1 /* keyedit.c - Edit properties of a key
2 * Copyright (C) 1998-2010 Free Software Foundation, Inc.
3 * Copyright (C) 1998-2016 Werner Koch
4 * Copyright (C) 2015, 2016 g10 Code GmbH
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
28 #ifdef HAVE_LIBREADLINE
29 # define GNUPG_LIBREADLINE_H_INCLUDED
30 # include <readline/readline.h>
47 #include "keyserver-internal.h"
48 #include "call-agent.h"
52 static void show_prefs (PKT_user_id * uid, PKT_signature * selfsig,
54 static void show_names (ctrl_t ctrl, estream_t fp,
55 kbnode_t keyblock, PKT_public_key * pk,
56 unsigned int flag, int with_prefs);
57 static void show_key_with_all_names (ctrl_t ctrl, estream_t fp,
58 KBNODE keyblock, int only_marked,
59 int with_revoker, int with_fpr,
60 int with_subkeys, int with_prefs,
62 static void show_key_and_fingerprint (kbnode_t keyblock, int with_subkeys);
63 static void show_key_and_grip (kbnode_t keyblock);
64 static void subkey_expire_warning (kbnode_t keyblock);
65 static int menu_adduid (ctrl_t ctrl, kbnode_t keyblock,
66 int photo, const char *photo_name, const char *uidstr);
67 static void menu_deluid (KBNODE pub_keyblock);
68 static int menu_delsig (KBNODE pub_keyblock);
69 static int menu_clean (KBNODE keyblock, int self_only);
70 static void menu_delkey (KBNODE pub_keyblock);
71 static int menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive);
72 static gpg_error_t menu_expire (kbnode_t pub_keyblock,
73 int force_mainkey, u32 newexpiration);
74 static int menu_changeusage (kbnode_t keyblock);
75 static int menu_backsign (KBNODE pub_keyblock);
76 static int menu_set_primary_uid (KBNODE pub_keyblock);
77 static int menu_set_preferences (KBNODE pub_keyblock);
78 static int menu_set_keyserver_url (const char *url, KBNODE pub_keyblock);
79 static int menu_set_notation (const char *string, KBNODE pub_keyblock);
80 static int menu_select_uid (KBNODE keyblock, int idx);
81 static int menu_select_uid_namehash (KBNODE keyblock, const char *namehash);
82 static int menu_select_key (KBNODE keyblock, int idx, char *p);
83 static int count_uids (KBNODE keyblock);
84 static int count_uids_with_flag (KBNODE keyblock, unsigned flag);
85 static int count_keys_with_flag (KBNODE keyblock, unsigned flag);
86 static int count_selected_uids (KBNODE keyblock);
87 static int real_uids_left (KBNODE keyblock);
88 static int count_selected_keys (KBNODE keyblock);
89 static int menu_revsig (KBNODE keyblock);
90 static int menu_revuid (ctrl_t ctrl, kbnode_t keyblock);
91 static int core_revuid (ctrl_t ctrl, kbnode_t keyblock, KBNODE node,
92 const struct revocation_reason_info *reason,
94 static int menu_revkey (KBNODE pub_keyblock);
95 static int menu_revsubkey (KBNODE pub_keyblock);
96 #ifndef NO_TRUST_MODELS
97 static int enable_disable_key (KBNODE keyblock, int disable);
98 #endif /*!NO_TRUST_MODELS*/
99 static void menu_showphoto (ctrl_t ctrl, kbnode_t keyblock);
101 static int update_trust = 0;
103 #define CONTROL_D ('D' - 'A' + 1)
105 #define NODFLG_BADSIG (1<<0) /* Bad signature. */
106 #define NODFLG_NOKEY (1<<1) /* No public key. */
107 #define NODFLG_SIGERR (1<<2) /* Other sig error. */
109 #define NODFLG_MARK_A (1<<4) /* Temporary mark. */
110 #define NODFLG_DELSIG (1<<5) /* To be deleted. */
112 #define NODFLG_SELUID (1<<8) /* Indicate the selected userid. */
113 #define NODFLG_SELKEY (1<<9) /* Indicate the selected key. */
114 #define NODFLG_SELSIG (1<<10) /* Indicate a selected signature. */
118 int non_exportable, non_revocable;
119 struct revocation_reason_info *reason;
120 byte trust_depth, trust_value;
126 /* TODO: Fix duplicated code between here and the check-sigs/list-sigs
127 code in keylist.c. */
129 print_and_check_one_sig_colon (KBNODE keyblock, KBNODE node,
130 int *inv_sigs, int *no_key, int *oth_err,
131 int *is_selfsig, int print_without_key)
133 PKT_signature *sig = node->pkt->pkt.signature;
136 /* TODO: Make sure a cached sig record here still has the pk that
137 issued it. See also keylist.c:list_keyblock_print */
139 rc = check_key_signature (keyblock, node, is_selfsig);
140 switch (gpg_err_code (rc))
143 node->flag &= ~(NODFLG_BADSIG | NODFLG_NOKEY | NODFLG_SIGERR);
146 case GPG_ERR_BAD_SIGNATURE:
147 node->flag = NODFLG_BADSIG;
152 case GPG_ERR_NO_PUBKEY:
153 case GPG_ERR_UNUSABLE_PUBKEY:
154 node->flag = NODFLG_NOKEY;
160 node->flag = NODFLG_SIGERR;
167 if (sigrc != '?' || print_without_key)
169 es_printf ("sig:%c::%d:%08lX%08lX:%lu:%lu:",
170 sigrc, sig->pubkey_algo, (ulong) sig->keyid[0],
171 (ulong) sig->keyid[1], (ulong) sig->timestamp,
172 (ulong) sig->expiredate);
174 if (sig->trust_depth || sig->trust_value)
175 es_printf ("%d %d", sig->trust_depth, sig->trust_value);
179 if (sig->trust_regexp)
180 es_write_sanitized (es_stdout,
181 sig->trust_regexp, strlen (sig->trust_regexp),
184 es_printf ("::%02x%c\n", sig->sig_class,
185 sig->flags.exportable ? 'x' : 'l');
187 if (opt.show_subpackets)
188 print_subpackets_colon (sig);
191 return (sigrc == '!');
196 * Print information about a signature (rc is its status), check it
197 * and return true if the signature is okay. NODE must be a signature
198 * packet. With EXTENDED set all possible signature list options will
202 print_one_sig (int rc, KBNODE keyblock, KBNODE node,
203 int *inv_sigs, int *no_key, int *oth_err,
204 int is_selfsig, int print_without_key, int extended)
206 PKT_signature *sig = node->pkt->pkt.signature;
208 int is_rev = sig->sig_class == 0x30;
210 /* TODO: Make sure a cached sig record here still has the pk that
211 issued it. See also keylist.c:list_keyblock_print */
213 switch (gpg_err_code (rc))
216 node->flag &= ~(NODFLG_BADSIG | NODFLG_NOKEY | NODFLG_SIGERR);
219 case GPG_ERR_BAD_SIGNATURE:
220 node->flag = NODFLG_BADSIG;
225 case GPG_ERR_NO_PUBKEY:
226 case GPG_ERR_UNUSABLE_PUBKEY:
227 node->flag = NODFLG_NOKEY;
233 node->flag = NODFLG_SIGERR;
239 if (sigrc != '?' || print_without_key)
241 tty_printf ("%s%c%c %c%c%c%c%c%c %s %s",
242 is_rev ? "rev" : "sig", sigrc,
243 (sig->sig_class - 0x10 > 0 &&
244 sig->sig_class - 0x10 <
245 4) ? '0' + sig->sig_class - 0x10 : ' ',
246 sig->flags.exportable ? ' ' : 'L',
247 sig->flags.revocable ? ' ' : 'R',
248 sig->flags.policy_url ? 'P' : ' ',
249 sig->flags.notation ? 'N' : ' ',
250 sig->flags.expired ? 'X' : ' ',
251 (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
253 sig->trust_depth : ' ',
255 datestr_from_sig (sig));
256 if ((opt.list_options & LIST_SHOW_SIG_EXPIRE) || extended )
257 tty_printf (" %s", expirestr_from_sig (sig));
260 tty_printf ("[%s] ", gpg_strerror (rc));
261 else if (sigrc == '?')
