g10code.com>
+
+ * export.c (do_export_stream): Factored some code out to ...
+ (skip_subkey_p): .. new.
+ (subkey_in_list_p, release_subkey_list): New.
+ (new_subkey_list_item): New.
+ (do_export_stream): Export exactly specified subkeys into one
+ keyblock.
+
2005-10-13 David Shaw <dshaw at jabberwocky.com>
* keyedit.c (keyedit_menu, menu_backsign): New "backsign" command
Modified: trunk/g10/export.c
===================================================================
--- trunk/g10/export.c 2005-10-14 15:38:05 UTC (rev 3911)
+++ trunk/g10/export.c 2005-10-17 17:21:15 UTC (rev 3912)
@@ -37,6 +37,17 @@
#include "i18n.h"
#include "trustdb.h"
+
+/* An object to keep track of subkeys. */
+struct subkey_list_s
+{
+ struct subkey_list_s *next;
+ u32 kid[2];
+};
+typedef struct subkey_list_s *subkey_list_t;
+
+
+
static int do_export( STRLIST users, int secret, unsigned int options );
static int do_export_stream( IOBUF out, STRLIST users, int secret,
KBNODE *keyblock_out, unsigned int options,
@@ -77,6 +88,7 @@
return parse_options(str,options,export_opts,noisy);
}
+
/****************
* Export the public keys (to standard out or --output).
* Depending on opt.armor the output is armored.
@@ -147,6 +159,124 @@
}
+
+/* Release an entire subkey list. */
+static void
+release_subkey_list (subkey_list_t list)
+{
+ while (list)
+ {
+ subkey_list_t tmp = list->next;;
+ xfree (list);
+ list = tmp;
+ }
+}
+
+
+/* Returns true if NODE is a subkey and contained in LIST. */
+static int
+subkey_in_list_p (subkey_list_t list, KBNODE node)
+{
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY )
+ {
+ u32 kid[2];
+
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ keyid_from_pk (node->pkt->pkt.public_key, kid);
+ else
+ keyid_from_sk (node->pkt->pkt.secret_key, kid);
+
+ for (; list; list = list->next)
+ if (list->kid[0] == kid[0] && list->kid[1] == kid[1])
+ return 1;
+ }
+ return 0;
+}
+
+/* Allocate a new subkey list item from NODE. */
+static subkey_list_t
+new_subkey_list_item (KBNODE node)
+{
+ subkey_list_t list = xcalloc (1, sizeof *list);
+
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ keyid_from_pk (node->pkt->pkt.public_key, list->kid);
+ else if (node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ keyid_from_sk (node->pkt->pkt.secret_key, list->kid);
+
+ return list;
+}
+
+
+/* Helper function to check whether the subkey at NODE actually
+ matches the description at DESC. The function returns true if the
+ key under question has been specified by an exact specification
+ (keyID or fingerprint) and does match the one at NODE. It is
+ assumed that the packet at NODE is either a public or secret
+ subkey. */
+static int
+exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, KBNODE node)
+{
+ u32 kid[2];
+ byte fpr[MAX_FINGERPRINT_LEN];
+ size_t fprlen;
+ int result = 0;
+
+ switch(desc->mode)
+ {
+ case KEYDB_SEARCH_MODE_SHORT_KID:
+ case KEYDB_SEARCH_MODE_LONG_KID:
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ keyid_from_pk (node->pkt->pkt.public_key, kid);
+ else
+ keyid_from_sk (node->pkt->pkt.secret_key, kid);
+ break;
+
+ case KEYDB_SEARCH_MODE_FPR16:
+ case KEYDB_SEARCH_MODE_FPR20:
+ case KEYDB_SEARCH_MODE_FPR:
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ fingerprint_from_pk (node->pkt->pkt.public_key, fpr,&fprlen);
+ else
+ fingerprint_from_sk (node->pkt->pkt.secret_key, fpr,&fprlen);
+ break;
+
+ default:
+ break;
+ }
+
+ switch(desc->mode)
+ {
