diff options
| author | Werner Koch <wk@gnupg.org> | 1998-05-29 13:53:54 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 1998-05-29 13:53:54 +0200 |
| commit | e284277f0490a4606b99f3de5fdc3053084b99dd (patch) | |
| tree | f9a5e6a69e82a5efe339ccdaa09664fa0679b066 /g10 | |
| parent | add-key works (diff) | |
| download | gnupg2-e284277f0490a4606b99f3de5fdc3053084b99dd.tar.xz gnupg2-e284277f0490a4606b99f3de5fdc3053084b99dd.zip | |
*** empty log message ***V0-2-19
Diffstat (limited to '')
| -rw-r--r-- | g10/ChangeLog | 40 | ||||
| -rw-r--r-- | g10/Makefile.am | 3 | ||||
| -rw-r--r-- | g10/Makefile.in | 40 | ||||
| -rw-r--r-- | g10/OPTIONS | 14 | ||||
| -rw-r--r-- | g10/export.c | 2 | ||||
| -rw-r--r-- | g10/g10.c | 24 | ||||
| -rw-r--r-- | g10/getkey.c | 10 | ||||
| -rw-r--r-- | g10/keydb.h | 1 | ||||
| -rw-r--r-- | g10/keylist.c | 151 | ||||
| -rw-r--r-- | g10/main.h | 3 | ||||
| -rw-r--r-- | g10/mainproc.c | 229 | ||||
| -rw-r--r-- | g10/options.h | 2 | ||||
| -rw-r--r-- | g10/passphrase.c | 28 | ||||
| -rw-r--r-- | g10/pkclist.c | 4 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 9 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 3 | ||||
| -rw-r--r-- | g10/sig-check.c | 14 | ||||
| -rw-r--r-- | g10/status.c | 2 | ||||
| -rw-r--r-- | g10/status.h | 1 | ||||
| -rw-r--r-- | g10/trustdb.c | 23 | ||||
| -rw-r--r-- | g10/trustdb.h | 17 |
21 files changed, 463 insertions, 157 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index c320110c9..a3037a618 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,43 @@ +Fri May 29 10:00:28 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (query_trust_info): New. + * keylist.c (list_one): Add output of trust info + * mainproc (list_node): ditto. + * g10.c (main): full trustdb init if -with-colons and any of the + key list modes. + +Thu May 28 10:34:42 1998 Werner Koch (wk@isil.d.shuttle.de) + + * status.c (STATUS_RSA_OR_IDEA): New. + * sig-check.c (check_signature): Output special status message. + * pubkey-enc.c (get_session_key): Ditto. + + * mainproc.c (check_sig_and_print): Changed format of output. + * passpharse.c (passphrase_to_dek): Likewise. + +Wed May 27 13:46:48 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (aListSecretKeys): New option --list-secret-keys + * keylist.c (std_key_list): Renamed to public_key_list. + (secret_key_list): New + (list_one, list_all): Add support for secret keys. + * getkey.c (get_secret_keyring): New. + * mainproc.c (list_node): Add option --with-colons for secret keys + + * sig-check.c (check_key_signature): detection of selfsigs + * mainproc.c (list_node): fixed listing. + + * g10.c (aListSecretKeys): New option --always-trust + * pkclist.c (do_we_trust): Override per option added + + * status.c (write_status_text): Add a prefix to every output line. + +Wed May 27 07:49:21 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10 (--compress-keys): New. + * options.h (compress_keys): New. + * export.c (export_pubkeys): Only compresses with the new option. + Tue May 26 11:24:33 1998 Werner Koch (wk@isil.d.shuttle.de) * passphrase.c (get_last_passphrase): New diff --git a/g10/Makefile.am b/g10/Makefile.am index 52d590fad..fdf5f28b8 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -5,7 +5,8 @@ EXTRA_DIST = OPTIONS pubring.asc OMIT_DEPENDENCIES = zlib.h zconf.h needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -bin_PROGRAMS = gpg gpgm gpgd +noinst_PROGRAMS = gpgd +bin_PROGRAMS = gpg gpgm common_source = \ build-packet.c \ diff --git a/g10/Makefile.in b/g10/Makefile.in index d954b680c..91473ab37 100644 --- a/g10/Makefile.in +++ b/g10/Makefile.in @@ -97,7 +97,8 @@ EXTRA_DIST = OPTIONS pubring.asc OMIT_DEPENDENCIES = zlib.h zconf.h needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -bin_PROGRAMS = gpg gpgm gpgd +noinst_PROGRAMS = gpgd +bin_PROGRAMS = gpg gpgm common_source = \ build-packet.c \ @@ -166,7 +167,7 @@ gpgm_LDADD = g10maint.o $(LDADD) mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs CONFIG_HEADER = ../config.h CONFIG_CLEAN_FILES = -PROGRAMS = $(bin_PROGRAMS) +PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) DEFS = @DEFS@ -I. -I$(srcdir) -I.. @@ -267,6 +268,15 @@ uninstall-binPROGRAMS: rm -f $(bindir)/`echo $$p|sed '$(transform)'`; \ done +mostlyclean-noinstPROGRAMS: + +clean-noinstPROGRAMS: + -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS) + +distclean-noinstPROGRAMS: + +maintainer-clean-noinstPROGRAMS: + .s.o: $(COMPILE) -c $< @@ -398,25 +408,31 @@ distclean-generic: