aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--agent/command.c7
-rw-r--r--g10/call-agent.c15
-rw-r--r--g10/call-agent.h3
-rw-r--r--g10/export.c2
4 files changed, 18 insertions, 9 deletions
diff --git a/agent/command.c b/agent/command.c
index 1898d6cf7..de5b1846c 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -2210,7 +2210,12 @@ static const char hlp_export_key[] =
"Export a secret key from the key store. The key will be encrypted\n"
"using the current session's key wrapping key (cf. command KEYWRAP_KEY)\n"
"using the AESWRAP-128 algorithm. The caller needs to retrieve that key\n"
- "prior to using this command. The function takes the keygrip as argument.\n";
+ "prior to using this command. The function takes the keygrip as argument.\n"
+ "\n"
+ "If --openpgp is used, the secret key material will be exported in RFC 4880\n"
+ "compatible passphrase-protected form. Without --openpgp, the secret key\n"
+ "material will be exported in the clear (after prompting the user to unlock\n"
+ "it, if needed).\n";
static gpg_error_t
cmd_export_key (assuan_context_t ctx, char *line)
{
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 470fa168c..06a2d8678 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -2315,13 +2315,15 @@ agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr,
/* Receive a secret key from the agent. HEXKEYGRIP is the hexified
keygrip, DESC a prompt to be displayed with the agent's passphrase
- question (needs to be plus+percent escaped). If CACHE_NONCE_ADDR
- is not NULL the agent is advised to first try a passphrase
- associated with that nonce. On success the key is stored as a
- canonical S-expression at R_RESULT and R_RESULTLEN. */
+ question (needs to be plus+percent escaped). if OPENPGP_PROTECTED
+ is not zero, ensure that the key material is returned in RFC
+ 4880-compatible passphrased-protected form. If CACHE_NONCE_ADDR is
+ not NULL the agent is advised to first try a passphrase associated
+ with that nonce. On success the key is stored as a canonical
+ S-expression at R_RESULT and R_RESULTLEN. */
gpg_error_t
agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
- char **cache_nonce_addr,
+ int openpgp_protected, char **cache_nonce_addr,
unsigned char **r_result, size_t *r_resultlen)
{
gpg_error_t err;
@@ -2351,7 +2353,8 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
return err;
}
- snprintf (line, DIM(line)-1, "EXPORT_KEY --openpgp %s%s %s",
+ snprintf (line, DIM(line)-1, "EXPORT_KEY %s%s%s %s",
+ openpgp_protected ? "--openpgp ":"",
cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
hexkeygrip);
diff --git a/g10/call-agent.h b/g10/call-agent.h
index a5d01e65b..d85a6fd5d 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -192,7 +192,8 @@ gpg_error_t agent_import_key (ctrl_t ctrl, const char *desc,
/* Receive a key from the agent. */
gpg_error_t agent_export_key (ctrl_t ctrl, const char *keygrip,
- const char *desc, char **cache_nonce_addr,
+ const char *desc, int openpgp_protected,
+ char **cache_nonce_addr,
unsigned char **r_result, size_t *r_resultlen);
/* Delete a key from the agent. */
diff --git a/g10/export.c b/g10/export.c
index d47c27d23..5b161ae8e 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -852,7 +852,7 @@ receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
log_info ("key %s: asking agent for the secret parts\n", hexgrip);
prompt = gpg_format_keydesc (pk, FORMAT_KEYDESC_EXPORT,1);
- err = agent_export_key (ctrl, hexgrip, prompt, cache_nonce_addr,
+ err = agent_export_key (ctrl, hexgrip, prompt, 1, cache_nonce_addr,
&wrappedkey, &wrappedkeylen);
xfree (prompt);