+ case KEYDB_SEARCH_MODE_SHORT_KID:
+ if (desc->u.kid[1] == kid[1])
+ result = 1;
+ break;
+
+ case KEYDB_SEARCH_MODE_LONG_KID:
+ if (desc->u.kid[0] == kid[0] && desc->u.kid[1] == kid[1])
+ result = 1;
+ break;
+
+ case KEYDB_SEARCH_MODE_FPR16:
+ if (!memcmp (desc->u.fpr, fpr, 16))
+ result = 1;
+ break;
+
+ case KEYDB_SEARCH_MODE_FPR20:
+ case KEYDB_SEARCH_MODE_FPR:
+ if (!memcmp (desc->u.fpr, fpr, 20))
+ result = 1;
+ break;
+
+ default:
+ break;
+ }
+
+ return result;
+}
+
+
/* If keyblock_out is non-NULL, AND the exit code is zero, then it
contains a pointer to the first keyblock found and exported. No
other keyblocks are exported. The caller must free it. */
@@ -160,6 +290,7 @@
KBNODE kbctx, node;
size_t ndesc, descindex;
KEYDB_SEARCH_DESC *desc = NULL;
+ subkey_list_t subkey_list = NULL; /* Track alreay processed subkeys. */
KEYDB_HANDLE kdbhd;
STRLIST sl;
u32 keyid[2];
@@ -170,7 +301,7 @@
if (!users) {
ndesc = 1;
- desc = xmalloc_clear ( ndesc * sizeof *desc);
+ desc = xcalloc ( ndesc, sizeof *desc );
desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
}
else {
@@ -186,7 +317,7 @@
sl->d, g10_errstr (G10ERR_INV_USER_ID));
}
- /* it would be nice to see which of the given users did
+ /* It would be nice to see which of the given users did
actually match one in the keyring. To implement this we
need to have a found flag for each entry in desc and to set
this we must check all those entries after a match to mark
@@ -209,7 +340,7 @@
if (!users)
desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
- /* read the keyblock */
+ /* Read the keyblock. */
rc = keydb_get_keyblock (kdbhd, &keyblock );
if( rc ) {
log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
@@ -222,7 +353,7 @@
keyid_from_sk(sk,sk_keyid);
- /* we can't apply GNU mode 1001 on an unprotected key */
+ /* We can't apply GNU mode 1001 on an unprotected key. */
if( secret == 2 && !sk->is_protected )
{
log_info(_("key %s: not protected - skipped\n"),
@@ -230,7 +361,7 @@
continue;
}
- /* no v3 keys with GNU mode 1001 */
+ /* No v3 keys with GNU mode 1001. */
if( secret == 2 && sk->version == 3 )
{
log_info(_("key %s: PGP 2.x style key - skipped\n"),
@@ -251,7 +382,7 @@
}
else
{
- /* It's a public key export */
+ /* It's a public key export. */
if((options&EXPORT_MINIMAL)
&& (node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
keyid_from_pk(node->pkt->pkt.public_key,keyid);
@@ -260,7 +391,7 @@
clean_uids_from_key(keyblock,opt.verbose);
}
- /* and write it */
+ /* And write it. */
for( kbctx=NULL; (node = walk_kbnode( keyblock, &kbctx, 0 )); ) {
if( skip_until_subkey )
{
@@ -277,89 +408,59 @@
if( node->pkt->pkttype == PKT_COMMENT )
continue;
- /* make sure that ring_trust packets never get exported */
+ /* Make sure that ring_trust packets never get exported. */
if (node->pkt->pkttype == PKT_RING_TRUST)
continue;
/* If exact is set, then we only export what was requested
(plus the primary key, if the user didn't specifically
- request it) */
+ request it). */
if(desc[descindex].exact
&& (node->pkt->pkttype==PKT_PUBLIC_SUBKEY
|| node->pkt->pkttype==PKT_SECRET_SUBKEY))
{
- u32 kid[2];
- byte fpr[MAX_FINGERPRINT_LEN];
- size_t fprlen;
+ if (!exact_subkey_match_p (desc+descindex, node))
+ {
+ /* Before skipping this subkey, check whether any
+ other description wants an exact match on a
+ subkey and include that subkey into the output
+ too. Need to add this subkey to a list so that
+ it won't get processed a second time.
