diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/Makefile.am | 1 | ||||
| -rw-r--r-- | g10/Makefile.in | 1 | ||||
| -rw-r--r-- | g10/OPTIONS | 135 | ||||
| -rw-r--r-- | g10/g10.c | 17 | ||||
| -rw-r--r-- | g10/keygen.c | 53 | ||||
| -rw-r--r-- | g10/main.h | 3 | ||||
| -rw-r--r-- | g10/openfile.c | 2 | ||||
| -rw-r--r-- | g10/options.h | 2 | ||||
| -rw-r--r-- | g10/passphrase.c | 9 | ||||
| -rw-r--r-- | g10/plaintext.c | 9 | ||||
| -rw-r--r-- | g10/ringedit.c | 2 | ||||
| -rw-r--r-- | g10/sig-check.c | 41 |
12 files changed, 227 insertions, 48 deletions
diff --git a/g10/Makefile.am b/g10/Makefile.am index eb3e8b238..e13459e97 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -1,6 +1,7 @@ ## Process this file with automake to produce Makefile.in INCLUDES = -I$(top_srcdir)/include +EXTRA_DIST = OPTIONS bin_PROGRAMS = g10 diff --git a/g10/Makefile.in b/g10/Makefile.in index 8aeca74c4..6ce262c02 100644 --- a/g10/Makefile.in +++ b/g10/Makefile.in @@ -39,6 +39,7 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ transform = @program_transform_name@ INCLUDES = -I$(top_srcdir)/include +EXTRA_DIST = OPTIONS bin_PROGRAMS = g10 diff --git a/g10/OPTIONS b/g10/OPTIONS new file mode 100644 index 000000000..dc5f3158f --- /dev/null +++ b/g10/OPTIONS @@ -0,0 +1,135 @@ +# This is a sample option file +# +# Unless you you specify which option file to use with the +# commandline option "--options filename", g10 uses per +# default the file ~/.g10/options. +# +# An option file can contain all long options which are +# available in G10. If the first non white space character of +# a line is a '#', this line is ignored. Empty lines are also +# ignored. +# +# Here is a list of all possible options. Not of all them make +# sense in an option file; consider this as a complete option +# reference + +add-key +# add key to the public keyring + +armor +# create ascii armored output + + +batch +# batch mode: never ask + +cache-all +# hold everything in memory + +change-passphrase +# change the passphrase of your secret keyring + +check +# check a signature + +check-key +# check signatures on a key in the keyring + +debug value|hexvalue +# set debugging flags, + +debug-all +# enable full debugging + +decrypt +# decrypt data (default) + +delete-key +# remove key from public keyring, + +detach-sign +# make a detached signature, + +dry-run +# don't make any changes + +encrypt +# encrypt data + +fingerprint +# show the fingerprints, + +gen-key +# generate a new key pair, + +gen-prime +# Generate a prime. +# With one argument: take it as the bitsize and make a simple prime of +# this size +# With two arguments: Generate a prime, usable for DL algorithms. +# With three arguments: same as above, but a third argument indicates +# taht a generator should also be calculated. + +keyring filename +# add this filename to the list of keyrings + +local-user user-string +# use this user-string to sign or decrypt + +no +# assume no on most questions + +no-armor +# Assume the input data is not in ascii armored format. + +no-default-keyring +# Do not add the default keyrings to the list of keyrings + +options filename +# Ignored in option files. + +output filename +# use filename for output + +print-mds +# print all message digests of all give filenames + +remote-user +# use this user-id for encryption" + + +secret-keyring filename +# add filename to the list of secret keyrings + +sign +# make a signature + +sign-key +# make a signature on a key in the keyring +# Argument is the userid of the key to sign. +# This looks for the key, displays the key and checks all +# existing signatures of this key. If the key is not yet signed +# by the default user (or the users given with "-l"), the programm +# displays the information of the key again, together with +# it's fingerprint and asked wehter it should be signed. This question +# is repeated for all users specified with "-l". The key is then signed +# and the keyring which contains the key is updated. + +store +# simply packs the input data into a rfc1991 packet format + +symmetric +# encrypt the input only with the symmetric (conventional) cipher. +# This asks for a passphrase. + +test +# Used for testing some parts of the program + +verbose +# Give more informations suring processing. If used 2 times, the input data +# is listed in detail. + +yes +# assume yes on most questions + + @@ -131,8 +131,9 @@ main( int argc, char **argv ) { 515, "fingerprint", 0, "show the fingerprints"}, { 516, "print-mds" , 0, "print all message