json: Remove subkey-algo from createkey command.
* src/gpgme-json.c (op_createkey): Remove subkey-algo param. (GPG_AGENT_ALLOWS_KEYGEN_TRHOUGH_BROWSER): Fix typo. * lang/js/src/Keyring.js: Remove subkey-algo support. * lang/js/src/permittedOperations.js: Ditto. -- We do not want to expose details of the protocol's key generation and thus the subkey-algo does not make sense. Right now we support only the default and future-default algorithms. A user can configure them anyway using new-default-key-algo in gpg.conf. Eventually we may officially support a more flexible way of creating special structured OpenPGP keys but right now that is not part of the API. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
7f14958606
commit
c569adb5e3
3
AUTHORS
3
AUTHORS
@ -25,7 +25,8 @@ List of Copyright holders
|
||||
Copyright (C) 2002 John Goerzen
|
||||
Copyright (C) 2014, 2015 Martin Albrecht
|
||||
Copyright (C) 2015, 2018 Ben McGinnes
|
||||
Copyright (C) 2015-2016 Bundesamt für Sicherheit in der Informationstechnik
|
||||
Copyright (C) 2015, 2016, 2018
|
||||
Bundesamt für Sicherheit in der Informationstechnik
|
||||
Copyright (C) 2016 Intevation GmbH
|
||||
|
||||
|
||||
|
@ -387,13 +387,11 @@ export class GPGME_Keyring {
|
||||
* values. If ommitted, 'default' is used.
|
||||
* @param {Number} option.expires (optional) Expiration time in seconds
|
||||
* from now. If not set or set to 0, expiration will be 'never'
|
||||
* @param {String} options.subkey_algo (optional) algorithm of the
|
||||
* encryption subkey. If ommited the same as algo is used.
|
||||
*
|
||||
* @return {Promise<Key|GPGME_Error>}
|
||||
* @async
|
||||
*/
|
||||
generateKey ({ userId, algo = 'default', expires= 0, subkey_algo } = {}){
|
||||
generateKey ({ userId, algo = 'default', expires= 0 } = {}){
|
||||
if (typeof userId !== 'string'
|
||||
// eslint-disable-next-line no-use-before-define
|
||||
|| (algo && supportedKeyAlgos.indexOf(algo) < 0 )
|
||||
@ -402,17 +400,11 @@ export class GPGME_Keyring {
|
||||
return Promise.reject(gpgme_error('PARAM_WRONG'));
|
||||
}
|
||||
// eslint-disable-next-line no-use-before-define
|
||||
if (subkey_algo && supportedKeyAlgos.indexOf(subkey_algo) < 0){
|
||||
return Promise.reject(gpgme_error('PARAM_WRONG'));
|
||||
}
|
||||
let me = this;
|
||||
return new Promise(function (resolve, reject){
|
||||
let msg = createMessage('createkey');
|
||||
msg.setParameter('userid', userId);
|
||||
msg.setParameter('algo', algo);
|
||||
if (subkey_algo) {
|
||||
msg.setParameter('subkey-algo',subkey_algo );
|
||||
}
|
||||
msg.setParameter('expires', expires);
|
||||
msg.post().then(function (response){
|
||||
me.getKeys({
|
||||
|
@ -348,9 +348,6 @@ export const permittedOperations = {
|
||||
algo: {
|
||||
allowed: ['string']
|
||||
},
|
||||
'subkey-algo': {
|
||||
allowed: ['string']
|
||||
},
|
||||
expires: {
|
||||
allowed: ['number'],
|
||||
}
|
||||
|
@ -2974,14 +2974,9 @@ static const char hlp_createkey[] =
|
||||
"\n"
|
||||
"Optional parameters:\n"
|
||||
"algo: Algo of the key as string. See doc for gpg --quick-gen-key.\n"
|
||||
"subkey-algo: Algo of the encryption subkey. If ommited the same as algo\n"
|
||||
" is used.\n"
|
||||
" Except for dsa and ed25519 where the according\n"
|
||||
" elg / cv25519 algo will be used as subkey-algo.\n"
|
||||
"\n"
|
||||
" If algo is omitted or default or future-default subkey-algo\n"
|
||||
" is ignored.\n"
|
||||
" Supported values are \"default\" and \"future-default\".\n"
|
||||
"expires: Seconds from now to expiry as Number. 0 means no expiry.\n"
|
||||
" The default is to use a standard expiration interval.\n"
|
||||
"\n"
|
||||
"Response on success:\n"
|
||||
"fingerprint: The fingerprint of the created key.\n"
|
||||
@ -3000,9 +2995,8 @@ op_createkey (cjson_t request, cjson_t result)
|
||||
const char *algo = "default";
|
||||
const char *userid;
|
||||
gpgme_genkey_result_t res;
|
||||
char *new_fpr = NULL;
|
||||
|
||||
#ifdef GPG_AGENT_ALLOWS_KEYGEN_TRHOUGH_BROWSER
|
||||
#ifdef GPG_AGENT_ALLOWS_KEYGEN_THROUGH_BROWSER
|
||||
/* GnuPG forbids keygen through the browser socket so for
|
||||
this we create an unrestricted context.
