GpgFrontend/gpgme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

json: Do not allow to export or delete secret keys.

Browse Source 
* src/gpgme-json.c (op_export, op_delete): Return GPG_ERR_FORBIDDEN if
"secret" is used.
--

This should not be possible from a browser and we need to make this
fully clear.  Actually gpg-agent won't allow that anyway but having
this explicitly is better.

If that is ever needed a dedicated command line option may enable
this, for example when used by regular programs and not by the browser.
But that requires other changes as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-05-28 09:56:49 +02:00
parent 368f2d9db3
commit 0de991fee0
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/gpgme-json.c
View File

@ -2169,7 +2169,6 @@ static const char hlp_export[] =
"armor: Request output in armored format.\n" "armor: Request output in armored format.\n"
"extern: Add EXPORT_MODE_EXTERN.\n" "extern: Add EXPORT_MODE_EXTERN.\n"
"minimal: Add EXPORT_MODE_MINIMAL.\n" "minimal: Add EXPORT_MODE_MINIMAL.\n"
"secret: Add EXPORT_MODE_SECRET. (not implemented)\n"
"raw: Add EXPORT_MODE_RAW.\n" "raw: Add EXPORT_MODE_RAW.\n"
"pkcs12: Add EXPORT_MODE_PKCS12.\n" "pkcs12: Add EXPORT_MODE_PKCS12.\n"
"\n" "\n"
@ -2206,7 +2205,10 @@ op_export (cjson_t request, cjson_t result)
if ((err = get_boolean_flag (request, "secret", 0, &abool))) if ((err = get_boolean_flag (request, "secret", 0, &abool)))
goto leave; goto leave;
if (abool) if (abool)
mode |= GPGME_EXPORT_MODE_SECRET; {
err = gpg_error (GPG_ERR_FORBIDDEN);
goto leave;
}
if ((err = get_boolean_flag (request, "extern", 0, &abool))) if ((err = get_boolean_flag (request, "extern", 0, &abool)))
goto leave; goto leave;
@ -2270,9 +2272,6 @@ static const char hlp_delete[] =
"Optional parameters:\n" "Optional parameters:\n"
"protocol: Either \"openpgp\" (default) or \"cms\".\n" "protocol: Either \"openpgp\" (default) or \"cms\".\n"
"\n" "\n"
"Optional boolean flags (default is false):\n"
"secret: Allow deletion of secret keys. (not implemented)\n"
"\n"
"Response on success:\n" "Response on success:\n"
"success: Boolean true.\n"; "success: Boolean true.\n";
static gpg_error_t static gpg_error_t
@ -2293,6 +2292,11 @@ op_delete (cjson_t request, cjson_t result)
if ((err = get_boolean_flag (request, "secret", 0, &secret))) if ((err = get_boolean_flag (request, "secret", 0, &secret)))
goto leave; goto leave;
if (secret)
{
err = gpg_error (GPG_ERR_FORBIDDEN);
goto leave;
}
j_key = cJSON_GetObjectItem (request, "key"); j_key = cJSON_GetObjectItem (request, "key");
if (!j_key) if (!j_key)
@ -2307,14 +2311,14 @@ op_delete (cjson_t request, cjson_t result)
} }
/* Get the key */ /* Get the key */
if ((err = gpgme_get_key (keylist_ctx, j_key->valuestring, &key, secret))) if ((err = gpgme_get_key (keylist_ctx, j_key->valuestring, &key, 0)))
{ {
gpg_error_object (result, err, "Error fetching key for delete: %s", gpg_error_object (result, err, "Error fetching key for delete: %s",
gpg_strerror (err)); gpg_strerror (err));
goto leave; goto leave;
} }
err = gpgme_op_delete (ctx, key, secret); err = gpgme_op_delete (ctx, key, 0);
if (err) if (err)
{ {
gpg_error_object (result, err, "Error deleting key: %s", gpg_error_object (result, err, "Error deleting key: %s",