[svn] GnuPG - r5212 - in branches/STABLE-BRANCH-2-0: doc g10
svn author wk
cvs at cvs.gnupg.org
Fri Dec 4 20:58:29 CET 2009
Author: wk
Date: 2009-12-04 20:58:28 +0100 (Fri, 04 Dec 2009)
New Revision: 5212
Modified:
branches/STABLE-BRANCH-2-0/doc/DETAILS
branches/STABLE-BRANCH-2-0/g10/ChangeLog
branches/STABLE-BRANCH-2-0/g10/gpg.c
branches/STABLE-BRANCH-2-0/g10/keygen.c
Log:
Allow for default algorithms in a parameter file
Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-2-0/g10/ChangeLog 2009-12-04 19:47:54 UTC (rev 5211)
+++ branches/STABLE-BRANCH-2-0/g10/ChangeLog 2009-12-04 19:58:28 UTC (rev 5212)
@@ -1,3 +1,11 @@
+2009-12-04 Werner Koch <wk at g10code.com>
+
+ * keygen.c (DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE): New.
+ (ask_keysize): Use new macro.
+ (gen_rsa): Set default size if NBITS is 0.
+ (get_parameter_algo): Add algo name "default". Add arg R_DEFAULT.
+ (proc_parameter_file): Process default flag.
+
2009-12-03 Werner Koch <wk at g10code.com>
* gpg.c (set_debug): Allow for numerical debug levels. Print
Modified: branches/STABLE-BRANCH-2-0/doc/DETAILS
===================================================================
--- branches/STABLE-BRANCH-2-0/doc/DETAILS 2009-12-04 19:47:54 UTC (rev 5211)
+++ branches/STABLE-BRANCH-2-0/doc/DETAILS 2009-12-04 19:58:28 UTC (rev 5212)
@@ -681,6 +681,7 @@
KEYID.
+
Format of the "--attribute-fd" output
=====================================
@@ -817,11 +818,14 @@
used. Some syntactically checks may be performed.
The currently defined parameters are:
Key-Type: <algo-number>|<algo-string>
- Starts a new parameter block by giving the type of the
- primary key. The algorithm must be capable of signing.
- This is a required parameter.
+ Starts a new parameter block by giving the type of the primary
+ key. The algorithm must be capable of signing. This is a
+ required parameter. It may be "default" to use the default
+ one; in this case don't give a Key-Usage and use "default" for
+ the Subkey-Type.
Key-Length: <length-in-bits>
- Length of the key in bits. Default is 1024.
+ Length of the key in bits. The default is returned by running
+ the command "gpg --gpgconf-list".
Key-Usage: <usage-list>
Space or comma delimited list of key usage, allowed values are
"encrypt", "sign", and "auth". This is used to generate the
@@ -829,13 +833,15 @@
this usage. Note that OpenPGP requires that all primary keys
are capable of certification, so no matter what usage is given
here, the "cert" flag will be on. If no Key-Usage is
- specified, all the allowed usages for that particular
- algorithm are used.
+ specified and the key-type is not "default", all allowed
+ usages for that particular algorithm are used; if it is not
+ given but "default" is used the usage will be "sign".
Subkey-Type: <algo-number>|<algo-string>
This generates a secondary key. Currently only one subkey
- can be handled.
+ can be handled. "default" is also supported.
Subkey-Length: <length-in-bits>
- Length of the subkey in bits. Default is 1024.
+ Length of the subkey in bits. The default is returned by running
+ the command "gpg --gpgconf-list".
Subkey-Usage: <usage-list>
Similar to Key-Usage.
Passphrase: <string>
@@ -886,9 +892,9 @@
keyserver URL for the key.
