From 1695cf267edf85bc451b59bf012083feb250bf59 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 24 Jun 2024 16:31:24 +0200 Subject: gpg: New option --show-only-session-key * g10/options.h (opt): Add show_only_session_key and turn show_session_key into a bit flag. * g10/gpg.c (oShowOnlySessionKey): New. (opts): Add "show-only-session-key". (main): Set flag. * g10/mainproc.c (proc_encrypted): Handle the new option. * g10/decrypt-data.c (decrypt_data): Ditto. Add compliance error flag to the DECRYPTION_INFO status line. -- This new option is somehow related to GnuPG-bug-id: 1825 --- g10/mainproc.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'g10/mainproc.c') diff --git a/g10/mainproc.c b/g10/mainproc.c index 0fd32aead..29e5188f5 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -664,7 +664,8 @@ proc_encrypted (CTX c, PACKET *pkt) if (c->dek && opt.verbose > 1) log_info (_("public key encrypted data: good DEK\n")); - write_status (STATUS_BEGIN_DECRYPTION); + if (!opt.show_only_session_key) + write_status (STATUS_BEGIN_DECRYPTION); /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/ if (opt.list_only) @@ -794,6 +795,8 @@ proc_encrypted (CTX c, PACKET *pkt) * log_error printed in the cry_cipher_checktag never gets ignored. */ if (!result && early_plaintext) result = gpg_error (GPG_ERR_BAD_DATA); + else if (!result && opt.show_only_session_key) + result = -1; else if (!result && pkt->pkt.encrypted->aead_algo && log_get_errorcount (0)) result = gpg_error (GPG_ERR_BAD_SIGNATURE); @@ -903,7 +906,9 @@ proc_encrypted (CTX c, PACKET *pkt) c->dek = NULL; free_packet (pkt, NULL); c->last_was_session_key = 0; - write_status (STATUS_END_DECRYPTION); + + if (!opt.show_only_session_key) + write_status (STATUS_END_DECRYPTION); /* Bump the counter even if we have not seen a literal data packet * inside an encryption container. This acts as a sentinel in case @@ -915,7 +920,8 @@ proc_encrypted (CTX c, PACKET *pkt) * de-vs compliance mode by just looking at the exit status. */ if (opt.flags.require_compliance && opt.compliance == CO_DE_VS - && compliance_de_vs != (4|2|1)) + && compliance_de_vs != (4|2|1) + && !opt.show_only_session_key) { log_error (_("operation forced to fail due to" " unfulfilled compliance rules\n")); @@ -2203,7 +2209,7 @@ check_sig_and_print (CTX c, kbnode_t node) } } - /* Do do something with the result of the signature checking. */ + /* Do something with the result of the signature checking. */ if (!rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE) { /* We have checked the signature and the result is either a good -- cgit v1.2.3