aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--g10/ChangeLog10
-rw-r--r--g10/g10.c6
-rw-r--r--g10/keyedit.c45
-rw-r--r--g10/options.h1
4 files changed, 58 insertions, 4 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 0f4822f9a..34c07ccf0 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,13 @@
+2001-12-04 David Shaw <[email protected]>
+
+ * keyedit.c (keyedit_menu): Do not allow signing a revoked key
+ unless --expert is set, and ask even then.
+
+ * keyedit.c (sign_uids): Do not allow signing a revoked UID unless
+ --expert is set, and ask even then.
+
+ * g10.c, options.h : New option --expert
+
2001-11-16 David Shaw <[email protected]>
* Allow the user to select no compression via "--compress-algo 0"
diff --git a/g10/g10.c b/g10/g10.c
index 25a3d9fc4..e4062909e 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -119,6 +119,8 @@ enum cmd_and_opt_values { aNull = 0,
aRefreshKeys,
oTextmode,
+ oExpert,
+ oNoExpert,
oFingerprint,
oWithFingerprint,
oAnswerYes,
@@ -322,6 +324,8 @@ static ARGPARSE_OPTS opts[] = {
{ oCompress, NULL, 1, N_("|N|set compress level N (0 disables)") },
{ oTextmodeShort, NULL, 0, "@"},
{ oTextmode, "textmode", 0, N_("use canonical text mode")},
+ { oExpert, "expert", 0, "@"},
+ { oNoExpert, "no-expert", 0, "@"},
{ oOutput, "output", 2, N_("use as output file")},
{ oVerbose, "verbose", 0, N_("verbose") },
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
@@ -1054,6 +1058,8 @@ main( int argc, char **argv )
break;
case oTextmodeShort: opt.textmode = 2; break;
case oTextmode: opt.textmode=1; break;
+ case oExpert: opt.expert = 1; break;
+ case oNoExpert: opt.expert = 0; break;
case oUser: /* store the local users */
add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
break;
diff --git a/g10/keyedit.c b/g10/keyedit.c
index bc262ba7c..425070d6b 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -275,14 +275,14 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
*
* We use the CERT flag to request the primary which must always
* be one which is capable of signing keys. I can't see a reason
- * why to sign keys using a subkey. Implementation of SUAGE_CERT
+ * why to sign keys using a subkey. Implementation of USAGE_CERT
* is just a hack in getkey.c and does not mean that a subkey
* marked as certification capable will be used */
rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT);
if( rc )
goto leave;
- /* loop over all signaturs */
+ /* loop over all signators */
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
u32 sk_keyid[2];
size_t n;
@@ -308,6 +308,24 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
for( node=keyblock; node; node = node->next ) {
if( node->pkt->pkttype == PKT_USER_ID ) {
uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
+ if(uidnode && uidnode->pkt->pkt.user_id->is_revoked)
+ {
+ tty_printf(_("User ID \"%s\" is revoked.\n"),
+ uidnode->pkt->pkt.user_id->name);
+
+ if(opt.expert)
+ {
+ tty_printf(_("Are you sure you still "
+ "want to sign it?\n"));
+
+ /* No, so remove the mark and continue */
+ if(!cpr_get_answer_is_yes("sign_uid.okay",
+ _("Really sign? ")))
+ uidnode->flag &= ~NODFLG_MARK_A;
+ }
+ else
+ uidnode->flag &= ~NODFLG_MARK_A;
+ }
}
else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
@@ -317,8 +335,10 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
/* Fixme: see whether there is a revocation in which
* case we should allow to sign it again. */
- tty_printf(_("Already signed by key %08lX\n"),
- (ulong)sk_keyid[1] );
+ tty_printf(_("User ID \"%s\" is already signed "
+ "by key %08lX\n"),
+ uidnode->pkt->pkt.user_id->name,
+ (ulong)sk_keyid[1] );
sprintf (buf, "%08lX%08lX",
(ulong)sk->keyid[0], (ulong)sk->keyid[1] );
write_status_text (STATUS_ALREADY_SIGNED, buf);
@@ -764,6 +784,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
int i, arg_number;
const char *arg_string = "";
char *p;
+ PKT_public_key *pk=keyblock->pkt->pkt.public_key;
tty_printf("\n");
if( redisplay ) {
@@ -865,6 +886,22 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
case cmdSIGN: /* sign (only the public key) */
case cmdLSIGN: /* sign (only the public key) */
+ if( pk->is_revoked )
+ {
+ tty_printf(_("Key is revoked.\n"));
+
+ if(opt.expert)
+ {
+ tty_printf(_("Are you sure you still want to sign it?\n"));
+
+ if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
+ _("Really sign? ")))
+ break;
+ }
+ else
+ break;
+ }
+
if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {
if( !cpr_get_answer_is_yes("keyedit.sign_all.okay",
_("Really sign all user IDs? ")) ) {
diff --git a/g10/options.h b/g10/options.h
index 6c56553f8..cbcb33fed 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -45,6 +45,7 @@ struct {
int dry_run;
int list_only;
int textmode;
+ int expert;
int batch; /* run in batch mode */
int answer_yes; /* answer yes on most questions */
int answer_no; /* answer no on most questions */