aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--sm/ChangeLog8
-rw-r--r--sm/certdump.c4
-rw-r--r--sm/fingerprint.c13
-rw-r--r--sm/gpgsm.h1
-rw-r--r--sm/keylist.c12
-rw-r--r--sm/verify.c30
6 files changed, 53 insertions, 15 deletions
diff --git a/sm/ChangeLog b/sm/ChangeLog
index cf05842f8..208e618ec 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,11 @@
+2002-08-10 Werner Koch <[email protected]>
+
+ * keylist.c (list_cert_colon): Print the short fingerprint in the
+ key ID field.
+ * fingerprint.c (gpgsm_get_short_fingerprint): New.
+ * verify.c (gpgsm_verify): Print more verbose info for a good
+ signature.
+
2002-08-09 Werner Koch <[email protected]>
* decrypt.c (prepare_decryption): Hack to detected already
diff --git a/sm/certdump.c b/sm/certdump.c
index dfd4e330e..9afb1154d 100644
--- a/sm/certdump.c
+++ b/sm/certdump.c
@@ -116,9 +116,9 @@ gpgsm_dump_time (time_t t)
{
if (!t)
- log_printf ("none");
+ log_printf (_("[none]"));
else if ( t == (time_t)(-1) )
- log_printf ("error");
+ log_printf (_("[error]"));
else
{
struct tm *tp;
diff --git a/sm/fingerprint.c b/sm/fingerprint.c
index d8b6ec4a3..6a84966db 100644
--- a/sm/fingerprint.c
+++ b/sm/fingerprint.c
@@ -102,7 +102,7 @@ gpgsm_get_fingerprint_string (KsbaCert cert, int algo)
return buf;
}
-/* Return an allocated buffer with the formatted fungerprint as one
+/* Return an allocated buffer with the formatted fingerprint as one
large hexnumber */
char *
gpgsm_get_fingerprint_hexstring (KsbaCert cert, int algo)
@@ -124,6 +124,17 @@ gpgsm_get_fingerprint_hexstring (KsbaCert cert, int algo)
return buf;
}
+/* Return a certificate ID. These are the last 4 bytes of the SHA-1
+ fingerprint. */
+unsigned long
+gpgsm_get_short_fingerprint (KsbaCert cert)
+{
+ unsigned char digest[20];
+
+ gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL);
+ return ((digest[16]<<24)|(digest[17]<<16)|(digest[18]<< 8)|digest[19]);
+}
+
/* Return the so called KEYGRIP which is the SHA-1 hash of the public
key parameters expressed as an canoncial encoded S-Exp. array must
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 3e5205980..702b343c0 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -149,6 +149,7 @@ void gpgsm_status2 (CTRL ctrl, int no, ...);
char *gpgsm_get_fingerprint (KsbaCert cert, int algo, char *array, int *r_len);
char *gpgsm_get_fingerprint_string (KsbaCert cert, int algo);
char *gpgsm_get_fingerprint_hexstring (KsbaCert cert, int algo);
+unsigned long gpgsm_get_short_fingerprint (KsbaCert cert);
char *gpgsm_get_keygrip (KsbaCert cert, char *array);
char *gpgsm_get_keygrip_hexstring (KsbaCert cert);
char *gpgsm_get_certid (KsbaCert cert);
diff --git a/sm/keylist.c b/sm/keylist.c
index 5431e1b00..e73eb1f3a 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -151,6 +151,7 @@ list_cert_colon (KsbaCert cert, FILE *fp, int have_secret)
int idx, trustletter = 0;
char *p;
KsbaSexp sexp;
+ char *fpr;
fputs (have_secret? "crs:":"crt:", fp);
trustletter = 0;
@@ -168,9 +169,11 @@ list_cert_colon (KsbaCert cert, FILE *fp, int have_secret)
putc (trustletter, fp);
}
- fprintf (fp, ":%u:%d::",
+ fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+ fprintf (fp, ":%u:%d:%s:",
/*keylen_of_cert (cert)*/1024,
- /* pubkey_algo_of_cert (cert)*/1);
+ /* pubkey_algo_of_cert (cert)*/1,
+ fpr+24);
/* we assume --fixed-list-mode for gpgsm */
print_time ( ksba_cert_get_validity (cert, 0), fp);
@@ -212,9 +215,8 @@ list_cert_colon (KsbaCert cert, FILE *fp, int have_secret)
putc ('\n', fp);
/* FPR record */
- p = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
- fprintf (fp, "fpr:::::::::%s:::", p);
- xfree (p);
+ fprintf (fp, "fpr:::::::::%s:::", fpr);
+ xfree (fpr); fpr = NULL;
/* print chaining ID (field 13)*/
{
KsbaCert next;
diff --git a/sm/verify.c b/sm/verify.c
index 3e44897e8..27a187ca4 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -108,6 +108,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
int algo;
int is_detached;
FILE *fp = NULL;
+ char *p;
kh = keydb_new (0);
if (!kh)
@@ -285,12 +286,8 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
log_error ("error getting signing time: %s\n", ksba_strerror (err));
sigtime = (time_t)-1;
}
- if (DBG_X509)
- {
- log_debug ("signer %d - sigtime: ", signer);
- gpgsm_dump_time (sigtime);
- log_printf ("\n");
- }
+
+
err = ksba_cms_get_message_digest (cms, signer,
&msgdigest, &msgdigestlen);
@@ -343,6 +340,15 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
goto next_signer;
}
+ log_info (_("Signature made "));
+ if (sigtime)
+ gpgsm_dump_time (sigtime);
+ else
+ log_printf (_("[date not given]"));
+ log_printf (_(" using certificate ID %08lX\n"),
+ gpgsm_get_short_fingerprint (cert));
+
+
if (msgdigest)
{ /* Signed attributes are available. */
GCRY_MD_HD md;
@@ -446,7 +452,17 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
gpgsm_status (ctrl, STATUS_TRUST_UNDEFINED, gnupg_error_token (rc));
goto next_signer;
}
- log_info ("signature is good\n");
+
+ for (i=0; (p = ksba_cert_get_subject (cert, i)); i++)
+ {
+ log_info (!i? _("Good signature from")
+ : _(" aka"));
+ log_printf (" \"");
+ gpgsm_print_name (log_get_stream (), p);
+ log_printf ("\"\n");
+ ksba_free (p);
+ }
+
gpgsm_status (ctrl, STATUS_TRUST_FULLY, NULL);
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-24 18:30:54 +0000