[git] GnuPG - branch, master, updated. gnupg-2.1.12-46-g01285f9
by Werner Koch
cvs at cvs.gnupg.org
Thu Jun 2 18:41:20 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 01285f909e43e8d6a48fbcc77bb5af53d567d8a2 (commit)
via dcc4cd83821667be22e502af86139bb4bd41bdf7 (commit)
from 8f2a053a0ffa0430d01a53b4d491a3f0fff683eb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 01285f909e43e8d6a48fbcc77bb5af53d567d8a2
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jun 2 18:38:10 2016 +0200
gpg: Extend the --quick-gen-key command.
* g10/keygen.c (quickgen_set_para): Add arg 'use'.
(quick_generate_keypair): Add args 'algostr', 'usagestr', and
'expirestr'. Implement primary only key mode.
(parse_algo_usage_expire): Set NBITS for the default algo.
* g10/gpg.c (main): Extend --quick-gen-key command.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9b0f1ba..4559958 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -599,7 +599,7 @@ This section explains the main commands for key management
@table @gnupgtabopt
- at item --quick-gen-key @code{user-id}
+ at item --quick-gen-key @code{user-id} [@code{algo} [@code{usage} [@code{expire}]]]
@opindex quick-gen-key
This is a simple command to generate a standard key with one user id.
In contrast to @option{--gen-key} the key is generated directly
@@ -612,6 +612,13 @@ answer to a ``Continue?'' style confirmation prompt is required. In
case the user id already exists in the key ring a second prompt to
force the creation of the key will show up.
+If any of the optional arguments are given, only the primary key is
+created and no prompts are shown. For a description of these optional
+arguments see the command @code{--quick-addkey}. The @code{usage}
+accepts also the value ``cert'' which can be used to create a
+certification only primary key; the default is to a create
+certification and signing key.
+
If this command is used with @option{--batch},
@option{--pinentry-mode} has been set to @code{loopback}, and one of
the passphrase options (@option{--passphrase},
diff --git a/g10/gpg.c b/g10/gpg.c
index 2795330..b193fcd 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -4096,11 +4096,29 @@ main (int argc, char **argv)
break;
case aQuickKeygen:
- if (argc != 1 )
- wrong_args("--gen-key user-id");
- username = make_username (fname);
- quick_generate_keypair (ctrl, username);
- xfree (username);
+ {
+ const char *x_algo, *x_usage, *x_expire;
+
+ if (argc < 1 || argc > 4)
+ wrong_args("--quick-gen-key USER-ID [ALGO [USAGE [EXPIRE]]]");
+ username = make_username (fname);
+ argv++, argc--;
+ x_algo = "";
+ x_usage = "";
+ x_expire = "";
+ if (argc)
+ {
+ x_algo = *argv++; argc--;
+ if (argc)
+ {
+ x_usage = *argv++; argc--;
+ if (argc)
+ x_expire = *argv++; argc--;
+ }
+ }
+ quick_generate_keypair (ctrl, username, x_algo, x_usage, x_expire);
+ xfree (username);
+ }
break;
case aKeygen: /* generate a key */
diff --git a/g10/keygen.c b/g10/keygen.c
index 69b6a0d..940cb16 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -136,6 +136,12 @@ static byte zip_prefs[MAX_PREFS];
static int nzip_prefs;
static int mdc_available,ks_modify;
+static gpg_error_t parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
+ const char *algostr, const char *usagestr,
+ const char *expirestr,
+ int *r_algo, unsigned int *r_usage,
+ u32 *r_expire,
+ unsigned int *r_nbits, char **r_curve);
static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
struct output_control_s *outctrl, int card );
static int write_keyblock (iobuf_t out, kbnode_t node);
@@ -3467,13 +3473,20 @@ read_parameter_file (ctrl_t ctrl, const char *fname )
/* Helper for quick_generate_keypair. */
static struct para_data_s *
quickgen_set_para (struct para_data_s *para, int for_subkey,
- int algo, int nbits, const char *curve)
+ int algo, int nbits, const char *curve, unsigned int use)
{
struct para_data_s *r;
- r = xmalloc_clear (sizeof *r + 20);
+ r = xmalloc_clear (sizeof *r + 30);
r->key = for_subkey? pSUBKEYUSAGE : pKEYUSAGE;
- strcpy (r->u.value, for_subkey ? "encrypt" : "sign");
+ if (use)
+ snprintf (r->u.value, 30, "%s%s%s%s",
+ (use & PUBKEY_USAGE_ENC)? "encr " : "",
+ (use & PUBKEY_USAGE_SIG)? "sign " : "",
+ (use & PUBKEY_USAGE_AUTH)? "auth " : "",
+ (use & PUBKEY_USAGE_CERT)? "cert " : "");
+ else
+ strcpy (r->u.value, for_subkey ? "encr" : "sign");
r->next = para;
para = r;
r = xmalloc_clear (sizeof *r + 20);
@@ -3507,7 +3520,8 @@ quickgen_set_para (struct para_data_s *para, int for_subkey,
* Unattended generation of a standard key.
