GpgFrontend/gpgme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: New export mode to export secret subkeys.

Browse Source 
* src/gpgme.h.in (GPGME_EXPORT_MODE_SECRET_SUBKEY): New.
* src/export.c (check_mode): Allow new mode and check for invalid
combinations.
(export_keys_start): Return error if new mode flag is set.
* src/engine-gpg.c (export_common): Implement.
* src/gpgme-tool.c (cmd_export): New option --secret-subkey.
* tests/run-export.c (main): New option --secret-subkey.
--

This adds support for exporting secret subkeys (via gpg's
--export-secret-subkeys) to gpgme_op_export[_ext][_start].
The flag is not supported by gpgme_op_export_keys[_start] because
there is no way to specify which subkey(s) to export with these
functions.

GnuPG-bug-id: 5757
This commit is contained in:
Ingo Klöcker 2022-01-03 16:25:40 +01:00
parent 414bbdd53c
commit 0e19c48791
7 changed files with 51 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -5,11 +5,14 @@ Noteworthy changes in version 1.16.1 (unreleased)
* New context flag "import-filter". [#5739]
* New export mode to export secret subkeys. [#5757]
* qt: Extend ChangeExpiryJob to change expiration of primary key
and of subkeys at the same time. [#4717]
* Interface changes relative to the 1.16.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPGME_EXPORT_MODE_SECRET_SUBKEY NEW.
gpgme_set_ctx_flag EXTENDED: New flag 'key-origin'.
gpgme_set_ctx_flag EXTENDED: New flag 'import-filter'.
qt: ChangeExpiryJob::Option NEW.

11
doc/gpgme.texi
View File

@ -4893,7 +4893,6 @@ OpenPGP key is exported in the OpenSSH public key format. This
accepts just a single key; to force the export of a specific subkey
a fingerprint pattern with an appended exclamation mark may be used.
@item GPGME_EXPORT_MODE_SECRET
@since{1.6.0}
@ -4901,6 +4900,16 @@ Instead of exporting the public key, the secret key is exported. This
may not be combined with @code{GPGME_EXPORT_MODE_EXTERN}. For X.509
the export format is PKCS#8.
@item GPGME_EXPORT_MODE_SECRET_SUBKEY
@since{1.17.0}
If this bit is set, then a secret subkey is exported. The subkey to
export must be specified with fingerprint pattern with an appended
exclamation mark. This is currently only allowed for OpenPGP keys.
This flag may not be combined with @code{GPGME_EXPORT_MODE_EXTERN}.
This flag is not supported by the export functions that take an array
of keys.
@item GPGME_EXPORT_MODE_RAW
@since{1.6.0}

7
src/engine-gpg.c
View File

@ -2354,7 +2354,8 @@ export_common (engine_gpg_t gpg, gpgme_export_mode_t mode,
if ((mode & ~(GPGME_EXPORT_MODE_EXTERN
|GPGME_EXPORT_MODE_MINIMAL
|GPGME_EXPORT_MODE_SSH
|GPGME_EXPORT_MODE_SECRET)))
|GPGME_EXPORT_MODE_SECRET
|GPGME_EXPORT_MODE_SECRET_SUBKEY)))
return gpg_error (GPG_ERR_NOT_SUPPORTED);
if ((mode & GPGME_EXPORT_MODE_MINIMAL))
@ -2379,7 +2380,9 @@ export_common (engine_gpg_t gpg, gpgme_export_mode_t mode,
}
else
{
if ((mode & GPGME_EXPORT_MODE_SECRET))
if ((mode & GPGME_EXPORT_MODE_SECRET_SUBKEY))
err = add_arg (gpg, "--export-secret-subkeys");
else if ((mode & GPGME_EXPORT_MODE_SECRET))
err = add_arg (gpg, "--export-secret-keys");
else
err = add_arg (gpg, "--export");

