diff options
Diffstat (limited to 'agent')
| -rw-r--r-- | agent/ChangeLog | 5 | ||||
| -rw-r--r-- | agent/agent.h | 3 | ||||
| -rw-r--r-- | agent/command.c | 9 | ||||
| -rw-r--r-- | agent/genkey.c | 16 |
4 files changed, 25 insertions, 8 deletions
diff --git a/agent/ChangeLog b/agent/ChangeLog index 12a853281..91aab9e6d 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,8 @@ +2010-10-14 Werner Koch <[email protected]> + + * command.c (cmd_genkey): Add option --no-protection. + * genkey.c (agent_genkey): Add arg NO_PROTECTION. + 2010-10-13 Werner Koch <[email protected]> * call-pinentry.c (agent_get_passphrase): Support the close_button. diff --git a/agent/agent.h b/agent/agent.h index 7276e66c3..48511c565 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -293,7 +293,8 @@ int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent); gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, char **r_passphrase); int agent_genkey (ctrl_t ctrl, const char *cache_nonce, - const char *keyparam, size_t keyparmlen, membuf_t *outbuf); + const char *keyparam, size_t keyparmlen, + int no_protection, membuf_t *outbuf); int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey); /*-- protect.c --*/ diff --git a/agent/command.c b/agent/command.c index 5444e1811..0a56f1218 100644 --- a/agent/command.c +++ b/agent/command.c @@ -806,7 +806,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line) static const char hlp_genkey[] = - "GENKEY [<cache_nonce>]\n" + "GENKEY [--no-protection] [<cache_nonce>]\n" "\n" "Generate a new key, store the secret part and return the public\n" "part. Here is an example transaction:\n" @@ -824,12 +824,16 @@ cmd_genkey (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; + int no_protection; unsigned char *value; size_t valuelen; membuf_t outbuf; char *cache_nonce = NULL; char *p; + no_protection = has_option (line, "--no-protection"); + line = skip_options (line); + p = line; for (p=line; *p && *p != ' ' && *p != '\t'; p++) ; @@ -844,7 +848,8 @@ cmd_genkey (assuan_context_t ctx, char *line) init_membuf (&outbuf, 512); - rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, &outbuf); + rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, no_protection, + &outbuf); xfree (value); if (rc) clear_outbuf (&outbuf); diff --git a/agent/genkey.c b/agent/genkey.c index 0a35643e5..7612f99da 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -352,10 +352,11 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, /* Generate a new keypair according to the parameters given in KEYPARAM. If CACHE_NONCE is given first try to lookup a passphrase - using the cache nonce. */ + using the cache nonce. If NO_PROTECTION is true the key will not + be protected by a passphrase. */ int agent_genkey (ctrl_t ctrl, const char *cache_nonce, - const char *keyparam, size_t keyparamlen, + const char *keyparam, size_t keyparamlen, int no_protection, membuf_t *outbuf) { gcry_sexp_t s_keyparam, s_key, s_private, s_public; @@ -372,8 +373,12 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, } /* Get the passphrase now, cause key generation may take a while. */ - passphrase = cache_nonce? agent_get_cache (cache_nonce, CACHE_MODE_NONCE):NULL; - if (passphrase) + if (no_protection || !cache_nonce) + passphrase = NULL; + else + passphrase = agent_get_cache (cache_nonce, CACHE_MODE_NONCE); + + if (passphrase || no_protection) rc = 0; else rc = agent_ask_new_passphrase (ctrl, @@ -424,7 +429,8 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, gcry_create_nonce (tmpbuf, 12); cache_nonce = bin2hex (tmpbuf, 12, NULL); } - if (cache_nonce + if (cache_nonce + && !no_protection && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, passphrase, 900 /*seconds*/)) agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL); |