[PATCH 6/8] g10: add openpgp_protected flag to agent secret key export functions

[Daniel Kahn Gillmor]

* g10/call-agent.c, g10/call-agent.h (agent_export_key): add
  openpgp_protected flag.
* g10/export.c (receive_seckey_from_agent): request openpgp_protected
  secret keys from agent.
---
 g10/call-agent.c | 15 +++++++++------
 g10/call-agent.h |  3 ++-
 g10/export.c     |  2 +-
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/g10/call-agent.c b/g10/call-agent.c
index ffe7a41..d628e48 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -2309,13 +2309,15 @@ agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr,
 
 /* Receive a secret key from the agent.  HEXKEYGRIP is the hexified
    keygrip, DESC a prompt to be displayed with the agent's passphrase
-   question (needs to be plus+percent escaped).  If CACHE_NONCE_ADDR
-   is not NULL the agent is advised to first try a passphrase
-   associated with that nonce.  On success the key is stored as a
-   canonical S-expression at R_RESULT and R_RESULTLEN.  */
+   question (needs to be plus+percent escaped).  if OPENPGP_PROTECTED
+   is not zero, ensure that the key material is returned in RFC
+   4880-compatible passphrased-protected form.  If CACHE_NONCE_ADDR is
+   not NULL the agent is advised to first try a passphrase associated
+   with that nonce.  On success the key is stored as a canonical
+   S-expression at R_RESULT and R_RESULTLEN.  */
 gpg_error_t
 agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
-                  char **cache_nonce_addr,
+                  int openpgp_protected, char **cache_nonce_addr,
                   unsigned char **r_result, size_t *r_resultlen)
 {
   gpg_error_t err;
@@ -2345,7 +2347,8 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
         return err;
     }
 
-  snprintf (line, DIM(line)-1, "EXPORT_KEY --openpgp %s%s %s",
+  snprintf (line, DIM(line)-1, "EXPORT_KEY %s%s%s %s",
+            openpgp_protected ? "--openpgp ":"",
             cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
             cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
             hexkeygrip);
diff --git a/g10/call-agent.h b/g10/call-agent.h
index e345bb3..3b96d4c 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -191,7 +191,8 @@ gpg_error_t agent_import_key (ctrl_t ctrl, const char *desc,
 
 /* Receive a key from the agent.  */
 gpg_error_t agent_export_key (ctrl_t ctrl, const char *keygrip,
-                              const char *desc, char **cache_nonce_addr,
+                              const char *desc, int openpgp_protected,
+                              char **cache_nonce_addr,
                               unsigned char **r_result, size_t *r_resultlen);
 
 /* Delete a key from the agent.  */
diff --git a/g10/export.c b/g10/export.c
index ffa7240..695bbef 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -1061,7 +1061,7 @@ receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
     log_info ("key %s: asking agent for the secret parts\n", hexgrip);
 
   prompt = gpg_format_keydesc (pk, FORMAT_KEYDESC_EXPORT,1);
-  err = agent_export_key (ctrl, hexgrip, prompt, cache_nonce_addr,
+  err = agent_export_key (ctrl, hexgrip, prompt, 1, cache_nonce_addr,
                           &wrappedkey, &wrappedkeylen);
   xfree (prompt);
 
-- 
2.8.1