1 From: Werner Koch <wk@gnupg.org>
2 Date: Tue, 14 Feb 2017 10:55:13 +0100
3 Subject: gpg: Make --export-ssh-key work for the primary key.
5 * g10/export.c (export_ssh_key): Also check the primary key.
8 If no suitable subkey was found for export, we now check whether the
9 primary key is suitable for export and export this one. Without this
10 change it was only possible to export the primary key by using the '!'
11 suffix in the key specification.
13 Also added a sample key for testing this.
16 Signed-off-by: Werner Koch <wk@gnupg.org>
17 (cherry picked from commit b456e5be91dc064fc9509ea86edab113721ed299)
19 g10/export.c | 42 ++++++++++++++++++++++
20 tests/openpgp/samplekeys/README | 2 ++
21 .../samplekeys/rsa-primary-auth-only.pub.asc | 23 ++++++++++++
22 .../samplekeys/rsa-primary-auth-only.sec.asc | 38 ++++++++++++++++++++
23 4 files changed, 105 insertions(+)
24 create mode 100644 tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc
25 create mode 100644 tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc
27 diff --git a/g10/export.c b/g10/export.c
28 index f354ca0..8668126 100644
31 @@ -2208,6 +2208,48 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
36 + /* If no subkey was suitable check the primary key. */
38 + && (node = keyblock) && node->pkt->pkttype == PKT_PUBLIC_KEY)
40 + pk = node->pkt->pkt.public_key;
42 + log_debug ("\tchecking primary key %08lX\n",
43 + (ulong) keyid_from_pk (pk, NULL));
44 + if (!(pk->pubkey_usage & PUBKEY_USAGE_AUTH))
47 + log_debug ("\tprimary key not usable for authentication\n");
49 + else if (!pk->flags.valid)
52 + log_debug ("\tprimary key not valid\n");
54 + else if (pk->flags.revoked)
57 + log_debug ("\tprimary key has been revoked\n");
59 + else if (pk->has_expired)
62 + log_debug ("\tprimary key has expired\n");
64 + else if (pk->timestamp > curtime && !opt.ignore_valid_from)
67 + log_debug ("\tprimary key not yet valid\n");
72 + log_debug ("\tprimary key is fine\n");
73 + latest_date = pk->timestamp;
80 diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README
81 index 29524d5..6f2399f 100644
82 --- a/tests/openpgp/samplekeys/README
83 +++ b/tests/openpgp/samplekeys/README
84 @@ -17,3 +17,5 @@ E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection)
85 rsa-rsa-sample-1.asc RSA+RSA sample key (no passphrase)
86 ed25519-cv25519-sample-1.asc Ed25519+CV25519 sample key (no passphrase)
87 silent-running.asc Collection of sample secret keys (no passphrases)
88 +rsa-primary-auth-only.pub.asc rsa2408 primary only, usage: cert,auth
89 +rsa-primary-auth-only.sec.asc Ditto but the secret keyblock.
90 diff --git a/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc b/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc
92 index 0000000..f34999e
94 +++ b/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc
96 +pub rsa2048 2017-02-14 [CA]
97 + F74B4029E6906D12EBDA8EE3BD7744900FDABC8D
98 + Keygrip = AB1BB1843677AF7CC4D6C14444320C3FF4147E98
99 +uid [ unknown] ssh://host.example.net
101 +-----BEGIN PGP PUBLIC KEY BLOCK-----
103 +mQENBFiizWgBCACi28riS0AaC7UvXaZfoafEvcXq/MAq6akiowPf3eY4zz5DkBPf
104 +Ep3kGuDMAFqULvchIt9vpg719Zar/Xldi+UG+/KsDz+TT5k+nP6CwvBHbAXXtISv