265 tty_printf (is_rev ? _("[revocation]") : _("[self-signature]"));
266 if (extended && sig->flags.chosen_selfsig)
272 char *p = get_user_id (sig->keyid, &n);
273 tty_print_utf8_string2 (NULL, p, n,
274 opt.screen_columns - keystrlen () - 26 -
276 list_options & LIST_SHOW_SIG_EXPIRE) ? 11
282 if (sig->flags.policy_url
283 && ((opt.list_options & LIST_SHOW_POLICY_URLS) || extended))
284 show_policy_url (sig, 3, -1);
286 if (sig->flags.notation
287 && ((opt.list_options & LIST_SHOW_NOTATIONS) || extended))
288 show_notation (sig, 3, -1,
290 list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0) +
292 list_options & LIST_SHOW_USER_NOTATIONS) ? 2 : 0));
294 if (sig->flags.pref_ks
295 && ((opt.list_options & LIST_SHOW_KEYSERVER_URLS) || extended))
296 show_keyserver_url (sig, 3, -1);
300 PKT_public_key *pk = keyblock->pkt->pkt.public_key;
301 const unsigned char *s;
303 s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL);
305 tty_printf (" [primary]\n");
307 s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
308 if (s && buf32_to_u32 (s))
309 tty_printf (" [expires: %s]\n",
310 isotimestamp (pk->timestamp + buf32_to_u32 (s)));
314 return (sigrc == '!');
319 print_and_check_one_sig (KBNODE keyblock, KBNODE node,
320 int *inv_sigs, int *no_key, int *oth_err,
321 int *is_selfsig, int print_without_key, int extended)
325 rc = check_key_signature (keyblock, node, is_selfsig);
326 return print_one_sig (rc,
327 keyblock, node, inv_sigs, no_key, oth_err,
328 *is_selfsig, print_without_key, extended);
333 /* Order two signatures. The actual ordering isn't important. Our
334 goal is to ensure that identical signatures occur together. */
336 sig_comparison (const void *av, const void *bv)
338 const KBNODE an = *(const KBNODE *) av;
339 const KBNODE bn = *(const KBNODE *) bv;
340 const PKT_signature *a;
341 const PKT_signature *b;
346 log_assert (an->pkt->pkttype == PKT_SIGNATURE);
347 log_assert (bn->pkt->pkttype == PKT_SIGNATURE);
349 a = an->pkt->pkt.signature;
350 b = bn->pkt->pkt.signature;
352 if (a->digest_algo < b->digest_algo)
354 if (a->digest_algo > b->digest_algo)
357 ndataa = pubkey_get_nsig (a->pubkey_algo);
358 ndatab = pubkey_get_nsig (b->pubkey_algo);
359 if (ndataa != ndatab)
360 return (ndataa < ndatab)? -1 : 1;
362 for (i = 0; i < ndataa; i ++)
364 int c = gcry_mpi_cmp (a->data[i], b->data[i]);
369 /* Okay, they are equal. */
373 /* Perform a few sanity checks on a keyblock is okay and possibly
374 repair some damage. Concretely:
376 - Detect duplicate signatures and remove them.
378 - Detect out of order signatures and relocate them (e.g., a sig
379 over user id X located under subkey Y).
381 Note: this function does not remove signatures that don't belong or
382 components that are not signed! (Although it would be trivial to
385 If ONLY_SELFSIGS is true, then this function only reorders self
386 signatures (it still checks all signatures for duplicates,
389 Returns 1 if the keyblock was modified, 0 otherwise. */
391 check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
395 KBNODE n, n_next, *n_prevp, n2;
396 char *pending_desc = NULL;
397 PKT_public_key *issuer;
398 KBNODE last_printed_component;
399 KBNODE current_component = NULL;
401 int missing_issuer = 0;
403 int bad_signature = 0;
404 int missing_selfsig = 0;
407 log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
408 pk = kb->pkt->pkt.public_key;
410 /* First we look for duplicates. */
417 /* Count the sigs. */
418 for (nsigs = 0, n = kb; n; n = n->next)
420 if (is_deleted_kbnode (n))
422 else if (n->pkt->pkttype == PKT_SIGNATURE)
427 return 0; /* No signatures at all. */
429 /* Add them all to the SIGS array. */
430 sigs = xtrycalloc (nsigs, sizeof *sigs);
433 log_error (_("error allocating memory: %s\n"),
434 gpg_strerror (gpg_error_from_syserror ()));
439 for (n = kb; n; n = n->next)
441 if (is_deleted_kbnode (n))
444 if (n->pkt->pkttype != PKT_SIGNATURE)
450 log_assert (i == nsigs);
452 qsort (sigs, nsigs, sizeof (sigs[0]), sig_comparison);
455 for (i = 1; i < nsigs; i ++)
457 log_assert (sigs[last_i]);
458 log_assert (sigs[last_i]->pkt->pkttype == PKT_SIGNATURE);
459 log_assert (sigs[i]);
460 log_assert (sigs[i]->pkt->pkttype == PKT_SIGNATURE);
462 if (sig_comparison (&sigs[last_i], &sigs[i]) == 0)
463 /* They are the same. Kill the latter. */
467 PKT_signature *sig = sigs[i]->pkt->pkt.signature;
469 log_debug ("Signature appears multiple times, "
470 "deleting duplicate:\n");
471 log_debug (" sig: class 0x%x, issuer: %s,"
472 " timestamp: %s (%lld), digest: %02x %02x\n",
473 sig->sig_class, keystr (sig->keyid),
474 isotimestamp (sig->timestamp),
475 (long long) sig->timestamp,
476 sig->digest_start[0], sig->digest_start[1]);
479 /* Remove sigs[i] from the keyblock. */
482 int to_kill = last_i;
485 for (prevp = &kb, z = kb; z; prevp = &z->next, z = z->next)
486 if (z == sigs[to_kill])
489 *prevp = sigs[to_kill]->next;
491 sigs[to_kill]->next = NULL;
492 release_kbnode (sigs[to_kill]);
493 sigs[to_kill] = NULL;
506 /* Make sure the sigs occur after the component (public key, subkey,
507 user id) that they sign. */
509 last_printed_component = NULL;
510 for (n_prevp = &kb, n = kb;
512 /* If we moved n, then n_prevp is need valid. */
513 n_prevp = (n->next == n_next ? &n->next : n_prevp), n = n_next)
516 int processed_current_component;
519 int dump_sig_params = 0;
523 if (is_deleted_kbnode (n))
528 if (issuer && issuer != pk)
530 free_public_key (issuer);
534 xfree (pending_desc);
540 log_assert (p->pkt.public_key == pk);
541 if (only_selected && ! (n->flag & NODFLG_SELKEY))
543 current_component = NULL;
548 log_debug ("public key %s: timestamp: %s (%lld)\n",
550 isotimestamp (pk->timestamp),
551 (long long) pk->timestamp);
552 current_component = n;
554 case PKT_PUBLIC_SUBKEY:
555 if (only_selected && ! (n->flag & NODFLG_SELKEY))
557 current_component = NULL;
562 log_debug ("subkey %s: timestamp: %s (%lld)\n",
563 pk_keyid_str (p->pkt.public_key),
564 isotimestamp (p->pkt.public_key->timestamp),
565 (long long) p->pkt.public_key->timestamp);
566 current_component = n;
569 if (only_selected && ! (n->flag & NODFLG_SELUID))
571 current_component = NULL;
576 log_debug ("user id: %s\n",
577 p->pkt.user_id->attrib_data
579 : p->pkt.user_id->name);
580 current_component = n;
583 if (! current_component)
584 /* The current component is not selected, don't check the
588 sig = n->pkt->pkt.signature;
590 pending_desc = xasprintf (" sig: class: 0x%x, issuer: %s,"
591 " timestamp: %s (%lld), digest: %02x %02x",
594 isotimestamp (sig->timestamp),
595 (long long) sig->timestamp,
596 sig->digest_start[0], sig->digest_start[1]);
599 if (keyid_cmp (pk_keyid (pk), sig->keyid) == 0)
602 /* Issuer is a different key. */
607 issuer = xmalloc (sizeof (*issuer));
608 err = get_pubkey (issuer, sig->keyid);
616 log_debug ("%s", pending_desc);
617 log_debug (" Can't check signature allegedly"
618 " issued by %s: %s\n",
619 keystr (sig->keyid), gpg_strerror (err));
626 if ((err = openpgp_pk_test_algo (sig->pubkey_algo)))
628 if (DBG_PACKET && pending_desc)
629 log_debug ("%s", pending_desc);
630 tty_printf (_("can't check signature with unsupported"
631 " public-key algorithm (%d): %s.\n"),
632 sig->pubkey_algo, gpg_strerror (err));
635 if ((err = openpgp_md_test_algo (sig->digest_algo)))
637 if (DBG_PACKET && pending_desc)
638 log_debug ("%s", pending_desc);
639 tty_printf (_("can't check signature with unsupported"
640 " message-digest algorithm %d: %s.\n"),
641 sig->digest_algo, gpg_strerror (err));
645 /* We iterate over the keyblock. Most likely, the matching
646 component is the current component so always try that
648 processed_current_component = 0;
649 for (n2 = current_component;
651 n2 = (processed_current_component ? n2->next : kb),
652 processed_current_component = 1)
653 if (is_deleted_kbnode (n2))
655 else if (processed_current_component && n2 == current_component)
656 /* Don't process it twice. */
660 err = check_signature_over_key_or_uid (issuer, sig, kb, n2->pkt,
666 /* n/sig is a signature and n2 is the component (public key,
667 subkey or user id) that it signs, if any.
668 current_component is that component that it appears to
669 apply to (according to the ordering). */
671 if (current_component == n2)
675 log_debug ("%s", pending_desc);
676 log_debug (" Good signature over last key or uid!\n");
683 log_assert (n2->pkt->pkttype == PKT_USER_ID
684 || n2->pkt->pkttype == PKT_PUBLIC_KEY
685 || n2->pkt->pkttype == PKT_PUBLIC_SUBKEY);
689 log_debug ("%s", pending_desc);
690 log_debug (" Good signature out of order!"
