[svn] GnuPG - r5254 - in trunk: doc g10 jnlib sm tools
svn author wk
cvs at cvs.gnupg.org
Tue Feb 2 15:06:21 CET 2010
Author: wk
Date: 2010-02-02 15:06:19 +0100 (Tue, 02 Feb 2010)
New Revision: 5254
Modified:
trunk/doc/gpg.texi
trunk/g10/ChangeLog
trunk/g10/card-util.c
trunk/g10/free-packet.c
trunk/g10/getkey.c
trunk/g10/gpg.h
trunk/g10/keydb.c
trunk/g10/keydb.h
trunk/g10/keyedit.c
trunk/g10/keylist.c
trunk/g10/main.h
trunk/g10/mainproc.c
trunk/g10/misc.c
trunk/g10/packet.h
trunk/g10/photoid.c
trunk/g10/revoke.c
trunk/g10/server.c
trunk/g10/sign.c
trunk/g10/skclist.c
trunk/jnlib/w32-gettext.c
trunk/sm/keylist.c
trunk/tools/ChangeLog
trunk/tools/symcryptrun.c
Log:
Various changes to eventually support openpgp keys in pgp-agent.
Comment fixes.
Minor chnages in preparation of a W32CE port.
[The diff below has been truncated]
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2010-01-29 10:37:12 UTC (rev 5253)
+++ trunk/g10/ChangeLog 2010-02-02 14:06:19 UTC (rev 5254)
@@ -1,3 +1,53 @@
+2010-02-02 Werner Koch <wk at g10code.com>
+
+ * keyedit.c (keyedit_menu): Change prompt to "gpg".
+ * card-util.c (card_edit): Change prompt to "gpg/card".
+
+2010-01-11 Werner Koch <wk at g10code.com>
+
+ * sign.c (only_old_style, write_onepass_sig_packets, hash_for)
+ (write_signature_packets, print_status_sig_created)
+ (clearsign_file, make_keysig_packet, mk_notation_policy_etc)
+ (complete_sig, do_sign, update_keysig_packet): Replace all
+ secret key access by the matching public key.
+ * keylist.c (print_seckey_info): Ditto.
+ * revoke.c (gen_desig_revoke): Ditto.
+ * skclist.c (release_sk_list): Ditto.
+ * keyedit.c (sign_uids): Ditto.
+ * misc.c (get_signature_count): Ditto.
+ * main.h (struct expand_args): s/sk/pksk/. Change all users.
+
+ * keyedit.c (keyedit_passwd): Finish implementation.
+
+2010-01-10 Werner Koch <wk at g10code.com>
+
+ * skclist.c (GCRYCTL_FAKED_RANDOM_P): Remove because we require
+ libgcrypt 1.4.
+ (is_insecure, key_present_in_sk_list): Work with public keys.
+ (build_sk_list): Change to work on public keys.
+ * keydb.h (struct sk_list): Replace field SK by a PK field.
+
+ * keylist.c (list_keyblock_print): Always look for the public key
+ and ignore all secret key packets.
+ (list_keyblock_colon): Ditto.
+ (print_capabilities): Remove arg SK and all secret key stuff.
+ Adjust all callers.
+ (dump_attribs): Ditto.
+
+ * getkey.c (getkey_bynames, getkey_next, get_pubkey_end): New.
+ (getkey_byname): New.
+ (getkey_ctx_s): Add WANT_SECRET.
+ (key_byname): Set it.
+ (merge_keys_and_selfsig): Remove all the secret key merging.
+ (lookup): Simplify by removing secret key code.
+
+ * keylist.c (list_all): Scan public keys and use have_secret_key
+ to filter secret keys.
+ (list_one): Use the new get_key functions.
+
+ * gpg.h (kbnode_t): Add as alias for KBNODE.
+ * keydb.h (getkey_ctx_t): Add as alias for GETKEY_CTX.
+
2010-01-09 Werner Koch <wk at g10code.com>
* getkey.c, keylist.c: Re-indent.
Modified: trunk/tools/ChangeLog
===================================================================
--- trunk/tools/ChangeLog 2010-01-29 10:37:12 UTC (rev 5253)
+++ trunk/tools/ChangeLog 2010-02-02 14:06:19 UTC (rev 5254)
@@ -1,3 +1,7 @@
+2010-01-10 Werner Koch <wk at g10code.com>
+
+ * symcryptrun.c (utmp.h): Remove header; it is not used.
+
2009-12-18 Werner Koch <wk at g10code.com>
* applygnupgdefaults (errorfile): Use mktemp. Fixes bug#1146.
Modified: trunk/doc/gpg.texi
===================================================================
--- trunk/doc/gpg.texi 2010-01-29 10:37:12 UTC (rev 5253)
+++ trunk/doc/gpg.texi 2010-02-02 14:06:19 UTC (rev 5254)
@@ -888,6 +888,13 @@
non-exportable. This is a shortcut version of the subcommand "lsign"
from @option{--edit-key}.
+ at ifclear gpgone
+ at item --passwd @var{user_id}
+ at opindex passwd
+Change the passphrase of the secret key belonging to the certificate
+specified as @var{user_id}. This is a shortcut for the sub-command
+ at code{passwd} of the edit key menu.
