[git] GnuPG - branch, master, updated. gnupg-2.1.18-135-g22b69b9
by Werner Koch
cvs at cvs.gnupg.org
Thu Feb 23 20:17:54 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 22b69b9edfdf6e6172239cbd1075ffe29077d339 (commit)
via d30e17ac62dea8913b7f353971d546b6b1a09bd5 (commit)
via a2090250829fe8989be2afc8cf41ba2a022072fc (commit)
via effa80e0b5fd8cf9e31a984afe391c2406edee8b (commit)
from c2f02ea4ff1b74be66b4221e3ec83ab0351c2746 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 22b69b9edfdf6e6172239cbd1075ffe29077d339
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 23 20:14:16 2017 +0100
dirmngr: Add new debug flag "extprog"
* dirmngr/dirmngr.h (DBG_EXTPROG_VALUE, DBG_EXTPROG): New macros.
* dirmngr/dirmngr.c (debug_flags): Add flag "extprog".
(handle_connections): Use a macro instead of -1 for an invalid socket.
* dirmngr/loadswdb.c (verify_status_cb): Debug the gpgv call.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 6b4cbcf..c877a9b 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -267,6 +267,7 @@ static struct debug_flags_s debug_flags [] =
{ DBG_DNS_VALUE , "dns" },
{ DBG_NETWORK_VALUE, "network" },
{ DBG_LOOKUP_VALUE , "lookup" },
+ { DBG_EXTPROG_VALUE, "extprog" },
{ 77, NULL } /* 77 := Do not exit on "help" or "?". */
};
@@ -2215,7 +2216,7 @@ handle_connections (assuan_fd_t listen_fd)
close (my_inotify_fd);
#endif /*HAVE_INOTIFY_INIT*/
npth_attr_destroy (&tattr);
- if (listen_fd != -1)
+ if (listen_fd != GNUPG_INVALID_FD)
assuan_sock_close (fd);
cleanup ();
log_info ("%s %s stopped\n", strusage(11), strusage(13));
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index b0b603f..b269865 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -144,6 +144,7 @@ struct
#define DBG_IPC_VALUE 1024 /* debug assuan communication */
#define DBG_NETWORK_VALUE 2048 /* debug network I/O. */
#define DBG_LOOKUP_VALUE 8192 /* debug lookup details */
+#define DBG_EXTPROG_VALUE 16384 /* debug external program calls */
#define DBG_X509 (opt.debug & DBG_X509_VALUE)
#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
@@ -154,6 +155,7 @@ struct
#define DBG_IPC (opt.debug & DBG_IPC_VALUE)
#define DBG_NETWORK (opt.debug & DBG_NETWORK_VALUE)
#define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE)
+#define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE)
/* A simple list of certificate references. FIXME: Better use
certlist_t also for references (Store NULL at .cert) */
diff --git a/dirmngr/http.c b/dirmngr/http.c
index e5e36b2..890f5f6 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -382,7 +382,7 @@ _my_socket_new (int lnr, assuan_fd_t fd)
so->refcount = 1;
if (opt_debug)
log_debug ("http.c:%d:socket_new: object %p for fd %d created\n",
- lnr, (int)so, so->fd);
+ lnr, so, so->fd);
return so;
}
#define my_socket_new(a) _my_socket_new (__LINE__, (a))
@@ -394,7 +394,7 @@ _my_socket_ref (int lnr, my_socket_t so)
so->refcount++;
if (opt_debug > 1)
log_debug ("http.c:%d:socket_ref: object %p for fd %d refcount now %d\n",
- lnr, (int)so, so->fd, so->refcount);
+ lnr, so, so->fd, so->refcount);
return so;
}
#define my_socket_ref(a) _my_socket_ref (__LINE__,(a))
@@ -412,7 +412,7 @@ _my_socket_unref (int lnr, my_socket_t so,
so->refcount--;
if (opt_debug > 1)
log_debug ("http.c:%d:socket_unref: object %p for fd %d ref now %d\n",
- lnr, (int)so, so->fd, so->refcount);
+ lnr, so, so->fd, so->refcount);
if (!so->refcount)
{
diff --git a/dirmngr/loadswdb.c b/dirmngr/loadswdb.c
index 2d6bdc1..5a7778d 100644
--- a/dirmngr/loadswdb.c
+++ b/dirmngr/loadswdb.c