+
+ So the first step here is to check that list and
+ skip in any case if the key is in that list.
- switch(desc[descindex].mode)
- {
- case KEYDB_SEARCH_MODE_SHORT_KID:
- case KEYDB_SEARCH_MODE_LONG_KID:
- if(node->pkt->pkttype==PKT_PUBLIC_SUBKEY)
- keyid_from_pk(node->pkt->pkt.public_key,kid);
- else
- keyid_from_sk(node->pkt->pkt.secret_key,kid);
- break;
+ We need this whole mess because the import
+ function is not able to merge secret keys and
+ thus it is useless to output them as two
+ separate keys and have import merge them. */
+ if (subkey_in_list_p (subkey_list, node))
+ skip_until_subkey = 1; /* Already processed this one. */
+ else
+ {
+ size_t j;
- case KEYDB_SEARCH_MODE_FPR16:
- case KEYDB_SEARCH_MODE_FPR20:
- case KEYDB_SEARCH_MODE_FPR:
- if(node->pkt->pkttype==PKT_PUBLIC_SUBKEY)
- fingerprint_from_pk(node->pkt->pkt.public_key,
- fpr,&fprlen);
- else
- fingerprint_from_sk(node->pkt->pkt.secret_key,
- fpr,&fprlen);
- break;
+ for (j=0; j < ndesc; j++)
+ if (j != descindex && desc[j].exact
+ && exact_subkey_match_p (desc+j, node))
+ break;
+ if (!(j < ndesc))
+ skip_until_subkey = 1; /* No other one matching. */
+ }
+ }
- default:
- break;
- }
-
- switch(desc[descindex].mode)
- {
- case KEYDB_SEARCH_MODE_SHORT_KID:
- if (desc[descindex].u.kid[1] != kid[1])
- skip_until_subkey=1;
- break;
- case KEYDB_SEARCH_MODE_LONG_KID:
- if (desc[descindex].u.kid[0] != kid[0]
- || desc[descindex].u.kid[1] != kid[1])
- skip_until_subkey=1;
- break;
- case KEYDB_SEARCH_MODE_FPR16:
- if (memcmp (desc[descindex].u.fpr, fpr, 16))
- skip_until_subkey=1;
- break;
- case KEYDB_SEARCH_MODE_FPR20:
- case KEYDB_SEARCH_MODE_FPR:
- if (memcmp (desc[descindex].u.fpr, fpr, 20))
- skip_until_subkey=1;
- break;
- default:
- break;
- }
-
- /* XXX: before skipping a subkey, check whether any
- other description wants an exact macth on a subkey
- and include that subkey into the output too. Need
- to add this subkey to a list so that it won't get
- processed a second time.
-
- So the first step here is to check that list and
- skip in any case if the key is in that list.
-
- We need this whole mess becuase the import fnction
- is not able to merge secret key and thus it is not
- possible to output them as two keys and have import
- merge them.
- */
-
if(skip_until_subkey)
continue;
+
+ /* Mark this one as processed. */
+ {
+ subkey_list_t tmp = new_subkey_list_item (node);
+ tmp->next = subkey_list;
+ subkey_list = tmp;
+ }
}
+
if(node->pkt->pkttype==PKT_USER_ID)
{
/* Run clean_sigs_from_uid against each uid if
@@ -510,6 +611,7 @@
rc = 0;
leave:
+ release_subkey_list (subkey_list);
xfree(desc);
keydb_release (kdbhd);
if(rc || keyblock_out==NULL)
More information about the Gnupg-commits
mailing list