maintainer-clean-generic: -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) -mostlyclean: mostlyclean-binPROGRAMS mostlyclean-compile \ - mostlyclean-tags mostlyclean-depend mostlyclean-generic +mostlyclean: mostlyclean-binPROGRAMS mostlyclean-noinstPROGRAMS \ + mostlyclean-compile mostlyclean-tags mostlyclean-depend \ + mostlyclean-generic -clean: clean-binPROGRAMS clean-compile clean-tags clean-depend \ - clean-generic mostlyclean +clean: clean-binPROGRAMS clean-noinstPROGRAMS clean-compile clean-tags \ + clean-depend clean-generic mostlyclean -distclean: distclean-binPROGRAMS distclean-compile distclean-tags \ - distclean-depend distclean-generic clean +distclean: distclean-binPROGRAMS distclean-noinstPROGRAMS \ + distclean-compile distclean-tags distclean-depend \ + distclean-generic clean -rm -f config.status -maintainer-clean: maintainer-clean-binPROGRAMS maintainer-clean-compile \ - maintainer-clean-tags maintainer-clean-depend \ - maintainer-clean-generic distclean +maintainer-clean: maintainer-clean-binPROGRAMS \ + maintainer-clean-noinstPROGRAMS \ + maintainer-clean-compile maintainer-clean-tags \ + maintainer-clean-depend maintainer-clean-generic \ + distclean @echo "This command is intended for maintainers to use;" @echo "it deletes files that may require special tools to rebuild." .PHONY: default mostlyclean-binPROGRAMS distclean-binPROGRAMS \ clean-binPROGRAMS maintainer-clean-binPROGRAMS uninstall-binPROGRAMS \ -install-binPROGRAMS mostlyclean-compile distclean-compile clean-compile \ +install-binPROGRAMS mostlyclean-noinstPROGRAMS distclean-noinstPROGRAMS \ +clean-noinstPROGRAMS maintainer-clean-noinstPROGRAMS \ +mostlyclean-compile distclean-compile clean-compile \ maintainer-clean-compile tags mostlyclean-tags distclean-tags \ clean-tags maintainer-clean-tags distdir mostlyclean-depend \ distclean-depend clean-depend maintainer-clean-depend info dvi \ diff --git a/g10/OPTIONS b/g10/OPTIONS index b0512d508..2c2fce638 100644 --- a/g10/OPTIONS +++ b/g10/OPTIONS @@ -38,3 +38,17 @@ sign-key store # simply packs the input data into a rfc1991 packet format +list-secret-keys +# + + +#----------------------------------------------- +#--- options +#----------------------------------------------- + +compress-keys +# compress exported key, compress level is still set with "-z" and +# algorithm with --compress-algo" - Default is to not compress keys, as +# this is better for interoperability. + + diff --git a/g10/export.c b/g10/export.c index 87708f08d..c70af6cc8 100644 --- a/g10/export.c +++ b/g10/export.c @@ -67,7 +67,7 @@ export_pubkeys( STRLIST users ) afx.what = 1; iobuf_push_filter( out, armor_filter, &afx ); } - if( opt.compress ) + if( opt.compress_keys && opt.compress ) iobuf_push_filter( out, compress_filter, &zfx ); if( all ) { @@ -64,6 +64,7 @@ static ARGPARSE_OPTS opts[] = { { 552, "list-sigs", 0, N_("list keys and signatures")}, { 508, "check-sigs",0, N_("check key signatures")}, { 515, "fingerprint", 0, N_("list keys and fingerprints")}, + { 558, "list-secret-keys", 0, N_("list secret keys")}, #ifdef IS_G10 { 503, "gen-key", 0, N_("generate a new key pair")}, { 554, "add-key", 0, N_("add a subkey to a key pair")}, @@ -87,8 +88,8 @@ static ARGPARSE_OPTS opts[] = { { 301, NULL, 0, N_("@\nOptions:\n ") }, - #ifdef IS_G10 { 'a', "armor", 0, N_("create ascii armored output")}, + #ifdef IS_G10 { 'u', "local-user",2, N_("use this user-id to sign or decrypt")}, { 'r', "remote-user", 2, N_("use this user-id for encryption")}, { 'z', NULL, 1, N_("|N|set compress level N (0 disables)") }, @@ -159,6 +160,8 @@ static ARGPARSE_OPTS opts[] = { { 552, "list-sig", 0, "@" }, /* alias */ { 508, "check-sig",0, "@" }, /* alias */ { 553, "skip-verify",0, "@" }, + { 557, "compress-keys",0, "@"}, + { 559, "always-trust", 0, "@"}, {0} }; @@ -169,7 +172,7 @@ enum cmd_values { aNull = 0, aSym, aStore, aEncr, aKeygen, aSign, aSignEncr, aSignKey, aClearsign, aListPackets, aEditSig, aDeleteKey, aDeleteSecretKey, aKMode, aKModeC, aChangePass, aImport, aVerify, aDecrypt, aListKeys, - aListSigs, aKeyadd, + aListSigs, aKeyadd, aListSecretKeys, aExport, aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs, aListTrustDB, aListTrustPath, aDeArmor, aEnArmor, aGenRandom, aTest, aNOP }; @@ -474,8 +477,8 @@ main( int argc, char **argv ) &pargs, opts) ) { switch( pargs.r_opt ) { - #ifdef IS_G10 case 'a': opt.armor = 1; opt.no_armor=0; break; + #ifdef IS_G10 case 'b': detached_sig = 1; set_cmd( &cmd, aSign ); break; case 'c': set_cmd( &cmd, aSym); break; case 'd': set_cmd( &cmd, aDecrypt); break; @@ -580,6 +583,9 @@ main( int argc, char **argv ) case 553: opt.skip_verify=1; break; case 554: set_cmd( &cmd, aKeyadd); break; case 556: opt.def_compress_algo = pargs.r.ret_int; break; + case 557: opt.compress_keys = 1; break; + case 558: set_cmd( &cmd, aListSecretKeys); break; + case 559: opt.always_trust = 1; break; default : errors++; pargs.err = configfp? 