diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 6 | ||||
| -rw-r--r-- | g10/export.c | 1 | ||||
| -rw-r--r-- | g10/keyedit.c | 78 | ||||
| -rw-r--r-- | g10/keylist.c | 5 | ||||
| -rw-r--r-- | g10/mainproc.c | 2 | ||||
| -rw-r--r-- | g10/sign.c | 5 |
6 files changed, 91 insertions, 6 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 739677029..ea8895aa2 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +Wed Apr 28 13:03:03 CEST 1999 Werner Koch <[email protected]> + + * keyedit.c (keyedit_menu): Add new command revkey. + * (menu_revkey): New. + + Mon Apr 26 17:48:15 CEST 1999 Werner Koch <[email protected]> * parse-packet.c (parse_signature): Add the MDC hack. diff --git a/g10/export.c b/g10/export.c index 3cd297f70..911a71599 100644 --- a/g10/export.c +++ b/g10/export.c @@ -204,4 +204,3 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any ) return rc; } - diff --git a/g10/keyedit.c b/g10/keyedit.c index 1ba92a2cd..b2fb13d28 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -57,6 +57,7 @@ static int count_keys_with_flag( KBNODE keyblock, unsigned flag ); static int count_selected_uids( KBNODE keyblock ); static int count_selected_keys( KBNODE keyblock ); static int menu_revsig( KBNODE keyblock ); +static int menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock ); #define CONTROL_D ('D' - 'A' + 1) @@ -523,7 +524,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands ) { enum cmdids { cmdNONE = 0, cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN, - cmdLSIGN, cmdREVSIG, + cmdLSIGN, cmdREVSIG, cmdREVKEY, cmdDEBUG, cmdSAVE, cmdADDUID, cmdDELUID, cmdADDKEY, cmdDELKEY, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE, cmdNOP }; @@ -560,6 +561,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands ) { N_("passwd") , cmdPASSWD , 1, N_("change the passphrase") }, { N_("trust") , cmdTRUST , 0, N_("change the ownertrust") }, { N_("revsig") , cmdREVSIG , 0, N_("revoke signatures") }, + { N_("revkey") , cmdREVKEY , 1, N_("revoke a secondary key") }, { NULL, cmdNONE } }; enum cmdids cmd; @@ -830,6 +832,28 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands ) } break; + case cmdREVKEY: { + int n1; + + if( !(n1=count_selected_keys( keyblock )) ) + tty_printf(_("You must select at least one key.\n")); + else if( sec_keyblock && !cpr_get_answer_is_yes( + "keyedit.revoke.subkey.okay", + n1 > 1? + _("Do you really want to revoke the selected keys? "): + _("Do you really want to revoke this key? ") + )) + ; + else { + if( menu_revkey( keyblock, sec_keyblock ) ) { + modified = 1; + /*sec_modified = 1;*/ + } + redisplay = 1; + } + } + break; + case cmdEXPIRE: if( menu_expire( keyblock, sec_keyblock ) ) { merge_keys_and_selfsig( sec_keyblock ); @@ -1663,4 +1687,56 @@ menu_revsig( KBNODE keyblock ) return changed; } +/**************** + * Revoke some of the secondary keys. + * Hmmm: Should we add a revocation to the secret keyring too? + * Does its all make sense to duplicate most of the information? + */ +static int +menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock ) +{ + PKT_public_key *mainpk; + KBNODE node; + int changed = 0; + int upd_trust = 0; + int rc; + + reloop: /* (better this way becuase we are modifing the keyring) */ + mainpk = pub_keyblock->pkt->pkt.public_key; + for( node = pub_keyblock; node; node = node->next ) { + if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY + && (node->flag & NODFLG_SELKEY) ) { + PACKET *pkt; + PKT_signature *sig; + PKT_secret_key *sk; + PKT_public_key *subpk = node->pkt->pkt.public_key; + + node->flag &= ~NODFLG_SELKEY; + sk = copy_secret_key( NULL, sec_keyblock->pkt->pkt.secret_key ); + rc = make_keysig_packet( &sig, mainpk, NULL, subpk, sk, 0x28, 0, + NULL, NULL ); + free_secret_key(sk); + if( rc ) { + log_error(_("signing failed: %s\n"), g10_errstr(rc)); + return changed; + } + changed = 1; /* we changed the keyblock */ + upd_trust = 1; + + pkt = m_alloc_clear( sizeof *pkt ); + pkt->pkttype = PKT_SIGNATURE; + pkt->pkt.signature = sig; + insert_kbnode( node, new_kbnode(pkt), PKT_SIGNATURE ); + goto reloop; + } + } + commit_kbnode( &pub_keyblock ); + /*commit_kbnode( &sec_keyblock );*/ + + if( upd_trust ) + clear_trust_checked_flag( mainpk ); + + return changed; +} + diff --git a/g10/keylist.c b/g10/keylist.c index a2f9e7b5b..cfd6772c0 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -329,6 +329,8 @@ list_keyblock( KBNODE keyblock, int secret ) puts("[revoked]"); else if( sig->sig_class == 0x18 ) puts("[key binding]"); + else if( sig->sig_class == 0x28 ) + puts("[subkey revoked]"); else putchar('\n'); if( opt.fingerprint ) @@ -336,7 +338,8 @@ list_keyblock( KBNODE keyblock, int secret ) any=1; } - if( sig->sig_class == 0x20 || sig->sig_class == 0x30 ) + if( sig->sig_class == 0x20 || sig->sig_class == 0x28 + || sig->sig_class == 0x30 ) fputs("rev", stdout); else if( (sig->sig_class&~3) == 0x10 ) fputs("sig", stdout); diff --git a/g10/mainproc.c b/g10/mainproc.c index 528f520ac..024674e4a 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -307,7 +307,7 @@ proc_plaintext( CTX c, PACKET *pkt ) md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); } - #if 0 + #if 1 #warning md_start_debug is enabled md_start_debug( c->mfx.md, "verify" ); #endif diff --git a/g10/sign.c b/g10/sign.c index 8cf5be7f5..8acf1b239 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -656,7 +656,8 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, MD_HANDLE md; assert( (sigclass >= 0x10 && sigclass <= 0x13) - || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x30 ); + || sigclass == 0x20 || sigclass == 0x18 + || sigclass == 0x30 || sigclass == 0x28 ); if( !digest_algo ) { switch( sk->pubkey_algo ) { case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break; @@ -669,7 +670,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, /* hash the public key certificate and the user id */ hash_public_key( md, pk ); - if( sigclass == 0x18 ) { /* subkey binding */ + if( sigclass == 0x18 || sigclass == 0x28 ) { /* subkey binding/revocation*/ hash_public_key( md, subpk ); } else if( sigclass != 0x20 ) { |