[svn] GnuPG - r4785 - in trunk: . common doc g10
svn author wk
cvs at cvs.gnupg.org
Mon Jun 16 17:48:35 CEST 2008
Author: wk
Date: 2008-06-16 17:48:33 +0200 (Mon, 16 Jun 2008)
New Revision: 4785
Modified:
trunk/NEWS
trunk/common/homedir.c
trunk/doc/ChangeLog
trunk/doc/DETAILS
trunk/g10/ChangeLog
trunk/g10/keygen.c
Log:
Add controlo statement %ask-passphrase
Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog 2008-06-16 13:55:01 UTC (rev 4784)
+++ trunk/doc/ChangeLog 2008-06-16 15:48:33 UTC (rev 4785)
@@ -1,3 +1,7 @@
+2008-06-16 Werner Koch <wk at g10code.com>
+
+ * DETAILS (group): Document %ask-passphrase.
+
2008-05-26 Werner Koch <wk at g10code.com>
* gpgv.texi: Minor fixes. Fixes bug#918.
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2008-06-16 13:55:01 UTC (rev 4784)
+++ trunk/g10/ChangeLog 2008-06-16 15:48:33 UTC (rev 4785)
@@ -1,3 +1,9 @@
+2008-06-16 Werner Koch <wk at g10code.com>
+
+ * keygen.c (output_control_s): Add ASK_PASSPHRASE.
+ (read_parameter_file): Add commands %ask-passphrase and
+ %no-ask-passphrase.
+
2008-06-11 Werner Koch <wk at g10code.com>
* gpg.c: Make --fixed-list-mode a dummy.
Modified: trunk/NEWS
===================================================================
--- trunk/NEWS 2008-06-16 13:55:01 UTC (rev 4784)
+++ trunk/NEWS 2008-06-16 15:48:33 UTC (rev 4785)
@@ -22,7 +22,10 @@
* The gpg2 option --fixed-list-mode is now implicitly used and obsolete.
+ * New control statement %ask-passphrase for the unattended key
+ generation of gpg2.
+
Noteworthy changes in version 2.0.9 (2008-03-26)
------------------------------------------------
Modified: trunk/common/homedir.c
===================================================================
--- trunk/common/homedir.c 2008-06-16 13:55:01 UTC (rev 4784)
+++ trunk/common/homedir.c 2008-06-16 15:48:33 UTC (rev 4785)
@@ -30,6 +30,9 @@
#ifndef CSIDL_LOCAL_APPDATA
#define CSIDL_LOCAL_APPDATA 0x001c
#endif
+#ifndef CSIDL_COMMON_APPDATA
+#define CSIDL_COMMON_APPDATA 0x0023
+#endif
#ifndef CSIDL_FLAG_CREATE
#define CSIDL_FLAG_CREATE 0x8000
#endif
Modified: trunk/doc/DETAILS
===================================================================
--- trunk/doc/DETAILS 2008-06-16 13:55:01 UTC (rev 4784)
+++ trunk/doc/DETAILS 2008-06-16 15:48:33 UTC (rev 4785)
@@ -789,6 +789,16 @@
and all keys are written to that file. If a new filename is given,
this file is created (and overwrites an existing one).
Both control statements must be given.
+ %ask-passphrase
+ Enable a mode where the command "passphrase" is ignored and
+ instead the usual passphrase dialog is used. This does not
+ make sense for batch key generation; however the unattended
+ key generation feature is also used by GUIs and this feature
+ relinquishes the GUI from implementing its own passphrase
+ entry code. This is a global option.
+ %no-ask-passphrase
+ Disable the ask-passphrase mode.
+
o The order of the parameters does not matter except for "Key-Type"
which must be the first parameter. The parameters are only for the
generated keyblock and parameters from previous key generations are not
Modified: trunk/g10/keygen.c
===================================================================
--- trunk/g10/keygen.c 2008-06-16 13:55:01 UTC (rev 4784)
+++ trunk/g10/keygen.c 2008-06-16 15:48:33 UTC (rev 4785)
@@ -92,6 +92,7 @@
struct output_control_s {
int lnr;
int dryrun;
+ int ask_passphrase;
int use_files;
struct {
char *fname;
@@ -2527,36 +2528,70 @@
if (parse_revocation_key (fname, para, pREVOKER))
return -1;
- /* make DEK and S2K from the Passphrase */
- r = get_parameter( para, pPASSPHRASE );
- if( r && *r->u.value ) {
- /* We have a plain text passphrase - create a DEK from it.
