diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2016-06-10 20:15:34 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-06-11 09:14:00 +0000 |
| commit | 7de74320767d15d915942a98ff47c00175a078ed (patch) | |
| tree | 788ecee37255ac2eb8c0628815d6aa0e8c0965d6 /g10/call-agent.c | |
| parent | g10: report whether key in agent is passphrase-protected or not (diff) | |
| download | gnupg-7de74320767d15d915942a98ff47c00175a078ed.tar.gz gnupg-7de74320767d15d915942a98ff47c00175a078ed.zip | |
g10: Add openpgp_protected flag to agent secret key export functions
* g10/call-agent.c, g10/call-agent.h (agent_export_key): Add
openpgp_protected flag.
* g10/export.c (receive_seckey_from_agent): Request openpgp_protected
secret keys from agent.
* agent/command.c (hlp_export_key): EXPORT_KEY help text: add a
brief description of the effect of --openpgp.
--
The --openpgp flag for gpg-agent's EXPORT_KEY actually forces
encryption in a certain (RFC 4880-compatible format). This changeset
exposes that functionality in internal functions, and clarifies
functionality in the agent's help text.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Diffstat (limited to 'g10/call-agent.c')
| -rw-r--r-- | g10/call-agent.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/g10/call-agent.c b/g10/call-agent.c index 470fa168c..06a2d8678 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -2315,13 +2315,15 @@ agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr, /* Receive a secret key from the agent. HEXKEYGRIP is the hexified keygrip, DESC a prompt to be displayed with the agent's passphrase - question (needs to be plus+percent escaped). If CACHE_NONCE_ADDR - is not NULL the agent is advised to first try a passphrase - associated with that nonce. On success the key is stored as a - canonical S-expression at R_RESULT and R_RESULTLEN. */ + question (needs to be plus+percent escaped). if OPENPGP_PROTECTED + is not zero, ensure that the key material is returned in RFC + 4880-compatible passphrased-protected form. If CACHE_NONCE_ADDR is + not NULL the agent is advised to first try a passphrase associated + with that nonce. On success the key is stored as a canonical + S-expression at R_RESULT and R_RESULTLEN. */ gpg_error_t agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc, - char **cache_nonce_addr, + int openpgp_protected, char **cache_nonce_addr, unsigned char **r_result, size_t *r_resultlen) { gpg_error_t err; @@ -2351,7 +2353,8 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc, return err; } - snprintf (line, DIM(line)-1, "EXPORT_KEY --openpgp %s%s %s", + snprintf (line, DIM(line)-1, "EXPORT_KEY %s%s%s %s", + openpgp_protected ? "--openpgp ":"", cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"", cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"", hexkeygrip); |