+ at end ifclear
@end table
Modified: trunk/g10/card-util.c
===================================================================
--- trunk/g10/card-util.c 2010-01-29 10:37:12 UTC (rev 5253)
+++ trunk/g10/card-util.c 2010-02-02 14:06:19 UTC (rev 5254)
@@ -1817,7 +1817,7 @@
if (!have_commands)
{
tty_enable_completion (card_edit_completion);
- answer = cpr_get_no_help("cardedit.prompt", _("Command> "));
+ answer = cpr_get_no_help("cardedit.prompt", _("gpg/card> "));
cpr_kill_prompt();
tty_disable_completion ();
}
Modified: trunk/g10/free-packet.c
===================================================================
--- trunk/g10/free-packet.c 2010-01-29 10:37:12 UTC (rev 5253)
+++ trunk/g10/free-packet.c 2010-02-02 14:06:19 UTC (rev 5254)
@@ -471,6 +471,7 @@
{
int n, i;
+ log_debug ("FIXME: %s Should not be used\n", __func__);
if( a->timestamp != b->timestamp )
return -1;
if( a->version < 4 && a->expiredate != b->expiredate )
Modified: trunk/g10/getkey.c
===================================================================
--- trunk/g10/getkey.c 2010-01-29 10:37:12 UTC (rev 5253)
+++ trunk/g10/getkey.c 2010-02-02 14:06:19 UTC (rev 5254)
@@ -46,6 +46,7 @@
struct getkey_ctx_s
{
int exact;
+ int want_secret; /* The caller requested only secret keys. */
KBNODE keyblock;
KBPOS kbpos;
KBNODE found_key; /* Pointer into some keyblock. */
@@ -101,8 +102,8 @@
static user_id_db_t user_id_db;
static int uid_cache_entries; /* Number of entries in uid cache. */
-static void merge_selfsigs (KBNODE keyblock);
-static int lookup (GETKEY_CTX ctx, KBNODE * ret_keyblock, int secmode);
+static void merge_selfsigs (kbnode_t keyblock);
+static int lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret);
#if 0
static void
@@ -599,7 +600,7 @@
/* Try to get the pubkey by the userid. This function looks for the
- * first pubkey certificate which has the given name in a user_id. if
+ * first pubkey certificate which has the given name in a user_id. If
* pk/sk has the pubkey algo set, the function will only return a
* pubkey with that algo. If namelist is NULL, the first key is
* returned. The caller should provide storage for either the pk or
@@ -608,7 +609,7 @@
static int
key_byname (GETKEY_CTX * retctx, strlist_t namelist,
PKT_public_key * pk, PKT_secret_key * sk,
- int secmode, int include_unusable,
+ int want_secret, int include_unusable,
KBNODE * ret_kb, KEYDB_HANDLE * ret_kdbhd)
{
int rc = 0;
@@ -617,6 +618,8 @@
GETKEY_CTX ctx;
KBNODE help_kb = NULL;
+ /* FIXME: Eventually remove the SK argument. */
+
if (retctx)
{
/* Reset the returned context in case of error. */
@@ -667,36 +670,26 @@
}
}
- ctx->kr_handle = keydb_new (secmode);
+ ctx->want_secret = want_secret;
+ ctx->kr_handle = keydb_new (0);
if (!ret_kb)
ret_kb = &help_kb;
- if (secmode)
+ if (pk)
{
- if (sk)
- {
- ctx->req_algo = sk->req_algo;
- ctx->req_usage = sk->req_usage;
- }
- rc = lookup (ctx, ret_kb, 1);
- if (!rc && sk)
- {
- sk_from_block (ctx, sk, *ret_kb);
- }
+ ctx->req_algo = pk->req_algo;
+ ctx->req_usage = pk->req_usage;
}
- else
+ else if (sk) /* FIXME: We should remove this. */
{
- if (pk)
- {
- ctx->req_algo = pk->req_algo;
- ctx->req_usage = pk->req_usage;
- }
- rc = lookup (ctx, ret_kb, 0);
- if (!rc && pk)
- {
- pk_from_block (ctx, pk, *ret_kb);
- }
+ ctx->req_algo = sk->req_algo;
+ ctx->req_usage = sk->req_usage;
}
+ rc = lookup (ctx, ret_kb, want_secret);
+ if (!rc && pk)
+ {
+ pk_from_block (ctx, pk, *ret_kb);
+ }
release_kbnode (help_kb);
@@ -1219,115 +1212,102 @@
return rc;
}
+
�
-/************************************************
- ************* Merging stuff ********************
- ************************************************/
+/* The new function to return a key.
+ FIXME: Document it. */
+gpg_error_t
+getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk,
+ strlist_t names, int want_secret, kbnode_t *ret_keyblock)
+{
+ return key_byname (retctx, names, pk, NULL, want_secret, 1,
+ ret_keyblock, NULL);
+}
-/* Merge all self-signatures with the keys.
- * FIXME: replace this at least for the public key parts
- * by merge_selfsigs.
- * It is still used in keyedit.c and
- * at 2 or 3 other places - check whether it is really needed.
- * It might be needed by the key edit and import stuff because
- * the keylock is changed. */
-void
-merge_keys_and_selfsig (KBNODE keyblock)
+/* Get a key by name and store it into PK. If RETCTX is not NULL
+ * return the search context which needs to be released by the caller
+ * using getkey_end. If NAME is NULL use the default key (see below).
+ * On success and if RET_KEYBLOCK is not NULL the found keyblock is
+ * stored at this address. WANT_SECRET passed as true requires that a
+ * secret key is available for the selected key.
+ *
+ * If WANT_SECRET is true and NAME is NULL and a default key has been
+ * defined that defined key is used. In all other cases the first
+ * available key is used.
+ *
+ * FIXME: Explain what is up with unusable keys.
+ *
+ * FIXME: We also have the get_pubkey_byname fucntion which has a
+ * different semantic. Should be merged with this one.
+ */
+gpg_error_t
+getkey_byname (getkey_ctx_t *retctx, PKT_public_key *pk,
+ const char *name, int want_secret, kbnode_t *ret_keyblock)
{
- PKT_public_key *pk = NULL;
- PKT_secret_key *sk = NULL;
- PKT_signature *sig;
- KBNODE k;
- u32 kid[2] = { 0, 0 };
- u32 sigdate = 0;
+ gpg_error_t err;
+ strlist_t namelist = NULL;
+ int with_unusable = 1;
- if (keyblock && keyblock->pkt->pkttype == PKT_PUBLIC_KEY)
- {
- /* Divert to our new function. */
- merge_selfsigs (keyblock);
- return;
- }
+ if (want_secret && !name && opt.def_secret_key && *opt.def_secret_key)
+ add_to_strlist (&namelist, opt.def_secret_key);
+ else if (name)
+ add_to_strlist (&namelist, name);
+ else
+ with_unusable = 0;
- /* Still need the old one because the new one can't handle secret keys. */
+ err = key_byname (retctx, namelist, pk, NULL, want_secret, with_unusable,
+ ret_keyblock, NULL);
+
+ /* FIXME: Check that we really return GPG_ERR_NO_SECKEY if
+ WANT_SECRET has been used. */
- for (k = keyblock; k; k = k->next)
- {
- if (k->pkt->pkttype == PKT_PUBLIC_KEY
- || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- {
- pk = k->pkt->pkt.public_key;
- sk = NULL;
- if (pk->version < 4)
- pk = NULL; /* Not needed for old keys. */
- else if (k->pkt->pkttype == PKT_PUBLIC_KEY)
- keyid_from_pk (pk, kid);
- else if (!pk->expiredate)
- {
- /* and subkey */
- /* insert the expiration date here */
- /*FIXME!!! pk->expiredate = subkeys_expiretime( k, kid ); */
- }
- sigdate = 0;
- }
- else if (k->pkt->pkttype == PKT_SECRET_KEY
- || k->pkt->pkttype == PKT_SECRET_SUBKEY)
- {
- pk = NULL;
- sk = k->pkt->pkt.secret_key;
- if (sk->version < 4)
- sk = NULL;
- else if (k->pkt->pkttype == PKT_SECRET_KEY)
- keyid_from_sk (sk, kid);
- sigdate = 0;
- }
- else if ((pk || sk) && k->pkt->pkttype == PKT_SIGNATURE
- && (sig = k->pkt->pkt.signature)->sig_class >= 0x10
- && sig->sig_class <= 0x30 && sig->version > 3
- && !(sig->sig_class == 0x18 || sig->sig_class == 0x28)
- && sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1])
- {
- /* okay this is a self-signature which can be used.