691 " (Over %s (%d) '%s')\n",
692 n2->pkt->pkttype == PKT_USER_ID
694 : n2->pkt->pkttype == PKT_PUBLIC_SUBKEY
698 n2->pkt->pkttype == PKT_USER_ID
699 ? n2->pkt->pkt.user_id->name
700 : pk_keyid_str (n2->pkt->pkt.public_key));
703 /* Reorder the packets: move the signature n to be just
706 /* Unlink the signature. */
707 log_assert (n_prevp);
710 /* Insert the sig immediately after the component. */
723 log_debug ("%s", pending_desc);
724 log_debug (" Bad signature.\n");
732 rc = GPG_ERR_BAD_SIGNATURE;
735 /* We don't cache the result here, because we haven't
736 completely checked that the signature is legitimate. For
737 instance, if we have a revocation certificate on Alice's
738 key signed by Bob, the signature may be good, but we
739 haven't checked that Bob is a designated revoker. */
740 /* cache_sig_result (sig, rc); */
744 if (! rc && issuer == pk)
746 if (n2->pkt->pkttype == PKT_PUBLIC_KEY
747 && (/* Direct key signature. */
748 sig->sig_class == 0x1f
749 /* Key revocation signature. */
750 || sig->sig_class == 0x20))
752 if (n2->pkt->pkttype == PKT_PUBLIC_SUBKEY
753 && (/* Subkey binding sig. */
754 sig->sig_class == 0x18
755 /* Subkey revocation sig. */
756 || sig->sig_class == 0x28))
758 if (n2->pkt->pkttype == PKT_USER_ID
759 && (/* Certification sigs. */
760 sig->sig_class == 0x10
761 || sig->sig_class == 0x11
762 || sig->sig_class == 0x12
763 || sig->sig_class == 0x13
764 /* Certification revocation sig. */
765 || sig->sig_class == 0x30))
769 if ((n2 && n2 != last_printed_component)
770 || (! n2 && last_printed_component != current_component))
772 int is_reordered = n2 && n2 != current_component;
774 last_printed_component = n2;
776 last_printed_component = current_component;
780 else if (last_printed_component->pkt->pkttype == PKT_USER_ID)
783 tty_print_utf8_string (last_printed_component
784 ->pkt->pkt.user_id->name,
785 last_printed_component
786 ->pkt->pkt.user_id->len);
788 else if (last_printed_component->pkt->pkttype
790 tty_printf ("pub %s",
791 pk_keyid_str (last_printed_component
792 ->pkt->pkt.public_key));
794 tty_printf ("sub %s",
795 pk_keyid_str (last_printed_component
796 ->pkt->pkt.public_key));
801 tty_printf (_(" (reordered signatures follow)"));
807 print_one_sig (rc, kb, n, NULL, NULL, NULL, has_selfsig,
815 for (i = 0; i < pubkey_get_nsig (sig->pubkey_algo); i ++)
820 gcry_mpi_print (GCRYMPI_FMT_USG,
821 buffer, sizeof (buffer), &len,
823 printable = bin2hex (buffer, len, NULL);
824 log_info (" %d: %s\n", i, printable);
831 log_debug ("unhandled packet: %d\n", p->pkttype);
836 xfree (pending_desc);
840 free_public_key (issuer);
843 /* Identify keys / uids that don't have a self-sig. */
849 current_component = NULL;
850 for (n = kb; n; n = n->next)
852 if (is_deleted_kbnode (n))
860 case PKT_PUBLIC_SUBKEY:
862 if (current_component && ! has_selfsig)
864 current_component = n;
869 if (! current_component || has_selfsig)
872 sig = n->pkt->pkt.signature;
874 if (! (sig->flags.checked && sig->flags.valid))
877 if (keyid_cmp (pk_keyid (pk), sig->keyid) != 0)
878 /* Different issuer, couldn't be a self-sig. */
881 if (current_component->pkt->pkttype == PKT_PUBLIC_KEY
882 && (/* Direct key signature. */
883 sig->sig_class == 0x1f
884 /* Key revocation signature. */
885 || sig->sig_class == 0x20))
887 if (current_component->pkt->pkttype == PKT_PUBLIC_SUBKEY
888 && (/* Subkey binding sig. */
889 sig->sig_class == 0x18
890 /* Subkey revocation sig. */
891 || sig->sig_class == 0x28))
893 if (current_component->pkt->pkttype == PKT_USER_ID
894 && (/* Certification sigs. */
895 sig->sig_class == 0x10
896 || sig->sig_class == 0x11
897 || sig->sig_class == 0x12
898 || sig->sig_class == 0x13
899 /* Certification revocation sig. */
900 || sig->sig_class == 0x30))
906 if (current_component && ! has_selfsig)
908 current_component = NULL;
913 if (dups || missing_issuer || bad_signature || reordered)
914 tty_printf (_("key %s:\n"), pk_keyid_str (pk));
917 tty_printf (ngettext ("%d duplicate signature removed\n",
918 "%d duplicate signatures removed\n", dups), dups);
920 tty_printf (ngettext ("%d signature not checked due to a missing key\n",
921 "%d signatures not checked due to missing keys\n",
922 missing_issuer), missing_issuer);
924 tty_printf (ngettext ("%d bad signature\n",
925 "%d bad signatures\n",
926 bad_signature), bad_signature);
928 tty_printf (ngettext ("%d signature reordered\n",
929 "%d signatures reordered\n",
930 reordered), reordered);
932 if (only_selfsigs && (bad_signature || reordered))
933 tty_printf (_("Warning: errors found and only checked self-signatures,"
934 " run '%s' to check all signatures.\n"), "check");
941 sign_mk_attrib (PKT_signature * sig, void *opaque)
943 struct sign_attrib *attrib = opaque;
946 if (attrib->non_exportable)
948 buf[0] = 0; /* not exportable */
949 build_sig_subpkt (sig, SIGSUBPKT_EXPORTABLE, buf, 1);
952 if (attrib->non_revocable)
954 buf[0] = 0; /* not revocable */
955 build_sig_subpkt (sig, SIGSUBPKT_REVOCABLE, buf, 1);
959 revocation_reason_build_cb (sig, attrib->reason);
961 if (attrib->trust_depth)
963 /* Not critical. If someone doesn't understand trust sigs,
964 this can still be a valid regular signature. */
965 buf[0] = attrib->trust_depth;
966 buf[1] = attrib->trust_value;
967 build_sig_subpkt (sig, SIGSUBPKT_TRUST, buf, 2);
969 /* Critical. If someone doesn't understands regexps, this
970 whole sig should be invalid. Note the +1 for the length -
971 regexps are null terminated. */
972 if (attrib->trust_regexp)
973 build_sig_subpkt (sig, SIGSUBPKT_FLAG_CRITICAL | SIGSUBPKT_REGEXP,
974 attrib->trust_regexp,
975 strlen (attrib->trust_regexp) + 1);
983 trustsig_prompt (byte * trust_value, byte * trust_depth, char **regexp)
991 /* Same string as pkclist.c:do_edit_ownertrust */
993 ("Please decide how far you trust this user to correctly verify"
994 " other users' keys\n(by looking at passports, checking"
995 " fingerprints from different sources, etc.)\n"));
997 tty_printf (_(" %d = I trust marginally\n"), 1);
998 tty_printf (_(" %d = I trust fully\n"), 2);
1001 while (*trust_value == 0)
1003 p = cpr_get ("trustsig_prompt.trust_value", _("Your selection? "));
1006 /* 60 and 120 are as per RFC2440 */
1007 if (p[0] == '1' && !p[1])
1009 else if (p[0] == '2' && !p[1])
1016 tty_printf (_("Please enter the depth of this trust signature.\n"
1017 "A depth greater than 1 allows the key you are"
1018 " signing to make\n"
1019 "trust signatures on your behalf.\n"));
1022 while (*trust_depth == 0)
1024 p = cpr_get ("trustsig_prompt.trust_depth", _("Your selection? "));
1027 *trust_depth = atoi (p);
1033 tty_printf (_("Please enter a domain to restrict this signature, "
1034 "or enter for none.\n"));
1038 p = cpr_get ("trustsig_prompt.trust_regexp", _("Your selection? "));
1045 int regexplen = 100, ind;
1047 *regexp = xmalloc (regexplen);
1049 /* Now mangle the domain the user entered into a regexp. To do
1050 this, \-escape everything that isn't alphanumeric, and attach
1051 "<[^>]+[@.]" to the front, and ">$" to the end. */
1053 strcpy (*regexp, "<[^>]+[@.]");
1054 ind = strlen (*regexp);
1058 if (!((*q >= 'A' && *q <= 'Z')
1059 || (*q >= 'a' && *q <= 'z') || (*q >= '0' && *q <= '9')))
1060 (*regexp)[ind++] = '\\';
1062 (*regexp)[ind++] = *q;
1064 if ((regexplen - ind) < 3)
1067 *regexp = xrealloc (*regexp, regexplen);
1073 (*regexp)[ind] = '\0';
1074 strcat (*regexp, ">$");
1083 * Loop over all LOCUSR and and sign the uids after asking. If no
1084 * user id is marked, all user ids will be signed; if some user_ids
1085 * are marked only those will be signed. If QUICK is true the
1086 * function won't ask the user and use sensible defaults.
1089 sign_uids (ctrl_t ctrl, estream_t fp,
1090 kbnode_t keyblock, strlist_t locusr, int *ret_modified,
1091 int local, int nonrevocable, int trust, int interactive,
1095 SK_LIST sk_list = NULL;
1096 SK_LIST sk_rover = NULL;
1097 PKT_public_key *pk = NULL;
1098 KBNODE node, uidnode;
1099 PKT_public_key *primary_pk = NULL;
1100 int select_all = !count_selected_uids (keyblock) || interactive;
1102 /* Build a list of all signators.
