1 /* keygen.c - Generate a key pair
2 * Copyright (C) 1998-2007, 2009-2011 Free Software Foundation, Inc.
3 * Copyright (C) 2014, 2015, 2016 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
27 #include <sys/types.h>
41 #include "keyserver-internal.h"
42 #include "call-agent.h"
44 #include "../common/shareddefs.h"
46 #include "mbox-util.h"
49 /* The default algorithms. If you change them remember to change them
50 also in gpg.c:gpgconf_list. You should also check that the value
51 is inside the bounds enforced by ask_keysize and gen_xxx. See also
52 get_keysize_range which encodes the allowed ranges. */
53 #define DEFAULT_STD_KEY_PARAM "rsa2048/cert,sign+rsa2048/encr"
54 #define FUTURE_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr"
56 /* When generating keys using the streamlined key generation dialog,
57 use this as a default expiration interval. */
58 const char *default_expiration_interval = "2y";
60 /* Flag bits used during key generation. */
61 #define KEYGEN_FLAG_NO_PROTECTION 1
62 #define KEYGEN_FLAG_TRANSIENT_KEY 2
64 /* Maximum number of supported algorithm preferences. */
84 pKEYCREATIONDATE, /* Same in seconds since epoch. */
86 pKEYEXPIRE, /* in n seconds */
87 pSUBKEYEXPIRE, /* in n seconds */
96 struct para_data_s *next;
103 struct revocation_key revkey;
108 struct output_control_s
112 unsigned int keygen_flags;
118 armor_filter_context_t *afx;
123 struct opaque_data_usage_and_pk {
129 static int prefs_initialized = 0;
130 static byte sym_prefs[MAX_PREFS];
131 static int nsym_prefs;
132 static byte hash_prefs[MAX_PREFS];
133 static int nhash_prefs;
134 static byte zip_prefs[MAX_PREFS];
135 static int nzip_prefs;
136 static int mdc_available,ks_modify;
138 static gpg_error_t parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
139 const char *algostr, const char *usagestr,
140 const char *expirestr,
141 int *r_algo, unsigned int *r_usage,
143 unsigned int *r_nbits, char **r_curve);
144 static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
145 struct output_control_s *outctrl, int card );
146 static int write_keyblock (iobuf_t out, kbnode_t node);
147 static gpg_error_t gen_card_key (int keyno, int algo, int is_primary,
148 kbnode_t pub_root, u32 *timestamp,
150 static unsigned int get_keysize_range (int algo,
151 unsigned int *min, unsigned int *max);
155 /* Return the algo string for a default new key. */
157 get_default_pubkey_algo (void)
159 if (opt.def_new_key_algo)
161 if (*opt.def_new_key_algo && !strchr (opt.def_new_key_algo, ':'))
162 return opt.def_new_key_algo;
163 /* To avoid checking that option every time we delay that until
164 * here. The only thing we really need to make sure is that
165 * there is no colon in the string so that the --gpgconf-list
166 * command won't mess up its output. */
167 log_info (_("invalid value for option '%s'\n"), "--default-new-key-algo");
169 return DEFAULT_STD_KEY_PARAM;
174 print_status_key_created (int letter, PKT_public_key *pk, const char *handle)
176 byte array[MAX_FINGERPRINT_LEN], *s;
183 buf = xmalloc (MAX_FINGERPRINT_LEN*2+31 + strlen (handle) + 1);
192 fingerprint_from_pk (pk, array, &n);
194 /* Fixme: Use bin2hex */
195 for (i=0; i < n ; i++, s++, p += 2)
196 snprintf (p, 3, "%02X", *s);
202 for (i=0; handle[i] && i < 100; i++)
203 *p++ = isspace ((unsigned int)handle[i])? '_':handle[i];
206 write_status_text ((letter || pk)?STATUS_KEY_CREATED:STATUS_KEY_NOT_CREATED,
212 print_status_key_not_created (const char *handle)
214 print_status_key_created (0, NULL, handle);
220 write_uid( KBNODE root, const char *s )
222 PACKET *pkt = xmalloc_clear(sizeof *pkt );
223 size_t n = strlen(s);
225 pkt->pkttype = PKT_USER_ID;
226 pkt->pkt.user_id = xmalloc_clear (sizeof *pkt->pkt.user_id + n);
227 pkt->pkt.user_id->len = n;
228 pkt->pkt.user_id->ref = 1;
229 strcpy(pkt->pkt.user_id->name, s);
230 add_kbnode( root, new_kbnode( pkt ) );
234 do_add_key_flags (PKT_signature *sig, unsigned int use)
240 /* The spec says that all primary keys MUST be able to certify. */
241 if(sig->sig_class!=0x18)
244 if (use & PUBKEY_USAGE_SIG)
246 if (use & PUBKEY_USAGE_ENC)
247 buf[0] |= 0x04 | 0x08;
248 if (use & PUBKEY_USAGE_AUTH)
251 build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
256 keygen_add_key_expire (PKT_signature *sig, void *opaque)
258 PKT_public_key *pk = opaque;
264 if (pk->expiredate > pk->timestamp)
265 u = pk->expiredate - pk->timestamp;
269 buf[0] = (u >> 24) & 0xff;
270 buf[1] = (u >> 16) & 0xff;
271 buf[2] = (u >> 8) & 0xff;
273 build_sig_subpkt (sig, SIGSUBPKT_KEY_EXPIRE, buf, 4);
277 /* Make sure we don't leave a key expiration subpacket lying
279 delete_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE);
286 /* Add the key usage (i.e. key flags) in SIG from the public keys
287 * pubkey_usage field. OPAQUE has the public key. */
289 keygen_add_key_flags (PKT_signature *sig, void *opaque)
291 PKT_public_key *pk = opaque;
293 do_add_key_flags (sig, pk->pubkey_usage);
299 keygen_add_key_flags_and_expire (PKT_signature *sig, void *opaque)
301 struct opaque_data_usage_and_pk *oduap = opaque;
303 do_add_key_flags (sig, oduap->usage);
304 return keygen_add_key_expire (sig, oduap->pk);
309 set_one_pref (int val, int type, const char *item, byte *buf, int *nbuf)
313 for (i=0; i < *nbuf; i++ )
316 log_info (_("preference '%s' duplicated\n"), item);
320 if (*nbuf >= MAX_PREFS)
323 log_info(_("too many cipher preferences\n"));
325 log_info(_("too many digest preferences\n"));
327 log_info(_("too many compression preferences\n"));
334 buf[(*nbuf)++] = val;
339 * Parse the supplied string and use it to set the standard
340 * preferences. The string may be in a form like the one printed by
341 * "pref" (something like: "S10 S3 H3 H2 Z2 Z1") or the actual
342 * cipher/hash/compress names. Use NULL to set the default
343 * preferences. Returns: 0 = okay
346 keygen_set_std_prefs (const char *string,int personal)
348 byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS];
349 int nsym=0, nhash=0, nzip=0, val, rc=0;
350 int mdc=1, modify=0; /* mdc defaults on, modify defaults off. */
351 char dummy_string[20*4+1]; /* Enough for 20 items. */
353 if (!string || !ascii_strcasecmp (string, "default"))
355 if (opt.def_preference_list)
356 string=opt.def_preference_list;
359 int any_compress = 0;
360 dummy_string[0]='\0';
362 /* The rationale why we use the order AES256,192,128 is
363 for compatibility reasons with PGP. If gpg would
364 define AES128 first, we would get the somewhat
367 gpg -r pgpkey -r gpgkey ---gives--> AES256
368 gpg -r gpgkey -r pgpkey ---gives--> AES
370 Note that by using --personal-cipher-preferences it is
371 possible to prefer AES128.
374 /* Make sure we do not add more than 15 items here, as we
375 could overflow the size of dummy_string. We currently
377 if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES256) )
378 strcat(dummy_string,"S9 ");
379 if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES192) )
380 strcat(dummy_string,"S8 ");
381 if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES) )
382 strcat(dummy_string,"S7 ");
383 strcat(dummy_string,"S2 "); /* 3DES */
385 /* The default hash algo order is:
386 SHA-256, SHA-384, SHA-512, SHA-224, SHA-1.
388 if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
389 strcat (dummy_string, "H8 ");
391 if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
392 strcat (dummy_string, "H9 ");
394 if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
395 strcat (dummy_string, "H10 ");
397 if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224))
398 strcat (dummy_string, "H11 ");
400 strcat (dummy_string, "H2 "); /* SHA-1 */
402 if(!check_compress_algo(COMPRESS_ALGO_ZLIB))
404 strcat(dummy_string,"Z2 ");
408 if(!check_compress_algo(COMPRESS_ALGO_BZIP2))
410 strcat(dummy_string,"Z3 ");
414 if(!check_compress_algo(COMPRESS_ALGO_ZIP))
416 strcat(dummy_string,"Z1 ");
420 /* In case we have no compress algo at all, declare that
421 we prefer no compresssion. */
423 strcat(dummy_string,"Z0 ");
425 /* Remove the trailing space. */
426 if (*dummy_string && dummy_string[strlen (dummy_string)-1] == ' ')
427 dummy_string[strlen (dummy_string)-1] = 0;
432 else if (!ascii_strcasecmp (string, "none"))
438 char *tok, *prefstring;
440 /* We need a writable string. */
441 prefstring = prefstringbuf = xstrdup (string);
443 while((tok=strsep(&prefstring," ,")))
445 if((val=string_to_cipher_algo (tok)))
447 if(set_one_pref(val,1,tok,sym,&nsym))
450 else if((val=string_to_digest_algo (tok)))
452 if(set_one_pref(val,2,tok,hash,&nhash))
455 else if((val=string_to_compress_algo(tok))>-1)
457 if(set_one_pref(val,3,tok,zip,&nzip))
460 else if (ascii_strcasecmp(tok,"mdc")==0)
462 else if (ascii_strcasecmp(tok,"no-mdc")==0)
464 else if (ascii_strcasecmp(tok,"ks-modify")==0)
466 else if (ascii_strcasecmp(tok,"no-ks-modify")==0)
470 log_info (_("invalid item '%s' in preference string\n"),tok);
475 xfree (prefstringbuf);
482 if(personal==PREFTYPE_SYM)
484 xfree(opt.personal_cipher_prefs);
487 opt.personal_cipher_prefs=NULL;
492 opt.personal_cipher_prefs=
493 xmalloc(sizeof(prefitem_t *)*(nsym+1));
495 for (i=0; i<nsym; i++)
497 opt.personal_cipher_prefs[i].type = PREFTYPE_SYM;
498 opt.personal_cipher_prefs[i].value = sym[i];
501 opt.personal_cipher_prefs[i].type = PREFTYPE_NONE;
502 opt.personal_cipher_prefs[i].value = 0;
505 else if(personal==PREFTYPE_HASH)
507 xfree(opt.personal_digest_prefs);
510 opt.personal_digest_prefs=NULL;
515 opt.personal_digest_prefs=
516 xmalloc(sizeof(prefitem_t *)*(nhash+1));
518 for (i=0; i<nhash; i++)
520 opt.personal_digest_prefs[i].type = PREFTYPE_HASH;
521 opt.personal_digest_prefs[i].value = hash[i];
524 opt.personal_digest_prefs[i].type = PREFTYPE_NONE;
525 opt.personal_digest_prefs[i].value = 0;
528 else if(personal==PREFTYPE_ZIP)
530 xfree(opt.personal_compress_prefs);
533 opt.personal_compress_prefs=NULL;
538 opt.personal_compress_prefs=
539 xmalloc(sizeof(prefitem_t *)*(nzip+1));
541 for (i=0; i<nzip; i++)
543 opt.personal_compress_prefs[i].type = PREFTYPE_ZIP;
544 opt.personal_compress_prefs[i].value = zip[i];
547 opt.personal_compress_prefs[i].type = PREFTYPE_NONE;
548 opt.personal_compress_prefs[i].value = 0;
554 memcpy (sym_prefs, sym, (nsym_prefs=nsym));
555 memcpy (hash_prefs, hash, (nhash_prefs=nhash));
556 memcpy (zip_prefs, zip, (nzip_prefs=nzip));
559 prefs_initialized = 1;
566 /* Return a fake user ID containing the preferences. Caller must
569 keygen_get_std_prefs(void)
572 PKT_user_id *uid=xmalloc_clear(sizeof(PKT_user_id));
574 if(!prefs_initialized)
575 keygen_set_std_prefs(NULL,0);
579 uid->prefs=xmalloc((sizeof(prefitem_t *)*
580 (nsym_prefs+nhash_prefs+nzip_prefs+1)));
582 for(i=0;i<nsym_prefs;i++,j++)
584 uid->prefs[j].type=PREFTYPE_SYM;
585 uid->prefs[j].value=sym_prefs[i];
588 for(i=0;i<nhash_prefs;i++,j++)
590 uid->prefs[j].type=PREFTYPE_HASH;
591 uid->prefs[j].value=hash_prefs[i];
594 for(i=0;i<nzip_prefs;i++,j++)
596 uid->prefs[j].type=PREFTYPE_ZIP;
597 uid->prefs[j].value=zip_prefs[i];
600 uid->prefs[j].type=PREFTYPE_NONE;
601 uid->prefs[j].value=0;
603 uid->flags.mdc=mdc_available;
604 uid->flags.ks_modify=ks_modify;
610 add_feature_mdc (PKT_signature *sig,int enabled)
617 s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n );
618 /* Already set or cleared */
620 ((enabled && (s[0] & 0x01)) || (!enabled && !(s[0] & 0x01))))
623 if (!s || !n) { /* create a new one */
625 buf = xmalloc_clear (n);
633 buf[0] |= 0x01; /* MDC feature */
637 /* Are there any bits set? */
643 delete_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES);
645 build_sig_subpkt (sig, SIGSUBPKT_FEATURES, buf, n);
651 add_keyserver_modify (PKT_signature *sig,int enabled)
658 /* The keyserver modify flag is a negative flag (i.e. no-modify) */
661 s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n );
662 /* Already set or cleared */
664 ((enabled && (s[0] & 0x80)) || (!enabled && !(s[0] & 0x80))))
667 if (!s || !n) { /* create a new one */
669 buf = xmalloc_clear (n);
677 buf[0] |= 0x80; /* no-modify flag */
681 /* Are there any bits set? */
687 delete_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS);
689 build_sig_subpkt (sig, SIGSUBPKT_KS_FLAGS, buf, n);
696 keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
700 if (!prefs_initialized)
701 keygen_set_std_prefs (NULL, 0);
704 build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs);
707 delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM);
708 delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM);
712 build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs);
715 delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH);
716 delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_HASH);
720 build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR, zip_prefs, nzip_prefs);
723 delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR);
724 delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR);
727 /* Make sure that the MDC feature flag is set if needed. */
728 add_feature_mdc (sig,mdc_available);
729 add_keyserver_modify (sig,ks_modify);
730 keygen_add_keyserver_url(sig,NULL);
737 * Add preference to the self signature packet.
738 * This is only called for packets with version > 3.
