diff options
Diffstat (limited to '')
| -rw-r--r-- | g10/ChangeLog | 12 | ||||
| -rw-r--r-- | g10/g10.c | 42 | ||||
| -rw-r--r-- | g10/keyedit.c | 9 | ||||
| -rw-r--r-- | g10/keygen.c | 74 | ||||
| -rw-r--r-- | g10/main.h | 7 | ||||
| -rw-r--r-- | g10/options.h | 2 | ||||
| -rw-r--r-- | g10/sign.c | 31 |
7 files changed, 129 insertions, 48 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index b7ce53c65..1283bd176 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,15 @@ +2005-05-05 David Shaw <[email protected]> + + * options.h, g10.c (main): Add new --default-sig-expire and + --default-cert-expire options. Suggested by Florian Weimer. + + * main.h, keygen.c (parse_expire_string, ask_expire_interval): Use + defaults passed in, or "0" to control what default expiration is. + + * keyedit.c (sign_uids), sign.c (sign_file, clearsign_file, + sign_symencrypt_file): Call them here, so that default expiration + is used when --ask-xxxxx-expire is off. + 2005-05-03 Werner Koch <[email protected]> * passphrase.c (agent_get_passphrase): Add new arg CACHEID. @@ -1,6 +1,6 @@ /* g10.c - The GnuPG utility (main for gpg) - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 - * 2004, 2005 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, + * 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -157,18 +157,20 @@ enum cmd_and_opt_values oNoTextmode, oExpert, oNoExpert, + oDefSigExpire, oAskSigExpire, oNoAskSigExpire, + oDefCertExpire, oAskCertExpire, oNoAskCertExpire, + oDefCertLevel, + oMinCertLevel, oAskCertLevel, oNoAskCertLevel, oFingerprint, oWithFingerprint, oAnswerYes, oAnswerNo, - oDefCertLevel, - oMinCertLevel, oKeyring, oPrimaryKeyring, oSecretKeyring, @@ -443,10 +445,14 @@ static ARGPARSE_OPTS opts[] = { { oNoTextmode, "no-textmode", 0, "@"}, { oExpert, "expert", 0, "@"}, { oNoExpert, "no-expert", 0, "@"}, + { oDefSigExpire, "default-sig-expire", 2, "@"}, { oAskSigExpire, "ask-sig-expire", 0, "@"}, { oNoAskSigExpire, "no-ask-sig-expire", 0, "@"}, + { oDefCertExpire, "default-cert-expire", 2, "@"}, { oAskCertExpire, "ask-cert-expire", 0, "@"}, { oNoAskCertExpire, "no-ask-cert-expire", 0, "@"}, + { oDefCertLevel, "default-cert-level", 1, "@"}, + { oMinCertLevel, "min-cert-level", 1, "@"}, { oAskCertLevel, "ask-cert-level", 0, "@"}, { oNoAskCertLevel, "no-ask-cert-level", 0, "@"}, { oOutput, "output", 2, N_("use as output file")}, @@ -579,8 +585,6 @@ static ARGPARSE_OPTS opts[] = { { oCompressKeys, "compress-keys",0, "@"}, { oCompressSigs, "compress-sigs",0, "@"}, { oDefCertLevel, "default-cert-check-level", 1, "@"}, /* Old option */ - { oDefCertLevel, "default-cert-level", 1, "@"}, - { oMinCertLevel, "min-cert-level", 1, "@"}, { oAlwaysTrust, "always-trust", 0, "@"}, { oTrustModel, "trust-model", 2, "@"}, { oForceOwnertrust, "force-ownertrust", 2, "@"}, @@ -1673,6 +1677,8 @@ main( int argc, char **argv ) set_screen_dimensions(); opt.keyid_format=KF_SHORT; opt.rfc2440_text=1; + opt.def_sig_expire="0"; + opt.def_cert_expire="0"; set_homedir ( default_homedir () ); #ifdef ENABLE_CARD_SUPPORT @@ -2020,8 +2026,6 @@ main( int argc, char **argv ) break; case oNoArmor: opt.no_armor=1; opt.armor=0; break; case oNoDefKeyring: default_keyring = 0; break; - case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break; - case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break; case oNoGreeting: nogreeting = 1; break; case oNoVerbose: g10_opt_verbose = 0; opt.verbose = 0; opt.list_sigs=0; break; @@ -2227,10 +2231,32 @@ main( int argc, char **argv ) case oNoTextmode: opt.textmode=0; break; case oExpert: opt.expert = 1; break; case oNoExpert: opt.expert = 0; break; + case oDefSigExpire: + if(*pargs.r.ret_str!='\0') + { + if(parse_expire_string(pargs.r.ret_str)==-1) + log_error(_("`%s' is not a valid signature expiration\n"), + pargs.r.ret_str); + else + opt.def_sig_expire=pargs.r.ret_str; + } + break; case oAskSigExpire: opt.ask_sig_expire = 1; break; case oNoAskSigExpire: opt.ask_sig_expire = 0; break; + case oDefCertExpire: + if(*pargs.r.ret_str!