summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2015-01-21 12:42:14 +0100
committerWerner Koch <wk@gnupg.org>2015-01-21 12:45:22 +0100
commit4d7c9b0e9aceedd924d600978bc1b6cae7d5c456 (patch)
treeb3509fcc8e65f63e68cf8dfb3f91cd1bcfefec8b
parentgpg: Re-enable the "Passphrase" parameter for batch key generation. (diff)
downloadgnupg2-4d7c9b0e9aceedd924d600978bc1b6cae7d5c456.tar.xz
gnupg2-4d7c9b0e9aceedd924d600978bc1b6cae7d5c456.zip
gpg: Support --passphrase with --quick-gen-key.
* g10/keygen.c: Include shareddefs.h. (quick_generate_keypair): Support static passphrase. (get_parameter_passphrase): New. (do_generate_keypair): Use it. Signed-off-by: Werner Koch <wk@gnupg.org>
-rw-r--r--NEWS3
-rw-r--r--doc/gpg.texi8
-rw-r--r--g10/keygen.c32
3 files changed, 41 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index 6f171aa8b..dbeec3d6c 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@ Noteworthy changes in version 2.1.2 (unreleased)
* gpg: The parameter 'Passphrase' for batch key generation works
again.
+ * gpg: Using a passphrase option in batch mode now has the expected
+ effect on --quick-gen-key.
+
Noteworthy changes in version 2.1.1 (2014-12-16)
------------------------------------------------
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 6921fd998..429cc5be2 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -571,6 +571,14 @@ If invoked directly on the console without any special options an
answer to a ``Continue?'' style confirmation prompt is required. In
case the user id already exists in the key ring a second prompt to
force the creation of the key will show up.
+
+If this command is used with @option{--batch},
+@option{--pinentry-mode} has been set to @code{loopback}, and one of
+the passphrase options (@option{--passphrase},
+@option{--passphrase-fd}, or @option{passphrase-file}) is used, the
+supplied passphrase is used for the new key and the agent does not ask
+for it. To create a key without any protection @code{--passphrase ''}
+may be used.
@end ifset
@item --gen-key
diff --git a/g10/keygen.c b/g10/keygen.c
index a3dbed8db..de45d2fa9 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -42,6 +42,7 @@
#include "keyserver-internal.h"
#include "call-agent.h"
#include "pkglue.h"
+#include "../common/shareddefs.h"
/* The default algorithms. If you change them remember to change them
also in gpg.c:gpgconf_list. You should also check that the value
@@ -2816,6 +2817,18 @@ get_parameter_value( struct para_data_s *para, enum para_name key )
return (r && *r->u.value)? r->u.value : NULL;
}
+
+/* This is similar to get_parameter_value but also returns the empty
+ string. This is required so that quick_generate_keypair can use an
+ empty Passphrase to specify no-protection. */
+static const char *
+get_parameter_passphrase (struct para_data_s *para)
+{
+ struct para_data_s *r = get_parameter (para, pPASSPHRASE);
+ return r->u.value;
+}
+
+
static int
get_parameter_algo( struct para_data_s *para, enum para_name key,
int *r_default)
@@ -3496,6 +3509,21 @@ quick_generate_keypair (const char *uid)
DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
DEFAULT_STD_SUBCURVE);
+ /* If the pinentry loopback mode is not and we have a static
+ passphrase (i.e. set with --passphrase{,-fd,-file} while in batch
+ mode), we use that passphrase for the new key. */
+ if (opt.pinentry_mode != PINENTRY_MODE_LOOPBACK
+ && have_static_passphrase ())
+ {
+ const char *s = get_static_passphrase ();
+
+ r = xmalloc_clear (sizeof *r + strlen (s));
+ r->key = pPASSPHRASE;
+ strcpy (r->u.value, s);
+ r->next = para;
+ para = r;
+ }
+
proc_parameter_file (para, "[internal]", &outctrl, 0);
leave:
release_parameter_list (para);
@@ -3970,7 +3998,7 @@ do_generate_keypair (struct para_data_s *para,
timestamp,
get_parameter_u32( para, pKEYEXPIRE ), 0,
outctrl->keygen_flags,
- get_parameter_value (para, pPASSPHRASE),
+ get_parameter_passphrase (para),
&cache_nonce);
else
err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root,
@@ -4024,7 +4052,7 @@ do_generate_keypair (struct para_data_s *para,
timestamp,
get_parameter_u32 (para, pSUBKEYEXPIRE), 1,
outctrl->keygen_flags,
- get_parameter_value (para, pPASSPHRASE),
+ get_parameter_passphrase (para),
&cache_nonce);
/* Get the pointer to the generated public subkey packet. */
if (!err)