gpg: New command --quick-add-adsk

* g10/gpg.c (enum cmd_and_opt_values): Add aQuickAddADSK.
(opts): Add --quick-add-adsk.
(main): Call the actual function.
* g10/keyedit.c (keyedit_quick_addadsk): New.
(menu_addadsk): Add arg adskfpr and change caller.
--

GnuPG-bug-id: 6395
(cherry picked from commit 9f27e448bf1f825906f3c53e3428087d34bbd8fc)

4 files changed, 89 insertions, 1 deletions

diff --git a/doc/gpg.texi b/doc/gpg.texi
index c3b17fd51..572dbbbee 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -765,6 +765,15 @@ specifying a value, or using ``-'' results in a key expiring in a
 reasonable default interval.  The values ``never'', ``none'' can be
 used for no expiration date.
 
+@item --quick-add-adsk @var{fpr} @var{adskfpr}
+@opindex quick-add-adsk
+Directly add an Additional Decryption Subkey to the key identified by
+the fingerprint @var{fpr}.  @var{adskfpr} is the fingerprint of
+another key's encryption subkey.  A subkey is commonly used here
+because by default a primary key has no encryption capability.  Use
+the option @option{--with-subkey-fingerprint} with a list command to
+display the subkey fingerprints.
+
 @item --generate-key
 @opindex generate-key
 @itemx --gen-key
diff --git a/g10/gpg.c b/g10/gpg.c
index 0264d8bc3..16b54b0f6 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -128,6 +128,7 @@ enum cmd_and_opt_values
     aQuickRevSig,
     aQuickAddUid,
     aQuickAddKey,
+    aQuickAddADSK,
     aQuickRevUid,
     aQuickSetExpire,
     aQuickSetPrimaryUid,
@@ -481,6 +482,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_c (aQuickAddUid,  "quick-adduid", "@"),
   ARGPARSE_c (aQuickAddKey,  "quick-add-key", "@"),
   ARGPARSE_c (aQuickAddKey,  "quick-addkey", "@"),
+  ARGPARSE_c (aQuickAddADSK, "quick-add-adsk", "@"),
   ARGPARSE_c (aQuickRevUid,  "quick-revoke-uid",
               N_("quickly revoke a user-id")),
   ARGPARSE_c (aQuickRevUid,  "quick-revuid", "@"),
@@ -2641,6 +2643,7 @@ main (int argc, char **argv)
 	  case aQuickKeygen:
 	  case aQuickAddUid:
 	  case aQuickAddKey:
+	  case aQuickAddADSK:
 	  case aQuickRevUid:
 	  case aQuickSetExpire:
 	  case aQuickSetPrimaryUid:
@@ -4224,6 +4227,7 @@ main (int argc, char **argv)
       case aQuickKeygen:
       case aQuickAddUid:
       case aQuickAddKey:
+      case aQuickAddADSK:
       case aQuickRevUid:
       case aQuickSetPrimaryUid:
       case aQuickUpdatePref:
@@ -4691,6 +4695,17 @@ main (int argc, char **argv)
         }
 	break;
 
+      case aQuickAddADSK:
+        {
+          if (argc != 2)
+            wrong_args ("--quick-add-adsk FINGERPRINT ADSK-FINGERPRINT");
+          if (mopt.forbid_gen_key)
+            gen_key_forbidden ();
+          else
+            keyedit_quick_addadsk (ctrl, argv[0], argv[1]);
+        }
+	break;
+
       case aQuickRevUid:
         {
           const char *uid, *uidtorev;
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 2b0e378ba..7a575b44b 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -1306,7 +1306,7 @@ static struct
   { "addrevoker", cmdADDREVOKER,  KEYEDIT_NEED_SK,
     N_("add a revocation key")},
   { "addadsk", cmdADDADSK,  KEYEDIT_NEED_SK,
-    N_("add additional decryption subkeys")},
+    N_("add an additional decryption subkey")},
   { "delsig", cmdDELSIG, 0,
     N_("delete signatures from the selected user IDs")},
   { "expire", cmdEXPIRE,  KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK,
@@ -3214,6 +3214,69 @@ keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr,
 }
 
 
+/* Unattended ADSK setup function.
+ *
+ * FPR is the fingerprint of our key.  ADSKFPR is the fingerprint of
+ * another subkey which we want to add as ADSK to our key.
+ */
+void
+keyedit_quick_addadsk (ctrl_t ctrl, const char *fpr, const char *adskfpr)
+{
+  gpg_error_t err;
+  kbnode_t keyblock;
+  KEYDB_HANDLE kdbhd;
+  int modified = 0;
+  PKT_public_key *pk;
+
+#ifdef HAVE_W32_SYSTEM
+  /* See keyedit_menu for why we need this.  */
+  check_trustdb_stale (ctrl);
+#endif
+
+  /* We require a fingerprint because only this uniquely identifies a
+   * key and may thus be used to select a key for unattended adsk
+   * adding. */
+  if (find_by_primary_fpr (ctrl, fpr, &keyblock, &kdbhd))
+    goto leave;
+
+  if (fix_keyblock (ctrl, &keyblock))
+    modified++;
+
+  pk = keyblock->pkt->pkt.public_key;
+  if (pk->flags.revoked)
+    {
+      if (!opt.verbose)
+        show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1);
+      log_error ("%s%s", _("Key is revoked."), "\n");
+      goto leave;
+    }
+
+  /* Locate and add the ADSK.  Note that the called function already
+   * prints error messages. */
+  if (menu_addadsk (ctrl, keyblock, adskfpr))
+    modified = 1;
+  else
+    log_inc_errorcount ();  /* (We use log_info in menu_adsk) */
+
+  es_fflush (es_stdout);
+
+  /* Store.  */
+  if (modified)
+    {
+      err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
+      if (err)
+        {
+          log_error (_("update failed: %s\n"), gpg_strerror (err));
+          goto leave;
+        }
+    }
+
+ leave:
+  release_kbnode (keyblock);
+  keydb_release (kdbhd);
+}
+
+
 /* Unattended expiration setting function for the main key.  If
  * SUBKEYFPRS is not NULL and SUBKEYSFPRS[0] is neither NULL, it is
  * expected to be an array of fingerprints for subkeys to change. It
diff --git a/g10/keyedit.h b/g10/keyedit.h
index 706afb1b1..7cbbe45b6 100644
--- a/g10/keyedit.h
+++ b/g10/keyedit.h
@@ -43,6 +43,7 @@ void keyedit_quick_adduid (ctrl_t ctrl, const char *username,
                            const char *newuid);
 void keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr,
                            const char *usagestr, const char *expirestr);
+void keyedit_quick_addadsk (ctrl_t ctrl, const char *fpr, const char *adskfpr);
 void keyedit_quick_revuid (ctrl_t ctrl, const char *username,
                            const char *uidtorev);
 void keyedit_quick_sign (ctrl_t ctrl, const char *fpr,