core: Support usage of gpgtar for creating an encrypted signed archive
* src/engine-gpg.c (gpg_encrypt_sign): Set use_gpgtar engine flag if GPGME_ENCRYPT_ARCHIVE mode is set. Check for new enough gpg. Use add_gpg_arg_with_value for gpg-only options with a value and add_gpg_arg for gpg-only options without a value. Set extra options for gpgtar and pass input data to stdin when using gpgtar. * tests/run-encrypt.c (print_result): Rename to print_encrypt_result. Print header. (print_sign_result): New. (show_usage): New option --sign. (main): Parse new option. Sign and encrypt --sign is given. Print results of signing additionally to results of encryption. -- With this change the gpgme_op_encrypt_sign* functions get support for creating an encrypted and signed archive from files and/or directories passed as NUL-separated list in the "plain" data with gpgtar. GnuPG-bug-id: 6342
This commit is contained in:
parent
0ca45e48b4
commit
29cfcd316d
@ -2415,6 +2415,11 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
|
|||||||
engine_gpg_t gpg = engine;
|
engine_gpg_t gpg = engine;
|
||||||
gpgme_error_t err = 0;
|
gpgme_error_t err = 0;
|
||||||
|
|
||||||
|
gpg->flags.use_gpgtar = !!(flags & GPGME_ENCRYPT_ARCHIVE);
|
||||||
|
|
||||||
|
if (gpg->flags.use_gpgtar && !have_gpg_version (gpg, "2.3.5"))
|
||||||
|
return gpg_error (GPG_ERR_NOT_SUPPORTED);
|
||||||
|
|
||||||
if (recp || recpstring)
|
if (recp || recpstring)
|
||||||
err = add_arg (gpg, "--encrypt");
|
err = add_arg (gpg, "--encrypt");
|
||||||
|
|
||||||
@ -2424,30 +2429,30 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
|
|||||||
if (!err)
|
if (!err)
|
||||||
err = add_arg (gpg, "--sign");
|
err = add_arg (gpg, "--sign");
|
||||||
if (!err && use_armor)
|
if (!err && use_armor)
|
||||||
err = add_arg (gpg, "--armor");
|
err = add_gpg_arg (gpg, "--armor");
|
||||||
|
|
||||||
if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
|
if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
|
||||||
err = add_arg (gpg, "--compress-algo=none");
|
err = add_gpg_arg (gpg, "--compress-algo=none");
|
||||||
|
|
||||||
if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
|
if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
|
||||||
err = add_arg (gpg, "--throw-keyids");
|
err = add_gpg_arg (gpg, "--throw-keyids");
|
||||||
|
|
||||||
if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
|
if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
|
||||||
&& have_gpg_version (gpg, "2.1.14"))
|
&& have_gpg_version (gpg, "2.1.14"))
|
||||||
err = add_arg (gpg, "--mimemode");
|
err = add_gpg_arg (gpg, "--mimemode");
|
||||||
|
|
||||||
if (!err && gpg->flags.include_key_block)
|
if (!err && gpg->flags.include_key_block)
|
||||||
err = add_arg (gpg, "--include-key-block");
|
err = add_gpg_arg (gpg, "--include-key-block");
|
||||||
|
|
||||||
if (recp || recpstring)
|
if (recp || recpstring)
|
||||||
{
|
{
|
||||||
/* If we know that all recipients are valid (full or ultimate trust)
|
/* If we know that all recipients are valid (full or ultimate trust)
|
||||||
we can suppress further checks. */
|
we can suppress further checks. */
|
||||||
if (!err && (flags & GPGME_ENCRYPT_ALWAYS_TRUST))
|
if (!err && (flags & GPGME_ENCRYPT_ALWAYS_TRUST))
|
||||||
err = add_arg (gpg, "--always-trust");
|
err = add_gpg_arg (gpg, "--always-trust");
|
||||||
|
|
||||||
if (!err && (flags & GPGME_ENCRYPT_NO_ENCRYPT_TO))
|
if (!err && (flags & GPGME_ENCRYPT_NO_ENCRYPT_TO))
