diff options
| author | Werner Koch <[email protected]> | 2016-06-20 21:58:16 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-06-20 21:59:18 +0000 |
| commit | 955baf04364721457cd99aad21942523cd50498c (patch) | |
| tree | 1d1746bde9fd38230261943f1c870eea9dc58dbd /g10/mainproc.c | |
| parent | gpg: New option --rfc4880bis. (diff) | |
| download | gnupg-955baf04364721457cd99aad21942523cd50498c.tar.gz gnupg-955baf04364721457cd99aad21942523cd50498c.zip | |
gpg: Add experimental support for an issuer fpr.
* common/openpgpdefs.h (SIGSUBPKT_ISSUER_FPR): New.
* g10/build-packet.c (build_sig_subpkt_from_sig): Add arg PKSK and
insert the issuer fpr if needed.
* g10/sign.c (write_signature_packets): Pass signing key.
(make_keysig_packet): Ditto.
(update_keysig_packet): Ditto.
* g10/parse-packet.c (dump_sig_subpkt): Print issuer fpr.
(parse_one_sig_subpkt): Detect issuer fpr.
(can_handle_critical): Add issuer fpr.
* g10/mainproc.c (check_sig_and_print): Try to get key via fingerprint.
* g10/gpgv.c (keyserver_import_fprint): New stub.
* g10/test-stubs.c (keyserver_import_fprint): New stub.
--
This support is enabled with the --rfc4880bis option and intended to
test to recently proposed issuer fpr.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/mainproc.c')
| -rw-r--r-- | g10/mainproc.c | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/g10/mainproc.c b/g10/mainproc.c index 453d1b07b..bd738abaa 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1805,19 +1805,26 @@ check_sig_and_print (CTX c, kbnode_t node) * favor this over the WKD method (to be tried next), because an * arbitrary keyserver is less subject to web bug like * monitoring. */ - /* if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY */ - /* && signature_hash_full_fingerprint (sig) */ - /* && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE) */ - /* && keyserver_any_configured (c->ctrl)) */ - /* { */ - /* int res; */ - - /* glo_ctrl.in_auto_key_retrieve++; */ - /* res = keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver ); */ - /* glo_ctrl.in_auto_key_retrieve--; */ - /* if (!res) */ - /* rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); */ - /* } */ + if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY + && opt.flags.rfc4880bis + && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE) + && keyserver_any_configured (c->ctrl)) + { + int res; + const byte *p; + size_t n; + + p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n); + if (p && n == 21 && p[0] == 4) + { + /* v4 packet with a SHA-1 fingerprint. */ + glo_ctrl.in_auto_key_retrieve++; + res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver); + glo_ctrl.in_auto_key_retrieve--; + if (!res) + rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); + } + } /* If the above methods didn't work, our next try is to retrieve the * key from the WKD. */ |