- * This is not used for subkey binding signature, becuase this
- * is done above.
- * FIXME: We should only use this if the signature is valid
- * but this is time consuming - we must provide another
- * way to handle this
- */
- const byte *p;
- u32 ed;
+ free_strlist (namelist);
- p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
- if (pk)
- {
- ed = p ? pk->timestamp + buffer_to_u32 (p) : 0;
- if (sig->timestamp > sigdate)
- {
- pk->expiredate = ed;
- sigdate = sig->timestamp;
- }
- }
- else
- {
- ed = p ? sk->timestamp + buffer_to_u32 (p) : 0;
- if (sig->timestamp > sigdate)
- {
- sk->expiredate = ed;
- sigdate = sig->timestamp;
- }
- }
- }
+ return err;
+}
- if (pk && (pk->expiredate == 0 ||
- (pk->max_expiredate && pk->expiredate > pk->max_expiredate)))
- pk->expiredate = pk->max_expiredate;
- if (sk && (sk->expiredate == 0 ||
- (sk->max_expiredate && sk->expiredate > sk->max_expiredate)))
- sk->expiredate = sk->max_expiredate;
- }
+/* The new function to return the next key. */
+gpg_error_t
+getkey_next (getkey_ctx_t ctx, PKT_public_key *pk, kbnode_t *ret_keyblock)
+{
+ int rc; /* Fixme: Make sure this is proper gpg_error */
+
+ rc = lookup (ctx, ret_keyblock, ctx->want_secret);
+ if (!rc && pk && ret_keyblock)
+ pk_from_block (ctx, pk, *ret_keyblock);
+
+ return rc;
}
+
+/* The new function to finish a key listing. */
+void
+getkey_end (getkey_ctx_t ctx)
+{
+ get_pubkey_end (ctx);
+}
+
+
+�
+/************************************************
+ ************* Merging stuff ********************
+ ************************************************/
+
+/* Merge all self-signatures with the keys. */
+void
+merge_keys_and_selfsig (KBNODE keyblock)
+{
+ if (!keyblock)
+ ;
+ else if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY)
+ merge_selfsigs (keyblock);
+ else
+ log_debug ("FIXME: merging secret key blocks is not anymore available\n");
+}
+
+
static int
parse_key_usage (PKT_signature * sig)
{
@@ -2309,146 +2289,10 @@
}
-/*
- * Merge the secret keys from secblock into the pubblock thereby
- * replacing the public (sub)keys with their secret counterparts Hmmm:
- * It might be better to get away from the concept of entire secret
- * keys at all and have a way to store just the real secret parts
- * from the key.
- */
-static void
-merge_public_with_secret (KBNODE pubblock, KBNODE secblock)
-{
- KBNODE pub;
-
- assert (pubblock->pkt->pkttype == PKT_PUBLIC_KEY);
- assert (secblock->pkt->pkttype == PKT_SECRET_KEY);
-
- for (pub = pubblock; pub; pub = pub->next)
- {
- if (pub->pkt->pkttype == PKT_PUBLIC_KEY)
- {
- PKT_public_key *pk = pub->pkt->pkt.public_key;
- PKT_secret_key *sk = secblock->pkt->pkt.secret_key;
- assert (pub == pubblock); /* Only in the first node. */
- /* There is nothing to compare in this case, so just replace
- * some information. */
- copy_public_parts_to_secret_key (pk, sk);
- free_public_key (pk);
- pub->pkt->pkttype = PKT_SECRET_KEY;
- pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
- }
- else if (pub->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- {
- KBNODE sec;
- PKT_public_key *pk = pub->pkt->pkt.public_key;
-
- /* This is more complicated: It may happen that the sequence
- * of the subkeys dosn't match, so we have to find the
- * appropriate secret key. */
- for (sec = secblock->next; sec; sec = sec->next)
- {
- if (sec->pkt->pkttype == PKT_SECRET_SUBKEY)
- {
- PKT_secret_key *sk = sec->pkt->pkt.secret_key;
- if (!cmp_public_secret_key (pk, sk))
- {
- copy_public_parts_to_secret_key (pk, sk);
- free_public_key (pk);
- pub->pkt->pkttype = PKT_SECRET_SUBKEY;
- pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
- break;
- }
- }
- }
- if (!sec)
- BUG (); /* Already checked in premerge. */
- }
- }
-}
-
-
-/* This function checks that for every public subkey a corresponding
- * secret subkey is available and deletes the public subkey otherwise.
- * We need this function because we can't delete it later when we
- * actually merge the secret parts into the pubring.
- * The function also plays some games with the node flags. */
-static void
-premerge_public_with_secret (KBNODE pubblock, KBNODE secblock)
-{
- KBNODE last, pub;
-
- assert (pubblock->pkt->pkttype == PKT_PUBLIC_KEY);
- assert (secblock->pkt->pkttype == PKT_SECRET_KEY);
-
- for (pub = pubblock, last = NULL; pub; last = pub, pub = pub->next)
- {
- pub->flag &= ~3; /* Reset bits 0 and 1. */
- if (pub->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- {
- KBNODE sec;
- PKT_public_key *pk = pub->pkt->pkt.public_key;
-
- for (sec = secblock->next; sec; sec = sec->next)
- {
- if (sec->pkt->pkttype == PKT_SECRET_SUBKEY)
- {
- PKT_secret_key *sk = sec->pkt->pkt.secret_key;
- if (!cmp_public_secret_key (pk, sk))
- {
- if (sk->protect.s2k.mode == 1001)
- {
- /* The secret parts are not available so
- we can't use that key for signing etc.
