[git] GnuPG - branch, master, updated. gnupg-2.1.10-102-geb9c021
by Werner Koch
cvs at cvs.gnupg.org
Sat Jan 9 11:36:10 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via eb9c021631174fde4c1c444bbc533a7a46d570cd (commit)
from b2da3951a395366bf1644bc4c4eb42d657effe17 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit eb9c021631174fde4c1c444bbc533a7a46d570cd
Author: Werner Koch <wk at gnupg.org>
Date: Sat Jan 9 11:28:42 2016 +0100
tools: Remove gpgkey2ssh.
* tools/gpgkey2ssh.c: Remove.
* tools/Makefile.am (bin_PROGRAMS): Ditto.
--
Also remove it form the docs.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 6e0bc15..5449d07 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -84,7 +84,7 @@ watchgnupg_SOURCE = gnupg.texi
CLEANFILES = yat2m mkdefsinc defs.inc
DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
- $(myman_pages) gpg-zip.1 gpgkey2ssh.1 gnupg.7
+ $(myman_pages) gpg-zip.1 gnupg.7
yat2m: yat2m.c
$(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
diff --git a/doc/gpg.texi b/doc/gpg.texi
index d6ae579..5510d57 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -396,6 +396,21 @@ GnuPG may ask you to enter the passphrase for the key. This is
required because the internal protection method of the secret key is
different from the one specified by the OpenPGP protocol.
+ at item --export-ssh-key
+ at opindex export-ssh-key
+This command is used to export a key in the OpenSSH public key format.
+It requires the specification of one key by the usual means and
+exports the latest valid subkey which has an authentication capability
+to STDOUT or to the file given with option @option{--output}. That
+output can directly be added to ssh's @file{authorized_key} file.
+
+By specifying the key to export using a key ID or a fingerprint
+suffixed with an exclamation mark (!), a specific subkey or the
+primary key can be exported. This does not even require that the key
+has the authentication capability flag set. To view the capability
+flags of a key use @code{--list-options show-usage} along with a key
+listing command.
+
@item --import
@itemx --fast-import
@opindex import
diff --git a/doc/tools.texi b/doc/tools.texi
index 633502e..425790e 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -21,7 +21,6 @@ GnuPG comes with a couple of smaller tools:
* gpgparsemail:: Parse a mail message into an annotated format
* symcryptrun:: Call a simple symmetric encryption tool.
* gpg-zip:: Encrypt or sign files into an archive.
-* gpgkey2ssh:: Emit GPG public keys in OpenSSH format.
@end menu
@c
@@ -1894,75 +1893,3 @@ gpg-zip --list-archive test1
@command{tar}(1),
@end ifset
@include see-also-note.texi
-
-
- at c
- at c GPGKEY2SSH
- at c
- at manpage gpgkey2ssh.1
- at node gpgkey2ssh
- at section Emit GPG public keys in OpenSSH format
- at ifset manverb
-.B gpgkey2ssh \- Emit GPG public keys in OpenSSH format
- at end ifset
-
- at mansect synopsis
- at ifset manverb
-.B gpgkey2ssh
-.I keyid
- at end ifset
-
- at mansect description
-This tool is deprecated and will be removed soon.
-
- at command{gpgkey2ssh} emits the public key of an OpenPGP RSA or DSA key
-in a format readable by OpenSSH clients and servers.
-
-It takes only a single argument, a key ID, which designates the
-primary key or subkey whose public key should be converted.
-
-The key ID should use upper-case (A-F, not a-f) for all hex digits
-greater than 9, and the key in question must be present in
- at code{gpg}'s public keyring.
-
-The output of a successful run can be used verbatim as an entry in an
- at code{authorized_keys} file for @code{sshd}, or can be prefixed with a
-host name and appended to a @code{known_hosts} file for @code{ssh}.
-
- at mansect return value
-
-The program returns 0 if the key was successfully converted and
-non-zero if there was an error (e.g., if the key ID was malformed, the
-key was not present in the public keyring, or if the key is not an RSA
-or DSA key).
-
- at mansect environment
- at subsection Environment
-
- at table @asis
-
- at item HOME
-Used to locate the default home directory.