17
src/export.c
View File

@ -125,7 +125,8 @@ check_mode (gpgme_export_mode_t mode, gpgme_protocol_t protocol,
|GPGME_EXPORT_MODE_SECRET
|GPGME_EXPORT_MODE_SSH
|GPGME_EXPORT_MODE_RAW
|GPGME_EXPORT_MODE_PKCS12)))
|GPGME_EXPORT_MODE_PKCS12
|GPGME_EXPORT_MODE_SECRET_SUBKEY)))
return gpg_error (GPG_ERR_INV_VALUE); /* Invalid flags in MODE. */
if ((mode & GPGME_EXPORT_MODE_SSH))
@ -134,7 +135,8 @@ check_mode (gpgme_export_mode_t mode, gpgme_protocol_t protocol,
|GPGME_EXPORT_MODE_MINIMAL
|GPGME_EXPORT_MODE_SECRET
|GPGME_EXPORT_MODE_RAW
|GPGME_EXPORT_MODE_PKCS12)))
|GPGME_EXPORT_MODE_PKCS12
|GPGME_EXPORT_MODE_SECRET_SUBKEY)))
return gpg_error (GPG_ERR_INV_FLAG); /* Combination not allowed. */
}
@ -151,6 +153,12 @@ check_mode (gpgme_export_mode_t mode, gpgme_protocol_t protocol,
return gpg_error (GPG_ERR_INV_FLAG); /* Only supported for X.509. */
}
if ((mode & GPGME_EXPORT_MODE_SECRET_SUBKEY))
{
if ((mode & GPGME_EXPORT_MODE_EXTERN))
return gpg_error (GPG_ERR_INV_FLAG); /* Combination not allowed. */
}
if ((mode & GPGME_EXPORT_MODE_EXTERN))
{
if (keydata)
@ -369,6 +377,11 @@ export_keys_start (gpgme_ctx_t ctx, int synchronous, gpgme_key_t keys[],
if (!keys)
return gpg_error (GPG_ERR_INV_VALUE);
if ((mode & GPGME_EXPORT_MODE_SECRET_SUBKEY))
{
return gpg_error (GPG_ERR_INV_FLAG);
}
/* Create a list of pattern from the keys. */
for (idx=nkeys=0; keys[idx]; idx++)
if (keys[idx]->protocol == ctx->protocol)

2
src/gpgme-tool.c
View File

@ -2688,6 +2688,8 @@ cmd_export (assuan_context_t ctx, char *line)
mode |= GPGME_EXPORT_MODE_MINIMAL;
if (has_option (line, "--secret"))
mode |= GPGME_EXPORT_MODE_SECRET;
if (has_option (line, "--secret-subkey"))
mode |= GPGME_EXPORT_MODE_SECRET_SUBKEY;
if (has_option (line, "--raw"))
mode |= GPGME_EXPORT_MODE_RAW;
if (has_option (line, "--pkcs12"))

1
src/gpgme.h.in
View File

@ -407,6 +407,7 @@ gpgme_pinentry_mode_t;
#define GPGME_EXPORT_MODE_RAW 32
#define GPGME_EXPORT_MODE_PKCS12 64
#define GPGME_EXPORT_MODE_SSH 256
#define GPGME_EXPORT_MODE_SECRET_SUBKEY 512
typedef unsigned int gpgme_export_mode_t;

15
tests/run-export.c
View File

@ -128,6 +128,11 @@ main (int argc, char **argv)
mode |= GPGME_EXPORT_MODE_SECRET;
argc--; argv++;
}
else if (!strcmp (*argv, "--secret-subkey"))
{
mode |= GPGME_EXPORT_MODE_SECRET_SUBKEY;
argc--; argv++;
}
else if (!strcmp (*argv, "--raw"))
{
mode |= GPGME_EXPORT_MODE_RAW;
@ -165,6 +170,16 @@ main (int argc, char **argv)
mode = GPGME_EXPORT_MODE_SSH; /* Set only this bit for this test. */
keyarray[0] = NULL;
err = gpgme_op_export_ext (ctx, (const char**)argv, mode, out);
fail_if_err (err);
}
else if ((mode & GPGME_EXPORT_MODE_SECRET_SUBKEY))
{
keyarray[0] = NULL;
printf ("exporting secret subkeys!\n");
gpgme_set_armor (ctx, 1);
err = gpgme_op_export_ext (ctx, (const char**)argv, mode, out);
fail_if_err (err);
}