diff options
Diffstat (limited to 'g10/export.c')
| -rw-r--r-- | g10/export.c | 52 |
1 files changed, 41 insertions, 11 deletions
diff --git a/g10/export.c b/g10/export.c index c538dc1f1..d53be99fe 100644 --- a/g10/export.c +++ b/g10/export.c @@ -41,6 +41,8 @@ #include "../common/init.h" #include "trustdb.h" #include "call-agent.h" +#include "key-clean.h" + /* An object to keep track of subkeys. */ struct subkey_list_s @@ -95,7 +97,7 @@ cleanup_export_globals (void) } -/* Option parser for export options. See parse_options fro +/* Option parser for export options. See parse_options for details. */ int parse_export_options(char *str,unsigned int *options,int noisy) @@ -112,6 +114,8 @@ parse_export_options(char *str,unsigned int *options,int noisy) N_("remove unusable parts from key during export")}, {"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL, N_("remove as much as possible from key during export")}, + {"export-drop-uids", EXPORT_DROP_UIDS, NULL, + N_("Do not export user id or attribute packets")}, {"export-pka", EXPORT_PKA_FORMAT, NULL, NULL }, {"export-dane", EXPORT_DANE_FORMAT, NULL, NULL }, @@ -134,14 +138,20 @@ parse_export_options(char *str,unsigned int *options,int noisy) int rc; rc = parse_options (str, options, export_opts, noisy); - if (rc && (*options & EXPORT_BACKUP)) + if (!rc) + return 0; + + /* Alter other options we want or don't want for restore. */ + if ((*options & EXPORT_BACKUP)) { - /* Alter other options we want or don't want for restore. */ *options |= (EXPORT_LOCAL_SIGS | EXPORT_ATTRIBUTES | EXPORT_SENSITIVE_REVKEYS); *options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL | EXPORT_PKA_FORMAT | EXPORT_DANE_FORMAT); } + /* Dropping uids also means to drop attributes. */ + if ((*options & EXPORT_DROP_UIDS)) + *options &= ~(EXPORT_ATTRIBUTES); return rc; } @@ -1169,7 +1179,7 @@ print_status_exported (PKT_public_key *pk) * passphrase-protected. Otherwise, store secret key material in the * clear. * - * CACHE_NONCE_ADDR is used to share nonce for multple key retrievals. + * CACHE_NONCE_ADDR is used to share nonce for multiple key retrievals. */ gpg_error_t receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd, @@ -1459,7 +1469,7 @@ print_pka_or_dane_records (iobuf_t out, kbnode_t keyblock, PKT_public_key *pk, continue; xfree (mbox); - mbox = mailbox_from_userid (uid->name); + mbox = mailbox_from_userid (uid->name, 0); if (!mbox) continue; @@ -1573,7 +1583,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, if (node->pkt->pkttype == PKT_COMMENT) continue; - /* Skip ring trust packets - they should not ne here anyway. */ + /* Skip ring trust packets - they should not be here anyway. */ if (node->pkt->pkttype == PKT_RING_TRUST) continue; @@ -1648,6 +1658,19 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, } } + /* Don't export user ids (and attributes)? This is not RFC-4880 + * compliant but we allow it anyway. */ + if ((options & EXPORT_DROP_UIDS) + && node->pkt->pkttype == PKT_USER_ID) + { + /* Skip until we get to something that is not a user id (or + * attrib) or a signature on it. */ + while (kbctx->next && kbctx->next->pkt->pkttype == PKT_SIGNATURE) + kbctx = kbctx->next; + + continue; + } + /* Don't export attribs? */ if (!(options & EXPORT_ATTRIBUTES) && node->pkt->pkttype == PKT_USER_ID @@ -2001,12 +2024,19 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, } /* Always do the cleaning on the public key part if requested. - * Note that both export-clean and export-minimal only apply to - * UID sigs (0x10, 0x11, 0x12, and 0x13). A designated - * revocation is never stripped, even with export-minimal set. */ + * A designated revocation is never stripped, even with + * export-minimal set. */ if ((options & EXPORT_CLEAN)) - clean_key (ctrl, keyblock, opt.verbose, - (options&EXPORT_MINIMAL), NULL, NULL); + { + merge_keys_and_selfsig (ctrl, keyblock); + clean_all_uids (ctrl, keyblock, opt.verbose, + (options&EXPORT_MINIMAL), NULL, NULL); + clean_all_subkeys (ctrl, keyblock, opt.verbose, + (options&EXPORT_MINIMAL)? KEY_CLEAN_ALL + /**/ : KEY_CLEAN_AUTHENCR, + NULL, NULL); + commit_kbnode (&keyblock); + } if (export_keep_uid) { |