diff options
| author | Werner Koch <[email protected]> | 2025-05-12 12:42:57 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-05-12 12:42:57 +0000 |
| commit | 905bd760a99a455af6717b66311fc2197dea1055 (patch) | |
| tree | d0044a74fa34dbfba6ef522cf27c03cca64bec67 | |
| parent | Change timestamp fields from signed to unsigned long. (diff) | |
| download | gpgme-905bd760a99a455af6717b66311fc2197dea1055.tar.gz gpgme-905bd760a99a455af6717b66311fc2197dea1055.zip | |
Add GPGME_CREATE_GROUP flag for gpgme_op_createkey and _createsubkey.
* src/gpgme.h.in (GPGME_CREATE_GROUP): New.
* src/engine-gpg.c (gpg_add_algo_usage_expire): Pass to engine.
* tests/run-genkey.c (parse_usage_string): Support here too.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | doc/gpgme.texi | 26 | ||||
| -rw-r--r-- | src/engine-gpg.c | 29 | ||||
| -rw-r--r-- | src/gpgme.h.in | 1 | ||||
| -rw-r--r-- | tests/run-genkey.c | 2 |
5 files changed, 58 insertions, 3 deletions
@@ -10,6 +10,8 @@ Noteworthy changes in version 2.0.0 (unreleased) * New decrypt flag to skip the actual decryption so that information about the recipients can be retrieved. + * New flag for key generate to mark a (sub)key as group owned. + * If the key passed to gpgme_signers_add was retrieved with an exact pattern (fingerprint with '!' suffix), the requested subkey is used for signing. This reflects the behaviour of gpg but is a minor @@ -37,6 +39,7 @@ Noteworthy changes in version 2.0.0 (unreleased) GPGME_RANDOM_MODE_ZBASE32 NEW. GPGME_DECRYPT_LISTONLY NEW. gpgme_subkey_t EXT: New field 'subkey_match'. + GPGME_CREATE_GROUP NEW. gpgme_attr_t REMOVED. gpgme_get_sig_ulong_attr REMOVED. gpgme_get_sig_string_attr REMOVED. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index ad120465..cdacd9e1 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -3645,6 +3645,10 @@ This is true if the subkey can be used for authentication. This is true if the subkey can be used for qualified signatures according to local government regulations. +@item unsigned int is_cardkey : 1 + +This is true if the secret key or subkey is stored on a smart card. + @item unsigned int is_de_vs : 1 @since{1.8.0} @@ -3653,6 +3657,23 @@ information in Germany at the restricted level (VS-NfD). This are currently RSA keys of at least 3072 bits or ECDH/ECDSA keys using a Brainpool curve. +@item unsigned int can_renc : 1; +@since {1.20.0} + +This is true if the key can be used for restricted encryption (ADSK). + +@item unsigned int can_timestamp : 1; +@since {1.20.0} + +This is true if the key can be used for timestamping. + +@item unsigned int is_group_owned : 1; +@since {1.20.0} + +This is true if the private key or subkey is possessed by more than +one person. Such a key is often called a ``team key''. + + @item unsigned int beta_compliance : 1; @since{1.24.0} The compliance flags (e.g. is_de_vs) are set but the software has not @@ -4479,6 +4500,11 @@ the hexified fingerprint of the ADSK to be added; this must be a subkey. If the string "default" is used for @var{algo} the engine will add all ADSK as it would do for new keys. +@item GPGME_CREATE_GROUP +@since{2.0.0} + +Set the ``group owned'' flag for the new generated key or subkey. + @end table After the operation completed successfully, information about the diff --git a/src/engine-gpg.c b/src/engine-gpg.c index eeb09c7b..e41fb69a 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -458,6 +458,27 @@ have_option_proc_all_sigs (engine_gpg_t gpg) static int +have_option_gen_group_key (engine_gpg_t gpg) +{ + static unsigned int flag; + + if (flag) + ; + else if (have_gpg_version (gpg, "2.5.7")) + flag = 1|2; + else if (have_gpg_version (gpg, "2.4.8") && !have_gpg_version (gpg, "2.5.0")) + flag = 1|2; + else if (have_gpg_version (gpg, "2.2.48") && !have_gpg_version (gpg, "2.3.0")) + flag = 1|2; + else + flag = 1; + + return !!(flag & 2); +} + + + +static int have_cmd_modify_recipients (engine_gpg_t gpg) { static unsigned int flag; @@ -2873,12 +2894,14 @@ gpg_add_algo_usage_expire (engine_gpg_t gpg, err = add_arg (gpg, algo? algo : "default"); if (!err) { - char tmpbuf[5*4+1]; - snprintf (tmpbuf, sizeof tmpbuf, "%s%s%s%s", + char tmpbuf[6*5+1]; + snprintf (tmpbuf, sizeof tmpbuf, "%s%s%s%s%s", (flags & GPGME_CREATE_SIGN)? " sign":"", (flags & GPGME_CREATE_ENCR)? " encr":"", (flags & GPGME_CREATE_CERT)? " cert":"", - (flags & GPGME_CREATE_AUTH)? " auth":""); + (flags & GPGME_CREATE_AUTH)? " auth":"", + ((flags & GPGME_CREATE_GROUP) + && have_option_gen_group_key (gpg))? " group":""); err = add_arg (gpg, *tmpbuf? tmpbuf : "default"); } if (!err) diff --git a/src/gpgme.h.in b/src/gpgme.h.in index d870b4eb..7f7b5a50 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1883,6 +1883,7 @@ gpgme_error_t gpgme_op_export_keys (gpgme_ctx_t ctx, #define GPGME_CREATE_FORCE (1 << 12) /* Force creation. */ #define GPGME_CREATE_NOEXPIRE (1 << 13) /* Create w/o expiration. */ #define GPGME_CREATE_ADSK (1 << 14) /* Add an ADSK */ +#define GPGME_CREATE_GROUP (1 << 15) /* Flag as group key. */ /* An object to return result from a key generation. diff --git a/tests/run-genkey.c b/tests/run-genkey.c index 56404dd3..3f3fb16c 100644 --- a/tests/run-genkey.c +++ b/tests/run-genkey.c @@ -190,6 +190,8 @@ parse_usage_string (const char *string) flags |= GPGME_CREATE_CERT; else if (!strcmp (s, "auth")) flags |= GPGME_CREATE_AUTH; + else if (!strcmp (s, "group")) + flags |= GPGME_CREATE_GROUP; else { free (tokens); |