diff options
| author | Werner Koch <[email protected]> | 2025-01-29 17:06:15 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-01-29 17:06:15 +0000 |
| commit | 159e801043de479d9899fccb07a79fbbcc76e751 (patch) | |
| tree | cc86421520a3efe5d37925aee1682ea5bfd33aa8 /sm/export.c | |
| parent | gpgsm: Allow CSR generation with an unprotected key. (diff) | |
| download | gnupg-159e801043de479d9899fccb07a79fbbcc76e751.tar.gz gnupg-159e801043de479d9899fccb07a79fbbcc76e751.zip | |
gpgsm: Allow unattended PKCS#12 export without passphrase.
* sm/gpgsm.c (oNoProtection): New.
(opts): Add "--no-protection".
(main): PArse it.
* sm/gpgsm.h (struct server_control_s): Add field no_protection.
* sm/server.c (option_handler): Add option "no-protection".
(reset_notify): Clear option.
* sm/export.c (export_p12): Use empty passphrase if option is set.
Diffstat (limited to 'sm/export.c')
| -rw-r--r-- | sm/export.c | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/sm/export.c b/sm/export.c index bee22e97a..890d7d1af 100644 --- a/sm/export.c +++ b/sm/export.c @@ -316,11 +316,12 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream) /* Export a certificate and its private key. RAWMODE controls the - actual output: - 0 - Private key and certificate in PKCS#12 format - 1 - Only unencrypted private key in PKCS#8 format - 2 - Only unencrypted private key in PKCS#1 format - */ + * actual output: + * 0 - Private key and certificate in PKCS#12 format + * (With --no-protection no PKSC#12 passphrase is used) + * 1 - Only unencrypted private key in PKCS#8 format + * 2 - Only unencrypted private key in PKCS#1 format + */ void gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode) { @@ -714,22 +715,27 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen, if (rawmode) { - /* Export in raw mode, that is only the pkcs#1/#8 private key. */ + /* Export in raw mode, that is only the pkcs#1/#8 unprotected + * private key. */ result = p12_raw_build (kparms, rawmode, &resultlen); if (!result) err = gpg_error (GPG_ERR_GENERAL); } else { - err = gpgsm_agent_ask_passphrase - (ctrl, - i18n_utf8 (N_("Please enter the passphrase to protect the " - "new PKCS#12 object.")), - 1, &passphrase); - if (err) - goto leave; + if (!ctrl->no_protection) + { + err = gpgsm_agent_ask_passphrase + (ctrl, + i18n_utf8 (N_("Please enter the passphrase to protect the " + "new PKCS#12 object.")), + 1, &passphrase); + if (err) + goto leave; + } - result = p12_build (kparms, certimg, certimglen, passphrase, + result = p12_build (kparms, certimg, certimglen, + ctrl->no_protection? "" : passphrase, opt.p12_charset, &resultlen); xfree (passphrase); passphrase = NULL; |