1:2; break; } } @@ -668,7 +674,10 @@ main( int argc, char **argv ) break; case aKMode: case aListKeys: + case aListSecretKeys: case aCheckKeys: + if( opt.with_colons ) /* need this to list the trust */ + rc = init_trustdb(1, trustdb_name ); break; case aListTrustDB: rc = init_trustdb( argc? 1:0, trustdb_name ); break; default: rc = init_trustdb(1, trustdb_name ); break; @@ -796,12 +805,15 @@ main( int argc, char **argv ) case aListSigs: opt.list_sigs = 1; case aListKeys: - std_key_list( argc, argv ); + public_key_list( argc, argv ); + break; + case aListSecretKeys: + secret_key_list( argc, argv ); break; case aKMode: /* list keyring */ if( argc < 2 ) /* -kv [userid] */ - std_key_list( (argc && **argv)? 1:0, argv ); + public_key_list( (argc && **argv)? 1:0, argv ); else if( argc == 2 ) { /* -kv userid keyring */ if( access( argv[1], R_OK ) ) { log_error(_("can't open %s: %s\n"), @@ -811,7 +823,7 @@ main( int argc, char **argv ) /* add keyring (default keyrings are not registered in this * special case */ add_keyring( argv[1] ); - std_key_list( **argv?1:0, argv ); + public_key_list( **argv?1:0, argv ); } } else diff --git a/g10/getkey.c b/g10/getkey.c index 9591502e3..fb4a8492d 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -123,6 +123,16 @@ get_keyring( int sequence ) return sl? sl->d : NULL; } +const char * +get_secret_keyring( int sequence ) +{ + STRLIST sl; + + for(sl = secret_keyrings; sl && sequence; sl = sl->next, sequence-- ) + ; + return sl? sl->d : NULL; +} + void add_secret_keyring( const char *name ) diff --git a/g10/keydb.h b/g10/keydb.h index 3df11771e..1cd6457a3 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -104,6 +104,7 @@ char *get_last_passphrase(void); /*-- getkey.c --*/ void add_keyring( const char *name ); const char *get_keyring( int sequence ); +const char *get_secret_keyring( int sequence ); void add_secret_keyring( const char *name ); int get_pubkey( PKT_public_cert *pkc, u32 *keyid ); int get_pubkey_byname( PKT_public_cert *pkc, const char *name ); diff --git a/g10/keylist.c b/g10/keylist.c index ce4d65aa4..554fb1f9c 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -35,9 +35,9 @@ #include "main.h" #include "i18n.h" -static void list_all(void); -static void list_one(const char *name); -static void fingerprint( PKT_public_cert *pkc ); +static void list_all(int); +static void list_one(const char *name, int secret); +static void fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc ); /**************** @@ -45,25 +45,36 @@ static void fingerprint( PKT_public_cert *pkc ); * If NNAMES is 0; all available keys are listed */ void -std_key_list( int nnames, char **names ) +public_key_list( int nnames, char **names ) { if( !nnames ) - list_all(); + list_all(0); else { /* List by user id */ for( ; nnames ; nnames--, names++ ) - list_one( *names ); + list_one( *names, 0 ); + } +} + +void +secret_key_list( int nnames, char **names ) +{ + if( !nnames ) + list_all(1); + else { /* List by user id */ + for( ; nnames ; nnames--, names++ ) + list_one( *names, 1 ); } } static void -list_all() +list_all( int secret ) { int i, seq=0; const char *s; IOBUF a; - while( (s=get_keyring(seq++)) ) { + while( (s=secret? get_secret_keyring(seq++):get_keyring(seq++)) ) { if( !(a = iobuf_open(s)) ) { log_error(_("can't open %s: %s\n"), s, strerror(errno)); continue; @@ -80,9 +91,8 @@ list_all() } } - static void -list_one( const char *name ) +list_one( const char *name, int secret ) { int rc = 0; KBNODE keyblock = NULL; @@ -90,11 +100,14 @@ list_one( const char *name ) KBNODE node; KBPOS kbpos; PKT_public_cert *pkc; + PKT_secret_cert *skc; u32 keyid[2]; int any=0; + int trustletter = 0; /* search the userid */ - rc = find_keyblock_byname( &kbpos, name ); + rc = secret? find_secret_keyblock_byname( &kbpos, name ) + : find_keyblock_byname( &kbpos, name ); if( rc ) { log_error("%s: user not found\n", name ); goto leave; @@ -109,29 +122,55 @@ list_one( const char *name ) /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, PKT_PUBLIC_CERT ); + node = find_kbnode( keyblock, secret? PKT_SECRET_CERT : PKT_PUBLIC_CERT ); if( !node ) { - log_error("Oops; public key lost!