diff options
| author | Werner Koch <[email protected]> | 2005-01-27 11:48:33 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2005-01-27 11:48:33 +0000 |
| commit | d96f816f89fe7aed729ff77fc48af5722f10eabb (patch) | |
| tree | 19b398fcc2c5d2089174594d2850956a84f88844 /g10/keyedit.c | |
| parent | Updated to the version from 1.2.7. (diff) | |
| download | gnupg-d96f816f89fe7aed729ff77fc48af5722f10eabb.tar.gz gnupg-d96f816f89fe7aed729ff77fc48af5722f10eabb.zip | |
* keygen.c (generate_subkeypair): Detect primary key on-card and
ask for the passphrase. Return an error if the primary key is a
plain stub.
* keyedit.c (change_passphrase): Don't ever change any stub key.
Print a note if a key consists of only stub keys. Reported by
Dany Nativel. These are bugs #401 and #402.
Diffstat (limited to 'g10/keyedit.c')
| -rw-r--r-- | g10/keyedit.c | 51 |
1 files changed, 42 insertions, 9 deletions
diff --git a/g10/keyedit.c b/g10/keyedit.c index 39a5a6529..84fc6d4cc 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1069,6 +1069,7 @@ change_passphrase( KBNODE keyblock ) PKT_secret_key *sk; char *passphrase = NULL; int no_primary_secrets = 0; + int any; node = find_kbnode( keyblock, PKT_SECRET_KEY ); if( !node ) { @@ -1077,6 +1078,25 @@ change_passphrase( KBNODE keyblock ) } sk = node->pkt->pkt.secret_key; + for (any = 0, node=keyblock; node; node = node->next) { + if (node->pkt->pkttype == PKT_SECRET_KEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY) { + PKT_secret_key *tmpsk = node->pkt->pkt.secret_key; + if (!(tmpsk->is_protected + && (tmpsk->protect.s2k.mode == 1001 + || tmpsk->protect.s2k.mode == 1002))) { + any = 1; + break; + } + } + } + if (!any) { + tty_printf (_("Key has only stub or on-card key items - " + "no passphrase to change.\n")); + goto leave; + } + + /* See how to handle this key. */ switch( is_secret_key_protected( sk ) ) { case -1: rc = G10ERR_PUBKEY_ALGO; @@ -1089,6 +1109,10 @@ change_passphrase( KBNODE keyblock ) tty_printf(_("Secret parts of primary key are not available.\n")); no_primary_secrets = 1; } + else if( sk->protect.s2k.mode == 1002 ) { + tty_printf(_("Secret parts of primary key are store on-card.\n")); + no_primary_secrets = 1; + } else { tty_printf(_("Key is protected.\n")); rc = check_secret_key( sk, 0 ); @@ -1098,14 +1122,18 @@ change_passphrase( KBNODE keyblock ) break; } - /* unprotect all subkeys (use the supplied passphrase or ask)*/ + /* Unprotect all subkeys (use the supplied passphrase or ask)*/ for(node=keyblock; !rc && node; node = node->next ) { if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { PKT_secret_key *subsk = node->pkt->pkt.secret_key; - set_next_passphrase( passphrase ); - rc = check_secret_key( subsk, 0 ); - if( !rc && !passphrase ) - passphrase = get_last_passphrase(); + if ( !(subsk->is_protected + && (subsk->protect.s2k.mode == 1001 + || subsk->protect.s2k.mode == 1002))) { + set_next_passphrase( passphrase ); + rc = check_secret_key( subsk, 0 ); + if( !rc && !passphrase ) + passphrase = get_last_passphrase(); + } } } @@ -1149,13 +1177,18 @@ change_passphrase( KBNODE keyblock ) for(node=keyblock; !rc && node; node = node->next ) { if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { PKT_secret_key *subsk = node->pkt->pkt.secret_key; - subsk->protect.algo = dek->algo; - subsk->protect.s2k = *s2k; - rc = protect_secret_key( subsk, dek ); + if ( !(subsk->is_protected + && (subsk->protect.s2k.mode == 1001 + || subsk->protect.s2k.mode == 1002))) { + subsk->protect.algo = dek->algo; + subsk->protect.s2k = *s2k; + rc = protect_secret_key( subsk, dek ); + } } } if( rc ) - log_error("protect_secret_key failed: %s\n", g10_errstr(rc) ); + log_error("protect_secret_key failed: %s\n", + g10_errstr(rc) ); else changed++; break; |