diff options
| -rw-r--r-- | doc/gpg.texi | 13 | ||||
| -rw-r--r-- | g10/export.c | 21 | ||||
| -rw-r--r-- | g10/import.c | 21 | ||||
| -rw-r--r-- | g10/options.h | 2 |
4 files changed, 52 insertions, 5 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 044ba3761..8e1a5e6fc 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2283,6 +2283,12 @@ opposite meaning. The options are: the most recent self-signature on each user ID. This option is the same as running the @option{--edit-key} command "minimize" after import. Defaults to no. + + @item restore + @itemx import-restore + Import in key restore mode. This imports all data which is usually + skipped during import; including all GnuPG specific data. All other + contradicting options are overridden. @end table @item --import-filter @code{@var{name}=@var{expr}} @@ -2393,6 +2399,13 @@ opposite meaning. The options are: @c when the exported subkey is to be used on an unattended machine where @c a passphrase doesn't necessarily make sense. Defaults to no. + @item backup + @itemx export-backup + Export for use as a backup. The exported data includes all data + which is needed to restore the key or keys later with GnuPG. The + format is basically the OpenPGP format but enhanced with GnuPG + specific data. All other contradicting options are overridden. + @item export-clean Compact (remove all signatures from) user IDs on the key being exported if the user IDs are not usable. Also, do not export any diff --git a/g10/export.c b/g10/export.c index b36200ac0..f354ca0f6 100644 --- a/g10/export.c +++ b/g10/export.c @@ -116,6 +116,10 @@ parse_export_options(char *str,unsigned int *options,int noisy) {"export-pka", EXPORT_PKA_FORMAT, NULL, NULL }, {"export-dane", EXPORT_DANE_FORMAT, NULL, NULL }, + {"backup", EXPORT_BACKUP, NULL, + N_("use the GnuPG key backup format")}, + {"export-backup", EXPORT_BACKUP, NULL, NULL }, + /* Aliases for backward compatibility */ {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL}, {"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL}, @@ -127,8 +131,18 @@ parse_export_options(char *str,unsigned int *options,int noisy) {NULL,0,NULL,NULL} /* add tags for include revoked and disabled? */ }; + int rc; - return parse_options(str,options,export_opts,noisy); + rc = parse_options (str, options, export_opts, noisy); + if (rc && (*options & EXPORT_BACKUP)) + { + /* Alter other options we want or don't want for restore. */ + *options |= (EXPORT_LOCAL_SIGS | EXPORT_ATTRIBUTES + | EXPORT_SENSITIVE_REVKEYS); + *options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL + | EXPORT_PKA_FORMAT | EXPORT_DANE_FORMAT); + } + return rc; } @@ -1535,8 +1549,9 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, if (node->pkt->pkttype == PKT_COMMENT) continue; - /* Make sure that ring_trust packets never get exported. */ - if (node->pkt->pkttype == PKT_RING_TRUST) + /* Make sure that ring_trust packets are only exported in backup + * mode. */ + if (node->pkt->pkttype == PKT_RING_TRUST && !(options & EXPORT_BACKUP)) continue; /* If exact is set, then we only export what was requested diff --git a/g10/import.c b/g10/import.c index 1ed11bf38..b6c04dcfc 100644 --- a/g10/import.c +++ b/g10/import.c @@ -175,6 +175,10 @@ parse_import_options(char *str,unsigned int *options,int noisy) {"import-export", IMPORT_EXPORT, NULL, N_("run import filters and export key immediately")}, + {"restore", IMPORT_RESTORE, NULL, + N_("assume the GnuPG key backup format")}, + {"import-restore", IMPORT_RESTORE, NULL, NULL}, + /* Aliases for backward compatibility */ {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL}, {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL}, @@ -186,8 +190,18 @@ parse_import_options(char *str,unsigned int *options,int noisy) the new design. */ {NULL,0,NULL,NULL} }; + int rc; - return parse_options(str,options,import_opts,noisy); + rc = parse_options (str, options, import_opts, noisy); + if (rc && (*options & IMPORT_RESTORE)) + { + /* Alter other options we want or don't want for restore. */ + *options |= (IMPORT_LOCAL_SIGS | IMPORT_KEEP_OWNERTTRUST); + *options &= ~(IMPORT_MINIMAL | IMPORT_CLEAN + | IMPORT_REPAIR_PKS_SUBKEY_BUG + | IMPORT_MERGE_ONLY); + } + return rc; } @@ -833,7 +847,9 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) break; case PKT_RING_TRUST: - /* Skip those packets. */ + /* Skip those packets unless we are in restore mode. */ + if ((opt.import_options & IMPORT_RESTORE)) + goto x_default; free_packet( pkt ); init_packet(pkt); break; @@ -848,6 +864,7 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) } in_cert = 1; default: + x_default: if (in_cert && valid_keyblock_packet (pkt->pkttype)) { if (!root ) diff --git a/g10/options.h b/g10/options.h index 589b68e1e..88a8f32bd 100644 --- a/g10/options.h +++ b/g10/options.h @@ -349,6 +349,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define IMPORT_NO_SECKEY (1<<7) #define IMPORT_KEEP_OWNERTTRUST (1<<8) #define IMPORT_EXPORT (1<<9) +#define IMPORT_RESTORE (1<<10) #define EXPORT_LOCAL_SIGS (1<<0) #define EXPORT_ATTRIBUTES (1<<1) @@ -358,6 +359,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define EXPORT_CLEAN (1<<5) #define EXPORT_PKA_FORMAT (1<<6) #define EXPORT_DANE_FORMAT (1<<7) +#define EXPORT_BACKUP (1<<10) #define LIST_SHOW_PHOTOS (1<<0) #define LIST_SHOW_POLICY_URLS (1<<1) |