-
- at item GNUPGHOME
-If set directory used instead of "~/.gnupg".
-
- at end table
-
- at mansect files
- at subsection FILES
-
- at table @asis
-
- at item gpg2
-The command used to search the user's keyring.
-
- at end table
-
- at mansect see also
- at ifset isman
- at command{gpg2}(1),
- at command{sshd}(8),
- at command{ssh}(1)
- at end ifset
- at include see-also-note.texi
diff --git a/g10/keyring.c b/g10/keyring.c
index 4dc7e0a..a0b7a0e 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -1229,7 +1229,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
if (!rc)
{
if (DBG_LOOKUP)
- log_debug ("%s: returing success\n", __func__);
+ log_debug ("%s: returning success\n", __func__);
hd->found.offset = main_offset;
hd->found.kr = hd->current.kr;
hd->found.pk_no = pk? pk_no : 0;
diff --git a/tools/Makefile.am b/tools/Makefile.am
index a268811..39c0f9c 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -51,13 +51,12 @@ else
gpgtar =
endif
-# Fixme: We should remove the gpgkey2ssh tool.
bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun}
if !HAVE_W32_SYSTEM
bin_PROGRAMS += watchgnupg gpgparsemail
endif
if !HAVE_W32CE_SYSTEM
-bin_PROGRAMS += gpgkey2ssh ${gpgtar}
+bin_PROGRAMS += ${gpgtar}
endif
if !DISABLE_REGEX
@@ -119,15 +118,6 @@ gpg_connect_agent_LDADD = ../common/libgpgrl.a $(common_libs) \
$(LIBREADLINE) $(LIBINTL) $(NETLIBS) $(LIBICONV) \
$(resource_objs)
-if !HAVE_W32CE_SYSTEM
-gpgkey2ssh_SOURCES = gpgkey2ssh.c
-gpgkey2ssh_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
-# common via use of BUG() in an inline function, which
-# some compilers do not eliminate.
-gpgkey2ssh_LDADD = $(common_libs) \
- $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) \
- $(NETLIBS)
-endif
if !DISABLE_REGEX
gpg_check_pattern_SOURCES = gpg-check-pattern.c
diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c
deleted file mode 100644
index f12c5f4..0000000
--- a/tools/gpgkey2ssh.c
+++ /dev/null
@@ -1,337 +0,0 @@
-/* gpgkey2ssh.c - Converter (Debug helper)
- * Copyright (C) 2005 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- * License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/*
- FIXME: This tool needs some cleanup:
-
- - Do not use assert() for error output.
- - Add proper option parsing and standard options.
- - retrieve_key_material needs to take the ordinal at field 1 in account.
- 0 Write a man page.
-*/
-
-#include <config.h>
-
-#include <gcrypt.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <assert.h>
-#include <stdio.h>
-#include <errno.h>
-
-#include "util.h"
-#include "sysutils.h"
-
-
-
-typedef struct pkdbuf
-{
- unsigned char *buffer;
- size_t buffer_n;
-} pkdbuf_t;
-
-
-
-/* Retrieve the public key material for the RSA key, whose fingerprint
- is FPR, from gpg output, which can be read through the stream FP.