- * It is a little bit ridiculous to keep it ih secure memory
- * but because we do this always, why not here */
- STRING2KEY *s2k;
- DEK *dek;
+ /* Make DEK and S2K from the Passphrase. */
+ if (outctrl->ask_passphrase)
+ {
+ /* %ask-passphrase is active - ignore pPASSPRASE and ask. This
+ feature is required so that GUIs are able to do a key
+ creation but have gpg-agent ask for the passphrase. */
+ int canceled = 0;
+ STRING2KEY *s2k;
+ DEK *dek;
- s2k = xmalloc_secure( sizeof *s2k );
- s2k->mode = opt.s2k_mode;
- s2k->hash_algo = S2K_DIGEST_ALGO;
- set_next_passphrase( r->u.value );
- dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2,
- NULL, NULL);
- set_next_passphrase( NULL );
- assert( dek );
- memset( r->u.value, 0, strlen(r->u.value) );
+ dek = do_ask_passphrase ( &s2k, &canceled );
+ if (dek)
+ {
+ r = xmalloc_clear( sizeof *r );
+ r->key = pPASSPHRASE_DEK;
+ r->u.dek = dek;
+ r->next = para;
+ para = r;
+ r = xmalloc_clear( sizeof *r );
+ r->key = pPASSPHRASE_S2K;
+ r->u.s2k = s2k;
+ r->next = para;
+ para = r;
+ }
- r = xmalloc_clear( sizeof *r );
- r->key = pPASSPHRASE_S2K;
- r->u.s2k = s2k;
- r->next = para;
- para = r;
- r = xmalloc_clear( sizeof *r );
- r->key = pPASSPHRASE_DEK;
- r->u.dek = dek;
- r->next = para;
- para = r;
- }
+ if (canceled)
+ {
+ log_error ("%s:%d: key generation canceled\n", fname, r->lnr );
+ return -1;
+ }
+ }
+ else
+ {
+ r = get_parameter( para, pPASSPHRASE );
+ if ( r && *r->u.value )
+ {
+ /* We have a plain text passphrase - create a DEK from it.
+ * It is a little bit ridiculous to keep it in secure memory
+ * but because we do this always, why not here. */
+ STRING2KEY *s2k;
+ DEK *dek;
+
+ s2k = xmalloc_secure ( sizeof *s2k );
+ s2k->mode = opt.s2k_mode;
+ s2k->hash_algo = S2K_DIGEST_ALGO;
+ set_next_passphrase ( r->u.value );
+ dek = passphrase_to_dek (NULL, 0, opt.s2k_cipher_algo, s2k, 2,
+ NULL, NULL);
+ set_next_passphrase (NULL );
+ assert (dek);
+ memset (r->u.value, 0, strlen(r->u.value));
+
+ r = xmalloc_clear (sizeof *r);
+ r->key = pPASSPHRASE_S2K;
+ r->u.s2k = s2k;
+ r->next = para;
+ para = r;
+ r = xmalloc_clear (sizeof *r);
+ r->key = pPASSPHRASE_DEK;
+ r->u.dek = dek;
+ r->next = para;
+ para = r;
+ }
+ }
/* Make KEYCREATIONDATE from Creation-Date. */
r = get_parameter (para, pCREATIONDATE);
@@ -2696,6 +2731,10 @@
log_info("%s\n", value );
else if( !ascii_strcasecmp( keyword, "%dry-run" ) )
outctrl.dryrun = 1;
+ else if( !ascii_strcasecmp( keyword, "%ask-passphrase" ) )
+ outctrl.ask_passphrase = 1;
+ else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) )
+ outctrl.ask_passphrase = 0;
else if( !ascii_strcasecmp( keyword, "%commit" ) ) {
outctrl.lnr = lnr;
if (proc_parameter_file( para, fname, &outctrl, 0 ))
More information about the Gnupg-commits
mailing list