- Fix the pubkey usage */
- pk->pubkey_usage &= ~(PUBKEY_USAGE_SIG
- | PUBKEY_USAGE_AUTH);
- }
- /* Transfer flag bits 0 and 1 to the pubblock. */
- pub->flag |= (sec->flag & 3);
- break;
- }
- }
- }
- if (!sec)
- {
- KBNODE next, ll;
-
- if (opt.verbose)
- log_info (_("no secret subkey"
- " for public subkey %s - ignoring\n"),
- keystr_from_pk (pk));
- /* We have to remove the subkey in this case. */
- assert (last);
- /* Find the next subkey. */
- for (next = pub->next, ll = pub;
- next && next->pkt->pkttype != PKT_PUBLIC_SUBKEY;
- ll = next, next = next->next)
- ;
- /* Make new link. */
- last->next = next;
- /* Release this public subkey with all sigs. */
- ll->next = NULL;
- release_kbnode (pub);
- /* Let the loop continue. */
- pub = last;
- }
- }
- }
- /* We need to copy the found bits (0 and 1) from the secret key to
- the public key. This has already been done for the subkeys but
- got lost on the primary key - fix it here. */
- pubblock->flag |= (secblock->flag & 3);
-}
-
-
�
-/* See see whether the key fits our requirements and in case we do not
- * request the primary key, we should select a suitable subkey.
+/* See whether the key fits our requirements and in case we do not
+ * request the primary key, select a suitable subkey.
*
- * FIXME: Check against PGP 7 whether we still need a kludge
- * to favor type 16 keys over type 20 keys when type 20
- * has not been explitely requested.
* Returns: True when a suitable key has been found.
*
* We have to distinguish four cases: FIXME!
@@ -2533,7 +2377,7 @@
if ((!foundk || foundk->pkt->pkttype == PKT_PUBLIC_SUBKEY) && !req_prim)
{
KBNODE nextk;
- /* ceither start a loop or check just this one subkey. */
+ /* Either start a loop or check just this one subkey. */
for (k = foundk ? foundk : keyblock; k; k = nextk)
{
PKT_public_key *pk;
@@ -2635,7 +2479,7 @@
{
if (DBG_CACHE)
log_debug ("\tno suitable key found - giving up\n");
- return 0;
+ return 0; /* Not found. */
}
found:
@@ -2668,11 +2512,13 @@
}
+/* The main function to lookup a key. On success the found keyblock
+ is stored at RET_KEYBLOCK and also in CTX. If WANT_SECRET is true
+ a corresponding secret key is required. */
static int
-lookup (GETKEY_CTX ctx, KBNODE * ret_keyblock, int secmode)
+lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret)
{
int rc;
- KBNODE secblock = NULL; /* Helper. */
int no_suitable_key = 0;
rc = 0;
@@ -2692,31 +2538,9 @@
goto skip;
}
- if (secmode)
- {
- /* Find the correspondig public key and use this
- * this one for the selection process. */
- u32 aki[2];
- KBNODE k = ctx->keyblock;
+ if (want_secret && have_secret_key (ctx->keyblock))
+ goto skip; /* No secret key available. */
- if (k->pkt->pkttype != PKT_SECRET_KEY)
- BUG ();
-
- keyid_from_sk (k->pkt->pkt.secret_key, aki);
- k = get_pubkeyblock (aki);
- if (!k)
- {
- if (!opt.quiet)
- log_info (_("key %s: secret key without public key"
- " - skipped\n"), keystr (aki));
- goto skip;
- }
- secblock = ctx->keyblock;
- ctx->keyblock = k;
-
- premerge_public_with_secret (ctx->keyblock, secblock);
- }
-
/* Warning: node flag bits 0 and 1 should be preserved by
* merge_selfsigs. For secret keys, premerge did tranfer the
* keys to the keyblock. */
@@ -2724,12 +2548,6 @@
if (finish_lookup (ctx))
{
no_suitable_key = 0;
- if (secmode)
- {
- merge_public_with_secret (ctx->keyblock, secblock);
- release_kbnode (secblock);
- secblock = NULL;
- }
goto found;
}
else
@@ -2737,15 +2555,10 @@
skip:
/* Release resources and continue search. */
- if (secmode)
- {
- release_kbnode (secblock);
- secblock = NULL;
- }
release_kbnode (ctx->keyblock);
ctx->keyblock = NULL;
}
-
+
found:
if (rc && rc != -1)
log_error ("keydb_search failed: %s\n", g10_errstr (rc));
@@ -2756,15 +2569,10 @@
ctx->keyblock = NULL;
}
else if (rc == -1 && no_suitable_key)
- rc = secmode ? G10ERR_UNU_SECKEY : G10ERR_UNU_PUBKEY;
+ rc = want_secret? G10ERR_UNU_SECKEY : G10ERR_UNU_PUBKEY;
else if (rc == -1)
- rc = secmode ? G10ERR_NO_SECKEY : G10ERR_NO_PUBKEY;
+ rc = want_secret? G10ERR_NO_SECKEY : G10ERR_NO_PUBKEY;
- if (secmode)
- {
- release_kbnode (secblock);
- secblock = NULL;
- }
release_kbnode (ctx->keyblock);
ctx->keyblock = NULL;
@@ -3083,3 +2891,180 @@
return 1;
}
+
+
+/* Return 0 if a secret key is available for the key described by
+ KEYBLOCK. FIXME: How do we handel subkeys? */
+gpg_error_t
+have_secret_key (kbnode_t keyblock)
+{
+ gpg_error_t err;
+ unsigned char fpr[MAX_FINGERPRINT_LEN];
+ size_t fprlen;
+ KEYDB_HANDLE kdh;
+
+ if (!keyblock || keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
+ return gpg_error (GPG_ERR_NO_PUBKEY); /* Should not happen. */
+
+ fingerprint_from_pk (keyblock->pkt->pkt.public_key, fpr, &fprlen);
+ while (fprlen < MAX_FINGERPRINT_LEN)
+ fpr[fprlen++] = 0;
+
+ /* FIXME: Always allocating a new handle is too slow. However this
+ entire implementation is anyway a temporary solution until we can
+ ask gpg-agent for the secret key. */
+ kdh = keydb_new (1);
+ if (!kdh)
+ return gpg_error (GPG_ERR_GENERAL);
+
+ err = keydb_search_fpr (kdh, fpr);
+ if (err == -1 || gpg_err_code (err) == GPG_ERR_EOF)
+ err = gpg_error (GPG_ERR_NO_SECKEY);
+
+ keydb_release (kdh);
+
+ return err;
+}
+
+
+
+#if 0
+/*
+ * Merge the secret keys from secblock into the pubblock thereby
+ * replacing the public (sub)keys with their secret counterparts Hmmm:
+ * It might be better to get away from the concept of entire secret
+ * keys at all and have a way to store just the real secret parts
+ * from the key.
+ *
+ * FIXME: this is not anymore needed but we keep it as example code for the
+ * new code we need to write for the import/export feature.
