[PATCH 01/13] gpg: Print a warning if the subkey expiration may not be what you want.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Feb 22 05:10:25 CET 2015
From: Werner Koch <wk at gnupg.org>
* g10/keyedit.c (subkey_expire_warning): New.
keyedit_menu): Call it when needed.
--
GnuPG-bug-id: 1715
The heuristic to detect a problem is not very advanced but it should
catch the most common cases.
(backported from commit ae3d1bbb65b65cf3c57bb14886be120f5e31635d)
[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
---
g10/keyedit.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 58 insertions(+)
diff --git a/g10/keyedit.c b/g10/keyedit.c
index afc5ff4..95be10e 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -51,6 +51,7 @@ static void show_names(KBNODE keyblock,PKT_public_key *pk,
static void show_key_with_all_names( KBNODE keyblock, int only_marked,
int with_revoker, int with_fpr, int with_subkeys, int with_prefs );
static void show_key_and_fingerprint( KBNODE keyblock );
+static void subkey_expire_warning (kbnode_t keyblock);
static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock,
int photo, const char *photo_name );
static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
@@ -1506,6 +1507,7 @@ keyedit_menu( const char *username, STRLIST locusr,
int redisplay = 1;
int modified = 0;
int sec_modified = 0;
+ int run_subkey_warnings = 0;
int toggle;
int have_commands = !!commands;
@@ -1604,6 +1606,14 @@ keyedit_menu( const char *username, STRLIST locusr,
tty_printf("\n");
redisplay = 0;
}
+
+ if (run_subkey_warnings)
+ {
+ run_subkey_warnings = 0;
+ if (!count_selected_keys (keyblock))
+ subkey_expire_warning (keyblock);
+ }
+
do {
xfree(answer);
if( have_commands ) {
@@ -2053,6 +2063,7 @@ keyedit_menu( const char *username, STRLIST locusr,
{
merge_keys_and_selfsig( sec_keyblock );
merge_keys_and_selfsig( keyblock );
+ run_subkey_warnings = 1;
sec_modified = 1;
modified = 1;
redisplay = 1;
@@ -2952,6 +2963,53 @@ no_primary_warning(KBNODE keyblock)
" the assumed primary.\n"));
}
+
+/* Print a warning if the latest encryption subkey expires soon. This
+ function is called after the expire data of the primary key has
+ been changed. */
+static void
+subkey_expire_warning (kbnode_t keyblock)
+{
+ u32 curtime = make_timestamp ();
+ kbnode_t node;
+ PKT_public_key *pk;
+ /* u32 mainexpire = 0; */
+ u32 subexpire = 0;
+ u32 latest_date = 0;
+
+ for (node = keyblock; node; node = node->next)
+ {
+ if (node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
+ continue;
+ pk = node->pkt->pkt.public_key;
+
+ if (!pk->is_valid)
+ continue;
+ if (pk->is_revoked)
+ continue;
+ if (pk->timestamp > curtime)
+ continue; /* Ignore future keys. */
+ if (!(pk->pubkey_usage & PUBKEY_USAGE_ENC))
+ continue; /* Not an encryption key. */
+
+ if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date))
+ {
+ latest_date = pk->timestamp;
+ subexpire = pk->expiredate;
+ }
+ }
+
+ if (!subexpire)
+ return; /* No valid subkey with an expiration time. */
+
+ if (curtime + (10*86400) > subexpire)
+ {
+ log_info (_("WARNING: Your encryption subkey expires soon.\n"));
+ log_info (_("You may want to change its expiration date too.\n"));
+ }
+}
+
+
/****************
* Ask for a new user id, do the selfsignature and put it into
* both keyblocks.
--
2.1.4
More information about the Gnupg-devel
mailing list