@@ -191,6 +191,9 @@ verify_status_cb (void *opaque, const char *keyword, char *args)
{
struct verify_status_parm_s *parm = opaque;
+ if (DBG_EXTPROG)
+ log_debug ("gpgv status: %s %s\n", keyword, args);
+
/* We care only about the first valid signature. */
if (!strcmp (keyword, "VALIDSIG") && !parm->anyvalid)
{
@@ -302,12 +305,16 @@ dirmngr_load_swdb (ctrl_t ctrl, int force)
goto leave;
}
+ if (DBG_EXTPROG)
+ log_debug ("starting gpgv\n");
err = gnupg_exec_tool_stream (gnupg_module_name (GNUPG_MODULE_NAME_GPGV),
argv, swdb, swdb_sig, NULL,
verify_status_cb, &verify_status_parm);
if (!err && verify_status_parm.sigtime == (time_t)(-1))
err = gpg_error (verify_status_parm.anyvalid? GPG_ERR_BAD_SIGNATURE
/**/ : GPG_ERR_INV_TIME );
+ if (DBG_EXTPROG)
+ log_debug ("gpgv finished: err=%d\n", err);
if (err)
goto leave;
commit d30e17ac62dea8913b7f353971d546b6b1a09bd5
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 23 20:10:59 2017 +0100
wks: Make sure that the draft 2 request is correctly detected.
* tools/gpg-wks.h (WKS_DRAFT_VERSION): New.
* tools/wks-receive.c (new_part): Move test wks draft version to ...
(t2body): new callback.
(wks_receive): Register this callback.
* tools/gpg-wks-server.c (send_confirmation_request): Emit draft
version header.
(send_congratulation_message): Ditto.
* tools/gpg-wks-client.c (decrypt_stream_parm_s): New.
(decrypt_stream_status_cb): Check DECRYTPION_KEY status.
(decrypt_stream): Get infor from new callback.
(process_confirmation_request): New arg 'mainfpr'. Check that it
matches the decryption key.
(read_confirmation_request): Check that the decryption key has been
generated by us.
(command_send): Use macro from draft version header.
(send_confirmation_response): Emit draft version header.
--
This patch also adds a check to only send a confirmation when the
decryption has been done by an ultimately trusted (self-generated)
key.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c
index fa19fc1..c31e3a1 100644
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@@ -373,6 +373,7 @@ get_key (estream_t *r_key, const char *fingerprint, const char *addrspec)
log_error ("error allocating memory buffer: %s\n", gpg_strerror (err));
goto leave;
}
+
/* Prefix the key with the MIME content type. */
es_fputs ("Content-Type: application/pgp-keys\n"
"\n", key);
@@ -437,20 +438,38 @@ get_key (estream_t *r_key, const char *fingerprint, const char *addrspec)
+struct decrypt_stream_parm_s
+{
+ char *fpr;
+ char *mainfpr;
+ int otrust;
+};
+
static void
decrypt_stream_status_cb (void *opaque, const char *keyword, char *args)
{
- (void)opaque;
+ struct decrypt_stream_parm_s *decinfo = opaque;
if (DBG_CRYPTO)
log_debug ("gpg status: %s %s\n", keyword, args);
-}
+ if (!strcmp (keyword, "DECRYPTION_KEY") && !decinfo->fpr)
+ {
+ char *fields[3];
+ if (split_fields (args, fields, DIM (fields)) >= 3)
+ {
+ decinfo->fpr = xstrdup (fields[0]);
+ decinfo->mainfpr = xstrdup (fields[1]);
+ decinfo->otrust = *fields[2];
+ }
+ }
+}
/* Decrypt the INPUT stream to a new stream which is stored at success
* at R_OUTPUT. */
static gpg_error_t
-decrypt_stream (estream_t *r_output, estream_t input)
+decrypt_stream (estream_t *r_output, struct decrypt_stream_parm_s *decinfo,
+ estream_t input)
{
gpg_error_t err;
ccparray_t ccp;
@@ -458,6 +477,7 @@ decrypt_stream (estream_t *r_output, estream_t input)
estream_t output;
*r_output = NULL;
+ memset (decinfo, 0, sizeof *decinfo);
output = es_fopenmem (0, "w+b");
if (!output)
@@ -492,7 +512,9 @@ decrypt_stream (estream_t *r_output, estream_t input)
}
err = gnupg_exec_tool_stream (opt.gpg_program, argv, input,