+ */
+static void
+merge_public_with_secret (KBNODE pubblock, KBNODE secblock)
+{
+ KBNODE pub;
+
+ assert (pubblock->pkt->pkttype == PKT_PUBLIC_KEY);
+ assert (secblock->pkt->pkttype == PKT_SECRET_KEY);
+
+ for (pub = pubblock; pub; pub = pub->next)
+ {
+ if (pub->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ PKT_public_key *pk = pub->pkt->pkt.public_key;
+ PKT_secret_key *sk = secblock->pkt->pkt.secret_key;
+ assert (pub == pubblock); /* Only in the first node. */
+ /* There is nothing to compare in this case, so just replace
+ * some information. */
+ copy_public_parts_to_secret_key (pk, sk);
+ free_public_key (pk);
+ pub->pkt->pkttype = PKT_SECRET_KEY;
+ pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
+ }
+ else if (pub->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ KBNODE sec;
+ PKT_public_key *pk = pub->pkt->pkt.public_key;
+
+ /* This is more complicated: It may happen that the sequence
+ * of the subkeys dosn't match, so we have to find the
+ * appropriate secret key. */
+ for (sec = secblock->next; sec; sec = sec->next)
+ {
+ if (sec->pkt->pkttype == PKT_SECRET_SUBKEY)
+ {
+ PKT_secret_key *sk = sec->pkt->pkt.secret_key;
+ if (!cmp_public_secret_key (pk, sk))
+ {
+ copy_public_parts_to_secret_key (pk, sk);
+ free_public_key (pk);
+ pub->pkt->pkttype = PKT_SECRET_SUBKEY;
+ pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
+ break;
+ }
+ }
+ }
+ if (!sec)
+ BUG (); /* Already checked in premerge. */
+ }
+ }
+}
+
+
+/* This function checks that for every public subkey a corresponding
+ * secret subkey is available and deletes the public subkey otherwise.
+ * We need this function because we can't delete it later when we
+ * actually merge the secret parts into the pubring.
+ * The function also plays some games with the node flags.
+ *
+ * FIXME: this is not anymore needed but we keep it as example code for the
+ * new code we need to write for the import/export feature.
+ */
+static void
+premerge_public_with_secret (KBNODE pubblock, KBNODE secblock)
+{
+ KBNODE last, pub;
+
+ assert (pubblock->pkt->pkttype == PKT_PUBLIC_KEY);
+ assert (secblock->pkt->pkttype == PKT_SECRET_KEY);
+
+ for (pub = pubblock, last = NULL; pub; last = pub, pub = pub->next)
+ {
+ pub->flag &= ~3; /* Reset bits 0 and 1. */
+ if (pub->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ KBNODE sec;
+ PKT_public_key *pk = pub->pkt->pkt.public_key;
+
+ for (sec = secblock->next; sec; sec = sec->next)
+ {
+ if (sec->pkt->pkttype == PKT_SECRET_SUBKEY)
+ {
+ PKT_secret_key *sk = sec->pkt->pkt.secret_key;
+ if (!cmp_public_secret_key (pk, sk))
+ {
+ if (sk->protect.s2k.mode == 1001)
+ {
+ /* The secret parts are not available so
+ we can't use that key for signing etc.
+ Fix the pubkey usage */
+ pk->pubkey_usage &= ~(PUBKEY_USAGE_SIG
+ | PUBKEY_USAGE_AUTH);
+ }
+ /* Transfer flag bits 0 and 1 to the pubblock. */
+ pub->flag |= (sec->flag & 3);
+ break;
+ }
+ }
+ }
+ if (!sec)
+ {
+ KBNODE next, ll;
+
+ if (opt.verbose)
+ log_info (_("no secret subkey"
+ " for public subkey %s - ignoring\n"),
+ keystr_from_pk (pk));
+ /* We have to remove the subkey in this case. */
+ assert (last);
+ /* Find the next subkey. */
+ for (next = pub->next, ll = pub;
+ next && next->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ ll = next, next = next->next)
+ ;
+ /* Make new link. */
+ last->next = next;
+ /* Release this public subkey with all sigs. */
+ ll->next = NULL;
+ release_kbnode (pub);
+ /* Let the loop continue. */
+ pub = last;
+ }
+ }
+ }
+ /* We need to copy the found bits (0 and 1) from the secret key to
+ the public key. This has already been done for the subkeys but
+ got lost on the primary key - fix it here. */
+ pubblock->flag |= (secblock->flag & 3);
+}
+#endif /*0*/
Modified: trunk/g10/gpg.h
===================================================================
--- trunk/g10/gpg.h 2010-01-29 10:37:12 UTC (rev 5253)
+++ trunk/g10/gpg.h 2010-02-02 14:06:19 UTC (rev 5254)
@@ -1,5 +1,5 @@
/* gpg.h - top level include file for gpg etc.
- * Copyright (C) 2003, 2006 Free Software Foundation, Inc.
+ * Copyright (C) 2003, 2006, 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -50,6 +50,7 @@
/* Object used to describe a keyblok node. */
typedef struct kbnode_struct *KBNODE;
+typedef struct kbnode_struct *kbnode_t;
/* Session control object. This object is passed to most functions to
Modified: trunk/g10/keydb.c
===================================================================
--- trunk/g10/keydb.c 2010-01-29 10:37:12 UTC (rev 5253)
+++ trunk/g10/keydb.c 2010-02-02 14:06:19 UTC (rev 5254)
@@ -353,8 +353,6 @@
KEYDB_HANDLE hd;
int i, j;
- if (secret)
- log_debug ("FIXME: keydb_new called for secret keys\n");
hd = xmalloc_clear (sizeof *hd);
hd->found = -1;
Modified: trunk/g10/keydb.h
===================================================================
--- trunk/g10/keydb.h 2010-01-29 10:37:12 UTC (rev 5253)
+++ trunk/g10/keydb.h 2010-02-02 14:06:19 UTC (rev 5254)
@@ -1,6 +1,6 @@
/* keydb.h - Key database
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
- * 2006 Free Software Foundation, Inc.
