blob: e0fe9264333a0e8b48471f03202f9f552793b066 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
#!/bin/sh
. $srcdir/defs.inc || exit 3
check_exported_public_key()
{
$GPG --list-packets $1 >$1.packets
grep '^:public key packet:' $1.packets >/dev/null
grep "^ keyid: .*$KEY$" $1.packets >/dev/null
grep '^:user ID packet:' $1.packets >/dev/null
grep "^:signature packet:.*keyid.*$KEY" $1.packets >/dev/null
rm $1.packets
}
check_armored_public_key()
{
grep '^-----BEGIN PGP PUBLIC KEY BLOCK-----$' $1 >/dev/null
grep '^-----END PGP PUBLIC KEY BLOCK-----$' $1 >/dev/null
check_exported_public_key $1
}
check_exported_private_key()
{
$GPG --list-packets $1 >$1.packets
grep '^:secret key packet:' $1.packets >/dev/null
grep "^ keyid: .*$KEY$" $1.packets >/dev/null
grep '^:user ID packet:' $1.packets >/dev/null
grep "^:signature packet:.*keyid.*$KEY" $1.packets >/dev/null
rm $1.packets
}
check_armored_private_key()
{
grep '^-----BEGIN PGP PRIVATE KEY BLOCK-----$' $1 >/dev/null
grep '^-----END PGP PRIVATE KEY BLOCK-----$' $1 >/dev/null
check_exported_private_key $1
}
logfile="`pwd`/pinentry.log"
ppfile="`pwd`/passphrases"
rm -f -- $logfile $ppfile
touch $ppfile
prepare_passphrase()
{
echo $* >>$ppfile
}
prepare_passphrase_confirm()
{
echo "fake-entry being started to CONFIRM the weak phrase" >>$ppfile
}
assert_passphrases_consumed()
{
if test -s $ppfile; then
echo "Expected $ppfile to be empty, but these are enqueued:" >&2
cat "$ppfile" >&2
exit 1
fi
rm -f -- $logfile
}
# XXX: Currently, gpg does not allow one to export private keys
# without a passphrase (issue2070, issue2324).
export PINENTRY_USER_DATA="--logfile=$logfile --passphrasefile=$ppfile"
info "Checking key export."
for KEY in D74C5F22 C40FDECF ECABF51D
do
progress $KEY
$GPG --export $KEY >$KEY.public
check_exported_public_key $KEY.public
rm $KEY.public
$GPG --armor --export $KEY >$KEY.public
check_armored_public_key $KEY.public
rm $KEY.public
if [ $KEY = D74C5F22 ]; then
# Key D74C5F22 is protected by a passphrase. Prepare this
# one. Currently, GnuPG does not ask for an export passphrase
# in this case.
prepare_passphrase "$usrpass1"
else
# We use a weak passphrase which we'll have to confirm.
prepare_passphrase "export passphrase"
prepare_passphrase_confirm
prepare_passphrase "export passphrase"
# Key C40FDECF has a subkey.
if [ $KEY = C40FDECF ]; then
prepare_passphrase "export passphrase"
prepare_passphrase_confirm
prepare_passphrase "export passphrase"
fi
fi
$GPG --export-secret-keys $KEY >$KEY.private
check_exported_private_key $KEY.private
rm $KEY.private
assert_passphrases_consumed
if [ $KEY = D74C5F22 ]; then
# Key D74C5F22 is protected by a passphrase. Prepare this
# one. Currently, GnuPG does not ask for an export passphrase
# in this case.
prepare_passphrase "$usrpass1"
else
# We use a stronger passphrase here.
prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
# Key C40FDECF has a subkey.
if [ $KEY = C40FDECF ]; then
prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
fi
fi
$GPG --armor --export-secret-keys $KEY >$KEY.private
check_armored_private_key $KEY.private
rm $KEY.private
assert_passphrases_consumed
done
progress_end
|