NULL, output,
- decrypt_stream_status_cb, NULL);
+ decrypt_stream_status_cb, decinfo);
+ if (!err && (!decinfo->fpr || !decinfo->mainfpr || !decinfo->otrust))
+ err = gpg_error (GPG_ERR_INV_ENGINE);
if (err)
{
log_error ("decryption failed: %s\n", gpg_strerror (err));
@@ -506,6 +528,12 @@ decrypt_stream (estream_t *r_output, estream_t input)
output = NULL;
leave:
+ if (err)
+ {
+ xfree (decinfo->fpr);
+ xfree (decinfo->mainfpr);
+ memset (decinfo, 0, sizeof *decinfo);
+ }
es_fclose (output);
xfree (argv);
return err;
@@ -749,8 +777,9 @@ command_send (const char *fingerprint, char *userid)
if (err)
goto leave;
- /* Tell server that we support draft version 3. */
- err = mime_maker_add_header (mime, "Wks-Draft-Version", "3");
+ /* Tell server which draft we support. */
+ err = mime_maker_add_header (mime, "Wks-Draft-Version",
+ STR2(WKS_DRAFT_VERSION));
if (err)
goto leave;
@@ -948,6 +977,10 @@ send_confirmation_response (const char *sender, const char *address,
err = mime_maker_add_header (mime, "Subject", "Key publication confirmation");
if (err)
goto leave;
+ err = mime_maker_add_header (mime, "Wks-Draft-Version",
+ STR2(WKS_DRAFT_VERSION));
+ if (err)
+ goto leave;
if (encrypt)
{
@@ -998,9 +1031,11 @@ send_confirmation_response (const char *sender, const char *address,
/* Reply to a confirmation request. The MSG has already been
- * decrypted and we only need to send the nonce back. */
+ * decrypted and we only need to send the nonce back. MAINFPR is
+ * either NULL or the primary key fingerprint of the key used to
+ * decrypt the request. */
static gpg_error_t
-process_confirmation_request (estream_t msg)
+process_confirmation_request (estream_t msg, const char *mainfpr)
{
gpg_error_t err;
nvc_t nvc;
@@ -1044,8 +1079,20 @@ process_confirmation_request (estream_t msg)
}
fingerprint = value;
- /* FIXME: Check that the fingerprint matches the key used to decrypt the
- * message. */
+ /* Check that the fingerprint matches the key used to decrypt the
+ * message. In --read mode or with the old format we don't have the
+ * decryption key; thus we can't bail out. */
+ if (!mainfpr || ascii_strcasecmp (mainfpr, fingerprint))
+ {
+ log_info ("target fingerprint: %s\n", fingerprint);
+ log_info ("but decrypted with: %s\n", mainfpr);
+ log_error ("confirmation request not decrypted with target key\n");
+ if (mainfpr)
+ {
+ err = gpg_error (GPG_ERR_INV_DATA);
+ goto leave;
+ }
+ }
/* Get the address. */
if (!((item = nvc_lookup (nvc, "address:")) && (value = nve_value (item))
@@ -1058,10 +1105,7 @@ process_confirmation_request (estream_t msg)
}
address = value;
/* FIXME: Check that the "address" matches the User ID we want to
- * publish. Also get the "fingerprint" and compare that to our to
- * be published key. Further we should make sure that we actually
- * decrypted using that fingerprint (which is a bit problematic if
- * --read is used). */
+ * publish. */
/* Get the sender. */
if (!((item = nvc_lookup (nvc, "sender:")) && (value = nve_value (item))
@@ -1130,14 +1174,24 @@ read_confirmation_request (estream_t msg)
}
if (c != '-')
- err = process_confirmation_request (msg);
+ err = process_confirmation_request (msg, NULL);
else
{
- err = decrypt_stream (&plaintext, msg);
+ struct decrypt_stream_parm_s decinfo;
+
+ err = decrypt_stream (&plaintext, &decinfo, msg);
if (err)
log_error ("decryption failed: %s\n", gpg_strerror (err));
+ else if (decinfo.otrust != 'u')
+ {
+ err = gpg_error (GPG_ERR_WRONG_SECKEY);
+ log_error ("key used to decrypt the confirmation request"
+ " was not generated by us\n");
+ }