1104 * We use the CERT flag to request the primary which must always
1105 * be one which is capable of signing keys. I can't see a reason
1106 * why to sign keys using a subkey. Implementation of USAGE_CERT
1107 * is just a hack in getkey.c and does not mean that a subkey
1108 * marked as certification capable will be used. */
1109 rc = build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_CERT);
1113 /* Loop over all signators. */
1114 for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
1116 u32 sk_keyid[2], pk_keyid[2];
1117 char *p, *trust_regexp = NULL;
1118 int class = 0, selfsig = 0;
1119 u32 duration = 0, timestamp = 0;
1120 byte trust_depth = 0, trust_value = 0;
1123 keyid_from_pk (pk, sk_keyid);
1125 /* Set mark A for all selected user ids. */
1126 for (node = keyblock; node; node = node->next)
1128 if (select_all || (node->flag & NODFLG_SELUID))
1129 node->flag |= NODFLG_MARK_A;
1131 node->flag &= ~NODFLG_MARK_A;
1134 /* Reset mark for uids which are already signed. */
1136 for (node = keyblock; node; node = node->next)
1138 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
1140 primary_pk = node->pkt->pkt.public_key;
1141 keyid_from_pk (primary_pk, pk_keyid);
1143 /* Is this a self-sig? */
1144 if (pk_keyid[0] == sk_keyid[0] && pk_keyid[1] == sk_keyid[1])
1147 else if (node->pkt->pkttype == PKT_USER_ID)
1149 uidnode = (node->flag & NODFLG_MARK_A) ? node : NULL;
1155 user = utf8_to_native (uidnode->pkt->pkt.user_id->name,
1156 uidnode->pkt->pkt.user_id->len, 0);
1158 if (opt.only_sign_text_ids
1159 && uidnode->pkt->pkt.user_id->attribs)
1161 tty_fprintf (fp, _("Skipping user ID \"%s\","
1162 " which is not a text ID.\n"),
1164 uidnode->flag &= ~NODFLG_MARK_A;
1167 else if (uidnode->pkt->pkt.user_id->is_revoked)
1169 tty_fprintf (fp, _("User ID \"%s\" is revoked."), user);
1172 tty_fprintf (fp, "\n");
1173 else if (opt.expert && !quick)
1175 tty_fprintf (fp, "\n");
1176 /* No, so remove the mark and continue */
1177 if (!cpr_get_answer_is_yes ("sign_uid.revoke_okay",
1178 _("Are you sure you "
1179 "still want to sign "
1182 uidnode->flag &= ~NODFLG_MARK_A;
1185 else if (interactive)
1190 uidnode->flag &= ~NODFLG_MARK_A;
1192 tty_fprintf (fp, _(" Unable to sign.\n"));
1195 else if (uidnode->pkt->pkt.user_id->is_expired)
1197 tty_fprintf (fp, _("User ID \"%s\" is expired."), user);
1200 tty_fprintf (fp, "\n");
1201 else if (opt.expert && !quick)
1203 tty_fprintf (fp, "\n");
1204 /* No, so remove the mark and continue */
1205 if (!cpr_get_answer_is_yes ("sign_uid.expire_okay",
1206 _("Are you sure you "
1207 "still want to sign "
1210 uidnode->flag &= ~NODFLG_MARK_A;
1213 else if (interactive)
1218 uidnode->flag &= ~NODFLG_MARK_A;
1220 tty_fprintf (fp, _(" Unable to sign.\n"));
1223 else if (!uidnode->pkt->pkt.user_id->created && !selfsig)
1225 tty_fprintf (fp, _("User ID \"%s\" is not self-signed."),
1228 if (opt.expert && !quick)
1230 tty_fprintf (fp, "\n");
1231 /* No, so remove the mark and continue */
1232 if (!cpr_get_answer_is_yes ("sign_uid.nosig_okay",
1233 _("Are you sure you "
1234 "still want to sign "
1237 uidnode->flag &= ~NODFLG_MARK_A;
1240 else if (interactive)
1245 uidnode->flag &= ~NODFLG_MARK_A;
1247 tty_fprintf (fp, _(" Unable to sign.\n"));
1251 if (uidnode && interactive && !yesreally && !quick)
1254 _("User ID \"%s\" is signable. "), user);
1255 if (!cpr_get_answer_is_yes ("sign_uid.sign_okay",
1256 _("Sign it? (y/N) ")))
1258 uidnode->flag &= ~NODFLG_MARK_A;
1266 else if (uidnode && node->pkt->pkttype == PKT_SIGNATURE
1267 && (node->pkt->pkt.signature->sig_class & ~3) == 0x10)
1269 if (sk_keyid[0] == node->pkt->pkt.signature->keyid[0]
1270 && sk_keyid[1] == node->pkt->pkt.signature->keyid[1])
1275 user = utf8_to_native (uidnode->pkt->pkt.user_id->name,
1276 uidnode->pkt->pkt.user_id->len, 0);
1278 /* It's a v3 self-sig. Make it into a v4 self-sig? */
1279 if (node->pkt->pkt.signature->version < 4
1280 && selfsig && !quick)
1283 _("The self-signature on \"%s\"\n"
1284 "is a PGP 2.x-style signature.\n"), user);
1286 /* Note that the regular PGP2 warning below
1287 still applies if there are no v4 sigs on
1291 if (cpr_get_answer_is_yes ("sign_uid.v4_promote_okay",
1292 _("Do you want to promote "
1293 "it to an OpenPGP self-"
1294 "signature? (y/N) ")))
1296 node->flag |= NODFLG_DELSIG;
1302 /* Is the current signature expired? */
1303 if (node->pkt->pkt.signature->flags.expired)
1305 tty_fprintf (fp, _("Your current signature on \"%s\"\n"
1306 "has expired.\n"), user);
1308 if (quick || cpr_get_answer_is_yes
1309 ("sign_uid.replace_expired_okay",
1310 _("Do you want to issue a "
1311 "new signature to replace "
1312 "the expired one? (y/N) ")))
1314 /* Mark these for later deletion. We
1315 don't want to delete them here, just in
1316 case the replacement signature doesn't
1317 happen for some reason. We only delete
1318 these after the replacement is already
1321 node->flag |= NODFLG_DELSIG;
1327 if (!node->pkt->pkt.signature->flags.exportable && !local)
1329 /* It's a local sig, and we want to make a
1331 tty_fprintf (fp, _("Your current signature on \"%s\"\n"
1332 "is a local signature.\n"), user);
1334 if (quick || cpr_get_answer_is_yes
1335 ("sign_uid.local_promote_okay",
1336 _("Do you want to promote "
1337 "it to a full exportable " "signature? (y/N) ")))
1339 /* Mark these for later deletion. We
1340 don't want to delete them here, just in
1341 case the replacement signature doesn't
1342 happen for some reason. We only delete
1343 these after the replacement is already
1346 node->flag |= NODFLG_DELSIG;
1352 /* Fixme: see whether there is a revocation in which
1353 * case we should allow signing it again. */
1354 if (!node->pkt->pkt.signature->flags.exportable && local)
1356 _("\"%s\" was already locally signed by key %s\n"),
1357 user, keystr_from_pk (pk));
1360 _("\"%s\" was already signed by key %s\n"),
1361 user, keystr_from_pk (pk));
1363 if (opt.expert && !quick
1364 && cpr_get_answer_is_yes ("sign_uid.dupe_okay",
1365 _("Do you want to sign it "
1366 "again anyway? (y/N) ")))
1368 /* Don't delete the old sig here since this is
1369 an --expert thing. */
1374 snprintf (buf, sizeof buf, "%08lX%08lX",
1375 (ulong) pk->keyid[0], (ulong) pk->keyid[1]);
1376 write_status_text (STATUS_ALREADY_SIGNED, buf);
1377 uidnode->flag &= ~NODFLG_MARK_A; /* remove mark */
1384 /* Check whether any uids are left for signing. */
1385 if (!count_uids_with_flag (keyblock, NODFLG_MARK_A))
1387 tty_fprintf (fp, _("Nothing to sign with key %s\n"),
1388 keystr_from_pk (pk));
1392 /* Ask whether we really should sign these user id(s). */
1393 tty_fprintf (fp, "\n");
1394 show_key_with_all_names (ctrl, fp, keyblock, 1, 0, 1, 0, 0, 0);
1395 tty_fprintf (fp, "\n");
1397 if (primary_pk->expiredate && !selfsig)
1399 /* Static analyzer note: A claim that PRIMARY_PK might be
1400 NULL is not correct because it set from the public key
1401 packet which is always the first packet in a keyblock and
1402 parsed in the above loop over the keyblock. In case the
1403 keyblock has no packets at all and thus the loop was not
1404 entered the above count_uids_with_flag would have
1405 detected this case. */
1407 u32 now = make_timestamp ();
1409 if (primary_pk->expiredate <= now)
1411 tty_fprintf (fp, _("This key has expired!"));
1413 if (opt.expert && !quick)
1415 tty_fprintf (fp, " ");
1416 if (!cpr_get_answer_is_yes ("sign_uid.expired_okay",
1417 _("Are you sure you still "
1418 "want to sign it? (y/N) ")))
1423 tty_fprintf (fp, _(" Unable to sign.\n"));
1429 tty_fprintf (fp, _("This key is due to expire on %s.\n"),
1430 expirestr_from_pk (primary_pk));
1432 if (opt.ask_cert_expire && !quick)
1434 char *answer = cpr_get ("sign_uid.expire",
1435 _("Do you want your signature to "
1436 "expire at the same time? (Y/n) "));
1437 if (answer_is_yes_no_default (answer, 1))
1439 /* This fixes the signature timestamp we're
1440 going to make as now. This is so the
1441 expiration date is exactly correct, and not