\n"); + log_error("Oops; key lost!\n"); goto leave; } - pkc = node->pkt->pkt.public_cert; - keyid_from_pkc( pkc, keyid ); - if( opt.with_colons ) - printf("pub::%u:%d:%08lX%08lX:%s:%u:::", - /* fixme: add trust value here */ - nbits_from_pkc( pkc ), - pkc->pubkey_algo, - (ulong)keyid[0],(ulong)keyid[1], - datestr_from_pkc( pkc ), - (unsigned)pkc->valid_days - /* fixme: add LID and ownertrust here */ - ); - else - printf("pub %4u%c/%08lX %s ", nbits_from_pkc( pkc ), - pubkey_letter( pkc->pubkey_algo ), - (ulong)keyid[1], - datestr_from_pkc( pkc ) ); + if( secret ) { + pkc = NULL; + skc = node->pkt->pkt.secret_cert; + keyid_from_skc( skc, keyid ); + if( opt.with_colons ) + printf("sec::%u:%d:%08lX%08lX:%s:%u:::", + nbits_from_skc( skc ), + skc->pubkey_algo, + (ulong)keyid[0],(ulong)keyid[1], + datestr_from_skc( skc ), + (unsigned)skc->valid_days + /* fixme: add LID here */ ); + else + printf("sec %4u%c/%08lX %s ", nbits_from_skc( skc ), + pubkey_letter( skc->pubkey_algo ), + (ulong)keyid[1], + datestr_from_skc( skc ) ); + } + else { + pkc = node->pkt->pkt.public_cert; + skc = NULL; + keyid_from_pkc( pkc, keyid ); + if( opt.with_colons ) { + trustletter = query_trust_info( pkc ); + printf("pub:%c:%u:%d:%08lX%08lX:%s:%u:", + trustletter, + nbits_from_pkc( pkc ), + pkc->pubkey_algo, + (ulong)keyid[0],(ulong)keyid[1], + datestr_from_pkc( pkc ), + (unsigned)pkc->valid_days ); + if( pkc->local_id ) + printf("%lu", pkc->local_id ); + putchar(':'); + /* fixme: add ownertrust here */ + putchar(':'); + } + else + printf("pub %4u%c/%08lX %s ", nbits_from_pkc( pkc ), + pubkey_letter( pkc->pubkey_algo ), + (ulong)keyid[1], + datestr_from_pkc( pkc ) ); + } for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) { if( node->pkt->pkttype == PKT_USER_ID ) { @@ -148,7 +187,7 @@ list_one( const char *name ) putchar('\n'); if( !any ) { if( opt.fingerprint ) - fingerprint( pkc ); + fingerprint( pkc, skc ); any = 1; } } @@ -159,14 +198,14 @@ list_one( const char *name ) if( !any ) { putchar('\n'); if( opt.fingerprint ) - fingerprint( pkc ); /* of the main key */ + fingerprint( pkc, skc ); /* of the main key */ any = 1; } keyid_from_pkc( pkc2, keyid2 ); - if( opt.with_colons ) - printf("sub::%u:%d:%08lX%08lX:%s:%u:::\n", - /* fixme: add trust value here */ + if( opt.with_colons ) { + printf("sub:%c:%u:%d:%08lX%08lX:%s:%u:", + trustletter, nbits_from_pkc( pkc2 ), pkc2->pubkey_algo, (ulong)keyid2[0],(ulong)keyid2[1], @@ -174,12 +213,45 @@ list_one( const char *name ) (unsigned)pkc2->valid_days /* fixme: add LID and ownertrust here */ ); + if( pkc->local_id ) /* use the local_id of the main key??? */ + printf("%lu", pkc->local_id ); + putchar(':'); + putchar(':'); + putchar('\n'); + } else printf("sub %4u%c/%08lX %s\n", nbits_from_pkc( pkc2 ), pubkey_letter( pkc2->pubkey_algo ), (ulong)keyid2[1], datestr_from_pkc( pkc2 ) ); } + else if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) { + u32 keyid2[2]; + PKT_secret_cert *skc2 = node->pkt->pkt.secret_cert; + + if( !any ) { + putchar('\n'); + if( opt.fingerprint ) + fingerprint( pkc, skc ); /* of the main key */ + any = 1; + } + + keyid_from_skc( skc2, keyid2 ); + if( opt.with_colons ) + printf("ssb::%u:%d:%08lX%08lX:%s:%u:::\n", + nbits_from_skc( skc2 ), + skc2->pubkey_algo, + (ulong)keyid2[0],(ulong)keyid2[1], + datestr_from_skc( skc2 ), + (unsigned)skc2->valid_days + /* fixme: add LID */ + ); + else + printf("ssb %4u%c/%08lX %s\n", nbits_from_skc( skc2 ), + pubkey_letter( skc2->pubkey_algo ), + (ulong)keyid2[1], + datestr_from_skc( skc2 ) ); + } else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) { PKT_signature *sig = node->pkt->pkt.signature; int sigrc; @@ -187,10 +259,12 @@ list_one( const char *name ) if( !any ) { /* no user id, (maybe a revocation follows)*/ if( sig->sig_class == 0x20 ) puts("[revoked]"); + else if( sig->sig_class == 0x18 ) + puts("[key binding]"); else putchar('\n'); if( opt.fingerprint ) - fingerprint( pkc ); + fingerprint( pkc, skc ); any=1; } @@ -259,12 +333,13 @@ list_one( const char *name ) } static void -fingerprint( PKT_public_cert *pkc ) +fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc ) { byte *array, *p; size_t i, n; - p = array = fingerprint_from_pkc( pkc, &n ); + p = array = pkc? fingerprint_from_pkc( pkc, &n ) + : fingerprint_from_skc( skc, &n ); if( opt.with_colons ) { printf("fpr:::::::::"); for(i=0; i < n ; i++, p++ ) diff --git a/g10/main.h b/g10/main.h index 