741 keygen_add_std_prefs (PKT_signature *sig, void *opaque)
743 PKT_public_key *pk = opaque;
745 do_add_key_flags (sig, pk->pubkey_usage);
746 keygen_add_key_expire (sig, opaque );
747 keygen_upd_std_prefs (sig, opaque);
748 keygen_add_keyserver_url (sig,NULL);
754 keygen_add_keyserver_url(PKT_signature *sig, void *opaque)
756 const char *url=opaque;
759 url=opt.def_keyserver_url;
762 build_sig_subpkt(sig,SIGSUBPKT_PREF_KS,url,strlen(url));
764 delete_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS);
770 keygen_add_notations(PKT_signature *sig,void *opaque)
772 struct notation *notation;
774 /* We always start clean */
775 delete_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION);
776 delete_sig_subpkt(sig->unhashed,SIGSUBPKT_NOTATION);
777 sig->flags.notation=0;
779 for(notation=opaque;notation;notation=notation->next)
780 if(!notation->flags.ignore)
785 n1=strlen(notation->name);
786 if(notation->altvalue)
787 n2=strlen(notation->altvalue);
788 else if(notation->bdat)
791 n2=strlen(notation->value);
793 buf = xmalloc( 8 + n1 + n2 );
795 /* human readable or not */
796 buf[0] = notation->bdat?0:0x80;
797 buf[1] = buf[2] = buf[3] = 0;
802 memcpy(buf+8, notation->name, n1 );
803 if(notation->altvalue)
804 memcpy(buf+8+n1, notation->altvalue, n2 );
805 else if(notation->bdat)
806 memcpy(buf+8+n1, notation->bdat, n2 );
808 memcpy(buf+8+n1, notation->value, n2 );
809 build_sig_subpkt( sig, SIGSUBPKT_NOTATION |
810 (notation->flags.critical?SIGSUBPKT_FLAG_CRITICAL:0),
819 keygen_add_revkey (PKT_signature *sig, void *opaque)
821 struct revocation_key *revkey = opaque;
822 byte buf[2+MAX_FINGERPRINT_LEN];
824 buf[0] = revkey->class;
825 buf[1] = revkey->algid;
826 memcpy (&buf[2], revkey->fpr, MAX_FINGERPRINT_LEN);
828 build_sig_subpkt (sig, SIGSUBPKT_REV_KEY, buf, 2+MAX_FINGERPRINT_LEN);
830 /* All sigs with revocation keys set are nonrevocable. */
831 sig->flags.revocable = 0;
833 build_sig_subpkt (sig, SIGSUBPKT_REVOCABLE, buf, 1);
842 /* Create a back-signature. If TIMESTAMP is not NULL, use it for the
843 signature creation time. */
845 make_backsig (PKT_signature *sig, PKT_public_key *pk,
846 PKT_public_key *sub_pk, PKT_public_key *sub_psk,
847 u32 timestamp, const char *cache_nonce)
850 PKT_signature *backsig;
852 cache_public_key (sub_pk);
854 err = make_keysig_packet (&backsig, pk, NULL, sub_pk, sub_psk, 0x19,
855 0, timestamp, 0, NULL, NULL, cache_nonce);
857 log_error ("make_keysig_packet failed for backsig: %s\n",
861 /* Get it into a binary packed form. */
862 IOBUF backsig_out = iobuf_temp();
865 init_packet (&backsig_pkt);
866 backsig_pkt.pkttype = PKT_SIGNATURE;
867 backsig_pkt.pkt.signature = backsig;
868 err = build_packet (backsig_out, &backsig_pkt);
869 free_packet (&backsig_pkt);
871 log_error ("build_packet failed for backsig: %s\n", gpg_strerror (err));
875 byte *buf = iobuf_get_temp_buffer (backsig_out);
877 /* Remove the packet header. */
885 else if(buf[1] < 224)
887 pktlen = (buf[1]-192)*256;
888 pktlen += buf[2]+192;
891 else if (buf[1] == 255)
893 pktlen = buf32_to_size_t (buf+2);
910 pktlen = (size_t)buf[mark++] << 24;
911 pktlen |= buf[mark++] << 16;
914 pktlen |= buf[mark++] << 8;
917 pktlen |= buf[mark++];
923 /* Now make the binary blob into a subpacket. */
924 build_sig_subpkt (sig, SIGSUBPKT_SIGNATURE, buf, pktlen);
926 iobuf_close (backsig_out);
934 /* Write a direct key signature to the first key in ROOT using the key
935 PSK. REVKEY is describes the direct key signature and TIMESTAMP is
936 the timestamp to set on the signature. */
938 write_direct_sig (KBNODE root, PKT_public_key *psk,
939 struct revocation_key *revkey, u32 timestamp,
940 const char *cache_nonce)
949 log_info (_("writing direct signature\n"));
951 /* Get the pk packet from the pub_tree. */
952 node = find_kbnode (root, PKT_PUBLIC_KEY);
955 pk = node->pkt->pkt.public_key;
957 /* We have to cache the key, so that the verification of the
958 signature creation is able to retrieve the public key. */
959 cache_public_key (pk);
961 /* Make the signature. */
962 err = make_keysig_packet (&sig, pk, NULL,NULL, psk, 0x1F,
964 keygen_add_revkey, revkey, cache_nonce);
967 log_error ("make_keysig_packet failed: %s\n", gpg_strerror (err) );
971 pkt = xmalloc_clear (sizeof *pkt);
972 pkt->pkttype = PKT_SIGNATURE;
973 pkt->pkt.signature = sig;
974 add_kbnode (root, new_kbnode (pkt));
980 /* Write a self-signature to the first user id in ROOT using the key
981 PSK. USE and TIMESTAMP give the extra data we need for the
984 write_selfsigs (KBNODE root, PKT_public_key *psk,
985 unsigned int use, u32 timestamp, const char *cache_nonce)
995 log_info (_("writing self signature\n"));
997 /* Get the uid packet from the list. */
998 node = find_kbnode (root, PKT_USER_ID);
1000 BUG(); /* No user id packet in tree. */
1001 uid = node->pkt->pkt.user_id;
1003 /* Get the pk packet from the pub_tree. */
1004 node = find_kbnode (root, PKT_PUBLIC_KEY);
1007 pk = node->pkt->pkt.public_key;
1009 /* The usage has not yet been set - do it now. */
1010 pk->pubkey_usage = use;
1012 /* We have to cache the key, so that the verification of the
1013 signature creation is able to retrieve the public key. */
1014 cache_public_key (pk);
1016 /* Make the signature. */
1017 err = make_keysig_packet (&sig, pk, uid, NULL, psk, 0x13,
1019 keygen_add_std_prefs, pk, cache_nonce);
1022 log_error ("make_keysig_packet failed: %s\n", gpg_strerror (err));
1026 pkt = xmalloc_clear (sizeof *pkt);
1027 pkt->pkttype = PKT_SIGNATURE;
1028 pkt->pkt.signature = sig;
1029 add_kbnode (root, new_kbnode (pkt));
1035 /* Write the key binding signature. If TIMESTAMP is not NULL use the
1036 signature creation time. PRI_PSK is the key use for signing.
1037 SUB_PSK is a key used to create a back-signature; that one is only
1038 used if USE has the PUBKEY_USAGE_SIG capability. */
1040 write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk,
1041 unsigned int use, u32 timestamp, const char *cache_nonce)
1047 PKT_public_key *pri_pk, *sub_pk;
1048 struct opaque_data_usage_and_pk oduap;
1051 log_info(_("writing key binding signature\n"));
1053 /* Get the primary pk packet from the tree. */
1054 node = find_kbnode (root, PKT_PUBLIC_KEY);
1057 pri_pk = node->pkt->pkt.public_key;
1059 /* We have to cache the key, so that the verification of the
1060 * signature creation is able to retrieve the public key. */
1061 cache_public_key (pri_pk);
1063 /* Find the last subkey. */
1065 for (node = root; node; node = node->next )
1067 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1068 sub_pk = node->pkt->pkt.public_key;
1073 /* Make the signature. */
1076 err = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_psk, 0x18,
1078 keygen_add_key_flags_and_expire, &oduap,
1082 log_error ("make_keysig_packeto failed: %s\n", gpg_strerror (err));
1086 /* Make a backsig. */
1087 if (use & PUBKEY_USAGE_SIG)
1089 err = make_backsig (sig, pri_pk, sub_pk, sub_psk, timestamp, cache_nonce);
1094 pkt = xmalloc_clear ( sizeof *pkt );
1095 pkt->pkttype = PKT_SIGNATURE;
1096 pkt->pkt.signature = sig;
1097 add_kbnode (root, new_kbnode (pkt) );
1103 ecckey_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, int algo)
1106 gcry_sexp_t list, l2;
1116 list = gcry_sexp_find_token (sexp, "public-key", 0);
1118 return gpg_error (GPG_ERR_INV_OBJ);
1119 l2 = gcry_sexp_cadr (list);
1120 gcry_sexp_release (list);
1123 return gpg_error (GPG_ERR_NO_OBJ);
1125 l2 = gcry_sexp_find_token (list, "curve", 0);
1128 err = gpg_error (GPG_ERR_NO_OBJ);
1131 curve = gcry_sexp_nth_string (l2, 1);
1134 err = gpg_error (GPG_ERR_NO_OBJ);
1137 gcry_sexp_release (l2);
1138 oidstr = openpgp_curve_to_oid (curve, &nbits);
1141 /* That can't happen because we used one of the curves
1142 gpg_curve_to_oid knows about. */
1143 err = gpg_error (GPG_ERR_INV_OBJ);
1146 err = openpgp_oid_from_str (oidstr, &array[0]);
1150 l2 = gcry_sexp_find_token (list, "q", 0);
1153 err = gpg_error (GPG_ERR_NO_OBJ);
1156 array[1] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
1157 gcry_sexp_release (l2);
1160 err = gpg_error (GPG_ERR_INV_OBJ);
1163 gcry_sexp_release (list);
1165 if (algo == PUBKEY_ALGO_ECDH)
1167 array[2] = pk_ecdh_default_params (nbits);
1170 err = gpg_error_from_syserror ();
1179 for (i=0; i < 3; i++)
1181 gcry_mpi_release (array[i]);
1189 /* Extract key parameters from SEXP and store them in ARRAY. ELEMS is
1190 a string where each character denotes a parameter name. TOPNAME is
1191 the name of the top element above the elements. */
1193 key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp,
1194 const char *topname, const char *elems)
1196 gcry_sexp_t list, l2;
1201 list = gcry_sexp_find_token (sexp, topname, 0);
1203 return gpg_error (GPG_ERR_INV_OBJ);
1204 l2 = gcry_sexp_cadr (list);
1205 gcry_sexp_release (list);
1208 return gpg_error (GPG_ERR_NO_OBJ);
1210 for (idx=0,s=elems; *s; s++, idx++)
1212 l2 = gcry_sexp_find_token (list, s, 1);
1215 rc = gpg_error (GPG_ERR_NO_OBJ); /* required parameter not found */
1218 array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
1219 gcry_sexp_release (l2);
1222 rc = gpg_error (GPG_ERR_INV_OBJ); /* required parameter invalid */
1226 gcry_sexp_release (list);
1231 for (i=0; i<idx; i++)
1233 gcry_mpi_release (array[i]);
1236 gcry_sexp_release (list);
1242 /* Create a keyblock using the given KEYGRIP. ALGO is the OpenPGP
1243 algorithm of that keygrip. */
1245 do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip,
1246 kbnode_t pub_root, u32 timestamp, u32 expireval,
1253 const char *algoelem;
1255 if (hexkeygrip[0] == '&')
1260 case PUBKEY_ALGO_RSA: algoelem = "ne"; break;
1261 case PUBKEY_ALGO_DSA: algoelem = "pqgy"; break;
1262 case PUBKEY_ALGO_ELGAMAL_E: algoelem = "pgy"; break;
1263 case PUBKEY_ALGO_ECDH:
1264 case PUBKEY_ALGO_ECDSA: algoelem = ""; break;
1265 case PUBKEY_ALGO_EDDSA: algoelem = ""; break;
1266 default: return gpg_error (GPG_ERR_INTERNAL);
1270 /* Ask the agent for the public key matching HEXKEYGRIP. */
1272 unsigned char *public;
1274 err = agent_readkey (ctrl, 0, hexkeygrip, &public);
1277 err = gcry_sexp_sscan (&s_key, NULL,
1278 public, gcry_sexp_canon_len (public, 0, NULL, NULL));
1284 /* Build a public key packet. */
1285 pk = xtrycalloc (1, sizeof *pk);
1288 err = gpg_error_from_syserror ();
1289 gcry_sexp_release (s_key);
1293 pk->timestamp = timestamp;
1296 pk->expiredate = pk->timestamp + expireval;
1297 pk->pubkey_algo = algo;
1299 if (algo == PUBKEY_ALGO_ECDSA
1300 || algo == PUBKEY_ALGO_EDDSA
1301 || algo == PUBKEY_ALGO_ECDH )
1302 err = ecckey_from_sexp (pk->pkey, s_key, algo);
1304 err = key_from_sexp (pk->pkey, s_key, "public-key", algoelem);
1307 log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) );
1308 gcry_sexp_release (s_key);
1309 free_public_key (pk);
1312 gcry_sexp_release (s_key);
1314 pkt = xtrycalloc (1, sizeof *pkt);
1317 err = gpg_error_from_syserror ();
1318 free_public_key (pk);
1322 pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
1323 pkt->pkt.public_key = pk;
1324 add_kbnode (pub_root, new_kbnode (pkt));
1330 /* Common code for the key generation function gen_xxx. */
1332 common_gen (const char *keyparms, int algo, const char *algoelem,
1333 kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey,
1334 int keygen_flags, const char *passphrase,
1335 char **cache_nonce_addr, char **passwd_nonce_addr)
1342 err = agent_genkey (NULL, cache_nonce_addr, passwd_nonce_addr, keyparms,
1343 !!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION),
1348 log_error ("agent_genkey failed: %s\n", gpg_strerror (err) );
1352 pk = xtrycalloc (1, sizeof *pk);
1355 err = gpg_error_from_syserror ();
1356 gcry_sexp_release (s_key);
1360 pk->timestamp = timestamp;
1363 pk->expiredate = pk->timestamp + expireval;
1364 pk->pubkey_algo = algo;
1366 if (algo == PUBKEY_ALGO_ECDSA
1367 || algo == PUBKEY_ALGO_EDDSA
1368 || algo == PUBKEY_ALGO_ECDH )
1369 err = ecckey_from_sexp (pk->pkey, s_key, algo);
1371 err = key_from_sexp (pk->pkey, s_key, "public-key", algoelem);
1374 log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) );
1375 gcry_sexp_release (s_key);
1376 free_public_key (pk);
1379 gcry_sexp_release (s_key);
1381 pkt = xtrycalloc (1, sizeof *pkt);
1384 err = gpg_error_from_syserror ();
1385 free_public_key (pk);
1389 pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
1390 pkt->pkt.public_key = pk;
1391 add_kbnode (pub_root, new_kbnode (pkt));
1398 * Generate an Elgamal key.
1401 gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
1402 u32 timestamp, u32 expireval, int is_subkey,
1403 int keygen_flags, const char *passphrase,
1404 char **cache_nonce_addr, char **passwd_nonce_addr)
1410 log_assert (is_ELGAMAL (algo));
1415 log_info (_("keysize invalid; using %u bits\n"), nbits );
1417 else if (nbits > 4096)
1420 log_info (_("keysize invalid; using %u bits\n"), nbits );
1425 nbits = ((nbits + 31) / 32) * 32;
1426 log_info (_("keysize rounded up to %u bits\n"), nbits );
1429 /* Note that we use transient-key only if no-protection has also
1431 snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
1432 keyparms = xtryasprintf ("(genkey(%s(nbits %zu:%s)%s))",
1433 algo == GCRY_PK_ELG_E ? "openpgp-elg" :
1434 algo == GCRY_PK_ELG ? "elg" : "x-oops" ,
1435 strlen (nbitsstr), nbitsstr,
1436 ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
1437 && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
1438 "(transient-key)" : "" );
1440 err = gpg_error_from_syserror ();
1443 err = common_gen (keyparms, algo, "pgy",
1444 pub_root, timestamp, expireval, is_subkey,
1445 keygen_flags, passphrase,
1446 cache_nonce_addr, passwd_nonce_addr);
1455 * Generate an DSA key
1458 gen_dsa (unsigned int nbits, KBNODE pub_root,
1459 u32 timestamp, u32 expireval, int is_subkey,
1460 int keygen_flags, const char *passphrase,
1461 char **cache_nonce_addr, char **passwd_nonce_addr)
1472 log_info(_("keysize invalid; using %u bits\n"), nbits );
1474 else if ( nbits > 3072 )
1477 log_info(_("keysize invalid; using %u bits\n"), nbits );
1482 nbits = ((nbits + 63) / 64) * 64;
1483 log_info(_("keysize rounded up to %u bits\n"), nbits );
1486 /* To comply with FIPS rules we round up to the next value unless in
1488 if (!opt.expert && nbits > 1024 && (nbits % 1024))
1490 nbits = ((nbits + 1023) / 1024) * 1024;
1491 log_info(_("keysize rounded up to %u bits\n"), nbits );
1495 Figure out a q size based on the key size. FIPS 180-3 says:
1502 2048/256 is an odd pair since there is also a 2048/224 and
1503 3072/256. Matching sizes is not a very exact science.
1505 We'll do 256 qbits for nbits over 2047, 224 for nbits over 1024
1506 but less than 2048, and 160 for 1024 (DSA1).