digests"}, { 517, "secret-keyring" ,2, "add this secret keyring to the list" }, - { 518, "config" , 2, "use this config file" }, + { 518, "options" , 2, "read options from file" }, { 519, "no-armor", 0, "\r"}, + { 520, "no-default-keyring", 0, "\r" }, {0} }; ARGPARSE_ARGS pargs; @@ -155,9 +156,10 @@ main( int argc, char **argv ) int parse_verbose = 0; int default_config =1; int errors=0; + int default_keyring = 1; - opt.compress = -1; /* defaults to default compression level */ + opt.compress = 0; /* defaults to no compression level */ /* check wether we have a config file on the commandline */ orig_argc = argc; @@ -212,10 +214,7 @@ main( int argc, char **argv ) case 'z': opt.compress = pargs.r.ret_int; break; case 'a': opt.armor = 1; opt.no_armor=0; break; case 'c': action = aSym; break; - case 'o': opt.outfile = pargs.r.ret_str; - if( opt.outfile[0] == '-' && !opt.outfile[1] ) - opt.outfile_is_stdout = 1; - break; + case 'o': opt.outfile = pargs.r.ret_str; break; case 'e': action = action == aSign? aSignEncr : aEncr; break; case 'b': detached_sig = 1; /* fall trough */ @@ -257,6 +256,7 @@ main( int argc, char **argv ) } break; case 519: opt.no_armor=1; opt.armor=0; break; + case 520: default_keyring = 0; break; default : errors++; pargs.err = configfp? 1:2; break; } } @@ -280,12 +280,12 @@ main( int argc, char **argv ) fputs(s, stderr); } - if( !sec_nrings ) { /* add default secret rings */ + if( !sec_nrings || default_keyring ) { /* add default secret rings */ char *p = make_filename("~/.g10", "secring.g10", NULL ); add_secret_keyring(p); m_free(p); } - if( !nrings ) { /* add default ring */ + if( !nrings || default_keyring ) { /* add default ring */ char *p = make_filename("~/.g10", "pubring.g10", NULL ); add_keyring(p); m_free(p); @@ -331,6 +331,7 @@ main( int argc, char **argv ) case aSignEncr: /* sign and encrypt the given file */ + log_fatal("signing and encryption is not yet implemented\n"); usage(1); /* FIXME */ break; diff --git a/g10/keygen.c b/g10/keygen.c index b171b0676..2582f9b47 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -39,17 +39,6 @@ #endif -static int -answer_is_yes( const char *s ) -{ - if( !stricmp(s, "yes") ) - return 1; - if( *s == 'y' && !s[1] ) - return 1; - if( *s == 'Y' && !s[1] ) - return 1; - return 0; -} static u16 @@ -356,7 +345,7 @@ generate_keypair() else if( algo == 3 ) { algo = PUBKEY_ALGO_DSA; algo_name = "DSA"; - break; + tty_printf("Sorry; DSA is not yet supported.\n"); } } @@ -380,8 +369,8 @@ generate_keypair() #endif if( algo == PUBKEY_ALGO_DSA && (nbits < 512 || nbits > 1024) ) tty_printf("DSA does only allow keysizes from 512 to 1024\n"); - else if( nbits < 128 ) /* FIXME: change this to 768 */ - tty_printf("keysize too small; please select a larger one\n"); + else if( nbits < 768 ) + tty_printf("keysize too small; 768 is smallest value allowed.\n"); else if( nbits > 2048 ) { tty_printf("Keysizes larger than 2048 are not suggested, because " "computations take REALLY long!\n"); @@ -441,20 +430,28 @@ generate_keypair() tty_printf( "You need a Passphrase to protect your secret key.\n\n" ); dek = m_alloc_secure( sizeof *dek ); - dek->algo = CIPHER_ALGO_BLOWFISH; - rc = make_dek_from_passphrase( dek , 2 ); - if( rc == -1 ) { - m_free(dek); dek = NULL; - tty_printf( + for(;;) { + dek->algo = CIPHER_ALGO_BLOWFISH; + rc = make_dek_from_passphrase( dek , 2 ); + if( rc == -1 ) { + m_free(dek); dek = NULL; + tty_printf( "You don't what a passphrase - this is probably a *bad* idea!\n" "I will do it anyway. You can change your passphrase at anytime,\n" "using this program with the option \"--change-passphrase\"\n\n" ); - } - else if( rc ) { - m_free(dek); dek = NULL; - m_free(uid); - log_error("Error getting the passphrase: %s\n", g10_errstr(rc) ); - return; + break; + } + else if( rc == G10ERR_PASSPHRASE ) { + tty_printf("passphrase not correctly repeated; try again.\n"); + } + else if( rc ) { + m_free(dek); dek = NULL; + m_free(uid); + log_error("Error getting the passphrase: %s\n", g10_errstr(rc) ); + return; + } + else + break; /* okay */ } @@ -474,6 +471,12 @@ generate_keypair() pub_root = make_comment_node("#created by G10 pre-release " VERSION ); sec_root = make_comment_node("#created by G10 pre-release " VERSION ); + tty_printf( +"We need to generate a lot of random bytes. It is a good idea to perform\n" +"some other action (work in another window, move the mouse, utilize the\n" +"network and the disks) during the prime generation; this gives the random\n" +"number generator a better chance to gain enough entropy.