diff options
| author | Werner Koch <[email protected]> | 2024-01-22 12:22:44 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2024-01-22 15:49:54 +0000 |
| commit | 434a641d40cbff82beb9f485e0adca72419bfdf2 (patch) | |
| tree | a22d6fb89544708cf888fbd856387fff52ac5a1d /agent/cvt-openpgp.c | |
| parent | doc: Fix description of gpg --unwrap (diff) | |
| download | gnupg-434a641d40cbff82beb9f485e0adca72419bfdf2.tar.gz gnupg-434a641d40cbff82beb9f485e0adca72419bfdf2.zip | |
agent: Add "ephemeral" Assuan option.
* agent/agent.h (struct ephemeral_private_key_s): New.
(struct server_control_s): Add ephemeral_mode and ephemeral_keys.
(GENKEY_FLAG_NO_PROTECTION, GENKEY_FLAG_PRESET): New.
* agent/genkey.c (clear_ephemeral_keys): New.
(store_key): Add arg ctrl and implement ephemeral_mode. Change all
callers.
(agent_genkey): Replace args no_protection and preset by a generic new
flags arg.
* agent/findkey.c (wipe_and_fclose): New.
(agent_write_private_key): Add arg ctrl and implement ephemeral_mode.
Change all callers.
(agent_update_private_key): Ditto
(read_key_file): Ditto.
(agent_key_available): Ditto.
* agent/command-ssh.c (card_key_available): Do not update display s/n
in ephemeral mode. This is however enver triggred.
* agent/gpg-agent.c (agent_deinit_default_ctrl): Cleanup ephemeral
keys.
* agent/command.c (cmd_genkey): Use the new flags instead of separate
vars.
(cmd_readkey): Create a shadow key only in non-ephemeral_mode.
(cmd_getinfo): Add sub-command "ephemeral".
(option_handler): Add option "ephemeral".
--
The idea here that a session can be switched in an ephemeral mode
which does not store or read keys from disk but keeps them local to
the session.
GnuPG-bug-id: 6944
Diffstat (limited to 'agent/cvt-openpgp.c')
| -rw-r--r-- | agent/cvt-openpgp.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 6aad35bff..50755c0fd 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -969,7 +969,7 @@ convert_from_openpgp_main (ctrl_t ctrl, gcry_sexp_t s_pgp, int dontcare_exist, if (err) goto leave; - if (!dontcare_exist && !from_native && !agent_key_available (grip)) + if (!dontcare_exist && !from_native && !agent_key_available (ctrl, grip)) { err = gpg_error (GPG_ERR_EEXIST); goto leave; @@ -1147,14 +1147,16 @@ convert_from_openpgp_native (ctrl_t ctrl, if (!agent_protect (*r_key, passphrase, &protectedkey, &protectedkeylen, ctrl->s2k_count)) - agent_write_private_key (grip, protectedkey, protectedkeylen, 1, - NULL, NULL, NULL, 0); + agent_write_private_key (ctrl, grip, + protectedkey, + protectedkeylen, + 1, NULL, NULL, NULL, 0); xfree (protectedkey); } else { /* Empty passphrase: write key without protection. */ - agent_write_private_key (grip, + agent_write_private_key (ctrl, grip, *r_key, gcry_sexp_canon_len (*r_key, 0, NULL,NULL), 1, NULL, NULL, NULL, 0); |