+ * 2006, 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -40,6 +40,7 @@
struct getkey_ctx_s;
typedef struct getkey_ctx_s *GETKEY_CTX;
+typedef struct getkey_ctx_s *getkey_ctx_t;
/****************
* A Keyblock is all packets which form an entire certificate;
@@ -93,12 +94,13 @@
int flags; /* flag bit 1==throw_keyid */
};
-/* structure to hold a couple of secret key certificates */
+/* Structure to hold a list of secret key certificates. */
typedef struct sk_list *SK_LIST;
-struct sk_list {
- SK_LIST next;
- PKT_secret_key *sk;
- int mark; /* not used */
+struct sk_list
+{
+ SK_LIST next;
+ PKT_public_key *pk;
+ int mark; /* not used */
};
/* structure to collect all information which can be used to
@@ -169,8 +171,8 @@
/*-- skclist.c --*/
int random_is_faked (void);
void release_sk_list( SK_LIST sk_list );
-int build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
- int unlock, unsigned use );
+gpg_error_t build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list,
+ int unlock, unsigned use);
/*-- passphrase.h --*/
unsigned char encode_s2k_iterations (int iterations);
@@ -226,7 +228,19 @@
int get_seckeyblock_byfprint (KBNODE *ret_keyblock, const byte *fprint,
size_t fprint_len );
+gpg_error_t getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk,
+ strlist_t names, int want_secret,
+ kbnode_t *ret_keyblock);
+gpg_error_t getkey_byname (getkey_ctx_t *retctx, PKT_public_key *pk,
+ const char *name, int want_secret,
+ kbnode_t *ret_keyblock);
+gpg_error_t getkey_next (getkey_ctx_t ctx, PKT_public_key *pk,
+ kbnode_t *ret_keyblock);
+void getkey_end (getkey_ctx_t ctx);
+gpg_error_t have_secret_key (kbnode_t keyblock);
+
+
int enum_secret_keys( void **context, PKT_secret_key *sk,
int with_subkeys, int with_spm );
void merge_keys_and_selfsig( KBNODE keyblock );
Modified: trunk/g10/keyedit.c
===================================================================
--- trunk/g10/keyedit.c 2010-01-29 10:37:12 UTC (rev 5253)
+++ trunk/g10/keyedit.c 2010-02-02 14:06:19 UTC (rev 5254)
@@ -511,7 +511,7 @@
int rc = 0;
SK_LIST sk_list = NULL;
SK_LIST sk_rover = NULL;
- PKT_secret_key *sk = NULL;
+ PKT_public_key *pk = NULL;
KBNODE node, uidnode;
PKT_public_key *primary_pk=NULL;
int select_all = !count_selected_uids(keyblock) || interactive;
@@ -550,14 +550,16 @@
opt.cert_policy_url || opt.cert_notations)
force_v4=1;
- /* we have to use a copy of the sk, because make_keysig_packet
+ /* We have to use a copy of the pk, because make_keysig_packet
* may remove the protection from sk and if we did other
* changes to the secret key, we would save the unprotected
- * version */
- if( sk )
- free_secret_key(sk);
- sk = copy_secret_key( NULL, sk_rover->sk );
- keyid_from_sk( sk, sk_keyid );
+ * version. FIXME: This can be removed because all protection
+ * is now done by gpg-agent. */
+ if (pk)
+ free_public_key (pk);
+ pk = copy_public_key (NULL, sk_rover->pk);
+ keyid_from_pk (pk, sk_keyid);
+
/* set mark A for all selected user ids */
for( node=keyblock; node; node = node->next ) {
if( select_all || (node->flag & NODFLG_SELUID) )
@@ -777,10 +779,10 @@
if (!node->pkt->pkt.signature->flags.exportable && local)
tty_printf(_(
"\"%s\" was already locally signed by key %s\n"),
- user,keystr_from_sk(sk));
+ user,keystr_from_pk (pk));
else
tty_printf(_("\"%s\" was already signed by key %s\n"),
- user,keystr_from_sk(sk));
+ user,keystr_from_pk (pk));
if(opt.expert
&& cpr_get_answer_is_yes("sign_uid.dupe_okay",
@@ -793,8 +795,8 @@
continue;
}
- sprintf (buf, "%08lX%08lX",
- (ulong)sk->keyid[0], (ulong)sk->keyid[1] );
+ snprintf (buf, sizeof buf, "%08lX%08lX",
+ (ulong)pk->keyid[0], (ulong)pk->keyid[1]);
write_status_text (STATUS_ALREADY_SIGNED, buf);
uidnode->flag &= ~NODFLG_MARK_A; /* remove mark */
@@ -806,7 +808,7 @@
/* check whether any uids are left for signing */
if( !count_uids_with_flag(keyblock, NODFLG_MARK_A) )
{
- tty_printf(_("Nothing to sign with key %s\n"),keystr_from_sk(sk));
+ tty_printf (_("Nothing to sign with key %s\n"), keystr_from_pk (pk));
continue;
}
@@ -883,7 +885,7 @@
currently v3 and we're about to sign it with a v4 sig? If
so, danger! */
if(PGP2 && all_v3 &&
- (sk->version>3 || force_v4) && primary_pk->version<=3)
+ (pk->version > 3 || force_v4) && primary_pk->version <= 3)
{
tty_printf(_("You may not make an OpenPGP signature on a "
"PGP 2.x key while in --pgp2 mode.\n"));
@@ -953,8 +955,8 @@
}
p=get_user_id_native(sk_keyid);
- tty_printf(_("Are you sure that you want to sign this key with your\n"
- "key \"%s\" (%s)\n"),p,keystr_from_sk(sk));
+ tty_printf (_("Are you sure that you want to sign this key with your\n"
+ "key \"%s\" (%s)\n"), p, keystr_from_pk (pk));
xfree(p);
if(selfsig)
@@ -1051,14 +1053,14 @@
rc = make_keysig_packet( &sig, primary_pk,
node->pkt->pkt.user_id,
NULL,
- sk,
+ pk,
0x13, 0, force_v4?4:0, 0, 0,
keygen_add_std_prefs, primary_pk);
else
rc = make_keysig_packet( &sig, primary_pk,
node->pkt->pkt.user_id,
NULL,
- sk,
+ pk,
class, 0, force_v4?4:0,
timestamp, duration,
sign_mk_attrib, &attrib );
@@ -1086,8 +1088,8 @@
leave:
release_sk_list( sk_list );
- if( sk )
- free_secret_key(sk);
+ if (pk)
+ free_public_key (pk);
return rc;
}
@@ -1653,7 +1655,7 @@
#ifdef HAVE_LIBREADLINE
tty_enable_completion(keyedit_completion);
#endif
- answer = cpr_get_no_help("keyedit.prompt", _("Command> "));
+ answer = cpr_get_no_help ("keyedit.prompt", "gpg> ");