1d2677759..017bb781b 100644 --- a/g10/main.h +++ b/g10/main.h @@ -117,7 +117,8 @@ int enarmor_file( const char *fname ); int gen_revoke( const char *uname ); /*-- keylist.c --*/ -void std_key_list( int nnames, char **names ); +void public_key_list( int nnames, char **names ); +void secret_key_list( int nnames, char **names ); /*-- verify.c --*/ int verify_signatures( int nfiles, char **files ); diff --git a/g10/mainproc.c b/g10/mainproc.c index 7dfbf5415..707272be0 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -23,6 +23,7 @@ #include <stdlib.h> #include <string.h> #include <assert.h> +#include <time.h> #include "packet.h" #include "iobuf.h" @@ -35,7 +36,8 @@ #include "cipher.h" #include "main.h" #include "status.h" - +#include "i18n.h" +#include "trustdb.h" /**************** * Structure to hold the context @@ -54,6 +56,8 @@ typedef struct { KBNODE list; /* the current list of packets */ int have_data; IOBUF iobuf; /* used to get the filename etc. */ + int trustletter; /* temp usage in list_node */ + ulong local_id; /* ditto */ } *CTX; @@ -188,8 +192,9 @@ proc_pubkey_enc( CTX c, PACKET *pkt ) if( opt.verbose > 1 ) log_info( "pubkey_enc packet: Good DEK\n" ); } - else - log_error( "pubkey_enc packet: %s\n", g10_errstr(result)); + else { + log_error(_("public key decryption failed: %s\n"), g10_errstr(result)); + } free_packet(pkt); } @@ -213,10 +218,10 @@ proc_encrypted( CTX c, PACKET *pkt ) ; else if( !result ) { if( opt.verbose > 1 ) - log_info("encryption okay\n"); + log_info("decryption okay\n"); } else { - log_error("encryption failed: %s\n", g10_errstr(result)); + log_error(_("decryption failed: %s\n"), g10_errstr(result)); } free_packet(pkt); c->last_was_session_key = 0; @@ -238,7 +243,7 @@ proc_plaintext( CTX c, PACKET *pkt ) * textmode filter (sigclass 0x01) */ c->mfx.md = md_open( DIGEST_ALGO_RMD160, 0); - md_start_debug(c->mfx.md, "proc_plaintext"); + /*md_start_debug(c->mfx.md, "proc_plaintext");*/ md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); md_enable( c->mfx.md, DIGEST_ALGO_TIGER ); @@ -289,13 +294,15 @@ proc_compressed( CTX c, PACKET *pkt ) * Returns: 0 = valid signature or an error code */ static int -do_check_sig( CTX c, KBNODE node ) +do_check_sig( CTX c, KBNODE node, int *is_selfsig ) { PKT_signature *sig; MD_HANDLE md; int algo, rc; assert( node->pkt->pkttype == PKT_SIGNATURE ); + if( is_selfsig ) + *is_selfsig = 0; sig = node->pkt->pkt.signature; algo = sig->digest_algo; @@ -324,7 +331,7 @@ do_check_sig( CTX c, KBNODE node ) || sig->sig_class == 0x30 ) { /* classes 0x10..0x17,0x20,0x30 */ if( c->list->pkt->pkttype == PKT_PUBLIC_CERT || c->list->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { - return check_key_signature( c->list, node, NULL ); + return check_key_signature( c->list, node, is_selfsig ); } else { log_error("invalid root packet for sigclass %02x\n", @@ -411,16 +418,23 @@ list_node( CTX c, KBNODE node ) if( opt.with_colons ) { u32 keyid[2]; keyid_from_pkc( pkc, keyid ); - printf("%s::%u:%d:%08lX%08lX:%s:%u:::", + if( mainkey ) { + c->local_id = pkc->local_id; + c->trustletter = query_trust_info( pkc ); + } + printf("%s:%c:%u:%d:%08lX%08lX:%s:%u:", mainkey? "pub":"sub", - /* fixme: add trust value here */ + c->trustletter, nbits_from_pkc( pkc ), pkc->pubkey_algo, (ulong)keyid[0],(ulong)keyid[1], datestr_from_pkc( pkc ), - (unsigned)pkc->valid_days - /* fixme: add LID and ownertrust here */ - ); + (unsigned)pkc->valid_days ); + if( c->local_id ) + printf("%lu", c->local_id ); + putchar(':'); + /* fixme: add ownertrust here */ + putchar(':'); } else printf("%s %4u%c/%08lX %s ", @@ -429,79 +443,112 @@ list_node( CTX c, KBNODE node ) pubkey_letter( pkc->pubkey_algo ), (ulong)keyid_from_pkc( pkc, NULL ), datestr_from_pkc( pkc ) ); - /* and now list all userids with their signatures */ - for( node = node->next; node; node = node->next ) { - if( any != 2 && node->pkt->pkttype == PKT_SIGNATURE ) { - if( !any ) { - if( node->pkt->pkt.signature->sig_class == 0x20 ) - puts("[revoked]"); - else - putchar('\n'); + if( mainkey ) { + /* and now list all userids with their signatures */ + for( node = node->next; node; node = node->next ) { + if( node->pkt->pkttype == PKT_SIGNATURE ) { + if( !any ) { + if( node->pkt->pkt.signature->sig_class == 0x20 ) + puts("[revoked]"); + else + putchar('\n'); + any = 1; + } + list_node(c, node ); } - list_node(c, node ); - any = 1; - } - else if( node->pkt->pkttype == PKT_USER_ID ) { - KBNODE n; - - if( any ) { + else if( node->pkt->pkttype == PKT_USER_ID ) { + if( any ) { + if( opt.with_colons ) + printf("uid:::::::::"); + else + printf( "uid%*s", 28, "" ); + } + print_userid( node->pkt ); if( opt.with_colons ) - printf("uid:::::::::"); - else - printf( "uid%*s", 28, "" ); - } - print_userid( node->pkt ); - if( opt.with_colons ) - putchar(':'); - putchar('\n'); - if( opt.fingerprint && !any ) - print_fingerprint( pkc, NULL ); - for( n=node->next; n; n = n->next ) { - if( n->pkt->pkttype == PKT_USER_ID ) - break; - if( n->pkt->pkttype == PKT_SIGNATURE ) - list_node(c, n ); - } - any=2; - } - else if( mainkey && node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { - if( !any ) { + putchar(':'); putchar('\n'); - any = 1; + if( opt.fingerprint && !any ) + print_fingerprint( pkc, NULL ); + any=1; + } + else if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { + if( !any ) { + putchar('\n'); + any = 1; + } + list_node(c, node ); } - list_node(c, node ); } } - if( any != 2 && mainkey ) - printf("ERROR: no user id!\n"); - else if( any != 2 ) + if( !any ) putchar('\n'); } else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_CERT) ) || node->pkt->pkttype == PKT_SECKEY_SUBCERT ) { PKT_secret_cert *skc = node->pkt->pkt.secret_cert; - printf("%s %4u%c/%08lX %s ", + if( opt.with_colons ) { + u32 keyid[2]; + keyid_from_skc( skc, keyid ); + printf("%s::%u:%d:%08lX%08lX:%s:%u:::", + mainkey? "sec":"ssb", + nbits_from_skc( skc ), + skc->pubkey_algo, + (ulong)keyid[0],(ulong)keyid[1], + datestr_from_skc( skc ), + (unsigned)skc->valid_days + /* fixme: add LID */ ); + } + else + printf("%s %4u%c/%08lX %s ", mainkey? "sec":"ssb", - nbits_from_skc( skc ), + nbits_from_skc( skc ), pubkey_letter( skc->pubkey_algo ), (ulong)keyid_from_skc( skc, NULL ), datestr_from_skc( skc ) ); - /* and now list all userids */ - while( (node = find_next_kbnode(node, PKT_USER_ID)) ) { - print_userid( node->pkt ); - putchar('\n'); - if( opt.fingerprint && !any ) - print_fingerprint( NULL, skc ); - any=1; + if( mainkey ) { + /* and now list all userids with their signatures */ + for( node = node->next; node; node = node->next ) { + if( node->pkt->pkttype == PKT_SIGNATURE ) { + if( !any ) { + if( node->pkt->pkt.signature->sig_class == 0x20 ) + puts("[revoked]"); + else + putchar('\n'); + any = 1; + } + list_node(c, node ); + } + else if( node->pkt->pkttype == PKT_USER_ID ) { + if( any ) { + if( opt.with_colons ) + printf("uid:::::::::"); + else + printf( "uid%*s", 28, "" ); + } + print_userid( node->pkt ); + if( opt.with_colons ) + putchar(':'); + putchar('\n'); + if( opt.fingerprint && !any ) + print_fingerprint( NULL, skc ); + any=1; + } + else if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) { + if( !any ) { + putchar('\n'); + any = 1; + } + list_node(c, node ); + } + } } - if( !any && mainkey ) - printf("ERROR: no user id!\n"); - else if( !any ) + if( !any ) putchar('\n'); } else if( node->pkt->pkttype == PKT_SIGNATURE ) { PKT_signature *sig = node->pkt->pkt.signature; + int is_selfsig = 0; int rc2=0; size_t n; char *p; @@ -516,13 +563,27 @@ list_node( CTX c, KBNODE node ) fputs("sig", stdout); if( opt.check_sigs ) { fflush(stdout); - switch( (rc2=do_check_sig( c, node )) ) { + switch( (rc2=do_check_sig( c, node, &is_selfsig )) ) { case 0: sigrc = '!'; break; case G10ERR_BAD_SIGN: sigrc = '-'; break; case G10ERR_NO_PUBKEY: sigrc = '?'; break; default: sigrc = '%'; break; } } + else { /* check whether this is a self signature */ + u32 keyid[2]; + + if( c->list->pkt->pkttype == PKT_PUBLIC_CERT + || c->list->pkt->pkttype == PKT_SECRET_CERT ) { + if( c->list->pkt->pkttype == PKT_PUBLIC_CERT ) + keyid_from_pkc( c->list->pkt->pkt.public_cert, keyid ); + else + keyid_from_skc( c->list->pkt->pkt.secret_cert, keyid ); + + if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) + is_selfsig = 1; + } + } if( opt.with_colons ) { putchar(':'); if( sigrc != ' ' ) @@ -537,6 +598,13 @@ list_node( CTX c, KBNODE node ) printf("[%s] ", g10_errstr(rc2) ); else if( sigrc == '?' ) ; + else if( is_selfsig ) { + if( opt.with_colons ) + putchar(':'); + fputs( sig->sig_class == 0x18? "[keybind]":"[selfsig]", stdout); + if( opt.with_colons ) + putchar(':'); + } else { p = get_user_id( sig->keyid, &n ); print_string( stdout, p, n, opt.with_colons ); @@ -711,6 +779,8 @@ static int check_sig_and_print( CTX c, KBNODE node ) { PKT_signature *sig = node->pkt->pkt.signature; + time_t stamp = sig->timestamp; + const char *astr, *tstr; int rc; if( opt.skip_verify ) { @@ -718,28 +788,25 @@ check_sig_and_print( CTX c, KBNODE node ) return 0; } - rc = do_check_sig(c, node ); + tstr = asctime(localtime (&stamp)); + astr = pubkey_algo_to_string( sig->pubkey_algo ); + log_info(_("Signature made %.