diff options
| author | Justus Winter <[email protected]> | 2017-02-15 15:17:13 +0000 |
|---|---|---|
| committer | Justus Winter <[email protected]> | 2017-02-15 15:45:45 +0000 |
| commit | de708e5934cda380dbc3ae51f587c09041de7562 (patch) | |
| tree | 27b41754cc3a7fb715051105c355296144768f93 /src | |
| parent | python: Fix build system integration. (diff) | |
| download | gpgme-de708e5934cda380dbc3ae51f587c09041de7562.tar.gz gpgme-de708e5934cda380dbc3ae51f587c09041de7562.zip | |
core: Fix expiration time handling when creating keys.
* NEWS: Update.
* doc/gpgme.texi (gpgme_op_createkey): Clarify the meaning of the
'expire' parameter.
(GPGME_CREATE_NOEXPIRE): Document new flag.
(gpgme_op_createsubkey): Clarify the meaning of the 'expire'
parameter.
* src/engine-gpg.c (gpg_add_algo_usage_expire): Fix handling of the
expiration time.
* src/gpgme.h.in (GPGME_CREATE_NOEXPIRE): New macro.
--
Previously, the documentation stated that the expiration time was an
absolute timestamp. However, this value was passed using the
'seconds=N' syntax to GnuPG which specifies the expiration time in
seconds relative to the creation time. Fix the documentation.
Furthermore, the documentation stated that using 0 results in keys
that do not expire. This was communicated to GnuPG by using the
implicit default. However, as of GnuPG 2.1.17, the default was
changed to create keys that expire within a reasonable timespan.
Fix this discrepancy by aligning the behavior with recent GnuPG
versions: 0 means use a reasonable default, and introduce a flag that
can be used to create keys that do not expire. Communicate this
explicitly to GnuPG.
Signed-off-by: Justus Winter <[email protected]>
Diffstat (limited to 'src')
| -rw-r--r-- | src/engine-gpg.c | 18 | ||||
| -rw-r--r-- | src/gpgme.h.in | 1 |
2 files changed, 14 insertions, 5 deletions
diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 21ca02a8..34436007 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2076,7 +2076,8 @@ gpg_add_algo_usage_expire (engine_gpg_t gpg, /* This condition is only required to allow the use of gpg < 2.1.16 */ if (algo || (flags & (GPGME_CREATE_SIGN | GPGME_CREATE_ENCR - | GPGME_CREATE_CERT | GPGME_CREATE_AUTH)) + | GPGME_CREATE_CERT | GPGME_CREATE_AUTH + | GPGME_CREATE_NOEXPIRE)) || expires) { err = add_arg (gpg, algo? algo : "default"); @@ -2090,11 +2091,18 @@ gpg_add_algo_usage_expire (engine_gpg_t gpg, (flags & GPGME_CREATE_AUTH)? " auth":""); err = add_arg (gpg, *tmpbuf? tmpbuf : "default"); } - if (!err && expires) + if (!err) { - char tmpbuf[8+20]; - snprintf (tmpbuf, sizeof tmpbuf, "seconds=%lu", expires); - err = add_arg (gpg, tmpbuf); + if (flags & GPGME_CREATE_NOEXPIRE) + err = add_arg (gpg, "never"); + else if (expires == 0) + err = add_arg (gpg, "-"); + else + { + char tmpbuf[8+20]; + snprintf (tmpbuf, sizeof tmpbuf, "seconds=%lu", expires); + err = add_arg (gpg, tmpbuf); + } } } else diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 7f2d34f7..f76689e7 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1637,6 +1637,7 @@ gpgme_error_t gpgme_op_export_keys (gpgme_ctx_t ctx, #define GPGME_CREATE_WANTPUB (1 << 10) /* Return the public key. */ #define GPGME_CREATE_WANTSEC (1 << 11) /* Return the secret key. */ #define GPGME_CREATE_FORCE (1 << 12) /* Force creation. */ +#define GPGME_CREATE_NOEXPIRE (1 << 13) /* Create w/o expiration. */ /* An object to return result from a key generation. * This structure shall be considered read-only and an application |