- The RSA modulus will be stored at the address of M and MLEN, the
- public exponent at E and ELEN. Returns zero on success, an error
- code on failure. Caller must release the allocated buffers at M
- and E if the function returns success. */
-static gpg_error_t
-retrieve_key_material (FILE *fp, const char *hexkeyid, int *algorithm_id,
- pkdbuf_t **pkdbuf, size_t *pkdbuf_n)
-{
- pkdbuf_t *pkdbuf_new;
- pkdbuf_t *pkdbuf_tmp;
- size_t pkdbuf_new_n;
- gcry_error_t err = 0;
- char *line = NULL; /* read_line() buffer. */
- size_t line_size = 0; /* Helper for for read_line. */
- int found_key = 0; /* Helper to find a matching key. */
- int id;
- unsigned char *buffer;
- size_t buffer_n;
- int i;
-
- pkdbuf_new = NULL;
- pkdbuf_new_n = 0;
- id = 0;
-
- /* Loop over all records until we have found the subkey
- corresponding to the fingerprint. In general the first record
- should be the pub record, but we don't rely on that. Given that
- we only need to look at one key, it is sufficient to compare the
- keyid so that we don't need to look at "fpr" records. */
- for (;;)
- {
- char *p;
- char *fields[6];
- int nfields;
- size_t max_length;
- gcry_mpi_t mpi;
-
- max_length = 4096;
- i = read_line (fp, &line, &line_size, &max_length);
- if (!i)
- break; /* EOF. */
- if (i < 0)
- {
- err = gpg_error_from_syserror ();
- goto leave; /* Error. */
- }
- if (!max_length)
- {
- err = gpg_error (GPG_ERR_TRUNCATED);
- goto leave; /* Line truncated - we better stop processing. */
- }
-
- /* Parse the line into fields. */
- for (nfields=0, p=line; p && nfields < DIM (fields); nfields++)
- {
- fields[nfields] = p;
- p = strchr (p, ':');
- if (p)
- *(p++) = 0;
- }
- if (!nfields)
- continue; /* No fields at all - skip line. */
-
- if (!found_key)
- {
- if ( (!strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
- && nfields > 4 &&
- (((strlen (hexkeyid) == 8)
- && (strlen (fields[4]) == 16)
- && (! strcmp (fields[4] + 8, hexkeyid)))
- || ((strlen (hexkeyid) == 16)
- && (! strcmp (fields[4], hexkeyid)))))
- {
- found_key = 1;
- /* Save algorithm ID. */
- id = atoi (fields[3]);
- }
- continue;
- }
-
- if ( !strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
- break; /* Next key - stop. */
-
- if ( strcmp (fields[0], "pkd") )
- continue; /* Not a key data record. */
-
- /* FIXME, necessary? */
-
- i = atoi (fields[1]);
- if ((nfields < 4) || (i < 0))
- {
- err = gpg_error (GPG_ERR_GENERAL);
- goto leave;
- }
-
- err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_HEX, fields[3], 0, NULL);
- if (err)
- mpi = NULL;
-
- err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &buffer, &buffer_n, mpi);
- gcry_mpi_release (mpi);
- if (err)
- goto leave;
-
- pkdbuf_tmp = xrealloc (pkdbuf_new, sizeof (*pkdbuf_new) * (pkdbuf_new_n + 1));
- if (pkdbuf_new != pkdbuf_tmp)
- pkdbuf_new = pkdbuf_tmp;
- pkdbuf_new[pkdbuf_new_n].buffer = buffer;
- pkdbuf_new[pkdbuf_new_n].buffer_n = buffer_n;
- pkdbuf_new_n++;
- }
-
- *algorithm_id = id;
- *pkdbuf = pkdbuf_new;
- *pkdbuf_n = pkdbuf_new_n;
-
- leave:
-
- if (err)
- if (pkdbuf_new)
- {
- for (i = 0; i < pkdbuf_new_n; i++)
- xfree (pkdbuf_new[i].buffer);
- xfree (pkdbuf_new);
- }
- xfree (line);
-
- return err;
-}
-
-
-
-int
-key_to_blob (unsigned char **blob, size_t *blob_n, const char *identifier, ...)