\n" ); + if( algo == PUBKEY_ALGO_ELGAMAL ) rc = gen_elg(nbits, pub_root, sec_root, dek, &skc ); #ifdef HAVE_RSA_CIPHER diff --git a/g10/main.h b/g10/main.h index 13e20a750..0d769c8b0 100644 --- a/g10/main.h +++ b/g10/main.h @@ -37,6 +37,9 @@ int encode_crypt( const char *filename, STRLIST remusr ); int sign_file( const char *filename, int detached, STRLIST locusr ); int sign_key( const char *username, STRLIST locusr ); +/*-- sig-check.c --*/ +int check_key_signature( KBNODE root, KBNODE node ); + /*-- keygen.c --*/ void generate_keypair(void); diff --git a/g10/openfile.c b/g10/openfile.c index 1a840f19c..4b7331dcd 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -87,7 +87,7 @@ open_outfile( const char *iname ) IOBUF a = NULL; int rc; - if( (!iname && !opt.outfile) || opt.outfile_is_stdout ) { + if( !iname && !opt.outfile ) { if( !(a = iobuf_create(NULL)) ) log_error("can't open [stdout]: %s\n", strerror(errno) ); else if( opt.verbose ) diff --git a/g10/options.h b/g10/options.h index 3be6c92c3..8338404ea 100644 --- a/g10/options.h +++ b/g10/options.h @@ -26,7 +26,7 @@ struct { int armor; int compress; char *outfile; - int outfile_is_stdout; + int reserved0; int batch; /* run in batch mode */ int answer_yes; /* answer yes on most questions */ int answer_no; /* answer no on most questions */ diff --git a/g10/passphrase.c b/g10/passphrase.c index 4e5e57bb3..a974ca9f5 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -27,6 +27,7 @@ #include "memory.h" #include "ttyio.h" #include "cipher.h" +#include "keydb.h" static int hash_passphrase( DEK *dek, char *pw ); @@ -44,8 +45,14 @@ get_passphrase_hash( u32 *keyid, char *text ) DEK *dek; if( keyid ) { + char *ustr; tty_printf("\nNeed a pass phrase to unlock the secret key!\n"); - tty_printf("KeyID: %08lX\n\n", keyid[1] ); + tty_printf("KeyID: " ); + ustr = get_user_id_string( keyid ); + tty_print_string( ustr, strlen(ustr) ); + m_free(ustr); + tty_printf("\n\n"); + } if( keyid && (p=getenv("G10PASSPHRASE")) ) { pw = m_alloc_secure(strlen(p)+1); diff --git a/g10/plaintext.c b/g10/plaintext.c index edd12891c..831a81089 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -56,13 +56,8 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx ) fname[pt->namelen] = 0; } - if( !*fname ) { /* no filename given */ - if( opt.outfile_is_stdout ) - fp = stdout; - else { - log_error("no outputfile given\n"); - goto leave; - } + if( !*fname ) { /* no filename given; write to stdout */ + fp = stdout; } else if( overwrite_filep( fname ) ) goto leave; diff --git a/g10/ringedit.c b/g10/ringedit.c index f1b18d24d..05a8bb299 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -558,7 +558,7 @@ keyring_delete( KBPOS *kbpos ) } len = kbpos->length; - log_debug("writing a dummy packet of length %lu\n", (ulong)len); + /*log_debug("writing a dummy packet of length %lu\n", (ulong)len);*/ if( len < 2 ) log_bug(NULL); diff --git a/g10/sig-check.c b/g10/sig-check.c index 040c969f5..bbeb3a956 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -198,8 +198,8 @@ signature_check( PKT_signature *sig, MD_HANDLE *digest ) } #endif/*HAVE_RSA_CIPHER*/ else { - log_debug("signature_check: unsupported pubkey algo %d\n", - pkc->pubkey_algo ); + /*log_debug("signature_check: unsupported pubkey algo %d\n", + pkc->pubkey_algo );*/ rc = G10ERR_PUBKEY_ALGO; goto leave; } @@ -219,13 +219,46 @@ signature_check( PKT_signature *sig, MD_HANDLE *digest ) int check_key_signature( KBNODE root, KBNODE node ) { + KBNODE unode; + MD_HANDLE *md; + PKT_public_cert *pkc; + PKT_signature *sig; + int algo; + int rc; + assert( node->pkt->pkttype == PKT_SIGNATURE ); assert( (node->pkt->pkt.signature->sig_class&~3) == 0x10 ); assert( root->pkt->pkttype == PKT_PUBLIC_CERT ); - /*FIXME!!!!!!*/ + pkc = root->pkt->pkt.public_cert; + sig = node->pkt->pkt.signature; + + if( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) + algo = sig->d.elg.digest_algo; + else if(sig->pubkey_algo == PUBKEY_ALGO_RSA ) + algo = sig->d.rsa.digest_algo; + else + return G10ERR_PUBKEY_ALGO; + if( (rc=md_okay(algo)) ) + return rc; + + unode = find_kbparent( root, node ); - return 0; + if( unode && unode->pkt->pkttype == PKT_USER_ID ) { + PKT_user_id *uid = unode->pkt->pkt.user_id; + + md = md_open( algo, 0 ); + hash_public_cert( md, pkc ); + md_write( md, uid->name, uid->len ); + rc = signature_check( sig, md ); + md_close(md); + } + else { + log_error("no user id for key signature packet\n"); + rc = G10ERR_SIG_CLASS; + } + + return rc; } |