gpg-agent: add new CACHE_MODE_EXPORTdkg/fix-T4522

* agent/agent.h: define CACHE_MODE_EXPORT * agent/call-pinentry.c (agent_askpin, agent_get_passphrase): use "e/" as the prefix for SETKEYINFO when in CACHE_MODE_EXPORT. (agent_clear_passphrase): allow clearing the export cache. * agent/command.c (cmd_clear_passphrase): add --mode=export. (cmd_export_key): use CACHE_MODE_EXPORT. * tests/openpgp/export.scm: no need to feed passphrases during export, already cached. ---- We don't want secret keys to be able to be exported automatically based on the same system passphrase cache used by standard decryption or signing operations. So we introduce a "export" cache mode which can be used by EXPORT_KEY. I confess i don't fully understand the changes made to tests/openpgp/export.scm -- i'm not sure why the passphrase is already supplied in this case. Gnupg-Bug-Id: 4522 Signed-off-by: Daniel Kahn Gillmor <[email protected]>
author: Daniel Kahn Gillmor <[email protected]> 2019-05-20 19:06:57 +0000
committer: Daniel Kahn Gillmor <[email protected]> 2019-05-20 21:38:12 +0000
commit: bf2724880fe54d0dbf34bfa9fef2f31fa6809f55 (patch)
tree: 3d27cd1600f19ac9ee72cdb948aa9eaf85093728 /agent/call-pinentry.c
parent: gpg: Do not delete any keys if --dry-run is passed. (diff)
download: gnupg-dkg/fix-T4522.tar.gz
gnupg-dkg/fix-T4522.zip
1 files changed, 10 insertions, 5 deletions
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 5b4713f41..bf75bb4a7 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -1120,10 +1120,12 @@ agent_askpin (ctrl_t ctrl,
      we do not error out in this case.  */
   if (keyinfo && (cache_mode == CACHE_MODE_NORMAL
                   || cache_mode == CACHE_MODE_USER
-                  || cache_mode == CACHE_MODE_SSH))
+                  || cache_mode == CACHE_MODE_SSH
+                  || cache_mode == CACHE_MODE_EXPORT))
     snprintf (line, DIM(line), "SETKEYINFO %c/%s",
 	      cache_mode == CACHE_MODE_USER? 'u' :
-	      cache_mode == CACHE_MODE_SSH? 's' : 'n',
+	      cache_mode == CACHE_MODE_SSH? 's' :
+	      cache_mode == CACHE_MODE_EXPORT? 'e' : 'n',
 	      keyinfo);
   else
     snprintf (line, DIM(line), "SETKEYINFO --clear");
@@ -1313,10 +1315,12 @@ agent_get_passphrase (ctrl_t ctrl,
      we do not error out in this case.  */
   if (keyinfo && (cache_mode == CACHE_MODE_NORMAL
                   || cache_mode == CACHE_MODE_USER
-                  || cache_mode == CACHE_MODE_SSH))
+                  || cache_mode == CACHE_MODE_SSH
+                  || cache_mode == CACHE_MODE_EXPORT))
     snprintf (line, DIM(line), "SETKEYINFO %c/%s",
 	      cache_mode == CACHE_MODE_USER? 'u' :
-	      cache_mode == CACHE_MODE_SSH? 's' : 'n',
+	      cache_mode == CACHE_MODE_SSH? 's' :
+              cache_mode == CACHE_MODE_EXPORT? 'e' : 'n',
 	      keyinfo);
   else
     snprintf (line, DIM(line), "SETKEYINFO --clear");
@@ -1635,7 +1639,8 @@ agent_clear_passphrase (ctrl_t ctrl,
 
   if (! (keyinfo && (cache_mode == CACHE_MODE_NORMAL
 		     || cache_mode == CACHE_MODE_USER
-		     || cache_mode == CACHE_MODE_SSH)))
+		     || cache_mode == CACHE_MODE_SSH
+		     || cache_mode == CACHE_MODE_EXPORT)))
     return gpg_error (GPG_ERR_NOT_SUPPORTED);
 
   rc = start_pinentry (ctrl);
author	Daniel Kahn Gillmor <[email protected]>	2019-05-20 19:06:57 +0000
committer	Daniel Kahn Gillmor <[email protected]>	2019-05-20 21:38:12 +0000
commit	bf2724880fe54d0dbf34bfa9fef2f31fa6809f55 (patch)
tree	3d27cd1600f19ac9ee72cdb948aa9eaf85093728 /agent/call-pinentry.c
parent	gpg: Do not delete any keys if --dry-run is passed. (diff)
download	gnupg-dkg/fix-T4522.tar.gz gnupg-dkg/fix-T4522.zip