diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 18 | ||||
| -rw-r--r-- | g10/g10.c | 5 | ||||
| -rw-r--r-- | g10/getkey.c | 6 | ||||
| -rw-r--r-- | g10/keydb.h | 1 | ||||
| -rw-r--r-- | g10/keygen.c | 34 | ||||
| -rw-r--r-- | g10/parse-packet.c | 2 | ||||
| -rw-r--r-- | g10/pkclist.c | 121 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 7 | ||||
| -rw-r--r-- | g10/ringedit.c | 32 |
9 files changed, 208 insertions, 18 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index c0170606c..99e83ab6e 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,21 @@ +Fri Apr 14 19:37:08 CEST 2000 Werner Koch <[email protected]> + + * pkclist.c (do_show_revocation_reason): New. + (show_revocation_reason): New and called at various places. + + * g10.c (main): Fixed small typo. + + * pkclist.c (do_we_trust): Act on always_trust but not for revoked + keys. Suggested by Chip Salzenberg. + + * g10.c: New option --lock-never. + + * ringedit.c (get_writable_keyblock_file): New. + * keygen.c (do_generate_keypair): Use this instead of the hardwired one. + + * keygen.c (ask_user_id): Check that the email address is in the + correct field. Suggested by Christian Kurz. + Mon Apr 10 13:34:19 CEST 2000 Werner Koch <[email protected]> * keyedit.c (show_key_with_all_names): s/sbb/ssb/ @@ -168,6 +168,7 @@ enum cmd_and_opt_values { aNull = 0, oEscapeFrom, oLockOnce, oLockMultiple, + oLockNever, oKeyServer, oEncryptTo, oNoEncryptTo, @@ -347,6 +348,7 @@ static ARGPARSE_OPTS opts[] = { { oEscapeFrom, "escape-from-lines", 0, "@" }, { oLockOnce, "lock-once", 0, "@" }, { oLockMultiple, "lock-multiple", 0, "@" }, + { oLockNever, "lock-never", 0, "@" }, { oLoggerFD, "logger-fd",1, "@" }, { oUseEmbeddedFilename, "use-embedded-filename", 0, "@" }, { oUtf8Strings, "utf8-strings", 0, "@" }, @@ -882,6 +884,7 @@ main( int argc, char **argv ) case oNotDashEscaped: opt.not_dash_escaped = 1; break; case oEscapeFrom: opt.escape_from = 1; break; case oLockOnce: opt.lock_once = 1; break; + case oLockNever: disable_dotlock(); break; case oLockMultiple: opt.lock_once = 0; break; case oKeyServer: opt.keyserver_name = pargs.r.ret_str; break; case oNotation: add_notation_data( pargs.r.ret_str ); break; @@ -1447,7 +1450,7 @@ main( int argc, char **argv ) break; case aFixTrustDB: - log_error("this command ist not yet implemented.\"\n"); + log_error("this command is not yet implemented.\"\n"); log_error("A workaround is to use \"--export-ownertrust\", remove\n"); log_error("the trustdb file and do an \"--import-ownertrust\".\n" ); break; diff --git a/g10/getkey.c b/g10/getkey.c index 1dae1a3cd..568402f3a 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -45,7 +45,11 @@ * that they are all valid. * Note: We must use numerical values here in case that this program * will be converted to those little blue HAL9000s with their strange - * EBCDIC character set (user ids are UTF-8). */ + * EBCDIC character set (user ids are UTF-8). + * wk 2000-04-13: Hmmm, does this really make sense, given the fact that + * we can run gpg now on a S/390 running GNU/Linux, where the code + * translation is done by the device drivers? + */ static const byte word_match_chars[256] = { /* 00 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 08 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, diff --git a/g10/keydb.h b/g10/keydb.h index 68d2c231a..6db15d8a8 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -200,6 +200,7 @@ const char *enum_keyblock_resources( int *sequence, int secret ); int add_keyblock_resource( const char *resname, int force, int secret ); const char *keyblock_resource_name( KBPOS *kbpos ); int get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos ); +char *get_writable_keyblock_file( int secret ); int locate_keyblock_by_fpr( KBPOS *kbpos, const byte *fpr, int fprlen, int secret ); int locate_keyblock_by_keyid( KBPOS *kbpos, u32 *keyid, diff --git a/g10/keygen.c b/g10/keygen.c index ead51cbc2..d0083d13d 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -689,6 +689,7 @@ ask_user_id( int mode ) uid = aname = acomment = amail = NULL; for(;;) { char *p; + int fail=0; if( !aname ) { for(;;) { @@ -740,6 +741,7 @@ ask_user_id( int mode ) } } + m_free(uid); uid = p = m_alloc(strlen(aname)+strlen(amail)+strlen(acomment)+12+10); p = stpcpy(p, aname ); @@ -764,6 +766,12 @@ ask_user_id( int mode ) tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid); /* fixme: add a warning if this user-id already exists */ + if( !