*/
void
-quick_generate_keypair (ctrl_t ctrl, const char *uid)
+quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
+ const char *usagestr, const char *expirestr)
{
gpg_error_t err;
struct para_data_s *para = NULL;
@@ -3518,6 +3532,7 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid)
memset (&outctrl, 0, sizeof outctrl);
use_tty = (!opt.batch && !opt.answer_yes
+ && !*algostr && !*usagestr && !*expirestr
&& !cpr_enabled ()
&& gnupg_isatty (fileno (stdin))
&& gnupg_isatty (fileno (stdout))
@@ -3578,12 +3593,39 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid)
}
}
- para = quickgen_set_para (para, 0,
- DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
- DEFAULT_STD_CURVE);
- para = quickgen_set_para (para, 1,
- DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
- DEFAULT_STD_SUBCURVE);
+ if (*algostr || *usagestr || *expirestr)
+ {
+ /* Extended unattended mode. Creates only the primary key. */
+ int algo;
+ unsigned int use;
+ u32 expire;
+ unsigned int nbits;
+ char *curve;
+
+ err = parse_algo_usage_expire (ctrl, 0, algostr, usagestr, expirestr,
+ &algo, &use, &expire, &nbits, &curve);
+ if (err)
+ {
+ log_error (_("Key generation failed: %s\n"), gpg_strerror (err) );
+ goto leave;
+ }
+
+ para = quickgen_set_para (para, 0, algo, nbits, curve, use);
+ r = xmalloc_clear (sizeof *r + 20);
+ r->key = pKEYEXPIRE;
+ r->u.expire = expire;
+ r->next = para;
+ para = r;
+ }
+ else
+ {
+ para = quickgen_set_para (para, 0,
+ DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
+ DEFAULT_STD_CURVE, 0);
+ para = quickgen_set_para (para, 1,
+ DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
+ DEFAULT_STD_SUBCURVE, 0);
+ }
/* If the pinentry loopback mode is not and we have a static
passphrase (i.e. set with --passphrase{,-fd,-file} while in batch
@@ -3601,6 +3643,7 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid)
}
proc_parameter_file (ctrl, para, "[internal]", &outctrl, 0);
+
leave:
release_parameter_list (para);
}
@@ -3844,10 +3887,10 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
, "--full-gen-key" );
para = quickgen_set_para (para, 0,
DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
- DEFAULT_STD_CURVE);
+ DEFAULT_STD_CURVE, 0);
para = quickgen_set_para (para, 1,
DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
- DEFAULT_STD_SUBCURVE);
+ DEFAULT_STD_SUBCURVE, 0);
}
@@ -4318,7 +4361,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
}
-gpg_error_t
+static gpg_error_t
parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
const char *algostr, const char *usagestr,
const char *expirestr,
@@ -4340,8 +4383,9 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
if (!algostr || !*algostr
|| !strcmp (algostr, "default") || !strcmp (algostr, "-"))
{
- algo = DEFAULT_STD_SUBALGO;
- use = DEFAULT_STD_SUBKEYUSE;
+ algo = for_subkey? DEFAULT_STD_SUBALGO : DEFAULT_STD_ALGO;
+ use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE;
+ nbits = for_subkey?DEFAULT_STD_SUBKEYSIZE : DEFAULT_STD_KEYSIZE;
}
else if (*algostr == '&' && strlen (algostr) == 41)
{
diff --git a/g10/main.h b/g10/main.h
index 0ca4d39..46b4ead 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -298,7 +298,8 @@ u32 parse_expire_string(const char *string);
u32 ask_expire_interval(int object,const char *def_expire);
u32 ask_expiredate(void);
unsigned int ask_key_flags (int algo, int subkey, unsigned int current);
-void quick_generate_keypair (ctrl_t ctrl, const char *uid);
+void quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
+ const char *usagestr, const char *expirestr);
void generate_keypair (ctrl_t ctrl, int full, const char *fname,
const char *card_serialno, int card_backup_key);
int keygen_set_std_prefs (const char *string,int personal);
commit dcc4cd83821667be22e502af86139bb4bd41bdf7
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jun 2 17:01:54 2016 +0200
gpg: Improve the new parse_subkey_algostr_usagestr fucntion.
* g10/keygen.c (parse_usagestr): Allow "cert".
(generate_subkeypair): Factor expire parsing out to ...
(parse_subkey_algostr_usagestr): here. Rename to ...
