diff options
| author | David Shaw <[email protected]> | 2005-08-27 03:09:40 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2005-08-27 03:09:40 +0000 |
| commit | f74282bee03f26af0887dfcc806c89ad0bc142d3 (patch) | |
| tree | fe83661e8e82fcf199880c26fa26d7dc8215b204 /g10/keygen.c | |
| parent | * keyedit.c (ask_revoke_sig): Add a revsig --with-colons mode. (diff) | |
| download | gnupg-f74282bee03f26af0887dfcc806c89ad0bc142d3.tar.gz gnupg-f74282bee03f26af0887dfcc806c89ad0bc142d3.zip | |
* misc.c (openpgp_pk_algo_usage): Default to allowing CERT for signing
algorithms.
* keyedit.c (sign_uids): Don't request a signing key to make a
certification.
* keygen.c (do_add_key_flags): Force the certify flag on for all
primary keys, as the spec requires primary keys must be able to
certify (if nothing else, which key is going to issue the user ID
signature?) (print_key_flags): Show certify flag. (ask_key_flags,
ask_algo): Don't allow setting the C flag for subkeys.
* keyid.c (usagestr_from_pk), getkey.c (parse_key_usage): Distinguish
between a sign/certify key and a certify-only key.
Diffstat (limited to 'g10/keygen.c')
| -rw-r--r-- | g10/keygen.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/g10/keygen.c b/g10/keygen.c index fb93363e8..3bf5af48b 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -190,9 +190,6 @@ do_add_key_flags (PKT_signature *sig, unsigned int use) { byte buf[1]; - if (!use) - return; - buf[0] = 0; /* The spec says that all primary keys MUST be able to certify. */ @@ -205,6 +202,10 @@ do_add_key_flags (PKT_signature *sig, unsigned int use) buf[0] |= 0x04 | 0x08; if (use & PUBKEY_USAGE_AUTH) buf[0] |= 0x20; + + if (!buf[0]) + return; + build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); } @@ -1238,6 +1239,9 @@ print_key_flags(int flags) if(flags&PUBKEY_USAGE_SIG) tty_printf("%s ",_("Sign")); + if(flags&PUBKEY_USAGE_CERT) + tty_printf("%s ",_("Certify")); + if(flags&PUBKEY_USAGE_ENC) tty_printf("%s ",_("Encrypt")); @@ -1248,7 +1252,7 @@ print_key_flags(int flags) /* Returns the key flags */ static unsigned int -ask_key_flags(int algo) +ask_key_flags(int algo,int subkey) { const char *togglers=_("SsEeAaQq"); char *answer=NULL; @@ -1258,6 +1262,10 @@ ask_key_flags(int algo) if(strlen(togglers)!=8) BUG(); + /* Only primary keys may certify. */ + if(subkey) + possible&=~PUBKEY_USAGE_CERT; + /* Preload the current set with the possible set, minus authentication, since nobody really uses auth yet. */ current=possible&~PUBKEY_USAGE_AUTH; @@ -1291,7 +1299,7 @@ ask_key_flags(int algo) cpr_kill_prompt(); if(strlen(answer)>1) - continue; + tty_printf(_("Invalid selection.\n")); else if(*answer=='\0' || *answer==togglers[6] || *answer==togglers[7]) break; else if((*answer==togglers[0] || *answer==togglers[1]) @@ -1318,6 +1326,8 @@ ask_key_flags(int algo) else current|=PUBKEY_USAGE_AUTH; } + else + tty_printf(_("Invalid selection.\n")); } xfree(answer); @@ -1362,7 +1372,7 @@ ask_algo (int addmode, unsigned int *r_usage) } else if( algo == 7 && opt.expert ) { algo = PUBKEY_ALGO_RSA; - *r_usage=ask_key_flags(algo); + *r_usage=ask_key_flags(algo,addmode); break; } else if( algo == 6 && addmode ) { @@ -1382,7 +1392,7 @@ ask_algo (int addmode, unsigned int *r_usage) } else if( algo == 3 && opt.expert ) { algo = PUBKEY_ALGO_DSA; - *r_usage=ask_key_flags(algo); + *r_usage=ask_key_flags(algo,addmode); break; } else if( algo == 2 ) { |