diff options
| author | Werner Koch <[email protected]> | 2020-03-13 12:28:35 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2020-03-13 12:34:49 +0000 |
| commit | 865d485180240369a20d3be14d0c6499783df2b5 (patch) | |
| tree | a5f3a95e9d714517dabbc66987ee1f01cb65d55f /g10/parse-packet.c | |
| parent | gpg: Add property "fpr" for use by --export-filter. (diff) | |
| download | gnupg-865d485180240369a20d3be14d0c6499783df2b5.tar.gz gnupg-865d485180240369a20d3be14d0c6499783df2b5.zip | |
gpg: New option --include-key-block.
* common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
* g10/gpg.c (oIncludeKeyBlock): New.
(opts): New option --include-key-block.
(main): Implement.
* g10/options.h (opt): New flag include_key_block.
* g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
(parse_one_sig_subpkt): Ditto.
(can_handle_critical): Ditto.
* g10/sign.c (mk_sig_subpkt_key_block): New.
(write_signature_packets): Call it for data signatures.
--
This patch adds support for a to be proposed OpenPGP ferature:
Introduce the Key Block subpacket to align OpenPGP with CMS.
This new subpacket may be used similar to the CertificateSet of
CMS (RFC-5652) and thus allows to start encrypted communication
after having received a signed message. In practice a stripped down
version of the key should be including having only the key material
and the self-signatures which are really useful and shall be used by
the recipient to reply encrypted.
#### Key Block
(1 octet with value 0, N octets of key data)
This subpacket MAY be used to convey key data along with a signature
of class 0x00, 0x01, or 0x02. It MUST contain the key used to create
the signature; either as the primary key or as a subkey. The key
SHOULD contain a primary or subkey capable of encryption and the
entire key must be a valid OpenPGP key including at least one User ID
packet and the corresponding self-signatures.
Implementations MUST ignore this subpacket if the first octet does not
have a value of zero or if the key data does not represent a valid
transferable public key.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/parse-packet.c')
| -rw-r--r-- | g10/parse-packet.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 7c330ee43..d554bf5fe 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1615,6 +1615,23 @@ dump_sig_subpkt (int hashed, int type, int critical, } break; + case SIGSUBPKT_KEY_BLOCK: + es_fputs ("key-block: ", listfp); + if (length && buffer[0]) + p = "[unknown reserved octet]"; + else if (length < 50) /* 50 is an arbitrary min. length. */ + p = "[invalid subpacket]"; + else + { + /* estream_t fp; */ + /* fp = es_fopen ("a.key-block", "wb"); */ + /* log_assert (fp); */ + /* es_fwrite ( buffer+1, length-1, 1, fp); */ + /* es_fclose (fp); */ + es_fprintf (listfp, "[%u octets]", (unsigned int)length-1); + } + break; + default: if (type >= 100 && type <= 110) @@ -1692,6 +1709,12 @@ parse_one_sig_subpkt (const byte * buffer, size_t n, int type) if (n != 2) break; return 0; + case SIGSUBPKT_KEY_BLOCK: + if (n && buffer[0]) + return -1; /* Unknown version - ignore. */ + if (n < 50) + break; /* Definitely too short to carry a key block. */ + return 0; default: return 0; } @@ -1760,6 +1783,12 @@ can_handle_critical (const byte * buffer, size_t n, int type) case SIGSUBPKT_REVOC_REASON: /* At least we know about it. */ return 1; + case SIGSUBPKT_KEY_BLOCK: + if (n && !buffer[0]) + return 1; + else + return 0; + default: return 0; } |