1442 a few seconds off (due to the time it takes
1443 to answer the questions, enter the
1444 passphrase, etc). */
1446 duration = primary_pk->expiredate - now;
1455 /* Only ask for duration if we haven't already set it to match
1456 the expiration of the pk */
1457 if (!duration && !selfsig)
1459 if (opt.ask_cert_expire && !quick)
1460 duration = ask_expire_interval (1, opt.def_cert_expire);
1462 duration = parse_expire_string (opt.def_cert_expire);
1469 if (opt.batch || !opt.ask_cert_level || quick)
1470 class = 0x10 + opt.def_cert_level;
1476 _("How carefully have you verified the key you are "
1477 "about to sign actually belongs\nto the person "
1478 "named above? If you don't know what to "
1479 "answer, enter \"0\".\n"));
1480 tty_fprintf (fp, "\n");
1481 tty_fprintf (fp, _(" (0) I will not answer.%s\n"),
1482 opt.def_cert_level == 0 ? " (default)" : "");
1483 tty_fprintf (fp, _(" (1) I have not checked at all.%s\n"),
1484 opt.def_cert_level == 1 ? " (default)" : "");
1485 tty_fprintf (fp, _(" (2) I have done casual checking.%s\n"),
1486 opt.def_cert_level == 2 ? " (default)" : "");
1488 _(" (3) I have done very careful checking.%s\n"),
1489 opt.def_cert_level == 3 ? " (default)" : "");
1490 tty_fprintf (fp, "\n");
1494 answer = cpr_get ("sign_uid.class",
1495 _("Your selection? "
1496 "(enter '?' for more information): "));
1497 if (answer[0] == '\0')
1498 class = 0x10 + opt.def_cert_level; /* Default */
1499 else if (ascii_strcasecmp (answer, "0") == 0)
1500 class = 0x10; /* Generic */
1501 else if (ascii_strcasecmp (answer, "1") == 0)
1502 class = 0x11; /* Persona */
1503 else if (ascii_strcasecmp (answer, "2") == 0)
1504 class = 0x12; /* Casual */
1505 else if (ascii_strcasecmp (answer, "3") == 0)
1506 class = 0x13; /* Positive */
1508 tty_fprintf (fp, _("Invalid selection.\n"));
1514 if (trust && !quick)
1515 trustsig_prompt (&trust_value, &trust_depth, &trust_regexp);
1520 p = get_user_id_native (sk_keyid);
1522 _("Are you sure that you want to sign this key with your\n"
1523 "key \"%s\" (%s)\n"), p, keystr_from_pk (pk));
1529 tty_fprintf (fp, "\n");
1530 tty_fprintf (fp, _("This will be a self-signature.\n"));
1534 tty_fprintf (fp, "\n");
1535 tty_fprintf (fp, _("WARNING: the signature will not be marked "
1536 "as non-exportable.\n"));
1541 tty_fprintf (fp, "\n");
1542 tty_fprintf (fp, _("WARNING: the signature will not be marked "
1543 "as non-revocable.\n"));
1550 tty_fprintf (fp, "\n");
1552 _("The signature will be marked as non-exportable.\n"));
1557 tty_fprintf (fp, "\n");
1559 _("The signature will be marked as non-revocable.\n"));
1565 tty_fprintf (fp, "\n");
1566 tty_fprintf (fp, _("I have not checked this key at all.\n"));
1570 tty_fprintf (fp, "\n");
1571 tty_fprintf (fp, _("I have checked this key casually.\n"));
1575 tty_fprintf (fp, "\n");
1576 tty_fprintf (fp, _("I have checked this key very carefully.\n"));
1581 tty_fprintf (fp, "\n");
1583 if (opt.batch && opt.answer_yes)
1587 else if (!cpr_get_answer_is_yes ("sign_uid.okay",
1588 _("Really sign? (y/N) ")))
1591 /* Now we can sign the user ids. */
1592 reloop: /* (Must use this, because we are modifing the list.) */
1594 for (node = keyblock; node; node = node->next)
1596 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
1597 primary_pk = node->pkt->pkt.public_key;
1598 else if (node->pkt->pkttype == PKT_USER_ID
1599 && (node->flag & NODFLG_MARK_A))
1603 struct sign_attrib attrib;
1605 log_assert (primary_pk);
1606 memset (&attrib, 0, sizeof attrib);
1607 attrib.non_exportable = local;
1608 attrib.non_revocable = nonrevocable;
1609 attrib.trust_depth = trust_depth;
1610 attrib.trust_value = trust_value;
1611 attrib.trust_regexp = trust_regexp;
1612 node->flag &= ~NODFLG_MARK_A;
1614 /* We force creation of a v4 signature for local
1615 * signatures, otherwise we would not generate the
1616 * subpacket with v3 keys and the signature becomes
1620 rc = make_keysig_packet (&sig, primary_pk,
1621 node->pkt->pkt.user_id,
1625 keygen_add_std_prefs, primary_pk,
1628 rc = make_keysig_packet (&sig, primary_pk,
1629 node->pkt->pkt.user_id,
1633 timestamp, duration,
1634 sign_mk_attrib, &attrib,
1638 write_status_error ("keysig", rc);
1639 log_error (_("signing failed: %s\n"), gpg_strerror (rc));
1643 *ret_modified = 1; /* We changed the keyblock. */
1646 pkt = xmalloc_clear (sizeof *pkt);
1647 pkt->pkttype = PKT_SIGNATURE;
1648 pkt->pkt.signature = sig;
1649 insert_kbnode (node, new_kbnode (pkt), PKT_SIGNATURE);
1654 /* Delete any sigs that got promoted */
1655 for (node = keyblock; node; node = node->next)
1656 if (node->flag & NODFLG_DELSIG)
1657 delete_kbnode (node);
1658 } /* End loop over signators. */
1661 release_sk_list (sk_list);
1667 * Change the passphrase of the primary and all secondary keys. Note
1668 * that it is common to use only one passphrase for the primary and
1669 * all subkeys. However, this is now (since GnuPG 2.1) all up to the
1670 * gpg-agent. Returns 0 on success or an error code.
1673 change_passphrase (ctrl_t ctrl, kbnode_t keyblock)
1679 u32 keyid[2], subid[2];
1680 char *hexgrip = NULL;
1681 char *cache_nonce = NULL;
1682 char *passwd_nonce = NULL;
1684 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1687 log_error ("Oops; public key missing!\n");
1688 err = gpg_error (GPG_ERR_INTERNAL);
1691 pk = node->pkt->pkt.public_key;
1692 keyid_from_pk (pk, keyid);
1694 /* Check whether it is likely that we will be able to change the
1695 passphrase for any subkey. */
1696 for (any = 0, node = keyblock; node; node = node->next)
1698 if (node->pkt->pkttype == PKT_PUBLIC_KEY
1699 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1703 pk = node->pkt->pkt.public_key;
1704 keyid_from_pk (pk, subid);
1707 err = hexkeygrip_from_pk (pk, &hexgrip);
1710 err = agent_get_keyinfo (ctrl, hexgrip, &serialno, NULL);
1711 if (!err && serialno)
1712 ; /* Key on card. */
1713 else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
1714 ; /* Maybe stub key. */
1716 any = 1; /* Key is known. */
1718 log_error ("key %s: error getting keyinfo from agent: %s\n",
1719 keystr_with_sub (keyid, subid), gpg_strerror (err));
1726 tty_printf (_("Key has only stub or on-card key items - "
1727 "no passphrase to change.\n"));
1731 /* Change the passphrase for all keys. */
1732 for (node = keyblock; node; node = node->next)
1734 if (node->pkt->pkttype == PKT_PUBLIC_KEY
1735 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1739 pk = node->pkt->pkt.public_key;
1740 keyid_from_pk (pk, subid);
1743 err = hexkeygrip_from_pk (pk, &hexgrip);
1747 desc = gpg_format_keydesc (pk, FORMAT_KEYDESC_NORMAL, 1);
1748 err = agent_passwd (ctrl, hexgrip, desc, 0,
1749 &cache_nonce, &passwd_nonce);
1753 log_log ((gpg_err_code (err) == GPG_ERR_CANCELED
1754 || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
1755 ? GPGRT_LOG_INFO : GPGRT_LOG_ERROR,
1756 _("key %s: error changing passphrase: %s\n"),
1757 keystr_with_sub (keyid, subid),
1758 gpg_strerror (err));
1759 if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
1766 xfree (cache_nonce);
1767 xfree (passwd_nonce);
1773 /* Fix various problems in the keyblock. Returns true if the keyblock
1774 was changed. Note that a pointer to the keyblock must be given and
1775 the function may change it (i.e. replacing the first node). */
1777 fix_keyblock (kbnode_t *keyblockp)
1781 if (collapse_uids (keyblockp))
1783 if (check_all_keysigs (*keyblockp, 0, 1))
1785 reorder_keyblock (*keyblockp);
1786 /* If we modified the keyblock, make sure the flags are right. */
1788 merge_keys_and_selfsig (*keyblockp);
1795 parse_sign_type (const char *str, int *localsig, int *nonrevokesig,
1798 const char *p = str;
1802 if (ascii_strncasecmp (p, "l", 1) == 0)
1807 else if (ascii_strncasecmp (p, "nr", 2) == 0)
1812 else if (ascii_strncasecmp (p, "t", 1) == 0)
1827 * Menu driven key editor. If seckey_check is true, then a secret key
1828 * that matches username will be looked for. If it is false, not all
1829 * commands will be available.