else
- err = process_confirmation_request (plaintext);
+ err = process_confirmation_request (plaintext, decinfo.mainfpr);
+ xfree (decinfo.fpr);
+ xfree (decinfo.mainfpr);
}
es_fclose (plaintext);
diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c
index c17c1cf..0376cce 100644
--- a/tools/gpg-wks-server.c
+++ b/tools/gpg-wks-server.c
@@ -916,7 +916,12 @@ send_confirmation_request (server_ctx_t ctx,
if (err)
goto leave;
- /* Help Enigmail to identify messages. Note that this is on no way
+ err = mime_maker_add_header (mime, "Wks-Draft-Version",
+ STR2(WKS_DRAFT_VERSION));
+ if (err)
+ goto leave;
+
+ /* Help Enigmail to identify messages. Note that this is in no way
* secured. */
err = mime_maker_add_header (mime, "WKS-Phase", "confirm");
if (err)
@@ -1015,7 +1020,7 @@ send_confirmation_request (server_ctx_t ctx,
if (err)
goto leave;
- mime_maker_dump_tree (mime);
+ /* mime_maker_dump_tree (mime); */
err = mime_maker_get_part (mime, partid, &signeddata);
if (err)
goto leave;
@@ -1213,6 +1218,10 @@ send_congratulation_message (const char *mbox, const char *keyfile)
err = mime_maker_add_header (mime, "Subject", "Your key has been published");
if (err)
goto leave;
+ err = mime_maker_add_header (mime, "Wks-Draft-Version",
+ STR2(WKS_DRAFT_VERSION));
+ if (err)
+ goto leave;
err = mime_maker_add_header (mime, "WKS-Phase", "done");
if (err)
goto leave;
diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h
index 62ceb34..3b28af4 100644
--- a/tools/gpg-wks.h
+++ b/tools/gpg-wks.h
@@ -24,6 +24,10 @@
#include "../common/strlist.h"
#include "mime-maker.h"
+/* The draft version we implement. */
+#define WKS_DRAFT_VERSION 3
+
+
/* We keep all global options in the structure OPT. */
struct
{
diff --git a/tools/wks-receive.c b/tools/wks-receive.c
index 12ec089..94f8bc6 100644
--- a/tools/wks-receive.c
+++ b/tools/wks-receive.c
@@ -255,6 +255,38 @@ collect_signature (void *cookie, const char *data)
}
+/* The callback for the transition from header to body. We use it to
+ * look at some header values. */
+static gpg_error_t
+t2body (void *cookie, int level)
+{
+ receive_ctx_t ctx = cookie;
+ rfc822parse_t msg;
+ char *value;
+ size_t valueoff;
+
+ log_info ("t2body for level %d\n", level);
+ if (!level)
+ {
+ /* This is the outermost header. */
+ msg = mime_parser_rfc822parser (ctx->parser);
+ if (msg)
+ {
+ value = rfc822parse_get_field (msg, "Wks-Draft-Version",
+ -1, &valueoff);
+ if (value)
+ {
+ if (atoi(value+valueoff) >= 2 )
+ ctx->draft_version_2 = 1;
+ free (value);
+ }
+ }
+ }
+
+ return 0;
+}
+
+
static gpg_error_t
new_part (void *cookie, const char *mediatype, const char *mediasubtype)
{
@@ -275,22 +307,6 @@ new_part (void *cookie, const char *mediatype, const char *mediasubtype)
}
else
{
- rfc822parse_t msg = mime_parser_rfc822parser (ctx->parser);
- if (msg)
- {
- char *value;
- size_t valueoff;
-
- value = rfc822parse_get_field (msg, "Wks-Draft-Version",
- -1, &valueoff);
- if (value)
- {
- if (atoi(value+valueoff) >= 2 )
- ctx->draft_version_2 = 1;
- free (value);
- }
- }
-
ctx->key_data = es_fopenmem (0, "w+b");
if (!ctx->key_data)
{
@@ -413,6 +429,7 @@ wks_receive (estream_t fp,
goto leave;
if (DBG_PARSER)
mime_parser_set_verbose (parser, 1);
+ mime_parser_set_t2body (parser, t2body);
mime_parser_set_new_part (parser, new_part);
mime_parser_set_part_data (parser, part_data);
mime_parser_set_collect_encrypted (parser, collect_encrypted);
commit a2090250829fe8989be2afc8cf41ba2a022072fc
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 23 20:01:30 2017 +0100
wks: New callback for the mime parser.