cpr_kill_prompt();
tty_disable_completion();
}
@@ -2331,11 +2333,66 @@
void
keyedit_passwd (const char *username)
{
- gpg_error_t err = gpg_error (GPG_ERR_BUG); /* Not yet implemented. */
+ gpg_error_t err;
+ PKT_public_key *pk;
+ unsigned char fpr[MAX_FINGERPRINT_LEN];
+ size_t fprlen;
+ KEYDB_HANDLE kdh = NULL;
+ kbnode_t keyblock = NULL;
- log_info ("error changing the passphrase for `%s': %s\n",
- username, gpg_strerror (err));
- write_status_error ("keyedit.passwd", err);
+ pk = xtrycalloc (1, sizeof *pk);
+ if (!pk)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ err = getkey_byname (NULL, pk, username, 1, NULL);
+ if (err)
+ goto leave;
+ fingerprint_from_pk (pk, fpr, &fprlen);
+ while (fprlen < MAX_FINGERPRINT_LEN)
+ fpr[fprlen++] = 0;
+
+ /* FIXME: Call an agent function instead. */
+
+ kdh = keydb_new (1);
+ if (!kdh)
+ {
+ err = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ err = keydb_search_fpr (kdh, fpr);
+ if (err == -1 || gpg_err_code (err) == GPG_ERR_EOF)
+ err = gpg_error (GPG_ERR_NO_SECKEY);
+ if (err)
+ goto leave;
+
+ err = keydb_get_keyblock (kdh, &keyblock);
+ if (err)
+ goto leave;
+
+ if (!change_passphrase (keyblock))
+ {
+ err = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ err = keydb_update_keyblock (kdh, keyblock);
+ if (err)
+ log_error( _("update secret failed: %s\n"), gpg_strerror (err));
+
+ leave:
+ release_kbnode (keyblock);
+ if (pk)
+ free_public_key (pk);
+ keydb_release (kdh);
+ if (err)
+ {
+ log_info ("error changing the passphrase for `%s': %s\n",
+ username, gpg_strerror (err));
+ write_status_error ("keyedit.passwd", err);
+ }
}
Modified: trunk/g10/keylist.c
===================================================================
--- trunk/g10/keylist.c 2010-01-29 10:37:12 UTC (rev 5253)
+++ trunk/g10/keylist.c 2010-02-02 14:06:19 UTC (rev 5254)
@@ -127,18 +127,18 @@
}
void
-print_seckey_info (PKT_secret_key * sk)
+print_seckey_info (PKT_public_key *pk)
{
u32 keyid[2];
char *p;
- keyid_from_sk (sk, keyid);
+ keyid_from_pk (pk, keyid);
p = get_user_id_native (keyid);
tty_printf ("\nsec %4u%c/%s %s %s\n",
- nbits_from_sk (sk),
- pubkey_letter (sk->pubkey_algo),
- keystr (keyid), datestr_from_sk (sk), p);
+ nbits_from_pk (pk),
+ pubkey_letter (pk->pubkey_algo),
+ keystr (keyid), datestr_from_pk (pk), p);
xfree (p);
}
@@ -423,7 +423,7 @@
memset (&stats, 0, sizeof (stats));
- hd = keydb_new (secret);
+ hd = keydb_new (0);
if (!hd)
rc = G10ERR_GENERAL;
else
@@ -444,23 +444,28 @@
log_error ("keydb_get_keyblock failed: %s\n", g10_errstr (rc));
goto leave;
}
- if (!opt.with_colons)
- {
- resname = keydb_get_resource_name (hd);
- if (lastresname != resname)
- {
- int i;
-
- printf ("%s\n", resname);
- for (i = strlen (resname); i; i--)
- putchar ('-');
- putchar ('\n');
- lastresname = resname;
- }
- }
- merge_keys_and_selfsig (keyblock);
- list_keyblock (keyblock, secret, opt.fingerprint,
- opt.check_sigs ? &stats : NULL);
+ if (secret && have_secret_key (keyblock))
+ ; /* Secret key listing requested but this isn't one. */
+ else
+ {
+ if (!opt.with_colons)
+ {
+ resname = keydb_get_resource_name (hd);
+ if (lastresname != resname)
+ {
+ int i;
+
+ printf ("%s\n", resname);
+ for (i = strlen (resname); i; i--)
+ putchar ('-');
+ putchar ('\n');
+ lastresname = resname;
+ }
+ }
+ merge_keys_and_selfsig (keyblock);
+ list_keyblock (keyblock, secret, opt.fingerprint,
+ opt.check_sigs ? &stats : NULL);
+ }
release_kbnode (keyblock);
keyblock = NULL;
}
@@ -499,58 +504,31 @@
* functions) or to have the search function return indicators for
* found names. Yet another way is to use the keydb search
* facilities directly. */
- if (secret)
+ rc = getkey_bynames (&ctx, NULL, names, secret, &keyblock);
+ if (rc)
{
- rc = get_seckey_bynames (&ctx, NULL, names, &keyblock);
- if (rc)
- {
- log_error ("error reading key: %s\n", g10_errstr (rc));
- get_seckey_end (ctx);
- return;
- }
- do
- {
- if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
- {
- resname = keydb_get_resource_name (get_ctx_handle (ctx));
- printf ("%s: %s\n", keyring_str, resname);
- for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
- putchar ('-');
- putchar ('\n');
- }
- list_keyblock (keyblock, 1, opt.fingerprint, NULL);
- release_kbnode (keyblock);
- }
- while (!get_seckey_next (ctx, NULL, &keyblock));
- get_seckey_end (ctx);
- }
- else
- {
- rc = get_pubkey_bynames (&ctx, NULL, names, &keyblock);
- if (rc)
- {
- log_error ("error reading key: %s\n", g10_errstr (rc));
- get_pubkey_end (ctx);
- return;
- }
- do
- {
- if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
- {
- resname = keydb_get_resource_name (get_ctx_handle (ctx));
- printf ("%s: %s\n", keyring_str, resname);
- for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
- putchar ('-');
- putchar ('\n');
- }
- list_keyblock (keyblock, 0, opt.fingerprint,
- opt.check_sigs ? &stats : NULL);
- release_kbnode (keyblock);
- }
- while (!get_pubkey_next (ctx, NULL, &keyblock));
+ log_error ("error reading key: %s\n", g10_errstr (rc));
get_pubkey_end (ctx);
+ return;
}
+ do
+ {
+ if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
+ {
+ resname = keydb_get_resource_name (get_ctx_handle (ctx));
+ printf ("%s: %s\n", keyring_str, resname);
+ for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
+ putchar ('-');
+ putchar ('\n');
+ }