1831 * Note: to keep track of certain selections we use node->mark MARKBIT_xxxx.
1834 /* Need an SK for this command */
1835 #define KEYEDIT_NEED_SK 1
1836 /* Cannot be viewing the SK for this command */
1837 #define KEYEDIT_NOT_SK 2
1838 /* Must be viewing the SK for this command */
1839 #define KEYEDIT_ONLY_SK 4
1840 /* Match the tail of the string */
1841 #define KEYEDIT_TAIL_MATCH 8
1846 cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
1847 cmdREVSIG, cmdREVKEY, cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG,
1848 cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY,
1849 cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF,
1850 cmdEXPIRE, cmdCHANGEUSAGE, cmdBACKSIGN,
1851 #ifndef NO_TRUST_MODELS
1852 cmdENABLEKEY, cmdDISABLEKEY,
1853 #endif /*!NO_TRUST_MODELS*/
1855 cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
1856 cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD,
1857 cmdCLEAN, cmdMINIMIZE, cmdGRIP, cmdNOP
1868 { "quit", cmdQUIT, 0, N_("quit this menu")},
1869 { "q", cmdQUIT, 0, NULL},
1870 { "save", cmdSAVE, 0, N_("save and quit")},
1871 { "help", cmdHELP, 0, N_("show this help")},
1872 { "?", cmdHELP, 0, NULL},
1873 { "fpr", cmdFPR, 0, N_("show key fingerprint")},
1874 { "grip", cmdGRIP, 0, N_("show the keygrip")},
1875 { "list", cmdLIST, 0, N_("list key and user IDs")},
1876 { "l", cmdLIST, 0, NULL},
1877 { "uid", cmdSELUID, 0, N_("select user ID N")},
1878 { "key", cmdSELKEY, 0, N_("select subkey N")},
1879 { "check", cmdCHECK, 0, N_("check signatures")},
1880 { "c", cmdCHECK, 0, NULL},
1881 { "change-usage", cmdCHANGEUSAGE, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
1882 { "cross-certify", cmdBACKSIGN, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
1883 { "backsign", cmdBACKSIGN, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
1884 { "sign", cmdSIGN, KEYEDIT_NOT_SK | KEYEDIT_TAIL_MATCH,
1885 N_("sign selected user IDs [* see below for related commands]")},
1886 { "s", cmdSIGN, KEYEDIT_NOT_SK, NULL},
1887 /* "lsign" and friends will never match since "sign" comes first
1888 and it is a tail match. They are just here so they show up in
1890 { "lsign", cmdNOP, 0, N_("sign selected user IDs locally")},
1891 { "tsign", cmdNOP, 0, N_("sign selected user IDs with a trust signature")},
1892 { "nrsign", cmdNOP, 0,
1893 N_("sign selected user IDs with a non-revocable signature")},
1894 { "debug", cmdDEBUG, 0, NULL},
1895 { "adduid", cmdADDUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("add a user ID")},
1896 { "addphoto", cmdADDPHOTO, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1897 N_("add a photo ID")},
1898 { "deluid", cmdDELUID, KEYEDIT_NOT_SK, N_("delete selected user IDs")},
1899 /* delphoto is really deluid in disguise */
1900 { "delphoto", cmdDELUID, KEYEDIT_NOT_SK, NULL},
1901 { "addkey", cmdADDKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("add a subkey")},
1902 #ifdef ENABLE_CARD_SUPPORT
1903 { "addcardkey", cmdADDCARDKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1904 N_("add a key to a smartcard")},
1905 { "keytocard", cmdKEYTOCARD, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK,
1906 N_("move a key to a smartcard")},
1907 { "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK,
1908 N_("move a backup key to a smartcard")},
1909 #endif /*ENABLE_CARD_SUPPORT */
1910 { "delkey", cmdDELKEY, KEYEDIT_NOT_SK, N_("delete selected subkeys")},
1911 { "addrevoker", cmdADDREVOKER, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1912 N_("add a revocation key")},
1913 { "delsig", cmdDELSIG, KEYEDIT_NOT_SK,
1914 N_("delete signatures from the selected user IDs")},
1915 { "expire", cmdEXPIRE, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1916 N_("change the expiration date for the key or selected subkeys")},
1917 { "primary", cmdPRIMARY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1918 N_("flag the selected user ID as primary")},
1919 { "toggle", cmdTOGGLE, KEYEDIT_NEED_SK, NULL}, /* Dummy command. */
1920 { "t", cmdTOGGLE, KEYEDIT_NEED_SK, NULL},
1921 { "pref", cmdPREF, KEYEDIT_NOT_SK, N_("list preferences (expert)")},
1922 { "showpref", cmdSHOWPREF, KEYEDIT_NOT_SK, N_("list preferences (verbose)")},
1923 { "setpref", cmdSETPREF, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1924 N_("set preference list for the selected user IDs")},
1925 { "updpref", cmdSETPREF, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
1926 { "keyserver", cmdPREFKS, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1927 N_("set the preferred keyserver URL for the selected user IDs")},
1928 { "notation", cmdNOTATION, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1929 N_("set a notation for the selected user IDs")},
1930 { "passwd", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1931 N_("change the passphrase")},
1932 { "password", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
1933 #ifndef NO_TRUST_MODELS
1934 { "trust", cmdTRUST, KEYEDIT_NOT_SK, N_("change the ownertrust")},
1935 #endif /*!NO_TRUST_MODELS*/
1936 { "revsig", cmdREVSIG, KEYEDIT_NOT_SK,
1937 N_("revoke signatures on the selected user IDs")},
1938 { "revuid", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1939 N_("revoke selected user IDs")},
1940 { "revphoto", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
1941 { "revkey", cmdREVKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1942 N_("revoke key or selected subkeys")},
1943 #ifndef NO_TRUST_MODELS
1944 { "enable", cmdENABLEKEY, KEYEDIT_NOT_SK, N_("enable key")},
1945 { "disable", cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key")},
1946 #endif /*!NO_TRUST_MODELS*/
1947 { "showphoto", cmdSHOWPHOTO, 0, N_("show selected photo IDs")},
1948 { "clean", cmdCLEAN, KEYEDIT_NOT_SK,
1949 N_("compact unusable user IDs and remove unusable signatures from key")},
1950 { "minimize", cmdMINIMIZE, KEYEDIT_NOT_SK,
1951 N_("compact unusable user IDs and remove all signatures from key")},
1953 { NULL, cmdNONE, 0, NULL}
1958 #ifdef HAVE_LIBREADLINE
1961 These two functions are used by readline for command completion.
1965 command_generator (const char *text, int state)
1967 static int list_index, len;
1970 /* If this is a new word to complete, initialize now. This includes
1971 saving the length of TEXT for efficiency, and initializing the
1972 index variable to 0. */
1976 len = strlen (text);
1979 /* Return the next partial match */
1980 while ((name = cmds[list_index].name))
1982 /* Only complete commands that have help text */
1983 if (cmds[list_index++].desc && strncmp (name, text, len) == 0)
1984 return strdup (name);
1991 keyedit_completion (const char *text, int start, int end)
1993 /* If we are at the start of a line, we try and command-complete.
