[git] GnuPG - branch, master, updated. gnupg-2.1.12-5-gac9ff64

by Werner Koch cvs at cvs.gnupg.org
Tue May 10 11:21:26 CEST 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  ac9ff644b12c4dfa55d466af8ae6af54d1646893 (commit)
      from  693838f0125d5d0c963fa3771b1bd117702af697 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ac9ff644b12c4dfa55d466af8ae6af54d1646893
Author: Werner Koch <wk at gnupg.org>
Date:   Tue May 10 11:01:42 2016 +0200

    gpg: Allow unattended deletion of secret keys.
    
    * agent/command.c (cmd_delete_key): Make the --force option depend on
    --disallow-loopback-passphrase.
    * g10/call-agent.c (agent_delete_key): Add arg FORCE.
    * g10/delkey.c (do_delete_key): Pass opt.answer_yes to
    agent_delete_key.
    --
    
    Unless the agent has been configured with
    --disallow-loopback-passpharse an unattended deletion of a secret key
    is now possible with gpg by using --batch _and_ --yes.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/agent/command.c b/agent/command.c
index c94fdd3..dfbb831 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -2333,8 +2333,9 @@ cmd_export_key (assuan_context_t ctx, char *line)
 static const char hlp_delete_key[] =
   "DELETE_KEY [--force] <hexstring_with_keygrip>\n"
   "\n"
-  "Delete a secret key from the key store.\n"
-  "Unless --force is used the agent asks the user for confirmation.\n";
+  "Delete a secret key from the key store.  If --force is used\n"
+  "and a loopback pinentry is allowed, the agent will not ask\n"
+  "the user for confirmation.";
 static gpg_error_t
 cmd_delete_key (assuan_context_t ctx, char *line)
 {
@@ -2349,6 +2350,11 @@ cmd_delete_key (assuan_context_t ctx, char *line)
   force = has_option (line, "--force");
   line = skip_options (line);
 
+  /* If the use of a loopback pinentry has been disabled, we assume
+   * that a silent deletion of keys shall also not be allowed.  */
+  if (!opt.allow_loopback_pinentry)
+    force = 0;
+
   err = parse_keygrip (ctx, line, grip);
   if (err)
     goto leave;
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 2989d3b..b45874d 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -337,6 +337,10 @@ internal cache of @command{gpg-agent} with passphrases.
 Disallow or allow clients to use the loopback pinentry features; see
 the option @option{pinentry-mode} for details.  Allow is the default.
 
+The @option{--force} option of the Assuan command @command{DELETE_KEY}
+is also controlled by this option: The option is ignored if a loopback
+pinentry is disallowed.
+
 @item --no-allow-external-cache
 @opindex no-allow-external-cache
 Tell Pinentry not to enable features which use an external cache for
@@ -820,8 +824,17 @@ fi
 @section Agent's Assuan Protocol
 
 Note: this section does only document the protocol, which is used by
-GnuPG components; it does not deal with the ssh-agent protocol.
+GnuPG components; it does not deal with the ssh-agent protocol.  To
+see the full specification of each command, use
+
+ at example
+  gpg-connect-agent 'help COMMAND' /bye
+ at end example
 
+ at noindent
+or just 'help' to list all available commands.
+
+ at noindent
 The @command{gpg-agent} daemon is started on demand by the GnuPG
 components.
 
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 3cad361..a09e610 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -376,13 +376,20 @@ safeguard against accidental deletion of multiple keys.
 
 @item --delete-secret-keys @code{name}
 @opindex delete-secret-keys
-Remove key from the secret keyring. In batch mode the key
-must be specified by fingerprint.
+gRemove key from the secret keyring. In batch mode the key must be
+specified by fingerprint.  The option @option{--yes} can be used to
+advice gpg-agent not to request a confirmation.  This extra
+pre-caution is done because @command{gpg} can't be sure that the
+secret key (as controlled by gpg-agent) is only used for the given
+OpenPGP public key.
+
 
 @item --delete-secret-and-public-key @code{name}
 @opindex delete-secret-and-public-key
 Same as @option{--delete-key}, but if a secret key exists, it will be
 removed first. In batch mode the key must be specified by fingerprint.
+The option @option{--yes} can be used to advice gpg-agent not to
+request a confirmation.
 
 @item --export
 @opindex export
diff --git a/g10/call-agent.c b/g10/call-agent.c
index c5bd694..d8c6ded 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -2349,9 +2349,11 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
 

 /* Ask the agent to delete the key identified by HEXKEYGRIP.  If DESC
    is not NULL, display DESC instead of the default description
-   message.  */
+   message.  If FORCE is true the agent is advised not to ask for
+   confirmation. */
 gpg_error_t
-agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
+agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
+                  int force)
 {
   gpg_error_t err;
   char line[ASSUAN_LINELENGTH];
@@ -2376,7 +2378,8 @@ agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
         return err;
     }
 
-  snprintf (line, DIM(line)-1, "DELETE_KEY %s", hexkeygrip);
+  snprintf (line, DIM(line)-1, "DELETE_KEY%s %s",
+            force? " --force":"", hexkeygrip);
   err = assuan_transact (agent_ctx, line, NULL, NULL,
                          default_inq_cb, &dfltparm,
                          NULL, NULL);
diff --git a/g10/call-agent.h b/g10/call-agent.h
index 208b75b..06a19d4 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -196,7 +196,7 @@ gpg_error_t agent_export_key (ctrl_t ctrl, const char *keygrip,
 
 /* Delete a key from the agent.  */
 gpg_error_t agent_delete_key (ctrl_t ctrl, const char *hexkeygrip,
-                              const char *desc);
+                              const char *desc, int force);
 
 /* Change the passphrase of a key.  */
 gpg_error_t agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
diff --git a/g10/delkey.c b/g10/delkey.c
index f76277c..966c571 100644
--- a/g10/delkey.c
+++ b/g10/delkey.c
@@ -184,8 +184,14 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail )
               prompt = gpg_format_keydesc (node->pkt->pkt.public_key,
                                            FORMAT_KEYDESC_DELKEY, 1);
               err = hexkeygrip_from_pk (node->pkt->pkt.public_key, &hexgrip);
+              /* NB: We require --yes to advise the agent not to
+               * request a confirmation.  The rationale for this extra
+               * pre-caution is that since 2.1 the secret key may also
+               * be used for other protocols and thus deleting it from
+               * the gpg would also delete the key for other tools. */
               if (!err)
-                err = agent_delete_key (NULL, hexgrip, prompt);
+                err = agent_delete_key (NULL, hexgrip, prompt,
+                                        opt.answer_yes);
               xfree (prompt);
               xfree (hexgrip);
               if (err)

-----------------------------------------------------------------------

Summary of changes:
 agent/command.c    | 10 ++++++++--
 doc/gpg-agent.texi | 15 ++++++++++++++-
 doc/gpg.texi       | 11 +++++++++--
 g10/call-agent.c   |  9 ++++++---
 g10/call-agent.h   |  2 +-
 g10/delkey.c       |  8 +++++++-
 6 files changed, 45 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list