+ list_keyblock (keyblock, secret, opt.fingerprint,
+ (!secret && opt.check_sigs)? &stats : NULL);
+ release_kbnode (keyblock);
+ }
+ while (!getkey_next (ctx, NULL, &keyblock));
+ getkey_end (ctx);
+
if (opt.check_sigs && !opt.with_colons)
print_signature_stats (&stats);
}
@@ -610,39 +588,37 @@
}
static void
-print_capabilities (PKT_public_key * pk, PKT_secret_key * sk, KBNODE keyblock)
+print_capabilities (PKT_public_key *pk, KBNODE keyblock)
{
- if (pk || (sk && sk->protect.s2k.mode != 1001))
+ unsigned int use = pk->pubkey_usage;
+ int c_printed = 0;
+
+ if (use & PUBKEY_USAGE_ENC)
+ putchar ('e');
+
+ if (use & PUBKEY_USAGE_SIG)
{
- unsigned int use = pk ? pk->pubkey_usage : sk->pubkey_usage;
- int c_printed = 0;
+ putchar ('s');
+ if (pk->is_primary)
+ {
+ putchar ('c');
+ /* The PUBKEY_USAGE_CERT flag was introduced later and we
+ used to always print 'c' for a primary key. To avoid any
+ regression here we better track whether we printed 'c'
+ already. */
+ c_printed = 1;
+ }
+ }
- if (use & PUBKEY_USAGE_ENC)
- putchar ('e');
+ if ((use & PUBKEY_USAGE_CERT) && !c_printed)
+ putchar ('c');
- if (use & PUBKEY_USAGE_SIG)
- {
- putchar ('s');
- if (pk ? pk->is_primary : sk->is_primary)
- {
- putchar ('c');
- /* The PUBKEY_USAGE_CERT flag was introduced later and
- we used to always print 'c' for a primary key. To
- avoid any regression here we better track whether we
- printed 'c' already. */
- c_printed = 1;
- }
- }
+ if ((use & PUBKEY_USAGE_AUTH))
+ putchar ('a');
- if ((use & PUBKEY_USAGE_CERT) && !c_printed)
- putchar ('c');
-
- if ((use & PUBKEY_USAGE_AUTH))
- putchar ('a');
- }
-
if (keyblock)
- { /* figure out the usable capabilities */
+ {
+ /* Figure out the usable capabilities. */
KBNODE k;
int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0;
@@ -672,27 +648,6 @@
auth = 1;
}
}
- else if (k->pkt->pkttype == PKT_SECRET_KEY
- || k->pkt->pkttype == PKT_SECRET_SUBKEY)
- {
- sk = k->pkt->pkt.secret_key;
- if (sk->is_valid && !sk->is_revoked && !sk->has_expired
- && sk->protect.s2k.mode != 1001)
- {
- if (sk->pubkey_usage & PUBKEY_USAGE_ENC)
- enc = 1;
- if (sk->pubkey_usage & PUBKEY_USAGE_SIG)
- {
- sign = 1;
- if (sk->is_primary)
- cert = 1;
- }
- if ((sk->pubkey_usage & PUBKEY_USAGE_CERT))
- cert = 1;
- if ((sk->pubkey_usage & PUBKEY_USAGE_AUTH))
- auth = 1;
- }
- }
}
if (enc)
putchar ('E');
@@ -705,10 +660,11 @@
if (disabled)
putchar ('D');
}
-
+
putchar (':');
}
+
/* FLAGS: 0x01 hashed
0x02 critical */
static void
@@ -731,6 +687,7 @@
printf ("\n");
}
+
void
print_subpackets_colon (PKT_signature * sig)
{
@@ -756,9 +713,9 @@
}
}
+
void
-dump_attribs (const PKT_user_id * uid, PKT_public_key * pk,
- PKT_secret_key * sk)
+dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
{
int i;
@@ -773,12 +730,9 @@
char buf[(MAX_FINGERPRINT_LEN * 2) + 90];
size_t j, n;
- if (pk)
- fingerprint_from_pk (pk, array, &n);
- else if (sk)
- fingerprint_from_sk (sk, array, &n);
- else
- BUG ();
+ if (!pk)
+ BUG ();
+ fingerprint_from_pk (pk, array, &n);
p = array;
for (j = 0; j < n; j++, p++)
@@ -799,6 +753,7 @@
}
}
+
static void
list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
{
@@ -806,12 +761,12 @@
KBNODE kbctx;
KBNODE node;
PKT_public_key *pk;
- PKT_secret_key *sk;
struct sig_stats *stats = opaque;
int skip_sigs = 0;
+ int s2k_char;
- /* get the keyid from the keyblock */
- node = find_kbnode (keyblock, secret ? PKT_SECRET_KEY : PKT_PUBLIC_KEY);
+ /* Get the keyid from the keyblock. */
+ node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
if (!node)
{
log_error ("Oops; key lost!\n");
@@ -819,81 +774,57 @@
return;
}
- if (secret)
- {
- pk = NULL;
- sk = node->pkt->pkt.secret_key;
+ pk = node->pkt->pkt.public_key;
+
+ /* Fixme: Get s2k mode from the agent. */
+ s2k_char = (/*(sk->protect.s2k.mode == 1001)? '#' :
+ (sk->protect.s2k.mode == 1002)? '>' : */' ');
+
+ check_trustdb_stale ();
- printf ("sec%c %4u%c/%s %s", (sk->protect.s2k.mode == 1001) ? '#' :
- (sk->protect.s2k.mode == 1002) ? '>' : ' ',
- nbits_from_sk (sk), pubkey_letter (sk->pubkey_algo),
- keystr_from_sk (sk), datestr_from_sk (sk));
+ printf ("%s%c %4u%c/%s %s",
+ secret? "sec":"pub",
+ s2k_char,
+ nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
+ keystr_from_pk (pk), datestr_from_pk (pk));
- if (sk->has_expired)
- {
- printf (" [");
- printf (_("expired: %s"), expirestr_from_sk (sk));
- printf ("]");
- }
- else if (sk->expiredate)
- {
- printf (" [");
- printf (_("expires: %s"), expirestr_from_sk (sk));
- printf ("]");
- }
-
- printf ("\n");
+ if (pk->is_revoked)
+ {
+ printf (" [");
+ printf (_("revoked: %s"), revokestr_from_pk (pk));
+ printf ("]");
}
- else
+ else if (pk->has_expired)
{
- pk = node->pkt->pkt.public_key;
- sk = NULL;
+ printf (" [");
+ printf (_("expired: %s"), expirestr_from_pk (pk));
+ printf ("]");
+ }
+ else if (pk->expiredate)
+ {
+ printf (" [");
+ printf (_("expires: %s"), expirestr_from_pk (pk));
+ printf ("]");
+ }
- check_trustdb_stale ();
-
- printf ("pub %4u%c/%s %s",
- nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
- keystr_from_pk (pk), datestr_from_pk (pk));
-
- /* We didn't include this before in the key listing, but there
- is room in the new format, so why not? */
-
- if (pk->is_revoked)
- {
- printf (" [");
- printf (_("revoked: %s"), revokestr_from_pk (pk));
More information about the Gnupg-commits
mailing list