1994 If not, just do nothing for now. */
1999 return rl_completion_matches (text, command_generator);
2001 rl_attempted_completion_over = 1;
2005 #endif /* HAVE_LIBREADLINE */
2009 /* Main function of the menu driven key editor. */
2011 keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
2012 strlist_t commands, int quiet, int seckey_check)
2014 enum cmdids cmd = 0;
2015 gpg_error_t err = 0;
2016 KBNODE keyblock = NULL;
2017 KEYDB_HANDLE kdbhd = NULL;
2018 int have_seckey = 0;
2019 char *answer = NULL;
2022 int sec_shadowing = 0;
2023 int run_subkey_warnings = 0;
2024 int have_commands = !!commands;
2026 if (opt.command_fd != -1)
2028 else if (opt.batch && !have_commands)
2030 log_error (_("can't do this in batch mode\n"));
2034 #ifdef HAVE_W32_SYSTEM
2035 /* Due to Windows peculiarities we need to make sure that the
2036 trustdb stale check is done before we open another file
2037 (i.e. by searching for a key). In theory we could make sure
2038 that the files are closed after use but the open/close caches
2039 inhibits that and flushing the cache right before the stale
2040 check is not easy to implement. Thus we take the easy way out
2041 and run the stale check as early as possible. Note, that for
2042 non- W32 platforms it is run indirectly trough a call to
2044 check_trustdb_stale (ctrl);
2047 /* Get the public key */
2048 err = get_pubkey_byname (ctrl, NULL, NULL, username, &keyblock, &kdbhd, 1, 1);
2051 log_error (_("key \"%s\" not found: %s\n"), username, gpg_strerror (err));
2055 if (fix_keyblock (&keyblock))
2058 /* See whether we have a matching secret key. */
2061 have_seckey = !agent_probe_any_secret_key (ctrl, keyblock);
2062 if (have_seckey && !quiet)
2063 tty_printf (_("Secret key is available.\n"));
2066 /* Main command loop. */
2069 int i, arg_number, photo;
2070 const char *arg_string = "";
2072 PKT_public_key *pk = keyblock->pkt->pkt.public_key;
2076 if (redisplay && !quiet)
2078 /* Show using flags: with_revoker, with_subkeys. */
2079 show_key_with_all_names (ctrl, NULL, keyblock, 0, 1, 0, 1, 0, 0);
2084 if (run_subkey_warnings)
2086 run_subkey_warnings = 0;
2087 if (!count_selected_keys (keyblock))
2088 subkey_expire_warning (keyblock);
2098 answer = xstrdup (commands->d);
2099 commands = commands->next;
2103 answer = xstrdup ("quit");
2110 #ifdef HAVE_LIBREADLINE
2111 tty_enable_completion (keyedit_completion);
2113 answer = cpr_get_no_help ("keyedit.prompt", GPG_NAME "> ");
2115 tty_disable_completion ();
2117 trim_spaces (answer);
2119 while (*answer == '#');
2121 arg_number = 0; /* Here is the init which egcc complains about. */
2122 photo = 0; /* Same here. */
2125 else if (*answer == CONTROL_D)
2127 else if (digitp (answer))
2130 arg_number = atoi (answer);
2134 if ((p = strchr (answer, ' ')))
2137 trim_spaces (answer);
2139 arg_number = atoi (p);
2143 for (i = 0; cmds[i].name; i++)
2145 if (cmds[i].flags & KEYEDIT_TAIL_MATCH)
2147 size_t l = strlen (cmds[i].name);
2148 size_t a = strlen (answer);
2151 if (!ascii_strcasecmp (&answer[a - l], cmds[i].name))
2153 answer[a - l] = '\0';
2158 else if (!ascii_strcasecmp (answer, cmds[i].name))
2161 if ((cmds[i].flags & KEYEDIT_NEED_SK) && !have_seckey)
2163 tty_printf (_("Need the secret key to do this.\n"));
2170 /* Dispatch the command. */
2174 for (i = 0; cmds[i].name; i++)
2176 if ((cmds[i].flags & KEYEDIT_NEED_SK) && !have_seckey)
2177 ; /* Skip those item if we do not have the secret key. */
2178 else if (cmds[i].desc)
2179 tty_printf ("%-11s %s\n", cmds[i].name, _(cmds[i].desc));
2184 (_("* The 'sign' command may be prefixed with an 'l' for local "
2185 "signatures (lsign),\n"
2186 " a 't' for trust signatures (tsign), an 'nr' for "
2187 "non-revocable signatures\n"
2188 " (nrsign), or any combination thereof (ltsign, "
2189 "tnrsign, etc.).\n"));
2197 show_key_and_fingerprint
2198 (keyblock, (*arg_string == '*'
2199 && (!arg_string[1] || spacep (arg_string + 1))));
2203 show_key_and_grip (keyblock);
2207 if (strlen (arg_string) == NAMEHASH_LEN * 2)
2208 redisplay = menu_select_uid_namehash (keyblock, arg_string);
2211 if (*arg_string == '*'
2212 && (!arg_string[1] || spacep (arg_string + 1)))
2213 arg_number = -1; /* Select all. */
2214 redisplay = menu_select_uid (keyblock, arg_number);
2220 if (*arg_string == '*'
2221 && (!arg_string[1] || spacep (arg_string + 1)))
2222 arg_number = -1; /* Select all. */
2223 if (menu_select_key (keyblock, arg_number, p))
2229 if (check_all_keysigs (keyblock, count_selected_uids (keyblock),
2230 !strcmp (arg_string, "selfsig")))
2236 int localsig = 0, nonrevokesig = 0, trustsig = 0, interactive = 0;
2238 if (pk->flags.revoked)
2240 tty_printf (_("Key is revoked."));
2245 if (!cpr_get_answer_is_yes
2246 ("keyedit.sign_revoked.okay",
2247 _("Are you sure you still want to sign it? (y/N) ")))
2252 tty_printf (_(" Unable to sign.\n"));
2257 if (count_uids (keyblock) > 1 && !count_selected_uids (keyblock))
2260 if (opt.only_sign_text_ids)
2261 result = cpr_get_answer_is_yes
2262 ("keyedit.sign_all.okay",
2263 _("Really sign all user IDs? (y/N) "));
2265 result = cpr_get_answer_is_yes
2266 ("keyedit.sign_all.okay",
2267 _("Really sign all text user IDs? (y/N) "));
2271 if (opt.interactive)
2275 tty_printf (_("Hint: Select the user IDs to sign\n"));
2282 /* What sort of signing are we doing? */
2283 if (!parse_sign_type
2284 (answer, &localsig, &nonrevokesig, &trustsig))
2286 tty_printf (_("Unknown signature type '%s'\n"), answer);
2290 sign_uids (ctrl, NULL, keyblock, locusr, &modified,
2291 localsig, nonrevokesig, trustsig, interactive, 0);
2296 dump_kbnode (keyblock);
2300 /* The toggle command is a leftover from old gpg versions
2301 where we worked with a secret and a public keyring. It
2302 is not necessary anymore but we keep this command for the
2303 sake of scripts using it. */
2310 tty_printf (_("This command is not allowed while in %s mode.\n"),
2311 compliance_option_string ());
2317 if (menu_adduid (ctrl, keyblock, photo, arg_string, NULL))
2322 merge_keys_and_selfsig (keyblock);
2330 if (!(n1 = count_selected_uids (keyblock)))
2332 tty_printf (_("You must select at least one user ID.\n"));
2334 tty_printf (_("(Use the '%s' command.)\n"), "uid");
2336 else if (real_uids_left (keyblock) < 1)
2337 tty_printf (_("You can't delete the last user ID!\n"));
2338 else if (cpr_get_answer_is_yes
2339 ("keyedit.remove.uid.okay",
2340 n1 > 1 ? _("Really remove all selected user IDs? (y/N) ")
2341 : _("Really remove this user ID? (y/N) ")))
2343 menu_deluid (keyblock);
2354 if (!(n1 = count_selected_uids (keyblock)))
2356 tty_printf (_("You must select at least one user ID.\n"));
2358 tty_printf (_("(Use the '%s' command.)\n"), "uid");
2360 else if (menu_delsig (keyblock))
2362 /* No redisplay here, because it may scroll away some
2363 * of the status output of this command. */
2370 if (!generate_subkeypair (ctrl, keyblock, NULL, NULL, NULL))
2374 merge_keys_and_selfsig (keyblock);
2378 #ifdef ENABLE_CARD_SUPPORT
2380 if (!card_generate_subkey (keyblock))
2384 merge_keys_and_selfsig (keyblock);
2391 switch (count_selected_keys (keyblock))
2394 if (cpr_get_answer_is_yes
2395 ("keyedit.keytocard.use_primary",
2396 /* TRANSLATORS: Please take care: This is about
2397 moving the key and not about removing it. */
2398 _("Really move the primary key? (y/N) ")))
2402 for (node = keyblock; node; node = node->next)
2404 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
2405 && node->flag & NODFLG_SELKEY)
2410 tty_printf (_("You must select exactly one key.\n"));
2415 PKT_public_key *xxpk = node->pkt->pkt.public_key;
2416 if (card_store_subkey (node, xxpk ? xxpk->pubkey_usage : 0))
2427 /* Ask for a filename, check whether this is really a
2428 backup key as generated by the card generation, parse
2429 that key and store it on card. */
2437 tty_printf (_("Command expects a filename argument\n"));
2441 if (*arg_string == DIRSEP_C)
2442 fname = xstrdup (arg_string);
2443 else if (*arg_string == '~')
2444 fname = make_filename (arg_string, NULL);
2446 fname = make_filename (gnupg_homedir (), arg_string, NULL);
2448 /* Open that file. */
2449 a = iobuf_open (fname);
2450 if (a && is_secured_file (iobuf_get_fd (a)))
2454 gpg_err_set_errno (EPERM);
2458 tty_printf (_("Can't open '%s': %s\n"),
2459 fname, strerror (errno));
2464 /* Parse and check that file. */
2465 pkt = xmalloc (sizeof *pkt);
2467 err = parse_packet (a, pkt);
2469 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char *) fname);
2470 if (!err && pkt->pkttype != PKT_SECRET_KEY
2471 && pkt->pkttype != PKT_SECRET_SUBKEY)
2472 err = GPG_ERR_NO_SECKEY;
2475 tty_printf (_("Error reading backup key from '%s': %s\n"),
2476 fname, gpg_strerror (err));
2484 node = new_kbnode (pkt);
2486 /* Transfer it to gpg-agent which handles secret keys. */
2487 err = transfer_secret_keys (ctrl, NULL, node, 1, 1);
2489 /* Treat the pkt as a public key. */
2490 pkt->pkttype = PKT_PUBLIC_KEY;
2492 /* Ask gpg-agent to store the secret key to card. */
2493 if (card_store_subkey (node, 0))
2498 release_kbnode (node);
2502 #endif /* ENABLE_CARD_SUPPORT */
2508 if (!(n1 = count_selected_keys (keyblock)))
2510 tty_printf (_("You must select at least one key.\n"));
2512 tty_printf (_("(Use the '%s' command.)\n"), "key");
2514 else if (!cpr_get_answer_is_yes
2515 ("keyedit.remove.subkey.okay",
2516 n1 > 1 ? _("Do you really want to delete the "
2517 "selected keys? (y/N) ")
2518 : _("Do you really want to delete this key? (y/N) ")))
2522 menu_delkey (keyblock);
2533 if (ascii_strcasecmp (arg_string, "sensitive") == 0)
2535 if (menu_addrevoker (ctrl, keyblock, sensitive))
2539 merge_keys_and_selfsig (keyblock);
2548 if (!(n1 = count_selected_uids (keyblock)))
2550 tty_printf (_("You must select at least one user ID.\n"));
2552 tty_printf (_("(Use the '%s' command.)\n"), "uid");
2554 else if (cpr_get_answer_is_yes
2555 ("keyedit.revoke.uid.okay",
2556 n1 > 1 ? _("Really revoke all selected user IDs? (y/N) ")
2557 : _("Really revoke this user ID? (y/N) ")))
2559 if (menu_revuid (ctrl, keyblock))
2572 if (!(n1 = count_selected_keys (keyblock)))
2574 if (cpr_get_answer_is_yes ("keyedit.revoke.subkey.okay",
2575 _("Do you really want to revoke"
2576 " the entire key? (y/N) ")))
2578 if (menu_revkey (keyblock))
2584 else if (cpr_get_answer_is_yes ("keyedit.revoke.subkey.okay",
2586 _("Do you really want to revoke"
2587 " the selected subkeys? (y/N) ")
2588 : _("Do you really want to revoke"
2589 " this subkey? (y/N) ")))
2591 if (menu_revsubkey (keyblock))
2598 merge_keys_and_selfsig (keyblock);
2603 if (gpg_err_code (menu_expire (keyblock, 0, 0)) == GPG_ERR_TRUE)
2605 merge_keys_and_selfsig (keyblock);
2606 run_subkey_warnings = 1;
2612 case cmdCHANGEUSAGE:
2613 if (menu_changeusage (keyblock))
2615 merge_keys_and_selfsig (keyblock);
2622 if (menu_backsign (keyblock))
2630 if (menu_set_primary_uid (keyblock))
2632 merge_keys_and_selfsig (keyblock);
2639 change_passphrase (ctrl, keyblock);
2642 #ifndef NO_TRUST_MODELS
2644 if (opt.trust_model == TM_EXTERNAL)
2646 tty_printf (_("Owner trust may not be set while "
2647 "using a user provided trust database\n"));
2651 show_key_with_all_names (ctrl, NULL, keyblock, 0, 0, 0, 1, 0, 0);