|
||||||
err = add_arg (gpg, "--no-encrypt-to");
|
err = add_gpg_arg (gpg, "--no-encrypt-to");
|
||||||
|
|
||||||
if (!err && !recp && recpstring)
|
if (!err && !recp && recpstring)
|
||||||
err = append_args_from_recipients_string (gpg, flags, recpstring);
|
err = append_args_from_recipients_string (gpg, flags, recpstring);
|
||||||
@ -2474,16 +2479,31 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
|
|||||||
if (gpgme_data_get_file_name (plain))
|
if (gpgme_data_get_file_name (plain))
|
||||||
{
|
{
|
||||||
if (!err)
|
if (!err)
|
||||||
err = add_arg (gpg, "--set-filename");
|
err = add_gpg_arg_with_value (gpg, "--set-filename=", gpgme_data_get_file_name (plain), 0);
|
||||||
if (!err)
|
|
||||||
err = add_arg (gpg, gpgme_data_get_file_name (plain));
|
|
||||||
}
|
}
|
||||||
|
if (gpg->flags.use_gpgtar)
|
||||||
|
{
|
||||||
|
if (!err)
|
||||||
|
err = add_arg (gpg, "--files-from");
|
||||||
|
if (!err)
|
||||||
|
err = add_arg (gpg, "-");
|
||||||
|
if (!err)
|
||||||
|
err = add_arg (gpg, "--null");
|
||||||
|
if (!err)
|
||||||
|
err = add_arg (gpg, "--utf8-strings");
|
||||||
|
/* Pass the filenames to gpgtar's stdin. */
|
||||||
|
if (!err)
|
||||||
|
err = add_data (gpg, plain, 0, 0);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
if (!err)
|
if (!err)
|
||||||
err = add_input_size_hint (gpg, plain);
|
err = add_input_size_hint (gpg, plain);
|
||||||
if (!err)
|
if (!err)
|
||||||
err = add_arg (gpg, "--");
|
err = add_arg (gpg, "--");
|
||||||
if (!err)
|
if (!err)
|
||||||
err = add_data (gpg, plain, -1, 0);
|
err = add_data (gpg, plain, -1, 0);
|
||||||
|
}
|
||||||
|
|
||||||
if (!err)
|
if (!err)
|
||||||
err = start (gpg);
|
err = start (gpg);
|
||||||
|
@ -77,10 +77,11 @@ progress_cb (void *opaque, const char *what, int type, int current, int total)
|
|||||||
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
print_result (gpgme_encrypt_result_t result)
|
print_encrypt_result (gpgme_encrypt_result_t result)
|
||||||
{
|
{
|
||||||
gpgme_invalid_key_t invkey;
|
gpgme_invalid_key_t invkey;
|
||||||
|
|
||||||
|
printf ("\nEncryption results\n");
|
||||||
for (invkey = result->invalid_recipients; invkey; invkey = invkey->next)
|
for (invkey = result->invalid_recipients; invkey; invkey = invkey->next)
|
||||||
printf ("Encryption key `%s' not used: %s <%s>\n",
|
printf ("Encryption key `%s' not used: %s <%s>\n",
|
||||||
nonnull (invkey->fpr),
|
nonnull (invkey->fpr),
|
||||||
@ -88,6 +89,30 @@ print_result (gpgme_encrypt_result_t result)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
print_sign_result (gpgme_sign_result_t result)
|
||||||
|
{
|
||||||
|
gpgme_invalid_key_t invkey;
|
||||||
|
gpgme_new_signature_t sig;
|
||||||
|
|
||||||
|
printf ("\nSigning results\n");
|
||||||
|
for (invkey = result->invalid_signers; invkey; invkey = invkey->next)
|
||||||
|
printf ("Signing key `%s' not used: %s <%s>\n",
|
||||||
|
nonnull (invkey->fpr),
|
||||||
|
gpg_strerror (invkey->reason), gpg_strsource (invkey->reason));
|
||||||
|
|
||||||
|
for (sig = result->signatures; sig; sig = sig->next)
|
||||||
|
{
|
||||||
|
printf ("Key fingerprint: %s\n", nonnull (sig->fpr));
|
||||||
|
printf ("Signature type : %d\n", sig->type);
|
||||||
|
printf ("Public key algo: %d\n", sig->pubkey_algo);
|
||||||
|
printf ("Hash algo .....: %d\n", sig->hash_algo);
|
||||||
|
printf ("Creation time .: %ld\n", sig->timestamp);
|
||||||
|