|
||||
See GnuPG-Bug-Id: T4010 for more info */
|
||||
@ -3054,79 +3048,10 @@ op_createkey (cjson_t request, cjson_t result)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
/* Dup the fpr as the result might become invalid after context reuse. */
|
||||
new_fpr = xstrdup (res->fpr);
|
||||
|
||||
if (algo && strcmp ("default", algo) && strcmp ("future-default", algo))
|
||||
{
|
||||
/* We need to add the encryption subkey manually */
|
||||
gpgme_ctx_t keylistctx = create_onetime_context (GPGME_PROTOCOL_OpenPGP);
|
||||
gpgme_key_t new_key = NULL;
|
||||
char *subkey_algo = NULL;
|
||||
|
||||
j_tmp = cJSON_GetObjectItem (request, "subkey_algo");
|
||||
if (j_tmp && cjson_is_string (j_tmp))
|
||||
{
|
||||
subkey_algo = xstrdup (j_tmp->valuestring);
|
||||
}
|
||||
|
||||
if (!subkey_algo)
|
||||
{
|
||||
subkey_algo = strdup (algo);
|
||||
if (!strncmp ("dsa", subkey_algo, 3))
|
||||
{
|
||||
subkey_algo[0] = 'e';
|
||||
subkey_algo[1] = 'l';
|
||||
subkey_algo[2] = 'g';
|
||||
}
|
||||
if (!strcmp ("ed25519", subkey_algo))
|
||||
{
|
||||
strcpy (subkey_algo, "cv25519");
|
||||
}
|
||||
}
|
||||
|
||||
err = gpgme_get_key (keylistctx, new_fpr, &new_key, 1);
|
||||
release_onetime_context (keylistctx);
|
||||
if (err || !new_key)
|
||||
{
|
||||
gpg_error_object (result, err, "Error finding created key: %s",
|
||||
gpg_strerror (err));
|
||||
xfree (subkey_algo);
|
||||
goto leave;
|
||||
}
|
||||
|
||||
err = gpgme_op_createsubkey (ctx, new_key, subkey_algo,
|
||||
0, expires, flags |= GPGME_CREATE_ENCR);
|
||||
xfree (subkey_algo);
|
||||
if (err)
|
||||
{
|
||||
/* This can happen for example if the user cancels the
|
||||
* pinentry to unlock the primary key when adding the
|
||||
* subkey. To avoid an artifact of a pimary key without
|
||||
* an encryption capable subkey we delete the created
|
||||
* key and treat the whole operation as failed. */
|
||||
gpgme_error_t err2;
|
||||
gpg_error_object (result, err, "Error creating subkey: %s",
|
||||
gpg_strerror (err));
|
||||
log_info ("Deleting primary key after keygen failure.\n");
|
||||
err2 = gpgme_op_delete_ext (ctx, new_key, GPGME_DELETE_FORCE |
|
||||
GPGME_DELETE_ALLOW_SECRET);
|
||||
if (err2)
|
||||
{
|
||||
log_error ("Error deleting primary key: %s",
|
||||
gpg_strerror (err));
|
||||
}
|
||||
gpgme_key_unref (new_key);
|
||||
goto leave;
|
||||
}
|
||||
gpgme_key_unref (new_key);
|
||||
}
|
||||
|
||||
xjson_AddStringToObject0 (result, "fingerprint", new_fpr);
|
||||
xjson_AddStringToObject0 (result, "fingerprint", res->fpr);
|
||||
|
||||
leave:
|
||||
xfree (new_fpr);
|
||||
#ifdef GPG_AGENT_ALLOWS_KEYGEN_TRHOUGH_BROWSER
|
||||
#ifdef GPG_AGENT_ALLOWS_KEYGEN_THROUGH_BROWSER
|
||||
release_context (ctx);
|
||||
#else
|
||||
gpgme_release (ctx);
|
||||
|
Loading…
Reference in New Issue
Block a user