(parse_algo_usage_expire): this. Add arg 'for_subkey'. Set CERT for
primary key and check that it is not set for subkeys.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/keygen.c b/g10/keygen.c
index 2ef80a7..69b6a0d 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -51,6 +51,7 @@
is inside the bounds enforced by ask_keysize and gen_xxx. */
#define DEFAULT_STD_ALGO PUBKEY_ALGO_RSA
#define DEFAULT_STD_KEYSIZE 2048
+#define DEFAULT_STD_KEYUSE (PUBKEY_USAGE_CERT|PUBKEY_USAGE_SIG)
#define DEFAULT_STD_CURVE NULL
#define DEFAULT_STD_SUBALGO PUBKEY_ALGO_RSA
#define DEFAULT_STD_SUBKEYSIZE 2048
@@ -2937,6 +2938,8 @@ parse_usagestr (const char *usagestr)
use |= PUBKEY_USAGE_ENC;
else if (!ascii_strcasecmp (s, "auth"))
use |= PUBKEY_USAGE_AUTH;
+ else if (!ascii_strcasecmp (s, "cert"))
+ use |= PUBKEY_USAGE_CERT;
else
{
xfree (tokens);
@@ -4316,13 +4319,15 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
gpg_error_t
-parse_subkey_algostr_usagestr (ctrl_t ctrl, const char *algostr,
- const char *usagestr,
- int *r_algo, unsigned int *r_usage,
- unsigned int *r_nbits, char **r_curve)
+parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
+ const char *algostr, const char *usagestr,
+ const char *expirestr,
+ int *r_algo, unsigned int *r_usage, u32 *r_expire,
+ unsigned int *r_nbits, char **r_curve)
{
int algo;
unsigned int use, nbits;
+ u32 expire;
int wantuse;
unsigned int min, def, max;
const char *curve = NULL;
@@ -4348,7 +4353,7 @@ parse_subkey_algostr_usagestr (ctrl_t ctrl, const char *algostr,
else if (!strncmp (algostr, "rsa", 3))
{
algo = PUBKEY_ALGO_RSA;
- use = DEFAULT_STD_SUBKEYUSE;
+ use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE;
if (algostr[3])
nbits = atoi (algostr + 3);
}
@@ -4395,6 +4400,27 @@ parse_subkey_algostr_usagestr (ctrl_t ctrl, const char *algostr,
else
return gpg_error (GPG_ERR_INV_VALUE);
+ /* Make sure a primary key has the CERT usage. */
+ if (!for_subkey)
+ use |= PUBKEY_USAGE_CERT;
+
+ /* Check that usage is possible. */
+ if (/**/((use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT))
+ && !pubkey_get_nsig (algo))
+ || ((use & PUBKEY_USAGE_ENC)
+ && !pubkey_get_nenc (algo))
+ || (for_subkey && (use & PUBKEY_USAGE_CERT)))
+ return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+
+ /* Parse the expire string. */
+ if (!expirestr || !*expirestr || !strcmp (expirestr, "none")
+ || !strcmp (expirestr, "never") || !strcmp (expirestr, "-"))
+ expire = 0;
+ else
+ expire = parse_expire_string (expirestr);
+ if (expire == (u32)-1 )
+ return gpg_error (GPG_ERR_INV_VALUE);
+
/* Make sure the keysize is in the allowed range. */
get_keysize_range (algo, &min, &def, &max);
if (!nbits)
@@ -4414,6 +4440,7 @@ parse_subkey_algostr_usagestr (ctrl_t ctrl, const char *algostr,
}
*r_algo = algo;
*r_usage = use;
+ *r_expire = expire;
*r_nbits = nbits;
return 0;
}
@@ -4522,31 +4549,10 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
}
else /* Unattended mode. */
{
- err = parse_subkey_algostr_usagestr (ctrl, algostr, usagestr,
- &algo, &use, &nbits, &curve);
+ err = parse_algo_usage_expire (ctrl, 1, algostr, usagestr, expirestr,
+ &algo, &use, &expire, &nbits, &curve);
if (err)
goto leave;
-
- if (!expirestr || !*expirestr || !strcmp (expirestr, "none")
- || !strcmp (expirestr, "never") || !strcmp (expirestr, "-"))
- expire = 0;
- else
- expire = parse_expire_string (expirestr);
- if (expire == (u32)-1 )
- {
- err = gpg_error (GPG_ERR_INV_VALUE);
- goto leave;
- }
-
- /* Check that usage is possible. */
- if ( ((use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT))
- && !pubkey_get_nsig (algo))
- || ((use & PUBKEY_USAGE_ENC)
- && !pubkey_get_nenc (algo)))
- {
- err = gpg_error (GPG_ERR_WRONG_KEY_USAGE);
- goto leave;
- }
}
if (hexgrip)
-----------------------------------------------------------------------
Summary of changes:
doc/gpg.texi | 9 +++-
g10/gpg.c | 28 +++++++++---
g10/keygen.c | 136 ++++++++++++++++++++++++++++++++++++++++-------------------
g10/main.h | 3 +-
4 files changed, 126 insertions(+), 50 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list