1511 else if ( nbits > 1024)
1517 log_info (_("WARNING: some OpenPGP programs can't"
1518 " handle a DSA key with this digest size\n"));
1520 snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
1521 snprintf (qbitsstr, sizeof qbitsstr, "%u", qbits);
1522 keyparms = xtryasprintf ("(genkey(dsa(nbits %zu:%s)(qbits %zu:%s)%s))",
1523 strlen (nbitsstr), nbitsstr,
1524 strlen (qbitsstr), qbitsstr,
1525 ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
1526 && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
1527 "(transient-key)" : "" );
1529 err = gpg_error_from_syserror ();
1532 err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy",
1533 pub_root, timestamp, expireval, is_subkey,
1534 keygen_flags, passphrase,
1535 cache_nonce_addr, passwd_nonce_addr);
1545 * Generate an ECC key
1548 gen_ecc (int algo, const char *curve, kbnode_t pub_root,
1549 u32 timestamp, u32 expireval, int is_subkey,
1550 int keygen_flags, const char *passphrase,
1551 char **cache_nonce_addr, char **passwd_nonce_addr)
1556 log_assert (algo == PUBKEY_ALGO_ECDSA
1557 || algo == PUBKEY_ALGO_EDDSA
1558 || algo == PUBKEY_ALGO_ECDH);
1560 if (!curve || !*curve)
1561 return gpg_error (GPG_ERR_UNKNOWN_CURVE);
1563 /* Note that we use the "comp" flag with EdDSA to request the use of
1564 a 0x40 compression prefix octet. */
1565 if (algo == PUBKEY_ALGO_EDDSA)
1566 keyparms = xtryasprintf
1567 ("(genkey(ecc(curve %zu:%s)(flags eddsa comp%s)))",
1568 strlen (curve), curve,
1569 (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
1570 && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
1571 " transient-key" : ""));
1572 else if (algo == PUBKEY_ALGO_ECDH && !strcmp (curve, "Curve25519"))
1573 keyparms = xtryasprintf
1574 ("(genkey(ecc(curve %zu:%s)(flags djb-tweak comp%s)))",
1575 strlen (curve), curve,
1576 (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
1577 && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
1578 " transient-key" : ""));
1580 keyparms = xtryasprintf
1581 ("(genkey(ecc(curve %zu:%s)(flags nocomp%s)))",
1582 strlen (curve), curve,
1583 (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
1584 && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
1585 " transient-key" : ""));
1588 err = gpg_error_from_syserror ();
1591 err = common_gen (keyparms, algo, "",
1592 pub_root, timestamp, expireval, is_subkey,
1593 keygen_flags, passphrase,
1594 cache_nonce_addr, passwd_nonce_addr);
1603 * Generate an RSA key.
1606 gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
1607 u32 timestamp, u32 expireval, int is_subkey,
1608 int keygen_flags, const char *passphrase,
1609 char **cache_nonce_addr, char **passwd_nonce_addr)
1614 const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096);
1616 log_assert (is_RSA(algo));
1619 nbits = get_keysize_range (algo, NULL, NULL);
1624 log_info (_("keysize invalid; using %u bits\n"), nbits );
1626 else if (nbits > maxsize)
1629 log_info (_("keysize invalid; using %u bits\n"), nbits );
1634 nbits = ((nbits + 31) / 32) * 32;
1635 log_info (_("keysize rounded up to %u bits\n"), nbits );
1638 snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
1639 keyparms = xtryasprintf ("(genkey(rsa(nbits %zu:%s)%s))",
1640 strlen (nbitsstr), nbitsstr,
1641 ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
1642 && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
1643 "(transient-key)" : "" );
1645 err = gpg_error_from_syserror ();
1648 err = common_gen (keyparms, algo, "ne",
1649 pub_root, timestamp, expireval, is_subkey,
1650 keygen_flags, passphrase,
1651 cache_nonce_addr, passwd_nonce_addr);
1661 * return 0 on error or the multiplier
1664 check_valid_days( const char *s )
1674 return 0; /* e.g. "2323wc" */
1675 if( *s == 'd' || *s == 'D' )
1677 if( *s == 'w' || *s == 'W' )
1679 if( *s == 'm' || *s == 'M' )
1681 if( *s == 'y' || *s == 'Y' )
1688 print_key_flags(int flags)
1690 if(flags&PUBKEY_USAGE_SIG)
1691 tty_printf("%s ",_("Sign"));
1693 if(flags&PUBKEY_USAGE_CERT)
1694 tty_printf("%s ",_("Certify"));
1696 if(flags&PUBKEY_USAGE_ENC)
1697 tty_printf("%s ",_("Encrypt"));
1699 if(flags&PUBKEY_USAGE_AUTH)
1700 tty_printf("%s ",_("Authenticate"));
1704 /* Ask for the key flags and return them. CURRENT gives the current
1705 * usage which should normally be given as 0. */
1707 ask_key_flags (int algo, int subkey, unsigned int current)
1709 /* TRANSLATORS: Please use only plain ASCII characters for the
1710 translation. If this is not possible use single digits. The
1711 string needs to 8 bytes long. Here is a description of the
1714 s = Toggle signing capability
1715 e = Toggle encryption capability
1716 a = Toggle authentication capability
1719 const char *togglers = _("SsEeAaQq");
1720 char *answer = NULL;
1722 unsigned int possible = openpgp_pk_algo_usage(algo);
1724 if ( strlen(togglers) != 8 )
1726 tty_printf ("NOTE: Bad translation at %s:%d. "
1727 "Please report.\n", __FILE__, __LINE__);
1728 togglers = "11223300";
1731 /* Only primary keys may certify. */
1733 possible&=~PUBKEY_USAGE_CERT;
1735 /* Preload the current set with the possible set, minus
1736 authentication if CURRENT has been given as 0. If CURRENT has
1737 been has non-zero we mask with all possible usages. */
1739 current &= possible;
1741 current = (possible&~PUBKEY_USAGE_AUTH);
1746 tty_printf(_("Possible actions for a %s key: "),
1747 (algo == PUBKEY_ALGO_ECDSA
1748 || algo == PUBKEY_ALGO_EDDSA)
1749 ? "ECDSA/EdDSA" : openpgp_pk_algo_name (algo));
1750 print_key_flags(possible);
1752 tty_printf(_("Current allowed actions: "));
1753 print_key_flags(current);
1756 if(possible&PUBKEY_USAGE_SIG)
1757 tty_printf(_(" (%c) Toggle the sign capability\n"),
1759 if(possible&PUBKEY_USAGE_ENC)
1760 tty_printf(_(" (%c) Toggle the encrypt capability\n"),
1762 if(possible&PUBKEY_USAGE_AUTH)
1763 tty_printf(_(" (%c) Toggle the authenticate capability\n"),
1766 tty_printf(_(" (%c) Finished\n"),togglers[6]);
1770 answer = cpr_get("keygen.flags",_("Your selection? "));
1775 /* Hack to allow direct entry of the capabilities. */
1777 for (s=answer+1; *s; s++)
1779 if ((*s == 's' || *s == 'S') && (possible&PUBKEY_USAGE_SIG))
1780 current |= PUBKEY_USAGE_SIG;
1781 else if ((*s == 'e' || *s == 'E') && (possible&PUBKEY_USAGE_ENC))
1782 current |= PUBKEY_USAGE_ENC;
1783 else if ((*s == 'a' || *s == 'A') && (possible&PUBKEY_USAGE_AUTH))
1784 current |= PUBKEY_USAGE_AUTH;
1785 else if (!subkey && *s == 'c')
1787 /* Accept 'c' for the primary key because USAGE_CERT
1788 will will be set anyway. This is for folks who
1789 want to experiment with a cert-only primary key. */
1790 current |= PUBKEY_USAGE_CERT;
1795 else if (strlen(answer)>1)
1796 tty_printf(_("Invalid selection.\n"));
1797 else if(*answer=='\0' || *answer==togglers[6] || *answer==togglers[7])
1799 else if((*answer==togglers[0] || *answer==togglers[1])
1800 && possible&PUBKEY_USAGE_SIG)
1802 if(current&PUBKEY_USAGE_SIG)
1803 current&=~PUBKEY_USAGE_SIG;
1805 current|=PUBKEY_USAGE_SIG;
1807 else if((*answer==togglers[2] || *answer==togglers[3])
1808 && possible&PUBKEY_USAGE_ENC)
1810 if(current&PUBKEY_USAGE_ENC)
1811 current&=~PUBKEY_USAGE_ENC;
1813 current|=PUBKEY_USAGE_ENC;
1815 else if((*answer==togglers[4] || *answer==togglers[5])
1816 && possible&PUBKEY_USAGE_AUTH)
1818 if(current&PUBKEY_USAGE_AUTH)
1819 current&=~PUBKEY_USAGE_AUTH;
1821 current|=PUBKEY_USAGE_AUTH;
1824 tty_printf(_("Invalid selection.\n"));
1833 /* Check whether we have a key for the key with HEXGRIP. Returns 0 if
1834 there is no such key or the OpenPGP algo number for the key. */
1836 check_keygrip (ctrl_t ctrl, const char *hexgrip)
1839 unsigned char *public;
1841 const char *algostr;
1843 if (hexgrip[0] == '&')
1846 err = agent_readkey (ctrl, 0, hexgrip, &public);
1849 publiclen = gcry_sexp_canon_len (public, 0, NULL, NULL);
1851 get_pk_algo_from_canon_sexp (public, publiclen, &algostr);
1854 /* FIXME: Mapping of ECC algorithms is probably not correct. */
1857 else if (!strcmp (algostr, "rsa"))
1858 return PUBKEY_ALGO_RSA;
1859 else if (!strcmp (algostr, "dsa"))
1860 return PUBKEY_ALGO_DSA;
1861 else if (!strcmp (algostr, "elg"))
1862 return PUBKEY_ALGO_ELGAMAL_E;
1863 else if (!strcmp (algostr, "ecc"))
1864 return PUBKEY_ALGO_ECDH;
1865 else if (!strcmp (algostr, "ecdsa"))
1866 return PUBKEY_ALGO_ECDSA;
1867 else if (!strcmp (algostr, "eddsa"))
1868 return PUBKEY_ALGO_EDDSA;
1875 /* Ask for an algorithm. The function returns the algorithm id to
1876 * create. If ADDMODE is false the function won't show an option to
1877 * create the primary and subkey combined and won't set R_USAGE
1878 * either. If a combined algorithm has been selected, the subkey
1879 * algorithm is stored at R_SUBKEY_ALGO. If R_KEYGRIP is given, the
1880 * user has the choice to enter the keygrip of an existing key. That
1881 * keygrip is then stored at this address. The caller needs to free
1884 ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
1887 char *keygrip = NULL;
1888 char *answer = NULL;
1893 r_subkey_algo = &dummy_algo;
1895 tty_printf (_("Please select what kind of key you want:\n"));
1899 tty_printf (_(" (%d) RSA and RSA (default)\n"), 1 );
1902 if (!addmode && opt.compliance != CO_DE_VS)
1903 tty_printf (_(" (%d) DSA and Elgamal\n"), 2 );
1905 if (opt.compliance != CO_DE_VS)
1906 tty_printf (_(" (%d) DSA (sign only)\n"), 3 );
1908 tty_printf (_(" (%d) RSA (sign only)\n"), 4 );
1913 if (opt.compliance != CO_DE_VS)
1914 tty_printf (_(" (%d) Elgamal (encrypt only)\n"), 5 );
1916 tty_printf (_(" (%d) RSA (encrypt only)\n"), 6 );
1921 if (opt.compliance != CO_DE_VS)
1922 tty_printf (_(" (%d) DSA (set your own capabilities)\n"), 7 );
1924 tty_printf (_(" (%d) RSA (set your own capabilities)\n"), 8 );
1928 #if GPG_USE_ECDSA || GPG_USE_ECDH || GPG_USE_EDDSA
1929 if (opt.expert && !addmode)
1930 tty_printf (_(" (%d) ECC and ECC\n"), 9 );
1932 tty_printf (_(" (%d) ECC (sign only)\n"), 10 );
1934 tty_printf (_(" (%d) ECC (set your own capabilities)\n"), 11 );
1935 if (opt.expert && addmode)
1936 tty_printf (_(" (%d) ECC (encrypt only)\n"), 12 );
1939 if (opt.expert && r_keygrip)
1940 tty_printf (_(" (%d) Existing key\n"), 13 );
1947 answer = cpr_get ("keygen.algo", _("Your selection? "));
1949 algo = *answer? atoi (answer) : 1;
1951 if (opt.compliance == CO_DE_VS
1952 && (algo == 2 || algo == 3 || algo == 5 || algo == 7))
1954 tty_printf (_("Invalid selection.\n"));
1956 else if ((algo == 1 || !strcmp (answer, "rsa+rsa")) && !addmode)
1958 algo = PUBKEY_ALGO_RSA;
1959 *r_subkey_algo = PUBKEY_ALGO_RSA;
1962 else if ((algo == 2 || !strcmp (answer, "dsa+elg")) && !addmode)
1964 algo = PUBKEY_ALGO_DSA;
1965 *r_subkey_algo = PUBKEY_ALGO_ELGAMAL_E;
1968 else if (algo == 3 || !strcmp (answer, "dsa"))
1970 algo = PUBKEY_ALGO_DSA;
1971 *r_usage = PUBKEY_USAGE_SIG;
1974 else if (algo == 4 || !strcmp (answer, "rsa/s"))
1976 algo = PUBKEY_ALGO_RSA;
1977 *r_usage = PUBKEY_USAGE_SIG;
1980 else if ((algo == 5 || !strcmp (answer, "elg")) && addmode)
1982 algo = PUBKEY_ALGO_ELGAMAL_E;
1983 *r_usage = PUBKEY_USAGE_ENC;
1986 else if ((algo == 6 || !strcmp (answer, "rsa/e")) && addmode)
1988 algo = PUBKEY_ALGO_RSA;
1989 *r_usage = PUBKEY_USAGE_ENC;
1992 else if ((algo == 7 || !strcmp (answer, "dsa/*")) && opt.expert)
1994 algo = PUBKEY_ALGO_DSA;
1995 *r_usage = ask_key_flags (algo, addmode, 0);
1998 else if ((algo == 8 || !strcmp (answer, "rsa/*")) && opt.expert)
2000 algo = PUBKEY_ALGO_RSA;
2001 *r_usage = ask_key_flags (algo, addmode, 0);
2004 else if ((algo == 9 || !strcmp (answer, "ecc+ecc"))
2005 && opt.expert && !addmode)
2007 algo = PUBKEY_ALGO_ECDSA;
2008 *r_subkey_algo = PUBKEY_ALGO_ECDH;
2011 else if ((algo == 10 || !strcmp (answer, "ecc/s")) && opt.expert)
2013 algo = PUBKEY_ALGO_ECDSA;
2014 *r_usage = PUBKEY_USAGE_SIG;
2017 else if ((algo == 11 || !strcmp (answer, "ecc/*")) && opt.expert)
2019 algo = PUBKEY_ALGO_ECDSA;
2020 *r_usage = ask_key_flags (algo, addmode, 0);
2023 else if ((algo == 12 || !strcmp (answer, "ecc/e"))
2024 && opt.expert && addmode)
2026 algo = PUBKEY_ALGO_ECDH;
2027 *r_usage = PUBKEY_USAGE_ENC;
2030 else if ((algo == 13 || !strcmp (answer, "keygrip"))
2031 && opt.expert && r_keygrip)
2036 answer = tty_get (_("Enter the keygrip: "));
2038 trim_spaces (answer);
2046 if (strlen (answer) != 40 &&
2047 !(answer[0] == '&' && strlen (answer+1) == 40))
2049 (_("Not a valid keygrip (expecting 40 hex digits)\n"));
2050 else if (!(algo = check_keygrip (ctrl, answer)) )
2051 tty_printf (_("No key with this keygrip\n"));
2058 *r_usage = ask_key_flags (algo, addmode, 0);
2062 tty_printf (_("Invalid selection.\n"));
2068 *r_keygrip = keygrip;
2074 get_keysize_range (int algo, unsigned int *min, unsigned int *max)
2077 unsigned int dummy1, dummy2;
2086 case PUBKEY_ALGO_DSA:
2087 *min = opt.expert? 768 : 1024;
2092 case PUBKEY_ALGO_ECDSA:
2093 case PUBKEY_ALGO_ECDH:
2099 case PUBKEY_ALGO_EDDSA:
2106 *min = opt.compliance == CO_DE_VS ? 2048: 1024;
2116 /* Return a fixed up keysize depending on ALGO. */
2118 fixup_keysize (unsigned int nbits, int algo, int silent)
2120 if (algo == PUBKEY_ALGO_DSA && (nbits % 64))
2122 nbits = ((nbits + 63) / 64) * 64;
2124 tty_printf (_("rounded up to %u bits\n"), nbits);
2126 else if (algo == PUBKEY_ALGO_EDDSA)
2128 if (nbits != 255 && nbits != 441)
2135 tty_printf (_("rounded to %u bits\n"), nbits);
2138 else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
2140 if (nbits != 256 && nbits != 384 && nbits != 521)
2144 else if (nbits < 384)
2149 tty_printf (_("rounded to %u bits\n"), nbits);
2152 else if ((nbits % 32))
2154 nbits = ((nbits + 31) / 32) * 32;
2156 tty_printf (_("rounded up to %u bits\n"), nbits );
2163 /* Ask for the key size. ALGO is the algorithm. If PRIMARY_KEYSIZE
2164 is not 0, the function asks for the size of the encryption
2167 ask_keysize (int algo, unsigned int primary_keysize)
2170 unsigned int min, def, max;
2171 int for_subkey = !!primary_keysize;
2174 def = get_keysize_range (algo, &min, &max);
2176 if (primary_keysize && !opt.expert)
2178 /* Deduce the subkey size from the primary key size. */
2179 if (algo == PUBKEY_ALGO_DSA && primary_keysize > 3072)
2180 nbits = 3072; /* For performance reasons we don't support more
2181 than 3072 bit DSA. However we won't see this
2182 case anyway because DSA can't be used as an
2183 encryption subkey ;-). */
2185 nbits = primary_keysize;
2190 tty_printf(_("%s keys may be between %u and %u bits long.\n"),
2191 openpgp_pk_algo_name (algo), min, max);
2195 char *prompt, *answer;
2198 prompt = xasprintf (_("What keysize do you want "
2199 "for the subkey? (%u) "), def);
2201 prompt = xasprintf (_("What keysize do you want? (%u) "), def);
2202 answer = cpr_get ("keygen.size", prompt);
2204 nbits = *answer? atoi (answer): def;
2208 if(nbits<min || nbits>max)
2209 tty_printf(_("%s keysizes must be in the range %u-%u\n"),
2210 openpgp_pk_algo_name (algo), min, max);
2215 tty_printf (_("Requested keysize is %u bits\n"), nbits);
2218 nbits = fixup_keysize (nbits, algo, autocomp);
2223 /* Ask for the curve. ALGO is the selected algorithm which this
2224 function may adjust. Returns a malloced string with the name of
2225 the curve. BOTH tells that gpg creates a primary and subkey. */
2227 ask_curve (int *algo, int *subkey_algo)
2229 /* NB: We always use a complete algo list so that we have stable
2230 numbers in the menu regardless on how Gpg was configured. */
2233 const char* eddsa_curve; /* Corresponding EdDSA curve. */
2234 const char *pretty_name;
2235 unsigned int supported : 1; /* Supported by gpg. */
2236 unsigned int de_vs : 1; /* Allowed in CO_DE_VS. */
2237 unsigned int expert_only : 1; /* Only with --expert */
2238 unsigned int available : 1; /* Available in Libycrypt (runtime checked) */
2240 #if GPG_USE_ECDSA || GPG_USE_ECDH
2241 # define MY_USE_ECDSADH 1
2243 # define MY_USE_ECDSADH 0
2245 { "Curve25519", "Ed25519", "Curve 25519", !!GPG_USE_EDDSA, 0, 0, 0 },
2246 { "Curve448", "Ed448", "Curve 448", 0/*reserved*/ , 0, 1, 0 },
2247 { "NIST P-256", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 },
2248 { "NIST P-384", NULL, NULL, MY_USE_ECDSADH, 0, 0, 0 },
2249 { "NIST P-521", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 },
2250 { "brainpoolP256r1", NULL, "Brainpool P-256", MY_USE_ECDSADH, 1, 1, 0 },
2251 { "brainpoolP384r1", NULL, "Brainpool P-384", MY_USE_ECDSADH, 1, 1, 0 },
2252 { "brainpoolP512r1", NULL, "Brainpool P-512", MY_USE_ECDSADH, 1, 1, 0 },
2253 { "secp256k1", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 },
2255 #undef MY_USE_ECDSADH
2258 char *result = NULL;
2259 gcry_sexp_t keyparms;
2261 tty_printf (_("Please select which elliptic curve you want:\n"));
2264 for (idx=0; idx < DIM(curves); idx++)
2268 curves[idx].available = 0;
2269 if (!curves[idx].supported)
2272 if (opt.compliance==CO_DE_VS)
2274 if (!curves[idx].de_vs)
2275 continue; /* Not allowed. */
2277 else if (!opt.expert && curves[idx].expert_only)
2280 /* We need to switch from the ECDH name of the curve to the
2281 EDDSA name of the curve if we want a signing key. */
2282 gcry_sexp_release (keyparms);
2283 rc = gcry_sexp_build (&keyparms, NULL,
2284 "(public-key(ecc(curve %s)))",
2285 curves[idx].eddsa_curve? curves[idx].eddsa_curve
2286 /**/ : curves[idx].name);
2289 if (!gcry_pk_get_curve (keyparms, 0, NULL))
2291 if (subkey_algo && curves[idx].eddsa_curve)
2293 /* Both Curve 25519 (or 448) keys are to be created. Check that
2294 Libgcrypt also supports the real Curve25519 (or 448). */
2295 gcry_sexp_release (keyparms);
2296 rc = gcry_sexp_build (&keyparms, NULL,
2297 "(public-key(ecc(curve %s)))",
2301 if (!gcry_pk_get_curve (keyparms, 0, NULL))
2305 curves[idx].available = 1;
2306 tty_printf (" (%d) %s\n", idx + 1,
2307 curves[idx].pretty_name?