* tools/mime-parser.c (mime_parser_context_s): New field 't2body'.
(parse_message_cb): Call that callback.
(mime_parser_set_t2body): New.
--
This callback allows to process header values even on the outer level.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/tools/mime-parser.c b/tools/mime-parser.c
index 264353c..169ea2b 100644
--- a/tools/mime-parser.c
+++ b/tools/mime-parser.c
@@ -49,6 +49,9 @@ struct mime_parser_context_s
{
void *cookie; /* Cookie passed to all callbacks. */
+ /* The callback to announce the transation from header to body. */
+ gpg_error_t (*t2body) (void *cookie, int level);
+
/* The callback to announce a new part. */
gpg_error_t (*new_part) (void *cookie,
const char *mediatype,
@@ -224,6 +227,14 @@ parse_message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg)
ctx->want_part = 0;
ctx->decode_part = 0;
+
+ if (ctx->t2body)
+ {
+ rc = ctx->t2body (ctx->cookie, ctx->nesting_level);
+ if (rc)
+ goto t2body_leave;
+ }
+
field = rfc822parse_parse_field (msg, "Content-Type", -1);
if (field)
{
@@ -412,6 +423,7 @@ parse_message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg)
}
}
+ t2body_leave:
ctx->show.header = 0;
ctx->show.data = 1;
ctx->show.n_skip = 1;
@@ -541,6 +553,19 @@ mime_parser_set_verbose (mime_parser_t ctx, int level)
}
+/* Set a callback for the transition from header to body. LEVEL is
+ * the current nesting level, starting with 0. This callback can be
+ * used to evaluate headers before any other action is done. Note
+ * that if a new NEW_PART callback needs to be called it is done after
+ * this T2BODY callback. */
+void
+mime_parser_set_t2body (mime_parser_t ctx,
+ gpg_error_t (*fnc) (void *cookie, int level))
+{
+ ctx->t2body = fnc;
+}
+
+
/* Set the callback used to announce a new part. It will be called
* with the media type and media subtype of the part. If no
* Content-type header was given both values are the empty string.
diff --git a/tools/mime-parser.h b/tools/mime-parser.h
index 37a74a1..b9bb465 100644
--- a/tools/mime-parser.h
+++ b/tools/mime-parser.h
@@ -27,6 +27,8 @@ gpg_error_t mime_parser_new (mime_parser_t *r_ctx, void *cookie);
void mime_parser_release (mime_parser_t ctx);
void mime_parser_set_verbose (mime_parser_t ctx, int level);
+void mime_parser_set_t2body (mime_parser_t ctx,
+ gpg_error_t (*fnc) (void *cookie, int level));
void mime_parser_set_new_part (mime_parser_t ctx,
gpg_error_t (*fnc) (void *cookie,
const char *mediatype,
commit effa80e0b5fd8cf9e31a984afe391c2406edee8b
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 23 19:59:21 2017 +0100
gpg: Emit new status DECRYPTION_KEY
* common/status.h (STATUS_DECRYPTION_KEY): New.
