[PATCH v2 4/4] g10: export cleartext keys as cleartext
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jun 10 22:15:36 CEST 2016
* g10/export.c (do_export_stream): if a key is stored by the agent in
cleartext, then try to export it as cleartext.
* tests/openpgp/export.test: for secret keys that are stored in
cleartext, test should try to export without pinentry interaction.
This restores the behavior of GnuPG 2.0 and 1.4 when exporting
passphraseless secret keys, and fixes the test suite accordingly.
--
GnuPG-bug-id: 2070, 2324
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
---
g10/export.c | 5 +++--
tests/openpgp/export.test | 28 ++++------------------------
2 files changed, 7 insertions(+), 26 deletions(-)
diff --git a/g10/export.c b/g10/export.c
index 25a3319..870cb45 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -1141,6 +1141,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
gcry_cipher_hd_t cipherhd = NULL;
char *cache_nonce = NULL;
struct export_stats_s dummystats;
+ int cleartext = 0;
if (!stats)
stats = &dummystats;
@@ -1445,7 +1446,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
serialno = NULL;
}
else
- err = agent_get_keyinfo (ctrl, hexgrip, &serialno, NULL);
+ err = agent_get_keyinfo (ctrl, hexgrip, &serialno, &cleartext);
if ((!err && serialno)
&& secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY)
@@ -1494,7 +1495,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
else if (!err)
{
err = receive_seckey_from_agent (ctrl, cipherhd,
- 0, &cache_nonce,
+ cleartext, &cache_nonce,
hexgrip, pk);
if (err)
{
diff --git a/tests/openpgp/export.test b/tests/openpgp/export.test
index e0fe926..3d0dc3f 100755
--- a/tests/openpgp/export.test
+++ b/tests/openpgp/export.test
@@ -61,8 +61,6 @@ assert_passphrases_consumed()
rm -f -- $logfile
}
-# XXX: Currently, gpg does not allow one to export private keys
-# without a passphrase (issue2070, issue2324).
export PINENTRY_USER_DATA="--logfile=$logfile --passphrasefile=$ppfile"
info "Checking key export."
@@ -78,23 +76,13 @@ do
check_armored_public_key $KEY.public
rm $KEY.public
+ # test without --armor:
+
if [ $KEY = D74C5F22 ]; then
# Key D74C5F22 is protected by a passphrase. Prepare this
# one. Currently, GnuPG does not ask for an export passphrase
# in this case.
prepare_passphrase "$usrpass1"
- else
- # We use a weak passphrase which we'll have to confirm.
- prepare_passphrase "export passphrase"
- prepare_passphrase_confirm
- prepare_passphrase "export passphrase"
-
- # Key C40FDECF has a subkey.
- if [ $KEY = C40FDECF ]; then
- prepare_passphrase "export passphrase"
- prepare_passphrase_confirm
- prepare_passphrase "export passphrase"
- fi
fi
$GPG --export-secret-keys $KEY >$KEY.private
@@ -103,21 +91,13 @@ do
assert_passphrases_consumed
+ # test with --armor:
+
if [ $KEY = D74C5F22 ]; then
# Key D74C5F22 is protected by a passphrase. Prepare this
# one. Currently, GnuPG does not ask for an export passphrase
# in this case.
prepare_passphrase "$usrpass1"
- else
- # We use a stronger passphrase here.
- prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
- prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
-
- # Key C40FDECF has a subkey.
- if [ $KEY = C40FDECF ]; then
- prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
- prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
- fi
fi
$GPG --armor --export-secret-keys $KEY >$KEY.private
--
2.8.1
More information about the Gnupg-devel
mailing list