-{
- unsigned char *blob_new;
- size_t blob_new_n;
- unsigned char uint32_buffer[4];
- u32 identifier_n;
- FILE *stream;
- va_list ap;
- int ret;
- pkdbuf_t *pkd;
-
- stream = gnupg_tmpfile ();
- assert (stream);
-
- identifier_n = strlen (identifier);
- uint32_buffer[0] = identifier_n >> 24;
- uint32_buffer[1] = identifier_n >> 16;
- uint32_buffer[2] = identifier_n >> 8;
- uint32_buffer[3] = identifier_n >> 0;
- ret = fwrite (uint32_buffer, sizeof (uint32_buffer), 1, stream);
- assert (ret == 1);
- ret = fwrite (identifier, identifier_n, 1, stream);
- assert (ret == 1);
-
- va_start (ap, identifier);
- while (1)
- {
- pkd = va_arg (ap, pkdbuf_t *);
- if (! pkd)
- break;
-
- uint32_buffer[0] = pkd->buffer_n >> 24;
- uint32_buffer[1] = pkd->buffer_n >> 16;
- uint32_buffer[2] = pkd->buffer_n >> 8;
- uint32_buffer[3] = pkd->buffer_n >> 0;
- ret = fwrite (uint32_buffer, sizeof (uint32_buffer), 1, stream);
- assert (ret == 1);
- ret = fwrite (pkd->buffer, pkd->buffer_n, 1, stream);
- assert (ret == 1);
- }
-
- va_end (ap);
-
- blob_new_n = ftell (stream);
- rewind (stream);
-
- blob_new = xmalloc (blob_new_n);
- ret = fread (blob_new, blob_new_n, 1, stream);
- assert (ret == 1);
-
- *blob = blob_new;
- *blob_n = blob_new_n;
-
- fclose (stream);
-
- return 0;
-}
-
-int
-main (int argc, char **argv)
-{
- const char *keyid;
- int algorithm_id;
- pkdbuf_t *pkdbuf;
- size_t pkdbuf_n;
- char *command = NULL;
- FILE *fp;
- int ret;
- gcry_error_t err;
- unsigned char *blob;
- size_t blob_n;
- struct b64state b64_state;
- const char *identifier;
-
- pkdbuf = NULL;
- pkdbuf_n = 0;
-
- algorithm_id = 0; /* (avoid cc warning) */
- identifier = NULL; /* (avoid cc warning) */
-
- if (argc != 2)
- {
- fprintf (stderr, "Usage: %s KEYID\n", argv[0]);
- exit (1);
- }
- if (strcmp (argv[1], "--help") == 0)
- {
- fprintf (stderr, "Usage: %s KEYID\n", argv[0]);
- fprintf (stderr, "\n");
- fprintf (stderr,
- "Convert a gpg key to a format appropriate for inclusion in an\n"
- "ssh authorized_keys file.\n");
- exit (0);
- }
-
- keyid = argv[1];
-
- asprintf (&command,
- "gpg2 --list-keys --with-colons --with-key-data '%s'",
- keyid);
- if (! command)
- {
- fprintf (stderr, "Out of memory.\n");
- exit (1);
- }
-
- fp = popen (command, "r");
- if (! fp)
- {
- fprintf (stderr, "Failed to running: '%s'\n", command);
- exit (1);
- }
-
- err = retrieve_key_material (fp, keyid, &algorithm_id, &pkdbuf, &pkdbuf_n);
- if (err)
- {
- fprintf (stderr, "Error looking up key: %s\n", gpg_strerror (err));
- exit (1);
- }
- if (! ((algorithm_id == 1) || (algorithm_id == 17)))
- {
- fprintf (stderr, "Unsupported algorithm: %d\n", algorithm_id);
- exit (1);
- }
-
- if (algorithm_id == 1)
- {
- identifier = "ssh-rsa";
- ret = key_to_blob (&blob, &blob_n, identifier,
- &pkdbuf[1], &pkdbuf[0], NULL);
- }
- else if (algorithm_id == 17)
- {
- identifier = "ssh-dss";
- ret = key_to_blob (&blob, &blob_n, identifier,
- &pkdbuf[0], &pkdbuf[1], &pkdbuf[2], &pkdbuf[3], NULL);
- }
- assert (! ret);
-
- printf ("%s ", identifier);
-
- err = b64enc_start (&b64_state, stdout, "");
- assert (! err);
- err = b64enc_write (&b64_state, blob, blob_n);
- assert (! err);
- err = b64enc_finish (&b64_state);
- assert (! err);
-
- printf (" COMMENT\n");
-
- return 0;
-}
-----------------------------------------------------------------------
Summary of changes:
doc/Makefile.am | 2 +-
doc/gpg.texi | 15 +++
doc/tools.texi | 73 ------------
g10/keyring.c | 2 +-
tools/Makefile.am | 12 +-
tools/gpgkey2ssh.c | 337 -----------------------------------------------------
6 files changed, 18 insertions(+), 423 deletions(-)
delete mode 100644 tools/gpgkey2ssh.c
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list