2308 curves[idx].pretty_name:curves[idx].name);
2310 gcry_sexp_release (keyparms);
2315 answer = cpr_get ("keygen.curve", _("Your selection? "));
2317 idx = *answer? atoi (answer) : 1;
2318 if (*answer && !idx)
2320 /* See whether the user entered the name of the curve. */
2321 for (idx=0; idx < DIM(curves); idx++)
2323 if (!opt.expert && curves[idx].expert_only)
2325 if (!stricmp (curves[idx].name, answer)
2326 || (curves[idx].pretty_name
2327 && !stricmp (curves[idx].pretty_name, answer)))
2330 if (idx == DIM(curves))
2337 if (idx < 0 || idx >= DIM (curves) || !curves[idx].available)
2338 tty_printf (_("Invalid selection.\n"));
2341 /* If the user selected a signing algorithm and Curve25519
2342 we need to set the algo to EdDSA and update the curve name. */
2343 if ((*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA)
2344 && curves[idx].eddsa_curve)
2346 if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA)
2347 *subkey_algo = PUBKEY_ALGO_EDDSA;
2348 *algo = PUBKEY_ALGO_EDDSA;
2349 result = xstrdup (curves[idx].eddsa_curve);
2352 result = xstrdup (curves[idx].name);
2358 result = xstrdup (curves[0].name);
2365 * Parse an expire string and return its value in seconds.
2366 * Returns (u32)-1 on error.
2367 * This isn't perfect since scan_isodatestr returns unix time, and
2368 * OpenPGP actually allows a 32-bit time *plus* a 32-bit offset.
2369 * Because of this, we only permit setting expirations up to 2106, but
2370 * OpenPGP could theoretically allow up to 2242. I think we'll all
2371 * just cope for the next few years until we get a 64-bit time_t or
2375 parse_expire_string( const char *string )
2380 u32 curtime = make_timestamp ();
2383 if (!string || !*string || !strcmp (string, "none")
2384 || !strcmp (string, "never") || !strcmp (string, "-"))
2386 else if (!strncmp (string, "seconds=", 8))
2387 seconds = atoi (string+8);
2388 else if ((abs_date = scan_isodatestr(string))
2389 && (abs_date+86400/2) > curtime)
2390 seconds = (abs_date+86400/2) - curtime;
2391 else if ((tt = isotime2epoch (string)) != (time_t)(-1))
2392 seconds = (u32)tt - curtime;
2393 else if ((mult = check_valid_days (string)))
2394 seconds = atoi (string) * 86400L * mult;
2396 seconds = (u32)(-1);
2401 /* Parse a Creation-Date string which is either "1986-04-26" or
2402 "19860426T042640". Returns 0 on error. */
2404 parse_creation_string (const char *string)
2410 else if ( !strncmp (string, "seconds=", 8) )
2411 seconds = atoi (string+8);
2412 else if ( !(seconds = scan_isodatestr (string)))
2414 time_t tmp = isotime2epoch (string);
2415 seconds = (tmp == (time_t)(-1))? 0 : tmp;
2421 /* object == 0 for a key, and 1 for a sig */
2423 ask_expire_interval(int object,const char *def_expire)
2433 tty_printf(_("Please specify how long the key should be valid.\n"
2434 " 0 = key does not expire\n"
2435 " <n> = key expires in n days\n"
2436 " <n>w = key expires in n weeks\n"
2437 " <n>m = key expires in n months\n"
2438 " <n>y = key expires in n years\n"));
2444 tty_printf(_("Please specify how long the signature should be valid.\n"
2445 " 0 = signature does not expire\n"
2446 " <n> = signature expires in n days\n"
2447 " <n>w = signature expires in n weeks\n"
2448 " <n>m = signature expires in n months\n"
2449 " <n>y = signature expires in n years\n"));
2456 /* Note: The elgamal subkey for DSA has no expiration date because
2457 * it must be signed with the DSA key and this one has the expiration
2467 answer = cpr_get("keygen.valid",_("Key is valid for? (0) "));
2472 prompt = xasprintf (_("Signature is valid for? (%s) "), def_expire);
2473 answer = cpr_get("siggen.valid",prompt);
2477 answer=xstrdup(def_expire);
2480 trim_spaces(answer);
2481 curtime = make_timestamp ();
2482 interval = parse_expire_string( answer );
2483 if( interval == (u32)-1 )
2485 tty_printf(_("invalid value\n"));
2491 tty_printf((object==0)
2492 ? _("Key does not expire at all\n")
2493 : _("Signature does not expire at all\n"));
2497 tty_printf(object==0
2498 ? _("Key expires at %s\n")
2499 : _("Signature expires at %s\n"),
2500 asctimestamp((ulong)(curtime + interval) ) );
2501 #if SIZEOF_TIME_T <= 4 && !defined (HAVE_UNSIGNED_TIME_T)
2502 if ( (time_t)((ulong)(curtime+interval)) < 0 )
2503 tty_printf (_("Your system can't display dates beyond 2038.\n"
2504 "However, it will be correctly handled up to"
2507 #endif /*SIZEOF_TIME_T*/
2508 if ( (time_t)((unsigned long)(curtime+interval)) < curtime )
2510 tty_printf (_("invalid value\n"));
2515 if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay",
2516 _("Is this correct? (y/N) ")) )
2527 u32 x = ask_expire_interval(0,NULL);
2528 return x? make_timestamp() + x : 0;
2533 static PKT_user_id *
2534 uid_from_string (const char *string)
2539 n = strlen (string);
2540 uid = xmalloc_clear (sizeof *uid + n);
2542 strcpy (uid->name, string);
2548 /* Return true if the user id UID already exists in the keyblock. */
2550 uid_already_in_keyblock (kbnode_t keyblock, const char *uid)
2552 PKT_user_id *uidpkt = uid_from_string (uid);
2556 for (node=keyblock; node && !result; node=node->next)
2557 if (!is_deleted_kbnode (node)
2558 && node->pkt->pkttype == PKT_USER_ID
2559 && !cmp_user_ids (uidpkt, node->pkt->pkt.user_id))
2561 free_user_id (uidpkt);
2566 /* Ask for a user ID. With a MODE of 1 an extra help prompt is
2567 printed for use during a new key creation. If KEYBLOCK is not NULL
2568 the function prevents the creation of an already existing user
2569 ID. IF FULL is not set some prompts are not shown. */
2571 ask_user_id (int mode, int full, KBNODE keyblock)
2574 char *aname, *acomment, *amail, *uid;
2578 /* TRANSLATORS: This is the new string telling the user what
2579 gpg is now going to do (i.e. ask for the parts of the user
2580 ID). Note that if you do not translate this string, a
2581 different string will be used, which might still have
2582 a correct translation. */
2585 "GnuPG needs to construct a user ID to identify your key.\n"
2587 const char *s2 = _(s1);
2589 if (!strcmp (s1, s2))
2591 /* There is no translation for the string thus we to use
2592 the old info text. gettext has no way to tell whether
2593 a translation is actually available, thus we need to
2594 to compare again. */
2595 /* TRANSLATORS: This string is in general not anymore used
2596 but you should keep your existing translation. In case
2597 the new string is not translated this old string will
2599 const char *s3 = N_("\n"
2600 "You need a user ID to identify your key; "
2601 "the software constructs the user ID\n"
2602 "from the Real Name, Comment and Email Address in this form:\n"
2603 " \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n\n");
2604 const char *s4 = _(s3);
2605 if (strcmp (s3, s4))
2606 s2 = s3; /* A translation exists - use it. */
2608 tty_printf ("%s", s2) ;
2610 uid = aname = acomment = amail = NULL;
2618 aname = cpr_get("keygen.name",_("Real name: "));
2622 if( opt.allow_freeform_uid )
2625 if( strpbrk( aname, "<>" ) )
2627 tty_printf(_("Invalid character in name\n"));
2628 tty_printf(_("The characters '%s' and '%s' may not "
2629 "appear in name\n"), "<", ">");
2631 else if( digitp(aname) )
2632 tty_printf(_("Name may not start with a digit\n"));
2633 else if (*aname && strlen (aname) < 5)
2635 tty_printf(_("Name must be at least 5 characters long\n"));
2636 /* However, we allow an empty name. */
2645 amail = cpr_get("keygen.email",_("Email address: "));
2648 if( !*amail || opt.allow_freeform_uid )
2649 break; /* no email address is okay */
2650 else if ( !is_valid_mailbox (amail) )
2651 tty_printf(_("Not a valid email address\n"));
2660 acomment = cpr_get("keygen.comment",_("Comment: "));
2661 trim_spaces(acomment);
2664 break; /* no comment is okay */
2665 else if( strpbrk( acomment, "()" ) )
2666 tty_printf(_("Invalid character in comment\n"));
2673 acomment = xstrdup ("");
2679 uid = p = xmalloc(strlen(aname)+strlen(amail)+strlen(acomment)+12+10);
2680 if (!*aname && *amail && !*acomment && !random_is_faked ())
2681 { /* Empty name and comment but with mail address. Use
2682 simplified form with only the non-angle-bracketed mail
2684 p = stpcpy (p, amail);
2688 p = stpcpy (p, aname );
2690 p = stpcpy(stpcpy(stpcpy(p," ("), acomment),")");
2692 p = stpcpy(stpcpy(stpcpy(p," <"), amail),">");
2695 /* Append a warning if the RNG is switched into fake mode. */
2696 if ( random_is_faked () )
2697 strcpy(p, " (insecure!)" );
2699 /* print a note in case that UTF8 mapping has to be done */
2700 for(p=uid; *p; p++ ) {
2702 tty_printf(_("You are using the '%s' character set.\n"),
2703 get_native_charset() );
2708 tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid);
2710 if( !*amail && !opt.allow_freeform_uid
2711 && (strchr( aname, '@' ) || strchr( acomment, '@'))) {
2713 tty_printf(_("Please don't put the email address "
2714 "into the real name or the comment\n") );
2717 if (!fail && keyblock)
2719 if (uid_already_in_keyblock (keyblock, uid))
2721 tty_printf (_("Such a user ID already exists on this key!\n"));
2727 /* TRANSLATORS: These are the allowed answers in
2728 lower and uppercase. Below you will find the matching
2729 string which should be translated accordingly and the
2730 letter changed to match the one in the answer string.
2735 o = Okay (ready, continue)
2738 const char *ansstr = _("NnCcEeOoQq");
2740 if( strlen(ansstr) != 10 )
2742 if( cpr_enabled() ) {
2743 answer = xstrdup (ansstr + (fail?8:6));
2747 answer = cpr_get("keygen.userid.cmd", fail?
2748 _("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") :
2749 _("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "));
2753 answer = cpr_get("keygen.userid.cmd", fail?