='\0') + { + if(parse_expire_string(pargs.r.ret_str)==-1) + log_error(_("`%s' is not a valid signature expiration\n"), + pargs.r.ret_str); + else + opt.def_cert_expire=pargs.r.ret_str; + } + break; case oAskCertExpire: opt.ask_cert_expire = 1; break; case oNoAskCertExpire: opt.ask_cert_expire = 0; break; + case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break; + case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break; case oAskCertLevel: opt.ask_cert_level = 1; break; case oNoAskCertLevel: opt.ask_cert_level = 0; break; case oUser: /* store the local users */ diff --git a/g10/keyedit.c b/g10/keyedit.c index 00499b3d3..18908a693 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -860,8 +860,13 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, /* Only ask for duration if we haven't already set it to match the expiration of the pk */ - if(opt.ask_cert_expire && !duration && !selfsig) - duration=ask_expire_interval(1); + if(!duration && !selfsig) + { + if(opt.ask_cert_expire) + duration=ask_expire_interval(1,opt.def_cert_expire); + else + duration=parse_expire_string(opt.def_cert_expire)*86400L; + } if(duration) force_v4=1; diff --git a/g10/keygen.c b/g10/keygen.c index c238b07d2..8895ab5bc 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1,6 +1,6 @@ /* keygen.c - generate a key pair - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, - * 2004, 2005 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, + * 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1498,7 +1498,7 @@ ask_keysize( int algo ) * Parse an expire string and return it's value in days. * Returns -1 on error. */ -static int +int parse_expire_string( const char *string ) { int mult; @@ -1530,7 +1530,7 @@ parse_expire_string( const char *string ) /* object == 0 for a key, and 1 for a sig */ u32 -ask_expire_interval(int object) +ask_expire_interval(int object,const char *def_expire) { char *answer; int valid_days=0; @@ -1539,6 +1539,8 @@ ask_expire_interval(int object) switch(object) { case 0: + if(def_expire) + BUG(); tty_printf(_("Please specify how long the key should be valid.\n" " 0 = key does not expire\n" " <n> = key expires in n days\n" @@ -1548,6 +1550,8 @@ ask_expire_interval(int object) break; case 1: + if(!def_expire) + BUG(); tty_printf(_("Please specify how long the signature should be valid.\n" " 0 = signature does not expire\n" " <n> = signature expires in n days\n" @@ -1565,20 +1569,36 @@ ask_expire_interval(int object) * date */ answer = NULL; - for(;;) { + for(;;) + { u32 curtime=make_timestamp(); m_free(answer); if(object==0) answer = cpr_get("keygen.valid",_("Key is valid for? (0) ")); else - answer = cpr_get("siggen.valid",_("Signature is valid for? (0) ")); + { + char *prompt; + +#define PROMPTSTRING _("Signature is valid for? (%s) ") + /* This will actually end up larger than necessary because + of the 2 bytes for '%s' */ + prompt=m_alloc(strlen(PROMPTSTRING)+strlen(def_expire)+1); + sprintf(prompt,PROMPTSTRING,def_expire); +#undef PROMPTSTRING + + answer = cpr_get("siggen.valid",prompt); + m_free(prompt); + + if(*answer=='\0') + answer=m_strdup(def_expire); + } cpr_kill_prompt(); trim_spaces(answer); valid_days = parse_expire_string( answer ); if( valid_days < 0 ) { - tty_printf(_("invalid value\n")); - continue; + tty_printf(_("invalid value\n")); + continue; } if( !valid_days ) @@ -1589,24 +1609,24 @@ ask_expire_interval(int object) interval = 0; } else { - interval = valid_days * 86400L; - - tty_printf(object==0 - ? _("Key expires at %s\n") - : _("Signature expires at %s\n"), - asctimestamp((ulong)(curtime + interval) ) ); - /* FIXME: This check yields warning on alhas: Write a - configure check and to this check here only for 32 bit - machines */ - if( (time_t)((ulong)(curtime+interval)) < 0 ) - tty_printf(_("Your system can't display dates beyond 2038.\n" - "However, it will be correctly handled up to 2106.\n")); + interval = valid_days * 86400L; + + tty_printf(object==0 + ? _("Key expires at %s\n") + : _("Signature expires at %s\n"), + asctimestamp((ulong)(curtime + interval) ) ); + /* FIXME: This check yields warning on alhas: Write a + configure check and to this check here only for 32 bit + machines */ + if( (time_t)((ulong)(curtime+interval)) < 0 ) + tty_printf(_("Your system can't display dates beyond 2038.