*s using %s key ID %08lX\n"), + strlen(tstr)-1, tstr, astr? astr: "?", (ulong)sig->keyid[1] ); + + rc = do_check_sig(c, node, NULL ); if( !rc || rc == G10ERR_BAD_SIGN ) { - char *p, *buf; - - p = get_user_id_string( sig->keyid ); - buf = m_alloc( 20 + strlen(p) ); - sprintf(buf, "%lu %s", (ulong)sig->timestamp, p ); - m_free(p); - if( (p=strchr(buf,'\n')) ) - *p = 0; /* just in case ... */ - write_status_text( rc? STATUS_BADSIG : STATUS_GOODSIG, buf ); - m_free(buf); - log_info("%s signature from ", rc? "BAD":"Good"); + write_status( rc? STATUS_BADSIG : STATUS_GOODSIG ); + log_info(rc? _("BAD signature from \"") + : _("Good signature from \"")); print_keyid( stderr, sig->keyid ); + putc('\"', stderr); putc('\n', stderr); if( opt.batch && rc ) g10_exit(1); } else { write_status( STATUS_ERRSIG ); - log_error("Can't check signature made by %08lX: %s\n", - (ulong)sig->keyid[1], g10_errstr(rc) ); + log_error(_("Can't check signature: %s\n"), g10_errstr(rc) ); } return rc; } @@ -757,6 +824,8 @@ proc_tree( CTX c, KBNODE node ) if( opt.list_packets ) return; + c->local_id = 0; + c->trustletter = ' '; if( node->pkt->pkttype == PKT_PUBLIC_CERT || node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) list_node( c, node ); diff --git a/g10/options.h b/g10/options.h index 8699af25c..8bc30eeba 100644 --- a/g10/options.h +++ b/g10/options.h @@ -45,6 +45,8 @@ struct { int completes_needed; const char *homedir; int skip_verify; + int compress_keys; + int always_trust; } opt; diff --git a/g10/passphrase.c b/g10/passphrase.c index ebcba9942..8005ffd9f 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -31,6 +31,7 @@ #include "cipher.h" #include "keydb.h" #include "main.h" +#include "i18n.h" static int pwfd = -1; static char *next_pw = NULL; @@ -108,14 +109,25 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode ) } if( keyid && !opt.batch && !next_pw ) { - char *ustr; - tty_printf("Need a pass phrase to unlock the secret key for:\n"); - tty_printf(" \"" ); - ustr = get_user_id_string( keyid ); - tty_print_string( ustr, strlen(ustr) ); - m_free(ustr); - tty_printf("\"\n\n"); - + PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc ); + size_t n; + char *p; + + tty_printf(_("\nYou need a passphrase to unlock the secret key for\n" + "user: \"") ); + p = get_user_id( keyid, &n ); + tty_print_string( p, n ); + m_free(p); + tty_printf("\"\n"); + + if( !get_pubkey( pkc, keyid ) ) { + const char *s = pubkey_algo_to_string( pkc->pubkey_algo ); + tty_printf( _("(%u-bit %s key, ID %08lX, created %s)\n"), + nbits_from_pkc( pkc ), s?s:"?", (ulong)keyid[1], + strtimestamp(pkc->timestamp) ); + } + tty_printf("\n"); + free_public_cert( pkc ); } if( next_pw ) { pw = next_pw; diff --git a/g10/pkclist.c b/g10/pkclist.c index fa8351bf5..bbab2235b 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -274,6 +274,10 @@ do_we_trust_pre( PKT_public_cert *pkc, int trustlevel ) rc = 1; m_free(answer); } + else if( opt.always_trust && !rc ) { + log_info(_("WARNING: Using untrusted key!\n")); + rc = 1; + } return rc; } diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 5cdf9f484..d9503265d 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -29,6 +29,7 @@ #include "mpi.h" #include "keydb.h" #include "cipher.h" +#include "status.h" /**************** @@ -45,6 +46,11 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek ) u16 csum, csum2; PKT_secret_cert *skc = m_alloc_clear( sizeof *skc ); + #ifndef HAVE_RSA_CIPHER + if( is_RSA(k->pubkey_algo) ) + write_status(STATUS_RSA_OR_IDEA); + #endif + skc->pubkey_algo = k->pubkey_algo; /* we want a pubkey with this algo*/ if( (rc = get_seckey( skc, k->keyid )) ) goto leave; @@ -58,7 +64,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek ) elg_decrypt( plain_dek, k->d.elg.a, k->d.elg.b, &skc->d.elg ); } #ifdef HAVE_RSA_CIPHER - else if( is_ELGAMAL(k->pubkey_algo) ) { + else if( is_RSA(k->pubkey_algo) ) { if( DBG_CIPHER ) log_mpidump("Encr DEK frame:", k->d.rsa.rsa_integer ); @@ -113,6 +119,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek ) dek->algo = frame[n++]; switch( dek->algo ) { case CIPHER_ALGO_IDEA: + write_status(STATUS_RSA_OR_IDEA); rc = G10ERR_NI_CIPHER; goto leave; case CIPHER_ALGO_BLOWFISH160: diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 8a5d98299..6f0dc1ae9 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -31,6 +31,7 @@ #include "cipher.h" #include "main.h" #include "options.h" +#include "i18n.h" static int @@ -221,7 +222,7 @@ check_secret_key( PKT_secret_cert *cert ) for(i=0; i < 3 && rc == G10ERR_BAD_PASS; i++ ) { if( i ) - log_error("Invalid passphrase; please try again ...