2754 _("Change (N)ame, (E)mail, or (Q)uit? ") :
2755 _("Change (N)ame, (E)mail, or (O)kay/(Q)uit? "));
2758 if( strlen(answer) > 1 )
2760 else if( *answer == ansstr[0] || *answer == ansstr[1] ) {
2761 xfree(aname); aname = NULL;
2764 else if( *answer == ansstr[2] || *answer == ansstr[3] ) {
2765 xfree(acomment); acomment = NULL;
2768 else if( *answer == ansstr[4] || *answer == ansstr[5] ) {
2769 xfree(amail); amail = NULL;
2772 else if( *answer == ansstr[6] || *answer == ansstr[7] ) {
2774 tty_printf(_("Please correct the error first\n"));
2777 xfree(aname); aname = NULL;
2778 xfree(acomment); acomment = NULL;
2779 xfree(amail); amail = NULL;
2783 else if( *answer == ansstr[8] || *answer == ansstr[9] ) {
2784 xfree(aname); aname = NULL;
2785 xfree(acomment); acomment = NULL;
2786 xfree(amail); amail = NULL;
2787 xfree(uid); uid = NULL;
2793 if (!amail && !acomment)
2795 xfree(uid); uid = NULL;
2798 char *p = native_to_utf8( uid );
2806 /* Basic key generation. Here we divert to the actual generation
2807 routines based on the requested algorithm. */
2809 do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root,
2810 u32 timestamp, u32 expiredate, int is_subkey,
2811 int keygen_flags, const char *passphrase,
2812 char **cache_nonce_addr, char **passwd_nonce_addr)
2816 /* Fixme: The entropy collecting message should be moved to a
2817 libgcrypt progress handler. */
2820 "We need to generate a lot of random bytes. It is a good idea to perform\n"
2821 "some other action (type on the keyboard, move the mouse, utilize the\n"
2822 "disks) during the prime generation; this gives the random number\n"
2823 "generator a better chance to gain enough entropy.\n") );
2825 if (algo == PUBKEY_ALGO_ELGAMAL_E)
2826 err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
2827 keygen_flags, passphrase,
2828 cache_nonce_addr, passwd_nonce_addr);
2829 else if (algo == PUBKEY_ALGO_DSA)
2830 err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey,
2831 keygen_flags, passphrase,
2832 cache_nonce_addr, passwd_nonce_addr);
2833 else if (algo == PUBKEY_ALGO_ECDSA
2834 || algo == PUBKEY_ALGO_EDDSA
2835 || algo == PUBKEY_ALGO_ECDH)
2836 err = gen_ecc (algo, curve, pub_root, timestamp, expiredate, is_subkey,
2837 keygen_flags, passphrase,
2838 cache_nonce_addr, passwd_nonce_addr);
2839 else if (algo == PUBKEY_ALGO_RSA)
2840 err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
2841 keygen_flags, passphrase,
2842 cache_nonce_addr, passwd_nonce_addr);
2850 /* Generate a new user id packet or return NULL if canceled. If
2851 KEYBLOCK is not NULL the function prevents the creation of an
2852 already existing user ID. If UIDSTR is not NULL the user is not
2853 asked but UIDSTR is used to create the user id packet; if the user
2854 id already exists NULL is returned. UIDSTR is expected to be utf-8
2855 encoded and should have already been checked for a valid length
2858 generate_user_id (KBNODE keyblock, const char *uidstr)
2865 if (uid_already_in_keyblock (keyblock, uidstr))
2866 return NULL; /* Already exists. */
2867 uid = uid_from_string (uidstr);
2871 p = ask_user_id (1, 1, keyblock);
2873 return NULL; /* Canceled. */
2874 uid = uid_from_string (p);
2881 /* Helper for parse_key_parameter_string for one part of the
2882 * specification string; i.e. ALGO/FLAGS. If STRING is NULL or empty
2883 * success is returned. On error an error code is returned. Note
2884 * that STRING may be modified by this function. NULL may be passed
2885 * for any parameter. FOR_SUBKEY shall be true if this is used as a
2888 parse_key_parameter_part (char *string, int for_subkey,
2889 int *r_algo, unsigned int *r_size,
2890 unsigned int *r_keyuse,
2891 char const **r_curve)
2896 const char *curve = NULL;
2897 int ecdh_or_ecdsa = 0;
2903 if (!string || !*string)
2904 return 0; /* Success. */
2906 flags = strchr (string, '/');
2911 if (strlen (string) >= 3 && (digitp (string+3) || !string[3]))
2913 if (!ascii_memcasecmp (string, "rsa", 3))
2914 algo = PUBKEY_ALGO_RSA;
2915 else if (!ascii_memcasecmp (string, "dsa", 3))
2916 algo = PUBKEY_ALGO_DSA;
2917 else if (!ascii_memcasecmp (string, "elg", 3))
2918 algo = PUBKEY_ALGO_ELGAMAL_E;
2923 size = get_keysize_range (algo, NULL, NULL);
2926 size = strtoul (string+3, &endp, 10);
2927 if (size < 512 || size > 16384 || *endp)
2928 return gpg_error (GPG_ERR_INV_VALUE);
2931 else if ((curve = openpgp_is_curve_supported (string, &algo, &size)))
2935 algo = PUBKEY_ALGO_ECDH; /* Default ECC algorithm. */
2936 ecdh_or_ecdsa = 1; /* We may need to switch the algo. */
2940 return gpg_error (GPG_ERR_UNKNOWN_CURVE);
2942 /* Parse the flags. */
2946 char **tokens = NULL;
2948 tokens = strtokenize (flags, ",");
2950 return gpg_error_from_syserror ();
2952 for (i=0; (s = tokens[i]); i++)
2956 else if (!ascii_strcasecmp (s, "sign"))
2957 keyuse |= PUBKEY_USAGE_SIG;
2958 else if (!ascii_strcasecmp (s, "encrypt")
2959 || !ascii_strcasecmp (s, "encr"))
2960 keyuse |= PUBKEY_USAGE_ENC;
2961 else if (!ascii_strcasecmp (s, "auth"))
2962 keyuse |= PUBKEY_USAGE_AUTH;
2963 else if (!ascii_strcasecmp (s, "cert"))
2964 keyuse |= PUBKEY_USAGE_CERT;
2965 else if (!ascii_strcasecmp (s, "ecdsa"))
2967 if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
2968 algo = PUBKEY_ALGO_ECDSA;
2972 return gpg_error (GPG_ERR_INV_FLAG);
2976 else if (!ascii_strcasecmp (s, "ecdh"))
2978 if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
2979 algo = PUBKEY_ALGO_ECDH;
2983 return gpg_error (GPG_ERR_INV_FLAG);
2987 else if (!ascii_strcasecmp (s, "eddsa"))
2989 /* Not required but we allow it for consistency. */
2990 if (algo == PUBKEY_ALGO_EDDSA)
2995 return gpg_error (GPG_ERR_INV_FLAG);
3001 return gpg_error (GPG_ERR_UNKNOWN_FLAG);
3008 /* If not yet decided switch between ecdh and ecdsa. */
3009 if (ecdh_or_ecdsa && keyuse)
3010 algo = (keyuse & PUBKEY_USAGE_ENC)? PUBKEY_ALGO_ECDH : PUBKEY_ALGO_ECDSA;
3011 else if (ecdh_or_ecdsa)
3012 algo = for_subkey? PUBKEY_ALGO_ECDH : PUBKEY_ALGO_ECDSA;
3014 /* Set or fix key usage. */
3017 if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA
3018 || algo == PUBKEY_ALGO_DSA)
3019 keyuse = PUBKEY_USAGE_SIG;
3020 else if (algo == PUBKEY_ALGO_RSA)
3021 keyuse = for_subkey? PUBKEY_USAGE_ENC : PUBKEY_USAGE_SIG;
3023 keyuse = PUBKEY_USAGE_ENC;
3025 else if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA
3026 || algo == PUBKEY_ALGO_DSA)
3028 keyuse &= ~PUBKEY_USAGE_ENC; /* Forbid encryption. */
3030 else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ELGAMAL_E)
3032 keyuse = PUBKEY_USAGE_ENC; /* Allow only encryption. */
3035 /* Make sure a primary key can certify. */
3037 keyuse |= PUBKEY_USAGE_CERT;
3039 /* Check that usage is actually possible. */
3040 if (/**/((keyuse & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT))
3041 && !pubkey_get_nsig (algo))
3042 || ((keyuse & PUBKEY_USAGE_ENC)
3043 && !pubkey_get_nenc (algo))
3044 || (for_subkey && (keyuse & PUBKEY_USAGE_CERT)))
3045 return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
3047 /* Return values. */
3052 unsigned int min, def, max;
3054 /* Make sure the keysize is in the allowed range. */
3055 def = get_keysize_range (algo, &min, &max);
3058 else if (size < min)
3060 else if (size > max)
3063 *r_size = fixup_keysize (size, algo, 1);
3073 /* Parse and return the standard key generation parameter.
3074 * The string is expected to be in this format:
3076 * ALGO[/FLAGS][+SUBALGO[/FLAGS]]
3078 * Here ALGO is a string in the same format as printed by the
3079 * keylisting. For example:
3081 * rsa3072 := RSA with 3072 bit.
3082 * dsa2048 := DSA with 2048 bit.
3083 * elg2048 := Elgamal with 2048 bit.
3084 * ed25519 := EDDSA using curve Ed25519.
3085 * cv25519 := ECDH using curve Curve25519.
3086 * nistp256:= ECDSA or ECDH using curve NIST P-256
3088 * All strings with an unknown prefix are considered an elliptic
3089 * curve. Curves which have no implicit algorithm require that FLAGS
3090 * is given to select whether ECDSA or ECDH is used; this can eoither
3091 * be done using an algorithm keyword or usage keywords.
3093 * FLAGS is a comma delimited string of keywords:
3095 * cert := Allow usage Certify
3096 * sign := Allow usage Sign
3097 * encr := Allow usage Encrypt
3098 * auth := Allow usage Authentication
3099 * encrypt := Alias for "encr"
3100 * ecdsa := Use algorithm ECDSA.
3101 * eddsa := Use algorithm EdDSA.
3102 * ecdh := Use algorithm ECDH.
3104 * There are several defaults and fallbacks depending on the
3105 * algorithm. PART can be used to select which part of STRING is
3108 * 0 := Only the part of the primary key
3109 * 1 := If there is one part parse that one, if there are
3110 * two parts parse the second part. Always return
3111 * in the args for the primary key (R_ALGO,....).
3115 parse_key_parameter_string (const char *string, int part,
3116 int *r_algo, unsigned int *r_size,
3118 char const **r_curve,
3119 int *r_subalgo, unsigned int *r_subsize,
3120 unsigned *r_subkeyuse,
3121 char const **r_subcurve)
3123 gpg_error_t err = 0;
3124 char *primary, *secondary;
3143 if (!string || !*string
3144 || !strcmp (string, "default") || !strcmp (string, "-"))
3145 string = get_default_pubkey_algo ();
3146 else if (!strcmp (string, "future-default"))
3147 string = FUTURE_STD_KEY_PARAM;
3149 primary = xstrdup (string);
3150 secondary = strchr (primary, '+');
3153 if (part == -1 || part == 0)
3155 err = parse_key_parameter_part (primary, 0, r_algo, r_size,
3157 if (!err && part == -1)
3158 err = parse_key_parameter_part (secondary, 1, r_subalgo, r_subsize,
3159 r_subkeyuse, r_subcurve);
3163 /* If we have SECONDARY, use that part. If there is only one
3164 * part consider this to be the subkey algo. */
3165 err = parse_key_parameter_part (secondary? secondary : primary, 1,
3166 r_algo, r_size, r_keyuse, r_curve);
3176 /* Append R to the linked list PARA. */
3178 append_to_parameter (struct para_data_s *para, struct para_data_s *r)
3186 /* Release the parameter list R. */
3188 release_parameter_list (struct para_data_s *r)
3190 struct para_data_s *r2;
3195 if (r->key == pPASSPHRASE && *r->u.value)
3196 wipememory (r->u.value, strlen (r->u.value));
3201 static struct para_data_s *
3202 get_parameter( struct para_data_s *para, enum para_name key )
3204 struct para_data_s *r;
3206 for( r = para; r && r->key != key; r = r->next )
3212 get_parameter_value( struct para_data_s *para, enum para_name key )
3214 struct para_data_s *r = get_parameter( para, key );
3215 return (r && *r->u.value)? r->u.value : NULL;
3219 /* This is similar to get_parameter_value but also returns the empty
3220 string. This is required so that quick_generate_keypair can use an
3221 empty Passphrase to specify no-protection. */
3223 get_parameter_passphrase (struct para_data_s *para)
3225 struct para_data_s *r = get_parameter (para, pPASSPHRASE);
3226 return r ? r->u.value : NULL;
3231 get_parameter_algo( struct para_data_s *para, enum para_name key,
3235 struct para_data_s *r = get_parameter( para, key );
3243 /* Note that we need to handle the ECC algorithms specified as
3244 strings directly because Libgcrypt folds them all to ECC. */
3245 if (!ascii_strcasecmp (r->u.value, "default"))
3247 /* Note: If you change this default algo, remember to change it
3248 * also in gpg.c:gpgconf_list. */
3249 /* FIXME: We only allow the algo here and have a separate thing
3250 * for the curve etc. That is a ugly but demanded for backward
3251 * compatibility with the batch key generation. It would be
3252 * better to make full use of parse_key_parameter_string. */
3253 parse_key_parameter_string (NULL, 0,
3254 &i, NULL, NULL, NULL,
3255 NULL, NULL, NULL, NULL);
3260 else if (digitp (r->u.value))
3261 i = atoi( r->u.value );
3262 else if (!strcmp (r->u.value, "ELG-E")
3263 || !strcmp (r->u.value, "ELG"))
3264 i = PUBKEY_ALGO_ELGAMAL_E;
3265 else if (!ascii_strcasecmp (r->u.value, "EdDSA"))
3266 i = PUBKEY_ALGO_EDDSA;
3267 else if (!ascii_strcasecmp (r->u.value, "ECDSA"))
3268 i = PUBKEY_ALGO_ECDSA;
3269 else if (!ascii_strcasecmp (r->u.value, "ECDH"))
3270 i = PUBKEY_ALGO_ECDH;
3272 i = map_pk_gcry_to_openpgp (gcry_pk_map_name (r->u.value));
3274 if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
3275 i = 0; /* we don't want to allow generation of these algorithms */
3280 /* Parse a usage string. The usage keywords "auth", "sign", "encr"
3281 * may be delimited by space, tab, or comma. On error -1 is returned
3282 * instead of the usage flags. */
3284 parse_usagestr (const char *usagestr)
3287 char **tokens = NULL;
3290 unsigned int use = 0;
3292 tokens = strtokenize (usagestr, " \t,");
3295 err = gpg_error_from_syserror ();
3296 log_error ("strtokenize failed: %s\n", gpg_strerror (err));
3300 for (i=0; (s = tokens[i]); i++)
3304 else if (!ascii_strcasecmp (s, "sign"))
3305 use |= PUBKEY_USAGE_SIG;
3306 else if (!ascii_strcasecmp (s, "encrypt")
3307 || !ascii_strcasecmp (s, "encr"))
3308 use |= PUBKEY_USAGE_ENC;
3309 else if (!ascii_strcasecmp (s, "auth"))
3310 use |= PUBKEY_USAGE_AUTH;
3311 else if (!ascii_strcasecmp (s, "cert"))
3312 use |= PUBKEY_USAGE_CERT;
3316 return -1; /* error */
3326 * Parse the usage parameter and set the keyflags. Returns -1 on
3327 * error, 0 for no usage given or 1 for usage available.