\n" + "However, it will be correctly handled up to 2106.\n")); } if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay", - _("Is this correct? (y/N) ")) ) - break; - } + _("Is this correct? (y/N) ")) ) + break; + } m_free(answer); return interval; } @@ -1614,7 +1634,7 @@ ask_expire_interval(int object) u32 ask_expiredate() { - u32 x = ask_expire_interval(0); + u32 x = ask_expire_interval(0,NULL); return x? make_timestamp() + x : 0; } @@ -2572,7 +2592,7 @@ generate_keypair (const char *fname, const char *card_serialno, para = r; } - expire = ask_expire_interval(0); + expire = ask_expire_interval(0,NULL); r = m_alloc_clear( sizeof *r + 20 ); r->key = pKEYEXPIRE; r->u.expire = expire; @@ -3085,7 +3105,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ) algo = ask_algo( 1, &use ); assert(algo); nbits = ask_keysize( algo ); - expire = ask_expire_interval(0); + expire = ask_expire_interval(0,NULL); if( !cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay", _("Really create? (y/N) "))) goto leave; @@ -3203,7 +3223,7 @@ generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock, goto leave; algo = PUBKEY_ALGO_RSA; - expire = ask_expire_interval (0); + expire = ask_expire_interval (0,NULL); if (keyno == 1) use = PUBKEY_USAGE_SIG; else if (keyno == 2) diff --git a/g10/main.h b/g10/main.h index fed9452d2..9eb1f9635 100644 --- a/g10/main.h +++ b/g10/main.h @@ -1,6 +1,6 @@ /* main.h - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, - * 2004 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, + * 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -165,7 +165,8 @@ void keyedit_menu( const char *username, STRLIST locusr, void show_basic_key_info (KBNODE keyblock); /*-- keygen.c --*/ -u32 ask_expire_interval(int object); +int parse_expire_string(const char *string); +u32 ask_expire_interval(int object,const char *def_expire); u32 ask_expiredate(void); void generate_keypair( const char *fname, const char *card_serialno, const char *backup_encryption_dir ); diff --git a/g10/options.h b/g10/options.h index 67ccd9d62..d661366b7 100644 --- a/g10/options.h +++ b/g10/options.h @@ -50,7 +50,9 @@ struct int list_only; int textmode; int expert; + const char *def_sig_expire; int ask_sig_expire; + const char *def_cert_expire; int ask_cert_expire; int batch; /* run in batch mode */ int answer_yes; /* answer yes on most questions */ diff --git a/g10/sign.c b/g10/sign.c index c65b8275e..d3df1bf60 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1,6 +1,6 @@ /* sign.c - sign data - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, - * 2004 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, + * 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -744,8 +744,13 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) goto leave; - if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991) - duration=ask_expire_interval(1); + if(!opt.force_v3_sigs && !opt.batch && !RFC1991) + { + if(opt.ask_sig_expire) + duration=ask_expire_interval(1,opt.def_sig_expire); + else + duration=parse_expire_string(opt.def_sig_expire)*86400L; + } if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) goto leave; @@ -1009,8 +1014,13 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) memset( &afx, 0, sizeof afx); init_packet( &pkt ); - if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991) - duration=ask_expire_interval(1); + if(!opt.force_v3_sigs && !opt.batch && !RFC1991) + { + if(opt.ask_sig_expire) + duration=ask_expire_interval(1,opt.def_sig_expire); + else + duration=parse_expire_string(opt.def_sig_expire)*86400L; + } if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) goto leave; @@ -1163,8 +1173,13 @@ sign_symencrypt_file (const char *fname, STRLIST locusr) memset( &cfx, 0, sizeof cfx); init_packet( &pkt ); - if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991) - duration=ask_expire_interval(1); + if(!opt.force_v3_sigs && !opt.batch && !RFC1991) + { + if(opt.ask_sig_expire) + duration=ask_expire_interval(1,opt.def_sig_expire); + else + duration=parse_expire_string(opt.def_sig_expire)*86400L; + } rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG); if (rc) |