105 +S51TKKnTFpvjcgJc1BMFN0pGf7JnZx1QfRfsZO2BvS4qVzYCWbSS9hlpMq4aIgOc
106 +ERBMsZYMPnI4ijbXysksecDC91kbJH0q5j8aGir5sDyrDwfVLp0SUAubRFU5gXuZ
107 +SEv9QmeV7XoXKXzk9KEYy7GUgoAJzabvbF0rVXqd3DE8KFkwK7rKBe8sGC04DWlK
108 +j/sHJcAfMSqCi/SZyYpO+FSfnB+uJ1BNc05hABEBAAG0FnNzaDovL2hvc3QuZXhh
109 +bXBsZS5uZXSJAU4EEwEIADgWIQT3S0Ap5pBtEuvajuO9d0SQD9q8jQUCWKLNaAIb
110 +IQULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRC9d0SQD9q8jZBrB/41MJWUeclV
111 +tM60+ydPNgUJwyRXpKdLIm/AtM1zOijlFkwsaMmzbFSFJJX98HGASHdU5OpL2Lv3
112 +1NNDNMbUuFumApVrLzJUBugFRb+8/uY7H3Z0/YKQ9g9OC3z7+uqFFv/+/wA+VdYX
113 +Zy6uim8E4OlJ41S68fQcMiTxbLTCDkvBbpf505t6JhNqF6JB+SBFQJXvRqjoydXf
114 +dyoiDz9N1V0ERzmGEiPewvHg2zWcVia07NGhxN3slQ3klOfYJQ8Ye72feNq1zKCy
115 +AyU3X8fL10XKWooCAU+t4hR5hXYxYTSZse5q0FHZ38Lt9c3ApMSZ2+ueeOtGbsH9
118 +-----END PGP PUBLIC KEY BLOCK-----
119 diff --git a/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc b/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc
121 index 0000000..9d72421
123 +++ b/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc
125 +sec rsa2048 2017-02-14 [CA]
126 + F74B4029E6906D12EBDA8EE3BD7744900FDABC8D
127 + Keygrip = AB1BB1843677AF7CC4D6C14444320C3FF4147E98
128 +uid [ unknown] ssh://host.example.net
132 +-----BEGIN PGP PRIVATE KEY BLOCK-----
134 +lQOYBFiizWgBCACi28riS0AaC7UvXaZfoafEvcXq/MAq6akiowPf3eY4zz5DkBPf
135 +Ep3kGuDMAFqULvchIt9vpg719Zar/Xldi+UG+/KsDz+TT5k+nP6CwvBHbAXXtISv
136 +S51TKKnTFpvjcgJc1BMFN0pGf7JnZx1QfRfsZO2BvS4qVzYCWbSS9hlpMq4aIgOc
137 +ERBMsZYMPnI4ijbXysksecDC91kbJH0q5j8aGir5sDyrDwfVLp0SUAubRFU5gXuZ
138 +SEv9QmeV7XoXKXzk9KEYy7GUgoAJzabvbF0rVXqd3DE8KFkwK7rKBe8sGC04DWlK
139 +j/sHJcAfMSqCi/SZyYpO+FSfnB+uJ1BNc05hABEBAAEAB/wN0yan4HIdQ+fU5i2c
140 +v0uknI9+i9zW8mWUi84Puks0K15CZ1VTLHC8JQ6hgq4twhw3HeS7GkJO3X2K4BuQ
141 +tggdIv94slqtQKaQ9XbNgYraz/AMXZtIiNy0FdGaGmM6rY+ccwxM9w1BFXn+48v4
142 +lzCUCq/2wX53wwDSC5dpRPw8km6+uksFh3dfY8kgfpjU/lUCCwQiooYrQhut1EGB
143 +lDLRHp2ntC1xsnowtdPzluIHFetFSnmn2ehGqXqXtXLAMF0HOirViO5dUVMuj2Pe
144 +ra3IYVYANYK/7FEsRXHxU6aB/BSnubb5EiqB1Oi1JNyMrvYZnRsoRUaMjVgjA4ne
145 +RwD5BADBZN2USYGgciDVh7kvTbrtS1igPhoe3xUUQsM0hVIEwBzG4A4pWXznIQyW
146 +BziVTnRNp953EbHJIYdn7vmJzdiRKI+hOvrF8dfvVsq+fp4pWxrc+zrC6qptpo6H
147 +IhkHWUpyfIPuTI8d+glIUIuDshwKau0UZ8VDTOYuRYEZX9PrAwQA15RdS3geA1cf
148 +UK/ZaKs5VnohcLtEE/z3BlvlQaEdHxSQJSLYC4By7zKVOFZlZkHk36IPikwYNTgc
149 +P57aLe7rwNZqPhADue1ZN6Ypetvrek55lAYL9XoPJ/mWaYz6oDWWW8vHYqEPk8OL
150 +N8/8a6DhK0iydXi9/ztHQllbOt0EUcsEAJBjX84FgIi3VRotRSEDN/tIhekNo8p6
151 +Pl8YF4V8A1hCVBEKRIcsPVx603DFiGFRcQQcBbblqVG4fpOYYgiBtEgJksRiMg/o
152 +kmVkl8BPrIhBGe2ez7byhhFvJDAoOWCdH0MWGaPGUoCGTDvd046GE8B3UWN9TSmo
153 +qAqfrUG0hQVQLEa0FnNzaDovL2hvc3QuZXhhbXBsZS5uZXSJAU4EEwEIADgWIQT3
154 +S0Ap5pBtEuvajuO9d0SQD9q8jQUCWKLNaAIbIQULCQgHAgYVCAkKCwIEFgIDAQIe
155 +AQIXgAAKCRC9d0SQD9q8jZBrB/41MJWUeclVtM60+ydPNgUJwyRXpKdLIm/AtM1z
156 +OijlFkwsaMmzbFSFJJX98HGASHdU5OpL2Lv31NNDNMbUuFumApVrLzJUBugFRb+8
157 +/uY7H3Z0/YKQ9g9OC3z7+uqFFv/+/wA+VdYXZy6uim8E4OlJ41S68fQcMiTxbLTC
158 +DkvBbpf505t6JhNqF6JB+SBFQJXvRqjoydXfdyoiDz9N1V0ERzmGEiPewvHg2zWc
159 +Via07NGhxN3slQ3klOfYJQ8Ye72feNq1zKCyAyU3X8fL10XKWooCAU+t4hR5hXYx
160 +YTSZse5q0FHZ38Lt9c3ApMSZ2+ueeOtGbsH9kV8icGkI6KXp
162 +-----END PGP PRIVATE KEY BLOCK-----