printf ("Sig class .....: 0x%u\n", sig->sig_class);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
show_usage (int ex)
|
show_usage (int ex)
|
||||||
@ -95,6 +120,7 @@ show_usage (int ex)
|
|||||||
fputs ("usage: " PGM " [options] FILE\n\n"
|
fputs ("usage: " PGM " [options] FILE\n\n"
|
||||||
"Options:\n"
|
"Options:\n"
|
||||||
" --verbose run in verbose mode\n"
|
" --verbose run in verbose mode\n"
|
||||||
|
" --sign sign data before encryption\n"
|
||||||
" --status print status lines from the backend\n"
|
" --status print status lines from the backend\n"
|
||||||
" --progress print progress info\n"
|
" --progress print progress info\n"
|
||||||
" --openpgp use the OpenPGP protocol (default)\n"
|
" --openpgp use the OpenPGP protocol (default)\n"
|
||||||
@ -122,7 +148,8 @@ main (int argc, char **argv)
|
|||||||
gpgme_ctx_t ctx;
|
gpgme_ctx_t ctx;
|
||||||
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
|
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
|
||||||
gpgme_data_t in, out;
|
gpgme_data_t in, out;
|
||||||
gpgme_encrypt_result_t result;
|
gpgme_encrypt_result_t encrypt_result;
|
||||||
|
gpgme_sign_result_t sign_result;
|
||||||
int print_status = 0;
|
int print_status = 0;
|
||||||
int print_progress = 0;
|
int print_progress = 0;
|
||||||
int use_loopback = 0;
|
int use_loopback = 0;
|
||||||
@ -135,6 +162,7 @@ main (int argc, char **argv)
|
|||||||
gpgme_off_t offset;
|
gpgme_off_t offset;
|
||||||
int no_symkey_cache = 0;
|
int no_symkey_cache = 0;
|
||||||
int diagnostics = 0;
|
int diagnostics = 0;
|
||||||
|
int sign = 0;
|
||||||
|
|
||||||
if (argc)
|
if (argc)
|
||||||
{ argc--; argv++; }
|
{ argc--; argv++; }
|
||||||
@ -157,6 +185,11 @@ main (int argc, char **argv)
|
|||||||
verbose = 1;
|
verbose = 1;
|
||||||
argc--; argv++;
|
argc--; argv++;
|
||||||
}
|
}
|
||||||
|
else if (!strcmp (*argv, "--sign"))
|
||||||
|
{
|
||||||
|
sign = 1;
|
||||||
|
argc--; argv++;
|
||||||
|
}
|
||||||
else if (!strcmp (*argv, "--status"))
|
else if (!strcmp (*argv, "--status"))
|
||||||
{
|
{
|
||||||
print_status = 1;
|
print_status = 1;
|
||||||
@ -336,9 +369,12 @@ main (int argc, char **argv)
|
|||||||
err = gpgme_data_new (&out);
|
err = gpgme_data_new (&out);
|
||||||
fail_if_err (err);
|
fail_if_err (err);
|
||||||
|
|
||||||
|
if (sign)
|
||||||
|
err = gpgme_op_encrypt_sign_ext (ctx, keycount ? keys : NULL, keystring,
|
||||||
|
flags, in, out);
|
||||||
|
else
|
||||||
err = gpgme_op_encrypt_ext (ctx, keycount ? keys : NULL, keystring,
|
err = gpgme_op_encrypt_ext (ctx, keycount ? keys : NULL, keystring,
|
||||||
flags, in, out);
|
flags, in, out);
|
||||||
result = gpgme_op_encrypt_result (ctx);
|
|
||||||
|
|
||||||
if (diagnostics)
|
if (diagnostics)
|
||||||
{
|
{
|
||||||
@ -361,8 +397,12 @@ main (int argc, char **argv)
|
|||||||
gpgme_data_release (diag);
|
gpgme_data_release (diag);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (result)
|
sign_result = gpgme_op_sign_result (ctx);
|
||||||
print_result (result);
|
if (sign_result)
|
||||||
|
print_sign_result (sign_result);
|
||||||
|
encrypt_result = gpgme_op_encrypt_result (ctx);
|
||||||
|
if (encrypt_result)
|
||||||
|
print_encrypt_result (encrypt_result);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
fprintf (stderr, PGM ": encrypting failed: %s\n", gpg_strerror (err));
|
fprintf (stderr, PGM ": encrypting failed: %s\n", gpg_strerror (err));
|
||||||
|
Loading…
Reference in New Issue
Block a user