-Here is an example:
+Here is an example on how to create a key:
$ cat >foo <<EOF
- %echo Generating a standard key
+ %echo Generating a basic OpenPGP key
Key-Type: DSA
Key-Length: 1024
Subkey-Type: ELG-E
@@ -913,8 +919,26 @@
sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe at foo.bar>
ssb 1024g/8F70E2C0 2000-03-09
+If you want to create a key with the default algorithms you would
+use these parameters:
+ %echo Generating a default key
+ Key-Type: default
+ Subkey-Type: default
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe at foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+
+
+
Layout of the TrustDB
=====================
The TrustDB is built from fixed length records, where the first byte
Modified: branches/STABLE-BRANCH-2-0/g10/gpg.c
===================================================================
--- branches/STABLE-BRANCH-2-0/g10/gpg.c 2009-12-04 19:47:54 UTC (rev 5211)
+++ branches/STABLE-BRANCH-2-0/g10/gpg.c 2009-12-04 19:58:28 UTC (rev 5212)
@@ -1613,8 +1613,8 @@
printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
- /* The next one is an info only item and should match what
- keygen:ask_keysize actually implements. */
+ /* The next one is an info only item and should match the macros at
+ the top of keygen.c. */
printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
"RSA-2048");
Modified: branches/STABLE-BRANCH-2-0/g10/keygen.c
===================================================================
--- branches/STABLE-BRANCH-2-0/g10/keygen.c 2009-12-04 19:47:54 UTC (rev 5211)
+++ branches/STABLE-BRANCH-2-0/g10/keygen.c 2009-12-04 19:58:28 UTC (rev 5212)
@@ -43,7 +43,13 @@
#include "keyserver-internal.h"
#include "call-agent.h"
+/* The default algorithms. If you change them remember to change them
+ also in gpg.c:gpgconf_list. You should also check that the value
+ is inside the bounds enforced by ask_keysize and gen_xxx. */
+#define DEFAULT_STD_ALGO GCRY_PK_RSA
+#define DEFAULT_STD_KEYSIZE 2048
+
#define MAX_PREFS 30
enum para_name {
@@ -1426,6 +1432,9 @@
assert (is_RSA(algo));
+ if (!nbits)
+ nbits = DEFAULT_STD_KEYSIZE;
+
if (nbits < 1024)
{
nbits = 1024;
@@ -1765,9 +1774,7 @@
static unsigned
ask_keysize (int algo, unsigned int primary_keysize)
{
- /* NOTE: If you change the default key size/algo, remember to change
- it also in gpg.c:gpgconf_list. */
- unsigned int nbits, min, def=2048, max=4096;
+ unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
int for_subkey = !!primary_keysize;
int autocomp = 0;
@@ -2382,22 +2389,37 @@
}
static int
-get_parameter_algo( struct para_data_s *para, enum para_name key )
+get_parameter_algo( struct para_data_s *para, enum para_name key,
+ int *r_default)
{
- int i;
- struct para_data_s *r = get_parameter( para, key );
- if( !r )
- return -1;
- if( digitp( r->u.value ) )
- i = atoi( r->u.value );
- else if ( !strcmp ( r->u.value, "ELG-E")
- || !strcmp ( r->u.value, "ELG") )
- i = GCRY_PK_ELG_E;
- else
- i = gcry_pk_map_name (r->u.value);
- if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
- i = 0; /* we don't want to allow generation of these algorithms */
- return i;
+ int i;
+ struct para_data_s *r = get_parameter( para, key );
+
+ if (r_default)
+ *r_default = 0;
+
+ if (!r)
