diff options
| author | Werner Koch <[email protected]> | 2024-09-09 15:33:29 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2024-09-09 15:33:29 +0000 |
| commit | cd79fc39736fda6ce38f1f79700cf658c47372f9 (patch) | |
| tree | e4da5d060c6d487dbe7897ec7bf9441814b69e27 | |
| parent | core: Treat email-only user IDs with upper case letters as email address (diff) | |
| download | gpgme-cd79fc39736fda6ce38f1f79700cf658c47372f9.tar.gz gpgme-cd79fc39736fda6ce38f1f79700cf658c47372f9.zip | |
core: New encryption flags GPGME_ENCRYPT_ADD_RECP and _CHG_RECP.
* src/gpgme.h.in (GPGME_ENCRYPT_ADD_RECP, GPGME_ENCRYPT_CHG_RECP):
New flag values.
* src/engine-gpg.c (have_cmd_modify_recipients): New.
(gpg_encrypt): Check availability of the feature and prepare command.
* tests/run-encrypt.c (main): New options --add-recipients
and --change-recipients.
--
GnuPG-bug-id: 1825
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | doc/gpgme.texi | 11 | ||||
| -rw-r--r-- | src/engine-gpg.c | 41 | ||||
| -rw-r--r-- | src/gpgme.h.in | 4 | ||||
| -rw-r--r-- | tests/run-encrypt.c | 14 |
5 files changed, 71 insertions, 3 deletions
@@ -17,6 +17,8 @@ Noteworthy changes in version 1.24.0 (unrelease) easier and to allow enabling/disabling of keys (requires GnuPG 2.4.6). [T7239] + * New flag to re-encrypt OpenPGP data (requires GnuPG 2.5.1). [T1825] + * cpp: Provide information about designated revocation keys for a Key. [T7118] @@ -49,6 +51,8 @@ Noteworthy changes in version 1.24.0 (unrelease) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_ENCRYPT_FILE NEW. GPGME_SIG_MODE_FILE NEW. + GPGME_ENCRYPT_ADD_RECP NEW. + GPGME_ENCRYPT_CHG_RECP NEW. gpgme_key_t EXTENDED: New field 'revkeys'. gpgme_revocation_key_t NEW. gpgme_set_ctx_flag EXTENDED: New flag 'import-options'. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index a630e0e2..0e64254b 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -6760,6 +6760,17 @@ output should be additionally encrypted symmetrically even if recipients are provided. This feature is only supported for the OpenPGP crypto engine. +@item GPGME_ENCRYPT_ADD_RECP +@item GPGME_ENCRYPT_CHG_RECP +@since{1.24.0} + +Instead of encrypting, decrypt the input and write an output which is +additionally encrypted to the specified keys. The CHG flag is similar +but does not add encryption to the specified keys but existing +encryption keys by the new ones. This feature is only supported for +the OpenPGP crypto engine and requires at least GnuPG version 2.5.1. + + @item GPGME_ENCRYPT_THROW_KEYIDS @since{1.8.0} diff --git a/src/engine-gpg.c b/src/engine-gpg.c index fc9c7f90..eba61ac4 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -456,6 +456,22 @@ have_option_proc_all_sigs (engine_gpg_t gpg) } +static int +have_cmd_modify_recipients (engine_gpg_t gpg) +{ + static unsigned int flag; + + if (flag) + ; + else if (have_gpg_version (gpg, "2.5.1")) + flag = 1|2; + else + flag = 1; + + return !!(flag & 2); +} + + static void free_argv (char **argv) { @@ -2403,11 +2419,32 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring, if (gpg->flags.use_gpgtar && (flags & GPGME_ENCRYPT_WRAP)) return gpg_error (GPG_ERR_INV_VALUE); + if ((flags & (GPGME_ENCRYPT_ADD_RECP|GPGME_ENCRYPT_CHG_RECP)) + && !have_cmd_modify_recipients (gpg)) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + if (recp || recpstring) - err = add_arg (gpg, "--encrypt"); + { + if ((flags & GPGME_ENCRYPT_ADD_RECP)) + err = add_arg (gpg, "--add-recipients"); + else if ((flags & GPGME_ENCRYPT_CHG_RECP)) + err = add_arg (gpg, "--change-recipients"); + else + err = add_arg (gpg, "--encrypt"); + } if (!err && ((flags & GPGME_ENCRYPT_SYMMETRIC) || (!recp && !recpstring))) - err = add_arg (gpg, "--symmetric"); + { + if (!recp && !recpstring) + { + if ((flags & GPGME_ENCRYPT_ADD_RECP)) + err = add_arg (gpg, "--add-recipients"); + else if ((flags & GPGME_ENCRYPT_CHG_RECP)) + err = add_arg (gpg, "--change-recipients"); + } + if (!err) + err = add_arg (gpg, "--symmetric"); + } if (!err && use_armor) err = add_gpg_arg (gpg, "--armor"); diff --git a/src/gpgme.h.in b/src/gpgme.h.in index a01a24a6..cdd945bf 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1356,7 +1356,9 @@ typedef enum GPGME_ENCRYPT_WRAP = 128, GPGME_ENCRYPT_WANT_ADDRESS = 256, GPGME_ENCRYPT_ARCHIVE = 512, - GPGME_ENCRYPT_FILE = 1024 + GPGME_ENCRYPT_FILE = 1024, + GPGME_ENCRYPT_ADD_RECP = 2048, + GPGME_ENCRYPT_CHG_RECP = 4096 } gpgme_encrypt_flags_t; diff --git a/tests/run-encrypt.c b/tests/run-encrypt.c index 8e8b559c..5a10e593 100644 --- a/tests/run-encrypt.c +++ b/tests/run-encrypt.c @@ -143,6 +143,8 @@ show_usage (int ex) " --openpgp use the OpenPGP protocol (default)\n" " --cms use the CMS protocol\n" " --uiserver use the UI server\n" + " --add-recipients use the re-encrypt feature\n" + " --change-recipients ditto, but clear existing keys\n" " --loopback use a loopback pinentry\n" " --key NAME encrypt to key NAME\n" " --keystring NAMES encrypt to ';' delimited NAMES\n" @@ -240,6 +242,18 @@ main (int argc, char **argv) protocol = GPGME_PROTOCOL_UISERVER; argc--; argv++; } + else if (!strcmp (*argv, "--add-recipients")) + { + flags |= GPGME_ENCRYPT_ADD_RECP; + flags &= ~GPGME_ENCRYPT_CHG_RECP; + argc--; argv++; + } + else if (!strcmp (*argv, "--change-recipients")) + { + flags |= GPGME_ENCRYPT_CHG_RECP; + flags &= ~GPGME_ENCRYPT_ADD_RECP; + argc--; argv++; + } else if (!strcmp (*argv, "--key")) { argc--; argv++; |