json: Remove subkey-algo from createkey command.

* src/gpgme-json.c (op_createkey): Remove subkey-algo param.
(GPG_AGENT_ALLOWS_KEYGEN_TRHOUGH_BROWSER): Fix typo.
* lang/js/src/Keyring.js: Remove subkey-algo support.
* lang/js/src/permittedOperations.js: Ditto.
--

We do not want to expose details of the protocol's key generation and
thus the subkey-algo does not make sense.  Right now we support only
the default and future-default algorithms.  A user can configure them
anyway using new-default-key-algo in gpg.conf.  Eventually we may
officially support a more flexible way of creating special structured
OpenPGP keys but right now that is not part of the API.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-09-19 11:51:31 +02:00
parent 7f14958606
commit c569adb5e3
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 10 additions and 95 deletions

View File

@ -25,7 +25,8 @@ List of Copyright holders
Copyright (C) 2002 John Goerzen
Copyright (C) 2014, 2015 Martin Albrecht
Copyright (C) 2015, 2018 Ben McGinnes
Copyright (C) 2015-2016 Bundesamt für Sicherheit in der Informationstechnik
Copyright (C) 2015, 2016, 2018
Bundesamt für Sicherheit in der Informationstechnik
Copyright (C) 2016 Intevation GmbH

View File

@ -387,13 +387,11 @@ export class GPGME_Keyring {
* values. If ommitted, 'default' is used.
* @param {Number} option.expires (optional) Expiration time in seconds
* from now. If not set or set to 0, expiration will be 'never'
* @param {String} options.subkey_algo (optional) algorithm of the
* encryption subkey. If ommited the same as algo is used.
*
* @return {Promise<Key|GPGME_Error>}
* @async
*/
generateKey ({ userId, algo = 'default', expires= 0, subkey_algo } = {}){
generateKey ({ userId, algo = 'default', expires= 0 } = {}){
if (typeof userId !== 'string'
// eslint-disable-next-line no-use-before-define
|| (algo && supportedKeyAlgos.indexOf(algo) < 0 )
@ -402,17 +400,11 @@ export class GPGME_Keyring {
return Promise.reject(gpgme_error('PARAM_WRONG'));
}
// eslint-disable-next-line no-use-before-define
if (subkey_algo && supportedKeyAlgos.indexOf(subkey_algo) < 0){
return Promise.reject(gpgme_error('PARAM_WRONG'));
}
let me = this;
return new Promise(function (resolve, reject){
let msg = createMessage('createkey');
msg.setParameter('userid', userId);
msg.setParameter('algo', algo);
if (subkey_algo) {
msg.setParameter('subkey-algo',subkey_algo );
}
msg.setParameter('expires', expires);
msg.post().then(function (response){
me.getKeys({

View File

@ -348,9 +348,6 @@ export const permittedOperations = {
algo: {
allowed: ['string']
},
'subkey-algo': {
allowed: ['string']
},
expires: {
allowed: ['number'],
}

View File

@ -2974,14 +2974,9 @@ static const char hlp_createkey[] =
"\n"
"Optional parameters:\n"
"algo: Algo of the key as string. See doc for gpg --quick-gen-key.\n"
"subkey-algo: Algo of the encryption subkey. If ommited the same as algo\n"
" is used.\n"
" Except for dsa and ed25519 where the according\n"
" elg / cv25519 algo will be used as subkey-algo.\n"
"\n"
" If algo is omitted or default or future-default subkey-algo\n"
" is ignored.\n"
" Supported values are \"default\" and \"future-default\".\n"
"expires: Seconds from now to expiry as Number. 0 means no expiry.\n"
" The default is to use a standard expiration interval.\n"
"\n"
"Response on success:\n"
"fingerprint: The fingerprint of the created key.\n"
@ -3000,9 +2995,8 @@ op_createkey (cjson_t request, cjson_t result)
const char *algo = "default";
const char *userid;
gpgme_genkey_result_t res;
char *new_fpr = NULL;
#ifdef GPG_AGENT_ALLOWS_KEYGEN_TRHOUGH_BROWSER
#ifdef GPG_AGENT_ALLOWS_KEYGEN_THROUGH_BROWSER
/* GnuPG forbids keygen through the browser socket so for
this we create an unrestricted context.
See GnuPG-Bug-Id: T4010 for more info */
@ -3054,79 +3048,10 @@ op_createkey (cjson_t request, cjson_t result)
goto leave;
}
/* Dup the fpr as the result might become invalid after context reuse. */
new_fpr = xstrdup (res->fpr);
if (algo && strcmp ("default", algo) && strcmp ("future-default", algo))
{
/* We need to add the encryption subkey manually */
gpgme_ctx_t keylistctx = create_onetime_context (GPGME_PROTOCOL_OpenPGP);
gpgme_key_t new_key = NULL;
char *subkey_algo = NULL;
j_tmp = cJSON_GetObjectItem (request, "subkey_algo");
if (j_tmp && cjson_is_string (j_tmp))
{
subkey_algo = xstrdup (j_tmp->valuestring);
}
if (!subkey_algo)
{
subkey_algo = strdup (algo);
if (!strncmp ("dsa", subkey_algo, 3))
{
subkey_algo[0] = 'e';
subkey_algo[1] = 'l';
subkey_algo[2] = 'g';
}
if (!strcmp ("ed25519", subkey_algo))
{
strcpy (subkey_algo, "cv25519");
}
}
err = gpgme_get_key (keylistctx, new_fpr, &new_key, 1);
release_onetime_context (keylistctx);
if (err || !new_key)
{
gpg_error_object (result, err, "Error finding created key: %s",
gpg_strerror (err));
xfree (subkey_algo);
goto leave;
}
err = gpgme_op_createsubkey (ctx, new_key, subkey_algo,
0, expires, flags |= GPGME_CREATE_ENCR);
xfree (subkey_algo);
if (err)
{
/* This can happen for example if the user cancels the
* pinentry to unlock the primary key when adding the
* subkey. To avoid an artifact of a pimary key without
* an encryption capable subkey we delete the created
* key and treat the whole operation as failed. */
gpgme_error_t err2;
gpg_error_object (result, err, "Error creating subkey: %s",
gpg_strerror (err));
log_info ("Deleting primary key after keygen failure.\n");
err2 = gpgme_op_delete_ext (ctx, new_key, GPGME_DELETE_FORCE |
GPGME_DELETE_ALLOW_SECRET);
if (err2)
{
log_error ("Error deleting primary key: %s",
gpg_strerror (err));
}
gpgme_key_unref (new_key);
goto leave;
}
gpgme_key_unref (new_key);
}
xjson_AddStringToObject0 (result, "fingerprint", new_fpr);
xjson_AddStringToObject0 (result, "fingerprint", res->fpr);
leave:
xfree (new_fpr);
#ifdef GPG_AGENT_ALLOWS_KEYGEN_TRHOUGH_BROWSER
#ifdef GPG_AGENT_ALLOWS_KEYGEN_THROUGH_BROWSER
release_context (ctx);
#else
gpgme_release (ctx);