\n\n"); + log_error(_("Invalid passphrase; please try again ...\n")); switch( cert->pubkey_algo ) { case PUBKEY_ALGO_ELGAMAL_E: case PUBKEY_ALGO_ELGAMAL: diff --git a/g10/sig-check.c b/g10/sig-check.c index f1e5f9b4a..a30d0efcc 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -30,6 +30,7 @@ #include "keydb.h" #include "cipher.h" #include "main.h" +#include "status.h" static int do_check( PKT_public_cert *pkc, PKT_signature *sig, @@ -47,6 +48,12 @@ signature_check( PKT_signature *sig, MD_HANDLE digest ) PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc ); int rc=0; + + #ifndef HAVE_RSA_CIPHER + if( is_RSA(sig->pubkey_algo) ) + write_status(STATUS_RSA_OR_IDEA); + #endif + if( get_pubkey( pkc, sig->keyid ) ) rc = G10ERR_NO_PUBKEY; else @@ -294,6 +301,13 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) KBNODE snode = find_prev_kbnode( root, node, PKT_PUBKEY_SUBCERT ); if( snode ) { + if( is_selfsig ) { + u32 keyid[2]; + + keyid_from_pkc( pkc, keyid ); + if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) + *is_selfsig = 1; + } md = md_open( algo, 0 ); hash_public_cert( md, pkc ); hash_public_cert( md, snode->pkt->pkt.public_cert ); diff --git a/g10/status.c b/g10/status.c index 5aa712a30..2546626ba 100644 --- a/g10/status.c +++ b/g10/status.c @@ -56,9 +56,11 @@ write_status_text( int no, const char *text) case STATUS_BADSIG : s = "BADSIG\n"; break; case STATUS_ERRSIG : s = "ERRSIG\n"; break; case STATUS_BADARMOR : s = "BADARMOR\n"; break; + case STATUS_RSA_OR_IDEA : s= "RSA_OR_IDEA\n"; break; default: s = "?\n"; break; } + write( fd, "[GNUPG:] ", 9 ); if( text ) { write( fd, s, strlen(s)-1 ); write( fd, " ", 1 ); diff --git a/g10/status.h b/g10/status.h index 41820825f..6b0950f5f 100644 --- a/g10/status.h +++ b/g10/status.h @@ -32,6 +32,7 @@ #define STATUS_BADARMOR 7 +#define STATUS_RSA_OR_IDEA 8 /*-- status.c --*/ diff --git a/g10/trustdb.c b/g10/trustdb.c index 07ae19b9b..3ebc83137 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1756,6 +1756,29 @@ check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel ) } +int +query_trust_info( PKT_public_cert *pkc ) +{ + unsigned trustlevel; + int c; + + if( check_trust( pkc, &trustlevel ) ) + return '?'; + if( trustlevel & TRUST_FLAG_REVOKED ) + return 'r'; + switch( (trustlevel & TRUST_MASK) ) { + case TRUST_UNKNOWN: c = 'o'; break; + case TRUST_EXPIRED: c = 'e'; break; + case TRUST_UNDEFINED: c = 'q'; break; + case TRUST_NEVER: c = 'n'; break; + case TRUST_MARGINAL: c = 'm'; break; + case TRUST_FULLY: c = 'f'; break; + case TRUST_ULTIMATE: c = 'u'; break; + default: BUG(); + } + return c; +} + /**************** diff --git a/g10/trustdb.h b/g10/trustdb.h index 7ffcd4426..a9b1e587e 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -24,15 +24,15 @@ /* Trust values must be sorted in ascending order */ #define TRUST_MASK 15 -#define TRUST_UNKNOWN 0 /* not yet calculated */ -#define TRUST_EXPIRED 1 /* calculation may be invalid */ -#define TRUST_UNDEFINED 2 /* not enough information for calculation */ -#define TRUST_NEVER 3 /* never trust this pubkey */ -#define TRUST_MARGINAL 4 /* marginally trusted */ -#define TRUST_FULLY 5 /* fully trusted */ -#define TRUST_ULTIMATE 6 /* ultimately trusted */ +#define TRUST_UNKNOWN 0 /* o: not yet calculated */ +#define TRUST_EXPIRED 1 /* e: calculation may be invalid */ +#define TRUST_UNDEFINED 2 /* q: not enough information for calculation */ +#define TRUST_NEVER 3 /* n: never trust this pubkey */ +#define TRUST_MARGINAL 4 /* m: marginally trusted */ +#define TRUST_FULLY 5 /* f: fully trusted */ +#define TRUST_ULTIMATE 6 /* u: ultimately trusted */ /* trust values not covered by the mask */ -#define TRUST_FLAG_REVOKED 32 +#define TRUST_FLAG_REVOKED 32 /* r: revoked */ /*-- trustdb.c --*/ @@ -40,6 +40,7 @@ void list_trustdb(const char *username); void list_trust_path( int max_depth, const char *username ); int init_trustdb( int level, const char *dbname ); int check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel ); +int query_trust_info( PKT_public_cert *pkc ); int enum_trust_web( void **context, ulong *lid ); int get_ownertrust( ulong lid, unsigned *r_otrust ); int keyid_from_trustdb( ulong lid, u32 *keyid ); |