3330 parse_parameter_usage (const char *fname,
3331 struct para_data_s *para, enum para_name key)
3333 struct para_data_s *r = get_parameter( para, key );
3337 return 0; /* none (this is an optional parameter)*/
3339 i = parse_usagestr (r->u.value);
3342 log_error ("%s:%d: invalid usage list\n", fname, r->lnr );
3343 return -1; /* error */
3352 parse_revocation_key (const char *fname,
3353 struct para_data_s *para, enum para_name key)
3355 struct para_data_s *r = get_parameter( para, key );
3356 struct revocation_key revkey;
3361 return 0; /* none (this is an optional parameter) */
3366 revkey.algid=atoi(pn);
3370 /* Skip to the fpr */
3371 while(*pn && *pn!=':')
3379 for(i=0;i<MAX_FINGERPRINT_LEN && *pn;i++,pn+=2)
3381 int c=hextobyte(pn);
3388 /* skip to the tag */
3389 while(*pn && *pn!='s' && *pn!='S')
3392 if(ascii_strcasecmp(pn,"sensitive")==0)
3395 memcpy(&r->u.revkey,&revkey,sizeof(struct revocation_key));
3400 log_error("%s:%d: invalid revocation key\n", fname, r->lnr );
3401 return -1; /* error */
3406 get_parameter_u32( struct para_data_s *para, enum para_name key )
3408 struct para_data_s *r = get_parameter( para, key );
3412 if( r->key == pKEYCREATIONDATE )
3413 return r->u.creation;
3414 if( r->key == pKEYEXPIRE || r->key == pSUBKEYEXPIRE )
3416 if( r->key == pKEYUSAGE || r->key == pSUBKEYUSAGE )
3419 return (unsigned int)strtoul( r->u.value, NULL, 10 );
3423 get_parameter_uint( struct para_data_s *para, enum para_name key )
3425 return get_parameter_u32( para, key );
3428 static struct revocation_key *
3429 get_parameter_revkey( struct para_data_s *para, enum para_name key )
3431 struct para_data_s *r = get_parameter( para, key );
3432 return r? &r->u.revkey : NULL;
3436 proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname,
3437 struct output_control_s *outctrl, int card )
3439 struct para_data_s *r;
3440 const char *s1, *s2, *s3;
3444 int have_user_id = 0;
3447 /* Check that we have all required parameters. */
3448 r = get_parameter( para, pKEYTYPE );
3451 algo = get_parameter_algo (para, pKEYTYPE, &is_default);
3452 if (openpgp_pk_test_algo2 (algo, PUBKEY_USAGE_SIG))
3454 log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
3460 log_error ("%s: no Key-Type specified\n",fname);
3464 err = parse_parameter_usage (fname, para, pKEYUSAGE);
3467 /* Default to algo capabilities if key-usage is not provided and
3468 no default algorithm has been requested. */
3469 r = xmalloc_clear(sizeof(*r));
3471 r->u.usage = (is_default
3472 ? (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG)
3473 : openpgp_pk_algo_usage(algo));
3474 append_to_parameter (para, r);
3480 r = get_parameter (para, pKEYUSAGE);
3481 if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
3483 log_error ("%s:%d: specified Key-Usage not allowed for algo %d\n",
3484 fname, r->lnr, algo);
3490 r = get_parameter( para, pSUBKEYTYPE );
3493 algo = get_parameter_algo (para, pSUBKEYTYPE, &is_default);
3494 if (openpgp_pk_test_algo (algo))
3496 log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
3500 err = parse_parameter_usage (fname, para, pSUBKEYUSAGE);
3503 /* Default to algo capabilities if subkey-usage is not
3505 r = xmalloc_clear (sizeof(*r));
3506 r->key = pSUBKEYUSAGE;
3507 r->u.usage = (is_default
3509 : openpgp_pk_algo_usage (algo));
3510 append_to_parameter (para, r);
3516 r = get_parameter (para, pSUBKEYUSAGE);
3517 if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
3519 log_error ("%s:%d: specified Subkey-Usage not allowed"
3520 " for algo %d\n", fname, r->lnr, algo);
3527 if( get_parameter_value( para, pUSERID ) )
3531 /* create the formatted user ID */
3532 s1 = get_parameter_value( para, pNAMEREAL );
3533 s2 = get_parameter_value( para, pNAMECOMMENT );
3534 s3 = get_parameter_value( para, pNAMEEMAIL );
3535 if( s1 || s2 || s3 )
3537 n = (s1?strlen(s1):0) + (s2?strlen(s2):0) + (s3?strlen(s3):0);
3538 r = xmalloc_clear( sizeof *r + n + 20 );
3544 p = stpcpy(stpcpy(stpcpy(p," ("), s2 ),")");
3546 p = stpcpy(stpcpy(stpcpy(p," <"), s3 ),">");
3547 append_to_parameter (para, r);
3554 log_error("%s: no User-ID specified\n",fname);
3558 /* Set preferences, if any. */
3559 keygen_set_std_prefs(get_parameter_value( para, pPREFERENCES ), 0);
3561 /* Set keyserver, if any. */
3562 s1=get_parameter_value( para, pKEYSERVER );
3565 struct keyserver_spec *spec;
3567 spec = parse_keyserver_uri (s1, 1);
3570 free_keyserver_spec(spec);
3571 opt.def_keyserver_url=s1;
3575 r = get_parameter (para, pKEYSERVER);
3576 log_error("%s:%d: invalid keyserver url\n", fname, r->lnr );
3581 /* Set revoker, if any. */
3582 if (parse_revocation_key (fname, para, pREVOKER))
3586 /* Make KEYCREATIONDATE from Creation-Date. */
3587 r = get_parameter (para, pCREATIONDATE);
3588 if (r && *r->u.value)
3592 seconds = parse_creation_string (r->u.value);
3595 log_error ("%s:%d: invalid creation date\n", fname, r->lnr );
3598 r->u.creation = seconds;
3599 r->key = pKEYCREATIONDATE; /* Change that entry. */
3602 /* Make KEYEXPIRE from Expire-Date. */
3603 r = get_parameter( para, pEXPIREDATE );
3604 if( r && *r->u.value )
3608 seconds = parse_expire_string( r->u.value );
3609 if( seconds == (u32)-1 )
3611 log_error("%s:%d: invalid expire date\n", fname, r->lnr );
3614 r->u.expire = seconds;
3615 r->key = pKEYEXPIRE; /* change hat entry */
3616 /* also set it for the subkey */
3617 r = xmalloc_clear( sizeof *r + 20 );
3618 r->key = pSUBKEYEXPIRE;
3619 r->u.expire = seconds;
3620 append_to_parameter (para, r);
3623 do_generate_keypair (ctrl, para, outctrl, card );
3629 * Kludge to allow non interactive key generation controlled
3630 * by a parameter file.
3631 * Note, that string parameters are expected to be in UTF-8
3634 read_parameter_file (ctrl_t ctrl, const char *fname )
3636 static struct { const char *name;
3639 { "Key-Type", pKEYTYPE},
3640 { "Key-Length", pKEYLENGTH },
3641 { "Key-Curve", pKEYCURVE },
3642 { "Key-Usage", pKEYUSAGE },
3643 { "Subkey-Type", pSUBKEYTYPE },
3644 { "Subkey-Length", pSUBKEYLENGTH },
3645 { "Subkey-Curve", pSUBKEYCURVE },
3646 { "Subkey-Usage", pSUBKEYUSAGE },
3647 { "Name-Real", pNAMEREAL },
3648 { "Name-Email", pNAMEEMAIL },
3649 { "Name-Comment", pNAMECOMMENT },
3650 { "Expire-Date", pEXPIREDATE },
3651 { "Creation-Date", pCREATIONDATE },
3652 { "Passphrase", pPASSPHRASE },
3653 { "Preferences", pPREFERENCES },
3654 { "Revoker", pREVOKER },
3655 { "Handle", pHANDLE },
3656 { "Keyserver", pKEYSERVER },
3661 unsigned int maxlen, nline;
3664 const char *err = NULL;
3665 struct para_data_s *para, *r;
3667 struct output_control_s outctrl;
3669 memset( &outctrl, 0, sizeof( outctrl ) );
3670 outctrl.pub.afx = new_armor_context ();
3672 if( !fname || !*fname)
3675 fp = iobuf_open (fname);
3676 if (fp && is_secured_file (iobuf_get_fd (fp)))
3680 gpg_err_set_errno (EPERM);
3683 log_error (_("can't open '%s': %s\n"), fname, strerror(errno) );
3686 iobuf_ioctl (fp, IOBUF_IOCTL_NO_CACHE, 1, NULL);
3693 while ( iobuf_read_line (fp, &line, &nline, &maxlen) ) {
3694 char *keyword, *value;
3698 err = "line too long";
3701 for( p = line; isspace(*(byte*)p); p++ )
3703 if( !*p || *p == '#' )
3706 if( *keyword == '%' ) {
3707 for( ; !isspace(*(byte*)p); p++ )
3711 for( ; isspace(*(byte*)p); p++ )
3714 trim_trailing_ws( value, strlen(value) );
3715 if( !ascii_strcasecmp( keyword, "%echo" ) )
3716 log_info("%s\n", value );
3717 else if( !ascii_strcasecmp( keyword, "%dry-run" ) )
3719 else if( !ascii_strcasecmp( keyword, "%ask-passphrase" ) )
3720 ; /* Dummy for backward compatibility. */
3721 else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) )
3722 ; /* Dummy for backward compatibility. */
3723 else if( !ascii_strcasecmp( keyword, "%no-protection" ) )
3724 outctrl.keygen_flags |= KEYGEN_FLAG_NO_PROTECTION;
3725 else if( !ascii_strcasecmp( keyword, "%transient-key" ) )
3726 outctrl.keygen_flags |= KEYGEN_FLAG_TRANSIENT_KEY;
3727 else if( !ascii_strcasecmp( keyword, "%commit" ) ) {
3729 if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
3730 print_status_key_not_created
3731 (get_parameter_value (para, pHANDLE));
3732 release_parameter_list( para );
3735 else if( !ascii_strcasecmp( keyword, "%pubring" ) ) {
3736 if( outctrl.pub.fname && !strcmp( outctrl.pub.fname, value ) )
3737 ; /* still the same file - ignore it */
3739 xfree( outctrl.pub.newfname );
3740 outctrl.pub.newfname = xstrdup( value );
3741 outctrl.use_files = 1;
3744 else if( !ascii_strcasecmp( keyword, "%secring" ) ) {
3745 /* Ignore this command. */
3748 log_info("skipping control '%s' (%s)\n", keyword, value );
3755 if( !(p = strchr( p, ':' )) || p == keyword ) {
3756 err = "missing colon";
3761 for( ; isspace(*(byte*)p); p++ )
3764 err = "missing argument";
3768 trim_trailing_ws( value, strlen(value) );
3770 for(i=0; keywords[i].name; i++ ) {
3771 if( !ascii_strcasecmp( keywords[i].name, keyword ) )
3774 if( !keywords[i].name ) {
3775 err = "unknown keyword";
3778 if( keywords[i].key != pKEYTYPE && !para ) {
3779 err = "parameter block does not start with \"Key-Type\"";
3783 if( keywords[i].key == pKEYTYPE && para ) {
3785 if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
3786 print_status_key_not_created
3787 (get_parameter_value (para, pHANDLE));
3788 release_parameter_list( para );
3792 for( r = para; r; r = r->next ) {
3793 if( r->key == keywords[i].key )
3797 err = "duplicate keyword";
3801 r = xmalloc_clear( sizeof *r + strlen( value ) );
3803 r->key = keywords[i].key;
3804 strcpy( r->u.value, value );
3809 log_error("%s:%d: %s\n", fname, lnr, err );
3810 else if( iobuf_error (fp) ) {
3811 log_error("%s:%d: read error\n", fname, lnr);
3815 if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
3816 print_status_key_not_created (get_parameter_value (para, pHANDLE));
3819 if( outctrl.use_files ) { /* close open streams */
3820 iobuf_close( outctrl.pub.stream );
3822 /* Must invalidate that ugly cache to actually close it. */
3823 if (outctrl.pub.fname)
3824 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE,
3825 0, (char*)outctrl.pub.fname);
3827 xfree( outctrl.pub.fname );
3828 xfree( outctrl.pub.newfname );
3832 release_parameter_list( para );
3834 release_armor_context (outctrl.pub.afx);
3838 /* Helper for quick_generate_keypair. */
3839 static struct para_data_s *
3840 quickgen_set_para (struct para_data_s *para, int for_subkey,
3841 int algo, int nbits, const char *curve, unsigned int use)
3843 struct para_data_s *r;
3845 r = xmalloc_clear (sizeof *r + 30);
3846 r->key = for_subkey? pSUBKEYUSAGE : pKEYUSAGE;
3848 snprintf (r->u.value, 30, "%s%s%s%s",
3849 (use & PUBKEY_USAGE_ENC)? "encr " : "",
3850 (use & PUBKEY_USAGE_SIG)? "sign " : "",
3851 (use & PUBKEY_USAGE_AUTH)? "auth " : "",
3852 (use & PUBKEY_USAGE_CERT)? "cert " : "");
3854 strcpy (r->u.value, for_subkey ? "encr" : "sign");
3857 r = xmalloc_clear (sizeof *r + 20);
3858 r->key = for_subkey? pSUBKEYTYPE : pKEYTYPE;
3859 snprintf (r->u.value, 20, "%d", algo);
3865 r = xmalloc_clear (sizeof *r + strlen (curve));
3866 r->key = for_subkey? pSUBKEYCURVE : pKEYCURVE;
3867 strcpy (r->u.value, curve);
3873 r = xmalloc_clear (sizeof *r + 20);
3874 r->key = for_subkey? pSUBKEYLENGTH : pKEYLENGTH;
3875 sprintf (r->u.value, "%u", nbits);
3885 * Unattended generation of a standard key.
