diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2019-05-20 19:06:57 +0000 |
|---|---|---|
| committer | Daniel Kahn Gillmor <[email protected]> | 2019-05-20 21:38:12 +0000 |
| commit | bf2724880fe54d0dbf34bfa9fef2f31fa6809f55 (patch) | |
| tree | 3d27cd1600f19ac9ee72cdb948aa9eaf85093728 /agent/agent.h | |
| parent | gpg: Do not delete any keys if --dry-run is passed. (diff) | |
| download | gnupg-dkg/fix-T4522.tar.gz gnupg-dkg/fix-T4522.zip | |
gpg-agent: add new CACHE_MODE_EXPORTdkg/fix-T4522
* agent/agent.h: define CACHE_MODE_EXPORT
* agent/call-pinentry.c (agent_askpin, agent_get_passphrase): use "e/"
as the prefix for SETKEYINFO when in CACHE_MODE_EXPORT.
(agent_clear_passphrase): allow clearing the export cache.
* agent/command.c (cmd_clear_passphrase): add --mode=export.
(cmd_export_key): use CACHE_MODE_EXPORT.
* tests/openpgp/export.scm: no need to feed passphrases during export,
already cached.
----
We don't want secret keys to be able to be exported automatically
based on the same system passphrase cache used by standard decryption
or signing operations.
So we introduce a "export" cache mode which can be used by EXPORT_KEY.
I confess i don't fully understand the changes made to
tests/openpgp/export.scm -- i'm not sure why the passphrase is already
supplied in this case.
Gnupg-Bug-Id: 4522
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | agent/agent.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/agent/agent.h b/agent/agent.h index 77672bd50..8c4a1d4ba 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -322,7 +322,8 @@ typedef enum CACHE_MODE_USER, /* GET_PASSPHRASE related cache. */ CACHE_MODE_SSH, /* SSH related cache. */ CACHE_MODE_NONCE, /* This is a non-predictable nonce. */ - CACHE_MODE_DATA /* Arbitrary data. */ + CACHE_MODE_DATA, /* Arbitrary data. */ + CACHE_MODE_EXPORT, /* Exporting secret keys. */ } cache_mode_t; |