*amail && (strchr( aname, '@' ) || strchr( acomment, '@'))) { + fail = 1; + tty_printf(_("Please don't put the email address " + "into the real name or the comment\n") ); + } + for(;;) { char *ansstr = _("NnCcEeOoQq"); @@ -774,8 +782,9 @@ ask_user_id( int mode ) answer[1] = 0; } else { - answer = cpr_get("keygen.userid.cmd",_( - "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? ")); + answer = cpr_get("keygen.userid.cmd", fail? + _("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") : + _("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? ")); cpr_kill_prompt(); } if( strlen(answer) > 1 ) @@ -793,10 +802,15 @@ ask_user_id( int mode ) break; } else if( *answer == ansstr[6] || *answer == ansstr[7] ) { - m_free(aname); aname = NULL; - m_free(acomment); acomment = NULL; - m_free(amail); amail = NULL; - break; + if( fail ) { + tty_printf(_("Please correct the error first\n")); + } + else { + m_free(aname); aname = NULL; + m_free(acomment); acomment = NULL; + m_free(amail); amail = NULL; + break; + } } else if( *answer == ansstr[8] || *answer == ansstr[9] ) { m_free(aname); aname = NULL; @@ -1443,12 +1457,8 @@ do_generate_keypair( struct para_data_s *para, assert( outctrl->sec.stream ); } else { - /* check whether we are allowed to write to the keyrings */ - /* It is probably wrong to use the default names here - * but becuase I never gpt any complaints, we better leave - * it as it is. */ - pub_fname = make_filename(opt.homedir, "pubring.gpg", NULL ); - sec_fname = make_filename(opt.homedir, "secring.gpg", NULL ); + pub_fname = get_writable_keyblock_file( 0 ); + sec_fname = get_writable_keyblock_file( 1 ); } if( opt.verbose ) { diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 8b12216cc..48d601501 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1,5 +1,5 @@ /* parse-packet.c - read packets - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/g10/pkclist.c b/g10/pkclist.c index 04f76b653..42725d446 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -1,5 +1,5 @@ /* pkclist.c - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998,2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -96,6 +96,112 @@ fpr_info( PKT_public_key *pk ) } +/**************** + * Show the revocation reason as it is stored with the given signature + */ +static void +do_show_revocation_reason( PKT_signature *sig ) +{ + size_t n, nn; + const byte *p, *pp; + int seq = 0; + const char *text; + + while( (p = enum_sig_subpkt( sig->hashed_data, SIGSUBPKT_REVOC_REASON, + &n, &seq )) ) { + if( !n ) + continue; /* invalid - just skip it */ + + if( *p == 0 ) + text = _("No reason specified"); + else if( *p == 0x01 ) + text = _("Key is superseded"); + else if( *p == 0x02 ) + text = _("Key has been compromised"); + else if( *p == 0x03 ) + text = _("Key is no longer used"); + else if( *p == 0x20 ) + text = _("User ID is non longer valid"); + else + text = NULL; + + log_info( _("Reason for revocation: ") ); + if( text ) + fputs( text, log_stream() ); + else + fprintf( log_stream(), "code=%02x", *p ); + putc( '\n', log_stream() ); + n--; p++; + pp = NULL; + do { + /* We don't want any empty lines, so skip them */ + while( n && *p == '\n' ) { + p++; + n--; + } + if( n ) { + pp = memchr( p, '\n', n ); + nn = pp? pp - p : n; + log_info( _("Revocation comment: ") ); + print_string( log_stream(), p, nn, 0 ); + putc( '\n', log_stream() ); + p += nn; n -= nn; + } + } while( pp ); + } +} + + +static void +show_revocation_reason( PKT_public_key *pk ) +{ + /* Hmmm, this is not so easy becuase we have to duplicate the code + * used in the trustbd to calculate the keyflags. We need to find + * a clean way to check revocation certificates on keys and signatures. + * And there should be no duplicate code. Because we enter this function + * only when the trustdb toldus, taht we have a revoked key, we could + * simplylook for a revocation cert and display this one, when there is + * only one. Let's try to do this until we have a better solution. + */ + KBNODE node, keyblock = NULL; + byte fingerprint[MAX_FINGERPRINT_LEN]; + size_t fingerlen; + int rc; + + /* get the keyblock */ + fingerprint_from_pk( pk, fingerprint, &fingerlen ); + rc = get_keyblock_byfprint( &keyblock, fingerprint, fingerlen ); + if( rc ) { /* that should never happen */ + log_debug( "failed to get the keyblock\n"); + return; + } + + for( node=keyblock; node; node = node->next ) { + if( ( node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + && !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) + break; + } + if( !node ) { + log_debug("Oops, PK not in keyblock\n"); + release_kbnode( keyblock ); + return; + } + /* now find the revocation certificate */ + for( node = node->next; node ; node = node->next ) { + if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + break; + if( node->pkt->pkttype == PKT_SIGNATURE + && (node->pkt->pkt.signature->sig_class == 0x20 + || node->pkt->pkt.signature->sig_class == 0x28 ) ) { + /* FIXME: we should check the signature here */ + do_show_revocation_reason ( node->pkt->pkt.signature ); + } + } + + release_kbnode( keyblock ); +} + static void show_paths( ulong lid, int only_first ) @@ -350,6 +456,7 @@ do_we_trust( PKT_public_key *pk, int *trustlevel ) if( (*trustlevel & TRUST_FLAG_REVOKED) ) { log_info(_("key %08lX: key has been revoked!\n"), (ulong)keyid_from_pk( pk, NULL) ); + show_revocation_reason( pk ); if( opt.batch ) return 0; @@ -361,6 +468,7 @@ do_we_trust( PKT_public_key *pk, int *trustlevel ) else if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) { log_info(_("key %08lX: subkey has been revoked!\n"), (ulong)keyid_from_pk( pk, NULL) ); + show_revocation_reason( pk ); if( opt.batch ) return 0; @@ -371,6 +479,15 @@ do_we_trust( PKT_public_key *pk, int *trustlevel ) } *trustlevel &= ~trustmask; + if( opt.always_trust) { + if( opt.verbose ) + log_info("No trust check due to --always-trust option\n"); + /* The problem with this, is that EXPIRE can't be checked as + * this needs to insert a ne key into the trustdb first and + * we don't want that */ + return 1; + } + switch( (*trustlevel & TRUST_MASK) ) { case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */ @@ -533,10 +650,12 @@ check_signatures_trust( PKT_signature *sig ) write_status( STATUS_KEYREVOKED ); log_info(_("WARNING: This key has been revoked by its owner!\n")); log_info(_(" This could mean that the signature is forgery.\n")); + show_revocation_reason( pk ); } else if( (trustlevel & TRUST_FLAG_SUB_REVOKED) ) { write_status( STATUS_KEYREVOKED ); log_info(_("WARNING: This subkey has been revoked by its owner!\n")); + show_revocation_reason( pk ); } diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index c3241eb21..f84075486 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -202,6 +202,13 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid ) (ulong)keyid[1], asctimestamp( pk->expiredate) ); } + /* FIXME: check wheter the key has been revoked and display + * the revocation reason. Actually the user should know this himself, + * but the sender might not know already and therefor the user + * should get a notice that an revoked key has been used to decode + * the message. The user can than watch out for snakes send by + * one of those Eves outside his paradise :-) + */ free_public_key( pk ); rc = 0; } diff --git a/g10/ringedit.c b/g10/ringedit.c index bd7a882bd..5fcd458b0 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -1,5 +1,5 @@ /* ringedit.c - Function for key ring editing - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -181,7 +181,6 @@ enum_keyblock_resources( int *sequence, int secret ) } - /**************** * Register a resource (which currently may only be a keyring file). * The first keyring which is added by this function is @@ -420,6 +419,35 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos ) } +/**************** + * Return the filename of the firstkeyblock resource which is intended + * for write access. This will either be the default resource or in + * case this is not writable one of the others. If no writable is found, + * the default filename in the homedirectory will be returned. + * Caller must free, will never return NULL. + */ +char * +get_writable_keyblock_file( int secret ) +{ + int i = secret? default_secret_resource : default_public_resource; + + if( resource_table[i].used && !resource_table[i].secret == !secret ) { + if( !access( resource_table[i].fname, R_OK|W_OK ) ) { + return m_strdup( resource_table[i].fname ); + } + } + for(i=0; i < MAX_RESOURCES; i++ ) { + if( resource_table[i].used && !resource_table[i].secret == !secret ) { + if( !access( resource_table[i].fname, R_OK|W_OK ) ) { + return m_strdup( resource_table[i].fname ); + } + } + } + /* Assume the home dir is always writable */ + return make_filename(opt.homedir, secret? "secring.gpg" + : "pubring.gpg", NULL ); +} + /**************** * Search a keyblock which starts with the given packet and puts all |