3888 quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
3889 const char *usagestr, const char *expirestr)
3892 struct para_data_s *para = NULL;
3893 struct para_data_s *r;
3894 struct output_control_s outctrl;
3897 memset (&outctrl, 0, sizeof outctrl);
3899 use_tty = (!opt.batch && !opt.answer_yes
3900 && !*algostr && !*usagestr && !*expirestr
3902 && gnupg_isatty (fileno (stdin))
3903 && gnupg_isatty (fileno (stdout))
3904 && gnupg_isatty (fileno (stderr)));
3906 r = xmalloc_clear (sizeof *r + strlen (uid));
3908 strcpy (r->u.value, uid);
3912 uid = trim_spaces (r->u.value);
3913 if (!*uid || (!opt.allow_freeform_uid && !is_valid_user_id (uid)))
3915 log_error (_("Key generation failed: %s\n"),
3916 gpg_strerror (GPG_ERR_INV_USER_ID));
3920 /* If gpg is directly used on the console ask whether a key with the
3921 given user id shall really be created. */
3924 tty_printf (_("About to create a key for:\n \"%s\"\n\n"), uid);
3925 if (!cpr_get_answer_is_yes_def ("quick_keygen.okay",
3926 _("Continue? (Y/n) "), 1))
3930 /* Check whether such a user ID already exists. */
3933 KEYDB_SEARCH_DESC desc;
3935 memset (&desc, 0, sizeof desc);
3936 desc.mode = KEYDB_SEARCH_MODE_EXACT;
3939 kdbhd = keydb_new ();
3943 err = keydb_search (kdbhd, &desc, 1, NULL);
3944 keydb_release (kdbhd);
3945 if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
3947 log_info (_("A key for \"%s\" already exists\n"), uid);
3951 || !cpr_get_answer_is_yes_def ("quick_keygen.force",
3952 _("Create anyway? (y/N) "), 0))
3954 write_status_error ("genkey", gpg_error (304));
3955 log_inc_errorcount (); /* we used log_info */
3958 log_info (_("creating anyway\n"));
3962 if (!*expirestr || strcmp (expirestr, "-") == 0)
3963 expirestr = default_expiration_interval;
3965 if ((!*algostr || !strcmp (algostr, "default")
3966 || !strcmp (algostr, "future-default"))
3967 && (!*usagestr || !strcmp (usagestr, "default")
3968 || !strcmp (usagestr, "-")))
3970 /* Use default key parameters. */
3972 unsigned int size, subsize;
3973 unsigned int keyuse, subkeyuse;
3974 const char *curve, *subcurve;
3976 err = parse_key_parameter_string (algostr, -1,
3977 &algo, &size, &keyuse, &curve,
3978 &subalgo, &subsize, &subkeyuse,
3982 log_error (_("Key generation failed: %s\n"), gpg_strerror (err));
3986 para = quickgen_set_para (para, 0, algo, size, curve, keyuse);
3988 para = quickgen_set_para (para, 1,
3989 subalgo, subsize, subcurve, subkeyuse);
3995 expire = parse_expire_string (expirestr);
3996 if (expire == (u32)-1 )
3998 err = gpg_error (GPG_ERR_INV_VALUE);
3999 log_error (_("Key generation failed: %s\n"), gpg_strerror (err));
4002 r = xmalloc_clear (sizeof *r + 20);
4003 r->key = pKEYEXPIRE;
4004 r->u.expire = expire;
4011 /* Extended unattended mode. Creates only the primary key. */
4018 err = parse_algo_usage_expire (ctrl, 0, algostr, usagestr, expirestr,
4019 &algo, &use, &expire, &nbits, &curve);
4022 log_error (_("Key generation failed: %s\n"), gpg_strerror (err) );
4026 para = quickgen_set_para (para, 0, algo, nbits, curve, use);
4027 r = xmalloc_clear (sizeof *r + 20);
4028 r->key = pKEYEXPIRE;
4029 r->u.expire = expire;
4034 /* If the pinentry loopback mode is not and we have a static
4035 passphrase (i.e. set with --passphrase{,-fd,-file} while in batch
4036 mode), we use that passphrase for the new key. */
4037 if (opt.pinentry_mode != PINENTRY_MODE_LOOPBACK
4038 && have_static_passphrase ())
4040 const char *s = get_static_passphrase ();
4042 r = xmalloc_clear (sizeof *r + strlen (s));
4043 r->key = pPASSPHRASE;
4044 strcpy (r->u.value, s);
4049 proc_parameter_file (ctrl, para, "[internal]", &outctrl, 0);
4052 release_parameter_list (para);
4057 * Generate a keypair (fname is only used in batch mode) If
4058 * CARD_SERIALNO is not NULL the function will create the keys on an
4059 * OpenPGP Card. If CARD_BACKUP_KEY has been set and CARD_SERIALNO is
4060 * NOT NULL, the encryption key for the card is generated on the host,
4061 * imported to the card and a backup file created by gpg-agent. If
4062 * FULL is not set only the basic prompts are used (except for batch
4066 generate_keypair (ctrl_t ctrl, int full, const char *fname,
4067 const char *card_serialno, int card_backup_key)
4076 struct para_data_s *para = NULL;
4077 struct para_data_s *r;
4078 struct output_control_s outctrl;
4080 #ifndef ENABLE_CARD_SUPPORT
4081 (void)card_backup_key;
4084 memset( &outctrl, 0, sizeof( outctrl ) );
4086 if (opt.batch && card_serialno)
4088 /* We don't yet support unattended key generation. */
4089 log_error (_("can't do this in batch mode\n"));
4095 read_parameter_file (ctrl, fname);
4101 #ifdef ENABLE_CARD_SUPPORT
4102 struct agent_card_info_s info;
4104 memset (&info, 0, sizeof (info));
4105 err = agent_scd_getattr ("KEY-ATTR", &info);
4108 log_error (_("error getting current key info: %s\n"),
4109 gpg_strerror (err));
4113 r = xcalloc (1, sizeof *r + strlen (card_serialno) );
4115 strcpy( r->u.value, card_serialno);
4119 r = xcalloc (1, sizeof *r + 20 );
4121 sprintf( r->u.value, "%d", info.key_attr[0].algo );
4124 r = xcalloc (1, sizeof *r + 20 );
4126 strcpy (r->u.value, "sign");
4130 r = xcalloc (1, sizeof *r + 20 );
4131 r->key = pSUBKEYTYPE;
4132 sprintf( r->u.value, "%d", info.key_attr[1].algo );
4135 r = xcalloc (1, sizeof *r + 20 );
4136 r->key = pSUBKEYUSAGE;
4137 strcpy (r->u.value, "encrypt");
4140 if (info.key_attr[1].algo == PUBKEY_ALGO_RSA)
4142 r = xcalloc (1, sizeof *r + 20 );
4143 r->key = pSUBKEYLENGTH;
4144 sprintf( r->u.value, "%u", info.key_attr[1].nbits);
4148 else if (info.key_attr[1].algo == PUBKEY_ALGO_ECDSA
4149 || info.key_attr[1].algo == PUBKEY_ALGO_EDDSA
4150 || info.key_attr[1].algo == PUBKEY_ALGO_ECDH)
4152 r = xcalloc (1, sizeof *r + strlen (info.key_attr[1].curve));
4153 r->key = pSUBKEYCURVE;
4154 strcpy (r->u.value, info.key_attr[1].curve);
4159 r = xcalloc (1, sizeof *r + 20 );
4160 r->key = pAUTHKEYTYPE;
4161 sprintf( r->u.value, "%d", info.key_attr[2].algo );
4165 if (card_backup_key)
4167 r = xcalloc (1, sizeof *r + 1);
4168 r->key = pCARDBACKUPKEY;
4169 strcpy (r->u.value, "1");
4173 #endif /*ENABLE_CARD_SUPPORT*/
4175 else if (full) /* Full featured key generation. */
4180 /* Fixme: To support creating a primary key by keygrip we better
4181 also define the keyword for the parameter file. Note that
4182 the subkey case will never be asserted if a keygrip has been
4184 algo = ask_algo (ctrl, 0, &subkey_algo, &use, NULL);
4187 /* Create primary and subkey at once. */
4189 if (algo == PUBKEY_ALGO_ECDSA
4190 || algo == PUBKEY_ALGO_EDDSA
4191 || algo == PUBKEY_ALGO_ECDH)
4193 curve = ask_curve (&algo, &subkey_algo);
4194 r = xmalloc_clear( sizeof *r + 20 );
4196 sprintf( r->u.value, "%d", algo);
4200 r = xmalloc_clear (sizeof *r + strlen (curve));
4202 strcpy (r->u.value, curve);
4208 r = xmalloc_clear( sizeof *r + 20 );
4210 sprintf( r->u.value, "%d", algo);
4213 nbits = ask_keysize (algo, 0);
4214 r = xmalloc_clear( sizeof *r + 20 );
4215 r->key = pKEYLENGTH;
4216 sprintf( r->u.value, "%u", nbits);
4220 r = xmalloc_clear( sizeof *r + 20 );
4222 strcpy( r->u.value, "sign" );
4226 r = xmalloc_clear( sizeof *r + 20 );
4227 r->key = pSUBKEYTYPE;
4228 sprintf( r->u.value, "%d", subkey_algo);
4231 r = xmalloc_clear( sizeof *r + 20 );
4232 r->key = pSUBKEYUSAGE;
4233 strcpy( r->u.value, "encrypt" );
4237 if (algo == PUBKEY_ALGO_ECDSA
4238 || algo == PUBKEY_ALGO_EDDSA
4239 || algo == PUBKEY_ALGO_ECDH)
4241 if (algo == PUBKEY_ALGO_EDDSA
4242 && subkey_algo == PUBKEY_ALGO_ECDH)
4244 /* Need to switch to a different curve for the
4247 curve = xstrdup ("Curve25519");
4249 r = xmalloc_clear (sizeof *r + strlen (curve));
4250 r->key = pSUBKEYCURVE;
4251 strcpy (r->u.value, curve);
4256 else /* Create only a single key. */
4258 /* For ECC we need to ask for the curve before storing the
4259 algo because ask_curve may change the algo. */
4260 if (algo == PUBKEY_ALGO_ECDSA
4261 || algo == PUBKEY_ALGO_EDDSA
4262 || algo == PUBKEY_ALGO_ECDH)
4264 curve = ask_curve (&algo, NULL);
4265 r = xmalloc_clear (sizeof *r + strlen (curve));
4267 strcpy (r->u.value, curve);
4272 r = xmalloc_clear( sizeof *r + 20 );
4274 sprintf( r->u.value, "%d", algo );
4280 r = xmalloc_clear( sizeof *r + 25 );
4282 sprintf( r->u.value, "%s%s%s",
4283 (use & PUBKEY_USAGE_SIG)? "sign ":"",
4284 (use & PUBKEY_USAGE_ENC)? "encrypt ":"",
4285 (use & PUBKEY_USAGE_AUTH)? "auth":"" );
4292 if (algo == PUBKEY_ALGO_ECDSA
4293 || algo == PUBKEY_ALGO_EDDSA
4294 || algo == PUBKEY_ALGO_ECDH)
4296 /* The curve has already been set. */
4300 nbits = ask_keysize (both? subkey_algo : algo, nbits);
4301 r = xmalloc_clear( sizeof *r + 20 );
4302 r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
4303 sprintf( r->u.value, "%u", nbits);
4310 else /* Default key generation. */
4313 unsigned int size, subsize;
4314 unsigned int keyuse, subkeyuse;
4315 const char *curve, *subcurve;
4317 tty_printf ( _("Note: Use \"%s %s\""
4318 " for a full featured key generation dialog.\n"),
4324 , "--full-generate-key" );
4326 err = parse_key_parameter_string (NULL, -1,
4327 &algo, &size, &keyuse, &curve,
4329 &subkeyuse, &subcurve);
4332 log_error (_("Key generation failed: %s\n"), gpg_strerror (err));
4335 para = quickgen_set_para (para, 0, algo, size, curve, keyuse);
4337 para = quickgen_set_para (para, 1,
4338 subalgo, subsize, subcurve, subkeyuse);
4344 expire = full? ask_expire_interval (0, NULL)
4345 : parse_expire_string (default_expiration_interval);
4346 r = xcalloc (1, sizeof *r + 20);
4347 r->key = pKEYEXPIRE;
4348 r->u.expire = expire;
4351 r = xcalloc (1, sizeof *r + 20);
4352 r->key = pSUBKEYEXPIRE;
4353 r->u.expire = expire;
4357 uid = ask_user_id (0, full, NULL);
4360 log_error(_("Key generation canceled.\n"));
4361 release_parameter_list( para );
4364 r = xcalloc (1, sizeof *r + strlen (uid));
4366 strcpy (r->u.value, uid);
4370 proc_parameter_file (ctrl, para, "[internal]", &outctrl, !!card_serialno);
4371 release_parameter_list (para);
4375 /* Create and delete a dummy packet to start off a list of kbnodes. */
4377 start_tree(KBNODE *tree)
4381 pkt=xmalloc_clear(sizeof(*pkt));
4382 pkt->pkttype=PKT_NONE;
4383 *tree=new_kbnode(pkt);
4384 delete_kbnode(*tree);
4388 /* Write the *protected* secret key to the file. */
4390 card_write_key_to_backup_file (PKT_public_key *sk, const char *backup_dir)
4392 gpg_error_t err = 0;
4394 char keyid_buffer[2 * 8 + 1];
4395 char name_buffer[50];
4401 format_keyid (pk_keyid (sk), KF_LONG, keyid_buffer, sizeof (keyid_buffer));
4402 snprintf (name_buffer, sizeof name_buffer, "sk_%s.gpg", keyid_buffer);
4404 fname = make_filename (backup_dir, name_buffer, NULL);
4405 /* Note that the umask call is not anymore needed because
4406 iobuf_create now takes care of it. However, it does not harm
4407 and thus we keep it. */
4408 oldmask = umask (077);
4409 if (is_secured_filename (fname))
4412 gpg_err_set_errno (EPERM);
4415 fp = iobuf_create (fname, 1);
4419 err = gpg_error_from_syserror ();
4420 log_error (_("can't create backup file '%s': %s\n"), fname, strerror (errno) );
4424 pkt = xcalloc (1, sizeof *pkt);
4425 pkt->pkttype = PKT_SECRET_KEY;
4426 pkt->pkt.secret_key = sk;
4428 rc = build_packet (fp, pkt);
4431 log_error ("build packet failed: %s\n", gpg_strerror (rc));
4439 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
4440 log_info (_("Note: backup of card key saved to '%s'\n"), fname);
4442 fprbuf = hexfingerprint (sk, NULL, 0);
4443 write_status_text_and_buffer (STATUS_BACKUP_KEY_CREATED, fprbuf,
4444 fname, strlen (fname), 0);
4455 /* Store key to card and make a backup file in OpenPGP format. */
4457 card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
4458 const char *backup_dir)
4461 gnupg_isotime_t timestamp;
4465 struct agent_card_info_s info;
4466 gcry_cipher_hd_t cipherhd = NULL;
4467 char *cache_nonce = NULL;
4471 sk = copy_public_key (NULL, sub_psk);
4473 return gpg_error_from_syserror ();
4475 epoch2isotime (timestamp, (time_t)sk->timestamp);
4476 err = hexkeygrip_from_pk (sk, &hexgrip);
4480 memset(&info, 0, sizeof (info));
4481 rc = agent_scd_getattr ("SERIALNO", &info);
4483 return (gpg_error_t)rc;
4485 rc = agent_keytocard (hexgrip, 2, 1, info.serialno, timestamp);
4486 xfree (info.serialno);
4489 err = (gpg_error_t)rc;
4493 err = agent_keywrap_key (ctrl, 1, &kek, &keklen);
4496 log_error ("error getting the KEK: %s\n", gpg_strerror (err));
4500 err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
4501 GCRY_CIPHER_MODE_AESWRAP, 0);
4503 err = gcry_cipher_setkey (cipherhd, kek, keklen);
4506 log_error ("error setting up an encryption context: %s\n",
4507 gpg_strerror (err));
4511 err = receive_seckey_from_agent (ctrl, cipherhd, 0,
4512 &cache_nonce, hexgrip, sk);
4515 log_error ("error getting secret key from agent: %s\n",
4516 gpg_strerror (err));
4520 err = card_write_key_to_backup_file (sk, backup_dir);
4522 log_error ("writing card key to backup file: %s\n", gpg_strerror (err));
4524 /* Remove secret key data in agent side. */
4525 agent_scd_learn (NULL, 1);
4528 xfree (cache_nonce);
4529 gcry_cipher_close (cipherhd);
4532 free_public_key (sk);
4538 do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
4539 struct output_control_s *outctrl, int card)
4542 KBNODE pub_root = NULL;
4544 PKT_public_key *pri_psk = NULL;
4545 PKT_public_key *sub_psk = NULL;
4546 struct revocation_key *revkey;
4549 char *cache_nonce = NULL;
4551 if (outctrl->dryrun)
4553 log_info("dry-run mode - key generation skipped\n");
4557 if ( outctrl->use_files )
4559 if ( outctrl->pub.newfname )
4561 iobuf_close(outctrl->pub.stream);
4562 outctrl->pub.stream = NULL;
4563 if (outctrl->pub.fname)
4564 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE,
4565 0, (char*)outctrl->pub.fname);
4566 xfree( outctrl->pub.fname );
4567 outctrl->pub.fname = outctrl->pub.newfname;
4568 outctrl->pub.newfname = NULL;
4570 if (is_secured_filename (outctrl->pub.fname) )
4572 outctrl->pub.stream = NULL;
4573 gpg_err_set_errno (EPERM);
4576 outctrl->pub.stream = iobuf_create (outctrl->pub.fname, 0);
4577 if (!outctrl->pub.stream)
4579 log_error(_("can't create '%s': %s\n"), outctrl->pub.newfname,
4585 outctrl->pub.afx->what = 1;
4586 push_armor_filter (outctrl->pub.afx, outctrl->pub.stream);
4589 log_assert( outctrl->pub.stream );
4591 log_info (_("writing public key to '%s'\n"), outctrl->pub.fname );
4595 /* We create the packets as a tree of kbnodes. Because the
4596 structure we create is known in advance we simply generate a
4597 linked list. The first packet is a dummy packet which we flag as
4598 deleted. The very first packet must always be a KEY packet. */
4600 start_tree (&pub_root);
4602 timestamp = get_parameter_u32 (para, pKEYCREATIONDATE);
4604 timestamp = make_timestamp ();
4606 /* Note that, depending on the backend (i.e. the used scdaemon
4607 version), the card key generation may update TIMESTAMP for each
4608 key. Thus we need to pass TIMESTAMP to all signing function to
4609 make sure that the binding signature is done using the timestamp
4610 of the corresponding (sub)key and not that of the primary key.
