diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2019-05-20 19:06:57 +0000 |
|---|---|---|
| committer | Daniel Kahn Gillmor <[email protected]> | 2019-05-20 21:38:12 +0000 |
| commit | bf2724880fe54d0dbf34bfa9fef2f31fa6809f55 (patch) | |
| tree | 3d27cd1600f19ac9ee72cdb948aa9eaf85093728 /tests | |
| parent | gpg: Do not delete any keys if --dry-run is passed. (diff) | |
| download | gnupg-dkg/fix-T4522.tar.gz gnupg-dkg/fix-T4522.zip | |
gpg-agent: add new CACHE_MODE_EXPORTdkg/fix-T4522
* agent/agent.h: define CACHE_MODE_EXPORT
* agent/call-pinentry.c (agent_askpin, agent_get_passphrase): use "e/"
as the prefix for SETKEYINFO when in CACHE_MODE_EXPORT.
(agent_clear_passphrase): allow clearing the export cache.
* agent/command.c (cmd_clear_passphrase): add --mode=export.
(cmd_export_key): use CACHE_MODE_EXPORT.
* tests/openpgp/export.scm: no need to feed passphrases during export,
already cached.
----
We don't want secret keys to be able to be exported automatically
based on the same system passphrase cache used by standard decryption
or signing operations.
So we introduce a "export" cache mode which can be used by EXPORT_KEY.
I confess i don't fully understand the changes made to
tests/openpgp/export.scm -- i'm not sure why the passphrase is already
supplied in this case.
Gnupg-Bug-Id: 4522
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/openpgp/export.scm | 38 |
1 files changed, 2 insertions, 36 deletions
diff --git a/tests/openpgp/export.scm b/tests/openpgp/export.scm index aa6fa7828..60cc2faea 100755 --- a/tests/openpgp/export.scm +++ b/tests/openpgp/export.scm @@ -49,32 +49,6 @@ "Secret key packet not found") (check-exported-key dump keyid))) -(lettmp - ;; Prepare two temporary files for communication with the fake - ;; pinentry program. - (logfile ppfile) - - (define (prepare-passphrases . passphrases) - (call-with-output-file ppfile - (lambda (port) - (for-each (lambda (passphrase) - (display passphrase port) - (display #\newline port)) passphrases)))) - - (define CONFIRM "fake-entry being started to CONFIRM the weak phrase") - - (define (assert-passphrases-consumed) - (call-with-input-file ppfile - (lambda (port) - (unless - (eof-object? (peek-char port)) - (fail (string-append - "Expected all passphrases to be consumed, but found: " - (read-all port))))))) - - (setenv "PINENTRY_USER_DATA" - (string-append "--logfile=" logfile " --passphrasefile=" ppfile) #t) - (for-each-p "Checking key export" (lambda (keyid) @@ -84,17 +58,9 @@ (pipe:gpg '(--list-packets))) (tr:call-with-content check-exported-public-key keyid)) - (if (string=? "D74C5F22" keyid) - ;; Key D74C5F22 is protected by a passphrase. Prepare this - ;; one. Currently, GnuPG does not ask for an export passphrase - ;; in this case. - (prepare-passphrases usrpass1)) - (tr:do (tr:pipe-do (pipe:gpg `(--export-secret-keys ,keyid)) (pipe:gpg '(--list-packets))) - (tr:call-with-content check-exported-private-key keyid)) - - (assert-passphrases-consumed)) - '("D74C5F22" "C40FDECF" "ECABF51D"))) + (tr:call-with-content check-exported-private-key keyid))) + '("D74C5F22" "C40FDECF" "ECABF51D")) |