* g10/pubkey-enc.c (get_it): Emit that status.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/status.h b/common/status.h
index 3de4aa5..8831a0f 100644
--- a/common/status.h
+++ b/common/status.h
@@ -57,6 +57,7 @@ enum
STATUS_NO_PUBKEY,
STATUS_NO_SECKEY,
STATUS_NEED_PASSPHRASE_SYM,
+ STATUS_DECRYPTION_KEY,
STATUS_DECRYPTION_INFO,
STATUS_DECRYPTION_FAILED,
STATUS_DECRYPTION_OKAY,
diff --git a/doc/DETAILS b/doc/DETAILS
index d9b1fa6..8c11872 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -486,6 +486,12 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
*** END_DECRYPTION
Mark the end of the actual decryption process. This are also
emitted when in --list-only mode.
+*** DECRYPTION_KEY <fpr> <fpr2> <otrust>
+ This line is emitted when a public key decryption succeeded in
+ providing a session key. <fpr> is the hexified fingerprint of the
+ actual key used for descryption. <fpr2> is the fingerprint of the
+ primary key. <otrust> is the letter with the ownertrust; this is
+ in general a 'u' which stands for ultimately trusted.
*** DECRYPTION_INFO <mdc_method> <sym_algo>
Print information about the symmetric encryption algorithm and the
MDC method. This will be emitted even if the decryption fails.
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index de98d99..1772936 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -335,9 +335,11 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
if (DBG_CRYPTO)
log_printhex ("DEK is:", dek->key, dek->keylen);
- /* Check that the algo is in the preferences and whether it has expired. */
+ /* Check that the algo is in the preferences and whether it has
+ * expired. Also print a status line with the key's fingerprint. */
{
PKT_public_key *pk = NULL;
+ PKT_public_key *mainpk = NULL;
KBNODE pkb = get_pubkeyblock (keyid);
if (!pkb)
@@ -351,9 +353,11 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
&& !is_algo_in_prefs (pkb, PREFTYPE_SYM, dek->algo))
log_info (_("WARNING: cipher algorithm %s not found in recipient"
" preferences\n"), openpgp_cipher_algo_name (dek->algo));
+
if (!err)
{
- KBNODE k;
+ kbnode_t k;
+ int first = 1;
for (k = pkb; k; k = k->next)
{
@@ -361,8 +365,14 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
u32 aki[2];
- keyid_from_pk (k->pkt->pkt.public_key, aki);
+ if (first)
+ {
+ first = 0;
+ mainpk = k->pkt->pkt.public_key;
+ }
+
+ keyid_from_pk (k->pkt->pkt.public_key, aki);
if (aki[0] == keyid[0] && aki[1] == keyid[1])
{
pk = k->pkt->pkt.public_key;
@@ -386,6 +396,19 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
show_revocation_reason (pk, 1);
}
+ if (is_status_enabled () && pk && mainpk)
+ {
+ char pkhex[MAX_FINGERPRINT_LEN*2+1];
+ char mainpkhex[MAX_FINGERPRINT_LEN*2+1];
+
+ hexfingerprint (pk, pkhex, sizeof pkhex);
+ hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex);
+
+ write_status_printf (STATUS_DECRYPTION_KEY, "%s %s %c",
+ pkhex, mainpkhex, get_ownertrust_info (mainpk));
+
+ }
+
release_kbnode (pkb);
err = 0;
}
-----------------------------------------------------------------------
Summary of changes:
common/status.h | 1 +
dirmngr/dirmngr.c | 3 +-
dirmngr/dirmngr.h | 2 ++
dirmngr/http.c | 6 ++--
dirmngr/loadswdb.c | 7 ++++
doc/DETAILS | 6 ++++
g10/pubkey-enc.c | 29 +++++++++++++++--
tools/gpg-wks-client.c | 88 ++++++++++++++++++++++++++++++++++++++++----------
tools/gpg-wks-server.c | 13 ++++++--
tools/gpg-wks.h | 4 +++
tools/mime-parser.c | 25 ++++++++++++++
tools/mime-parser.h | 2 ++
tools/wks-receive.c | 49 +++++++++++++++++++---------
13 files changed, 193 insertions(+), 42 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list