diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2016-06-10 20:15:36 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-06-11 09:18:58 +0000 |
| commit | c41c46fa84cabbed74a13ded51fc3a817a919367 (patch) | |
| tree | 1deafa79a85c35b7cb09253f4a208d04193d21e9 | |
| parent | g10: Allow receiving cleartext secret keys from agent (diff) | |
| download | gnupg-c41c46fa84cabbed74a13ded51fc3a817a919367.tar.gz gnupg-c41c46fa84cabbed74a13ded51fc3a817a919367.zip | |
g10: Export cleartext keys as cleartext
* g10/export.c (do_export_stream): If a key is stored by the agent in
cleartext, then try to export it as cleartext.
* tests/openpgp/export.test: For secret keys that are stored in
cleartext, test should try to export without pinentry interaction.
--
This restores the behavior of GnuPG 2.0 and 1.4 when exporting
passphraseless secret keys, and fixes the test suite accordingly.
GnuPG-bug-id: 2070, 2324
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | g10/export.c | 5 | ||||
| -rwxr-xr-x | tests/openpgp/export.test | 28 |
2 files changed, 7 insertions, 26 deletions
diff --git a/g10/export.c b/g10/export.c index 25a331905..870cb458e 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1141,6 +1141,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, gcry_cipher_hd_t cipherhd = NULL; char *cache_nonce = NULL; struct export_stats_s dummystats; + int cleartext = 0; if (!stats) stats = &dummystats; @@ -1445,7 +1446,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, serialno = NULL; } else - err = agent_get_keyinfo (ctrl, hexgrip, &serialno, NULL); + err = agent_get_keyinfo (ctrl, hexgrip, &serialno, &cleartext); if ((!err && serialno) && secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY) @@ -1494,7 +1495,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, else if (!err) { err = receive_seckey_from_agent (ctrl, cipherhd, - 0, &cache_nonce, + cleartext, &cache_nonce, hexgrip, pk); if (err) { diff --git a/tests/openpgp/export.test b/tests/openpgp/export.test index e0fe92643..977676022 100755 --- a/tests/openpgp/export.test +++ b/tests/openpgp/export.test @@ -61,8 +61,6 @@ assert_passphrases_consumed() rm -f -- $logfile } -# XXX: Currently, gpg does not allow one to export private keys -# without a passphrase (issue2070, issue2324). export PINENTRY_USER_DATA="--logfile=$logfile --passphrasefile=$ppfile" info "Checking key export." @@ -78,23 +76,13 @@ do check_armored_public_key $KEY.public rm $KEY.public + # test without --armor: + if [ $KEY = D74C5F22 ]; then # Key D74C5F22 is protected by a passphrase. Prepare this # one. Currently, GnuPG does not ask for an export passphrase # in this case. prepare_passphrase "$usrpass1" - else - # We use a weak passphrase which we'll have to confirm. - prepare_passphrase "export passphrase" - prepare_passphrase_confirm - prepare_passphrase "export passphrase" - - # Key C40FDECF has a subkey. - if [ $KEY = C40FDECF ]; then - prepare_passphrase "export passphrase" - prepare_passphrase_confirm - prepare_passphrase "export passphrase" - fi fi $GPG --export-secret-keys $KEY >$KEY.private @@ -103,21 +91,13 @@ do assert_passphrases_consumed + # test with --armor: + if [ $KEY = D74C5F22 ]; then # Key D74C5F22 is protected by a passphrase. Prepare this # one. Currently, GnuPG does not ask for an export passphrase # in this case. prepare_passphrase "$usrpass1" - else - # We use a stronger passphrase here. - prepare_passphrase "strong export passphrase H0LHWCHPkNa36A" - prepare_passphrase "strong export passphrase H0LHWCHPkNa36A" - - # Key C40FDECF has a subkey. - if [ $KEY = C40FDECF ]; then - prepare_passphrase "strong export passphrase H0LHWCHPkNa36A" - prepare_passphrase "strong export passphrase H0LHWCHPkNa36A" - fi fi $GPG --armor --export-secret-keys $KEY >$KEY.private |