+ return -1;
+
+ if (!ascii_strcasecmp (r->u.value, "default"))
+ {
+ /* Note: If you change this default algo, remember to change it
+ also in gpg.c:gpgconf_list. */
+ i = DEFAULT_STD_ALGO;
+ if (r_default)
+ *r_default = 1;
+ }
+ else if (digitp (r->u.value))
+ i = atoi( r->u.value );
+ else if (!strcmp (r->u.value, "ELG-E")
+ || !strcmp (r->u.value, "ELG"))
+ i = GCRY_PK_ELG_E;
+ else
+ i = gcry_pk_map_name (r->u.value);
+
+ if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
+ i = 0; /* we don't want to allow generation of these algorithms */
+ return i;
}
/*
@@ -2541,13 +2563,15 @@
const char *s1, *s2, *s3;
size_t n;
char *p;
- int have_user_id=0,err,algo;
+ int is_default = 0;
+ int have_user_id = 0;
+ int err, algo;
/* Check that we have all required parameters. */
r = get_parameter( para, pKEYTYPE );
if(r)
{
- algo=get_parameter_algo(para,pKEYTYPE);
+ algo = get_parameter_algo (para, pKEYTYPE, &is_default);
if (openpgp_pk_test_algo2 (algo, PUBKEY_USAGE_SIG))
{
log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
@@ -2563,10 +2587,13 @@
err = parse_parameter_usage (fname, para, pKEYUSAGE);
if (!err)
{
- /* Default to algo capabilities if key-usage is not provided */
+ /* Default to algo capabilities if key-usage is not provided and
+ no default algorithm has been requested. */
r = xmalloc_clear(sizeof(*r));
r->key = pKEYUSAGE;
- r->u.usage = openpgp_pk_algo_usage(algo);
+ r->u.usage = (is_default
+ ? (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG)
+ : openpgp_pk_algo_usage(algo));
r->next = para;
para = r;
}
@@ -2583,10 +2610,11 @@
}
}
+ is_default = 0;
r = get_parameter( para, pSUBKEYTYPE );
if(r)
{
- algo = get_parameter_algo (para, pSUBKEYTYPE);
+ algo = get_parameter_algo (para, pSUBKEYTYPE, &is_default);
if (openpgp_pk_test_algo (algo))
{
log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
@@ -2600,7 +2628,9 @@
provided */
r = xmalloc_clear (sizeof(*r));
r->key = pSUBKEYUSAGE;
- r->u.usage = openpgp_pk_algo_usage (algo);
+ r->u.usage = (is_default
+ ? PUBKEY_USAGE_ENC
+ : openpgp_pk_algo_usage (algo));
r->next = para;
para = r;
}
@@ -3441,7 +3471,7 @@
if (!card)
{
- rc = do_create (get_parameter_algo( para, pKEYTYPE ),
+ rc = do_create (get_parameter_algo( para, pKEYTYPE, NULL ),
get_parameter_uint( para, pKEYLENGTH ),
pub_root, sec_root,
get_parameter_dek( para, pPASSPHRASE_DEK ),
@@ -3503,7 +3533,7 @@
{
if (!card)
{
- rc = do_create( get_parameter_algo( para, pSUBKEYTYPE ),
+ rc = do_create( get_parameter_algo( para, pSUBKEYTYPE, NULL ),
get_parameter_uint( para, pSUBKEYLENGTH ),
pub_root, sec_root,
get_parameter_dek( para, pPASSPHRASE_DEK ),
@@ -3612,7 +3642,8 @@
int no_enc_rsa;
PKT_public_key *pk;
- no_enc_rsa = (get_parameter_algo (para, pKEYTYPE) == PUBKEY_ALGO_RSA
+ no_enc_rsa = ((get_parameter_algo (para, pKEYTYPE, NULL)
+ == PUBKEY_ALGO_RSA)
&& get_parameter_uint (para, pKEYUSAGE)
&& !((get_parameter_uint (para, pKEYUSAGE)
& PUBKEY_USAGE_ENC)) );
@@ -3634,7 +3665,7 @@
if (!opt.batch
- && (get_parameter_algo (para, pKEYTYPE) == PUBKEY_ALGO_DSA
+ && (get_parameter_algo (para, pKEYTYPE, NULL) == PUBKEY_ALGO_DSA
|| no_enc_rsa )
&& !get_parameter (para, pSUBKEYTYPE) )
{
More information about the Gnupg-commits
mailing list