4611 An alternative implementation could tell the signing function the
4612 node of the subkey but that is more work than just to pass the
4613 current timestamp. */
4616 err = do_create (get_parameter_algo( para, pKEYTYPE, NULL ),
4617 get_parameter_uint( para, pKEYLENGTH ),
4618 get_parameter_value (para, pKEYCURVE),
4621 get_parameter_u32( para, pKEYEXPIRE ), 0,
4622 outctrl->keygen_flags,
4623 get_parameter_passphrase (para),
4624 &cache_nonce, NULL);
4626 err = gen_card_key (1, get_parameter_algo( para, pKEYTYPE, NULL ),
4627 1, pub_root, ×tamp,
4628 get_parameter_u32 (para, pKEYEXPIRE));
4630 /* Get the pointer to the generated public key packet. */
4633 pri_psk = pub_root->next->pkt->pkt.public_key;
4634 log_assert (pri_psk);
4636 /* Make sure a few fields are correctly set up before going
4638 pri_psk->flags.primary = 1;
4639 keyid_from_pk (pri_psk, NULL);
4640 /* We don't use pk_keyid to get keyid, because it also asserts
4641 that main_keyid is set! */
4642 keyid_copy (pri_psk->main_keyid, pri_psk->keyid);
4645 if (!err && (revkey = get_parameter_revkey (para, pREVOKER)))
4646 err = write_direct_sig (pub_root, pri_psk, revkey, timestamp, cache_nonce);
4648 if (!err && (s = get_parameter_value (para, pUSERID)))
4650 write_uid (pub_root, s );
4651 err = write_selfsigs (pub_root, pri_psk,
4652 get_parameter_uint (para, pKEYUSAGE), timestamp,
4656 /* Write the auth key to the card before the encryption key. This
4657 is a partial workaround for a PGP bug (as of this writing, all
4658 versions including 8.1), that causes it to try and encrypt to
4659 the most recent subkey regardless of whether that subkey is
4660 actually an encryption type. In this case, the auth key is an
4661 RSA key so it succeeds. */
4663 if (!err && card && get_parameter (para, pAUTHKEYTYPE))
4665 err = gen_card_key (3, get_parameter_algo( para, pAUTHKEYTYPE, NULL ),
4666 0, pub_root, ×tamp,
4667 get_parameter_u32 (para, pKEYEXPIRE));
4669 err = write_keybinding (pub_root, pri_psk, NULL,
4670 PUBKEY_USAGE_AUTH, timestamp, cache_nonce);
4673 if (!err && get_parameter (para, pSUBKEYTYPE))
4677 if (!card || (s = get_parameter_value (para, pCARDBACKUPKEY)))
4679 err = do_create (get_parameter_algo (para, pSUBKEYTYPE, NULL),
4680 get_parameter_uint (para, pSUBKEYLENGTH),
4681 get_parameter_value (para, pSUBKEYCURVE),
4684 get_parameter_u32 (para, pSUBKEYEXPIRE), 1,
4685 s ? KEYGEN_FLAG_NO_PROTECTION : outctrl->keygen_flags,
4686 get_parameter_passphrase (para),
4687 &cache_nonce, NULL);
4688 /* Get the pointer to the generated public subkey packet. */
4693 for (node = pub_root; node; node = node->next)
4694 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4695 sub_psk = node->pkt->pkt.public_key;
4696 log_assert (sub_psk);
4699 err = card_store_key_with_backup (ctrl,
4700 sub_psk, gnupg_homedir ());
4705 err = gen_card_key (2, get_parameter_algo (para, pSUBKEYTYPE, NULL),
4706 0, pub_root, ×tamp,
4707 get_parameter_u32 (para, pKEYEXPIRE));
4711 err = write_keybinding (pub_root, pri_psk, sub_psk,
4712 get_parameter_uint (para, pSUBKEYUSAGE),
4713 timestamp, cache_nonce);
4717 if (!err && outctrl->use_files) /* Direct write to specified files. */
4719 err = write_keyblock (outctrl->pub.stream, pub_root);
4721 log_error ("can't write public key: %s\n", gpg_strerror (err));
4723 else if (!err) /* Write to the standard keyrings. */
4725 KEYDB_HANDLE pub_hd;
4727 pub_hd = keydb_new ();
4729 err = gpg_error_from_syserror ();
4732 err = keydb_locate_writable (pub_hd);
4734 log_error (_("no writable public keyring found: %s\n"),
4735 gpg_strerror (err));
4738 if (!err && opt.verbose)
4740 log_info (_("writing public key to '%s'\n"),
4741 keydb_get_resource_name (pub_hd));
4746 err = keydb_insert_keyblock (pub_hd, pub_root);
4748 log_error (_("error writing public keyring '%s': %s\n"),
4749 keydb_get_resource_name (pub_hd), gpg_strerror (err));
4752 keydb_release (pub_hd);
4759 no_enc_rsa = ((get_parameter_algo (para, pKEYTYPE, NULL)
4761 && get_parameter_uint (para, pKEYUSAGE)
4762 && !((get_parameter_uint (para, pKEYUSAGE)
4763 & PUBKEY_USAGE_ENC)) );
4765 pk = find_kbnode (pub_root, PKT_PUBLIC_KEY)->pkt->pkt.public_key;
4767 keyid_from_pk (pk, pk->main_keyid);
4768 register_trusted_keyid (pk->main_keyid);
4770 update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK)
4771 | TRUST_ULTIMATE ));
4773 gen_standard_revoke (pk, cache_nonce);
4775 /* Get rid of the first empty packet. */
4776 commit_kbnode (&pub_root);
4780 tty_printf (_("public and secret key created and signed.\n") );
4782 merge_keys_and_selfsig (pub_root);
4783 list_keyblock_direct (ctrl, pub_root, 0, 1, 1, 1);
4788 && (get_parameter_algo (para, pKEYTYPE, NULL) == PUBKEY_ALGO_DSA
4790 && !get_parameter (para, pSUBKEYTYPE) )
4792 tty_printf(_("Note that this key cannot be used for "
4793 "encryption. You may want to use\n"
4794 "the command \"--edit-key\" to generate a "
4795 "subkey for this purpose.\n") );
4803 log_error ("key generation failed: %s\n", gpg_strerror (err) );
4805 tty_printf (_("Key generation failed: %s\n"), gpg_strerror (err) );
4806 write_status_error (card? "card_key_generate":"key_generate", err);
4807 print_status_key_not_created ( get_parameter_value (para, pHANDLE) );
4811 PKT_public_key *pk = find_kbnode (pub_root,
4812 PKT_PUBLIC_KEY)->pkt->pkt.public_key;
4813 print_status_key_created (did_sub? 'B':'P', pk,
4814 get_parameter_value (para, pHANDLE));
4817 release_kbnode (pub_root);
4818 xfree (cache_nonce);
4823 parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
4824 const char *algostr, const char *usagestr,
4825 const char *expirestr,
4826 int *r_algo, unsigned int *r_usage, u32 *r_expire,
4827 unsigned int *r_nbits, char **r_curve)
4831 unsigned int use, nbits;
4834 const char *curve = NULL;
4840 /* Parse the algo string. */
4841 if (algostr && *algostr == '&' && strlen (algostr) == 41)
4843 /* Take algo from existing key. */
4844 algo = check_keygrip (ctrl, algostr+1);
4845 /* FIXME: We need the curve name as well. */
4846 return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
4849 err = parse_key_parameter_string (algostr, for_subkey? 1 : 0,
4850 &algo, &nbits, &use, &curve,
4851 NULL, NULL, NULL, NULL);
4855 /* Parse the usage string. */
4856 if (!usagestr || !*usagestr
4857 || !strcmp (usagestr, "default") || !strcmp (usagestr, "-"))
4858 ; /* Keep usage from parse_key_parameter_string. */
4859 else if ((wantuse = parse_usagestr (usagestr)) != -1)
4862 return gpg_error (GPG_ERR_INV_VALUE);
4864 /* Make sure a primary key has the CERT usage. */
4866 use |= PUBKEY_USAGE_CERT;
4868 /* Check that usage is possible. NB: We have the same check in
4869 * parse_key_parameter_string but need it here again in case the
4870 * separate usage value has been given. */
4871 if (/**/((use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT))
4872 && !pubkey_get_nsig (algo))
4873 || ((use & PUBKEY_USAGE_ENC)
4874 && !pubkey_get_nenc (algo))
4875 || (for_subkey && (use & PUBKEY_USAGE_CERT)))
4876 return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
4878 /* Parse the expire string. */
4879 expire = parse_expire_string (expirestr);
4880 if (expire == (u32)-1 )
4881 return gpg_error (GPG_ERR_INV_VALUE);
4885 *r_curve = xtrystrdup (curve);
4887 return gpg_error_from_syserror ();
4897 /* Add a new subkey to an existing key. Returns 0 if a new key has
4898 been generated and put into the keyblocks. If any of ALGOSTR,
4899 USAGESTR, or EXPIRESTR is NULL interactive mode is used. */
4901 generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
4902 const char *usagestr, const char *expirestr)
4904 gpg_error_t err = 0;
4907 PKT_public_key *pri_psk = NULL;
4908 PKT_public_key *sub_psk = NULL;
4912 unsigned int nbits = 0;
4915 char *key_from_hexgrip = NULL;
4916 char *hexgrip = NULL;
4917 char *serialno = NULL;
4918 char *cache_nonce = NULL;
4919 char *passwd_nonce = NULL;
4921 interactive = (!algostr || !usagestr || !expirestr);
4923 /* Break out the primary key. */
4924 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
4927 log_error ("Oops; primary key missing in keyblock!\n");
4928 err = gpg_error (GPG_ERR_BUG);
4931 pri_psk = node->pkt->pkt.public_key;
4933 cur_time = make_timestamp ();
4935 if (pri_psk->timestamp > cur_time)
4937 ulong d = pri_psk->timestamp - cur_time;
4938 log_info ( d==1 ? _("key has been created %lu second "
4939 "in future (time warp or clock problem)\n")
4940 : _("key has been created %lu seconds "
4941 "in future (time warp or clock problem)\n"), d );
4942 if (!opt.ignore_time_conflict)
4944 err = gpg_error (GPG_ERR_TIME_CONFLICT);
4949 if (pri_psk->version < 4)
4951 log_info (_("Note: creating subkeys for v3 keys "
4952 "is not OpenPGP compliant\n"));
4953 err = gpg_error (GPG_ERR_CONFLICT);
4957 err = hexkeygrip_from_pk (pri_psk, &hexgrip);
4960 if (agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
4963 tty_printf (_("Secret parts of primary key are not available.\n"));
4965 log_info ( _("Secret parts of primary key are not available.\n"));
4966 err = gpg_error (GPG_ERR_NO_SECKEY);
4972 tty_printf (_("Secret parts of primary key are stored on-card.\n"));
4974 log_info ( _("Secret parts of primary key are stored on-card.\n"));
4979 algo = ask_algo (ctrl, 1, NULL, &use, &key_from_hexgrip);
4982 if (key_from_hexgrip)
4984 else if (algo == PUBKEY_ALGO_ECDSA
4985 || algo == PUBKEY_ALGO_EDDSA
4986 || algo == PUBKEY_ALGO_ECDH)
4987 curve = ask_curve (&algo, NULL);
4989 nbits = ask_keysize (algo, 0);
4991 expire = ask_expire_interval (0, NULL);
4992 if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",
4993 _("Really create? (y/N) ")))
4995 err = gpg_error (GPG_ERR_CANCELED);
4999 else /* Unattended mode. */
5001 err = parse_algo_usage_expire (ctrl, 1, algostr, usagestr, expirestr,
5002 &algo, &use, &expire, &nbits, &curve);
5007 /* Verify the passphrase now so that we get a cache item for the
5008 * primary key passphrase. The agent also returns a passphrase
5009 * nonce, which we can use to set the passphrase for the subkey to
5010 * that of the primary key. */
5012 char *desc = gpg_format_keydesc (pri_psk, FORMAT_KEYDESC_NORMAL, 1);
5013 err = agent_passwd (ctrl, hexgrip, desc, 1 /*=verify*/,
5014 &cache_nonce, &passwd_nonce);
5018 /* Start creation. */
5019 if (key_from_hexgrip)
5021 err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip,
5022 keyblock, cur_time, expire, 1);
5028 /* If the pinentry loopback mode is not and we have a static
5029 passphrase (i.e. set with --passphrase{,-fd,-file} while in batch
5030 mode), we use that passphrase for the new subkey. */
5031 if (opt.pinentry_mode != PINENTRY_MODE_LOOPBACK
5032 && have_static_passphrase ())
5033 passwd = get_static_passphrase ();
5037 err = do_create (algo, nbits, curve,
5038 keyblock, cur_time, expire, 1, 0,
5039 passwd, &cache_nonce, &passwd_nonce);
5044 /* Get the pointer to the generated public subkey packet. */
5045 for (node = keyblock; node; node = node->next)
5046 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
5047 sub_psk = node->pkt->pkt.public_key;
5049 /* Write the binding signature. */
5050 err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time,
5055 print_status_key_created ('S', sub_psk, NULL);
5059 xfree (key_from_hexgrip);
5063 xfree (cache_nonce);
5064 xfree (passwd_nonce);
5066 log_error (_("Key generation failed: %s\n"), gpg_strerror (err) );
5071 #ifdef ENABLE_CARD_SUPPORT
5072 /* Generate a subkey on a card. */
5074 generate_card_subkeypair (kbnode_t pub_keyblock,
5075 int keyno, const char *serialno)
5077 gpg_error_t err = 0;
5079 PKT_public_key *pri_pk = NULL;
5083 struct para_data_s *para = NULL;
5084 PKT_public_key *sub_pk = NULL;
5086 struct agent_card_info_s info;
5088 log_assert (keyno >= 1 && keyno <= 3);
5090 memset (&info, 0, sizeof (info));
5091 err = agent_scd_getattr ("KEY-ATTR", &info);
5094 log_error (_("error getting current key info: %s\n"), gpg_strerror (err));
5097 algo = info.key_attr[keyno-1].algo;
5099 para = xtrycalloc (1, sizeof *para + strlen (serialno) );
5102 err = gpg_error_from_syserror ();
5105 para->key = pSERIALNO;
5106 strcpy (para->u.value, serialno);
5108 /* Break out the primary secret key */
5109 node = find_kbnode (pub_keyblock, PKT_PUBLIC_KEY);
5112 log_error ("Oops; publkic key lost!\n");
5113 err = gpg_error (GPG_ERR_INTERNAL);
5116 pri_pk = node->pkt->pkt.public_key;
5118 cur_time = make_timestamp();
5119 if (pri_pk->timestamp > cur_time)
5121 ulong d = pri_pk->timestamp - cur_time;
5122 log_info (d==1 ? _("key has been created %lu second "
5123 "in future (time warp or clock problem)\n")
5124 : _("key has been created %lu seconds "
5125 "in future (time warp or clock problem)\n"), d );
5126 if (!opt.ignore_time_conflict)
5128 err = gpg_error (GPG_ERR_TIME_CONFLICT);
5133 if (pri_pk->version < 4)
5135 log_info (_("Note: creating subkeys for v3 keys "
5136 "is not OpenPGP compliant\n"));
5137 err = gpg_error (GPG_ERR_NOT_SUPPORTED);
5141 expire = ask_expire_interval (0, NULL);
5143 use = PUBKEY_USAGE_SIG;
5144 else if (keyno == 2)
5145 use = PUBKEY_USAGE_ENC;
5147 use = PUBKEY_USAGE_AUTH;
5148 if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.cardsub.okay",
5149 _("Really create? (y/N) ")))
5151 err = gpg_error (GPG_ERR_CANCELED);
5155 /* Note, that depending on the backend, the card key generation may
5157 err = gen_card_key (keyno, algo, 0, pub_keyblock, &cur_time, expire);
5158 /* Get the pointer to the generated public subkey packet. */
5161 for (node = pub_keyblock; node; node = node->next)
5162 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
5163 sub_pk = node->pkt->pkt.public_key;
5164 log_assert (sub_pk);
5165 err = write_keybinding (pub_keyblock, pri_pk, sub_pk,
5166 use, cur_time, NULL);
5171 log_error (_("Key generation failed: %s\n"), gpg_strerror (err) );
5173 print_status_key_created ('S', sub_pk, NULL);
5174 release_parameter_list (para);
5177 #endif /* !ENABLE_CARD_SUPPORT */
5180 * Write a keyblock to an output stream
5183 write_keyblock( IOBUF out, KBNODE node )
5185 for( ; node ; node = node->next )
5187 if(!is_deleted_kbnode(node))
5189 int rc = build_packet( out, node->pkt );
5192 log_error("build_packet(%d) failed: %s\n",
5193 node->pkt->pkttype, gpg_strerror (rc) );
5203 /* Note that timestamp is an in/out arg. */
5205 gen_card_key (int keyno, int algo, int is_primary, kbnode_t pub_root,
5206 u32 *timestamp, u32 expireval)
5208 #ifdef ENABLE_CARD_SUPPORT
5213 unsigned char *public;
5216 snprintf (keyid, DIM(keyid), "OPENPGP.%d", keyno);
5218 pk = xtrycalloc (1, sizeof *pk );
5220 return gpg_error_from_syserror ();
5221 pkt = xtrycalloc (1, sizeof *pkt);
5225 return gpg_error_from_syserror ();
5228 /* Note: SCD knows the serialnumber, thus there is no point in passing it. */
5229 err = agent_scd_genkey (keyno, 1, timestamp);
5230 /* The code below is not used because we force creation of
5231 * the a card key (3rd arg).
5232 * if (gpg_err_code (rc) == GPG_ERR_EEXIST)
5234 * tty_printf ("\n");
5235 * log_error ("WARNING: key does already exists!\n");
5236 * tty_printf ("\n");
5237 * if ( cpr_get_answer_is_yes( "keygen.card.replace_key",
5238 * _("Replace existing key? ")))
5239 * rc = agent_scd_genkey (keyno, 1, timestamp);
5244 log_error ("key generation failed: %s\n", gpg_strerror (err));
5250 /* Send the READKEY command so that the agent creates a shadow key for
5251 card key. We need to do that now so that we are able to create
5252 the self-signatures. */
5253 err = agent_readkey (NULL, 1, keyid, &public);
5256 err = gcry_sexp_sscan (&s_key, NULL, public,
5257 gcry_sexp_canon_len (public, 0, NULL, NULL));
5262 if (algo == PUBKEY_ALGO_RSA)
5263 err = key_from_sexp (pk->pkey, s_key, "public-key", "ne");
5264 else if (algo == PUBKEY_ALGO_ECDSA
5265 || algo == PUBKEY_ALGO_EDDSA
5266 || algo == PUBKEY_ALGO_ECDH )
5267 err = ecckey_from_sexp (pk->pkey, s_key, algo);
5269 err = gpg_error (GPG_ERR_PUBKEY_ALGO);
5270 gcry_sexp_release (s_key);
5274 log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) );
5275 free_public_key (pk);
5279 pk->timestamp = *timestamp;
5282 pk->expiredate = pk->timestamp + expireval;
5283 pk->pubkey_algo = algo;
5285 pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
5286 pkt->pkt.public_key = pk;
5287 add_kbnode (pub_root, new_kbnode (pkt));
5296 return gpg_error (GPG_ERR_NOT_SUPPORTED);
5297 #endif /*!ENABLE_CARD_SUPPORT*/