2653 if (edit_ownertrust (ctrl, find_kbnode (keyblock,
2654 PKT_PUBLIC_KEY)->pkt->pkt.
2658 /* No real need to set update_trust here as
2659 edit_ownertrust() calls revalidation_mark()
2664 #endif /*!NO_TRUST_MODELS*/
2668 int count = count_selected_uids (keyblock);
2669 log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
2670 show_names (ctrl, NULL, keyblock, keyblock->pkt->pkt.public_key,
2671 count ? NODFLG_SELUID : 0, 1);
2677 int count = count_selected_uids (keyblock);
2678 log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
2679 show_names (ctrl, NULL, keyblock, keyblock->pkt->pkt.public_key,
2680 count ? NODFLG_SELUID : 0, 2);
2686 PKT_user_id *tempuid;
2688 keygen_set_std_prefs (!*arg_string ? "default" : arg_string, 0);
2690 tempuid = keygen_get_std_prefs ();
2691 tty_printf (_("Set preference list to:\n"));
2692 show_prefs (tempuid, NULL, 1);
2693 free_user_id (tempuid);
2695 if (cpr_get_answer_is_yes
2696 ("keyedit.setpref.okay",
2697 count_selected_uids (keyblock) ?
2698 _("Really update the preferences"
2699 " for the selected user IDs? (y/N) ")
2700 : _("Really update the preferences? (y/N) ")))
2702 if (menu_set_preferences (keyblock))
2704 merge_keys_and_selfsig (keyblock);
2713 if (menu_set_keyserver_url (*arg_string ? arg_string : NULL,
2716 merge_keys_and_selfsig (keyblock);
2723 if (menu_set_notation (*arg_string ? arg_string : NULL,
2726 merge_keys_and_selfsig (keyblock);
2736 if (menu_revsig (keyblock))
2743 #ifndef NO_TRUST_MODELS
2746 if (enable_disable_key (keyblock, cmd == cmdDISABLEKEY))
2752 #endif /*!NO_TRUST_MODELS*/
2755 menu_showphoto (ctrl, keyblock);
2759 if (menu_clean (keyblock, 0))
2760 redisplay = modified = 1;
2764 if (menu_clean (keyblock, 1))
2765 redisplay = modified = 1;
2771 if (!modified && !sec_shadowing)
2773 if (!cpr_get_answer_is_yes ("keyedit.save.okay",
2774 _("Save changes? (y/N) ")))
2777 || cpr_get_answer_is_yes ("keyedit.cancel.okay",
2778 _("Quit without saving? (y/N) ")))
2786 err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
2789 log_error (_("update failed: %s\n"), gpg_strerror (err));
2796 err = agent_scd_learn (NULL, 1);
2799 log_error (_("update failed: %s\n"), gpg_strerror (err));
2804 if (!modified && !sec_shadowing)
2805 tty_printf (_("Key not changed so no update needed.\n"));
2809 revalidation_mark ();
2817 tty_printf (_("Invalid command (try \"help\")\n"));
2820 } /* End of the main command loop. */
2823 release_kbnode (keyblock);
2824 keydb_release (kdbhd);
2829 /* Change the passphrase of the secret key identified by USERNAME. */
2831 keyedit_passwd (ctrl_t ctrl, const char *username)
2835 kbnode_t keyblock = NULL;
2837 pk = xtrycalloc (1, sizeof *pk);
2840 err = gpg_error_from_syserror ();
2843 err = getkey_byname (ctrl, NULL, pk, username, 1, &keyblock);
2847 err = change_passphrase (ctrl, keyblock);
2850 release_kbnode (keyblock);
2851 free_public_key (pk);
2854 log_info ("error changing the passphrase for '%s': %s\n",
2855 username, gpg_strerror (err));
2856 write_status_error ("keyedit.passwd", err);
2859 write_status_text (STATUS_SUCCESS, "keyedit.passwd");
2863 /* Unattended adding of a new keyid. USERNAME specifies the
2864 key. NEWUID is the new user id to add to the key. */
2866 keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid)
2869 KEYDB_HANDLE kdbhd = NULL;
2870 KEYDB_SEARCH_DESC desc;
2871 kbnode_t keyblock = NULL;
2873 char *uidstring = NULL;
2875 uidstring = xstrdup (newuid);
2876 trim_spaces (uidstring);
2879 log_error ("%s\n", gpg_strerror (GPG_ERR_INV_USER_ID));
2883 #ifdef HAVE_W32_SYSTEM
2884 /* See keyedit_menu for why we need this. */
2885 check_trustdb_stale (ctrl);
2888 /* Search the key; we don't want the whole getkey stuff here. */
2889 kdbhd = keydb_new ();
2892 /* Note that keydb_new has already used log_error. */
2896 err = classify_user_id (username, &desc, 1);
2898 err = keydb_search (kdbhd, &desc, 1, NULL);
2901 err = keydb_get_keyblock (kdbhd, &keyblock);
2904 log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
2907 /* Now with the keyblock retrieved, search again to detect an
2908 ambiguous specification. We need to save the found state so
2909 that we can do an update later. */
2910 keydb_push_found_state (kdbhd);
2911 err = keydb_search (kdbhd, &desc, 1, NULL);
2913 err = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
2914 else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
2916 keydb_pop_found_state (kdbhd);
2920 /* We require the secret primary key to add a UID. */
2921 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
2924 err = agent_probe_secret_key (ctrl, node->pkt->pkt.public_key);
2929 log_error (_("secret key \"%s\" not found: %s\n"),
2930 username, gpg_strerror (err));
2934 fix_keyblock (&keyblock);
2936 merge_keys_and_selfsig (keyblock);
2938 if (menu_adduid (ctrl, keyblock, 0, NULL, uidstring))
2940 err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
2943 log_error (_("update failed: %s\n"), gpg_strerror (err));
2948 revalidation_mark ();
2953 release_kbnode (keyblock);
2954 keydb_release (kdbhd);
2957 /* Unattended revocation of a keyid. USERNAME specifies the
2958 key. UIDTOREV is the user id revoke from the key. */
2960 keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev)
2963 KEYDB_HANDLE kdbhd = NULL;
2964 KEYDB_SEARCH_DESC desc;
2965 kbnode_t keyblock = NULL;
2970 #ifdef HAVE_W32_SYSTEM
2971 /* See keyedit_menu for why we need this. */
2972 check_trustdb_stale (ctrl);
2975 /* Search the key; we don't want the whole getkey stuff here. */
2976 kdbhd = keydb_new ();
2979 /* Note that keydb_new has already used log_error. */
2983 err = classify_user_id (username, &desc, 1);
2985 err = keydb_search (kdbhd, &desc, 1, NULL);
2988 err = keydb_get_keyblock (kdbhd, &keyblock);
2991 log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
2994 /* Now with the keyblock retrieved, search again to detect an
2995 ambiguous specification. We need to save the found state so
2996 that we can do an update later. */
2997 keydb_push_found_state (kdbhd);
2998 err = keydb_search (kdbhd, &desc, 1, NULL);
3000 err = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
3001 else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
3003 keydb_pop_found_state (kdbhd);
3007 /* We require the secret primary key to revoke a UID. */
3008 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
3011 err = agent_probe_secret_key (ctrl, node->pkt->pkt.public_key);
3016 log_error (_("secret key \"%s\" not found: %s\n"),
3017 username, gpg_strerror (err));
3021 fix_keyblock (&keyblock);
3022 setup_main_keyids (keyblock);
3024 revlen = strlen (uidtorev);
3025 /* find the right UID */
3026 for (node = keyblock; node; node = node->next)
3028 if (node->pkt->pkttype == PKT_USER_ID
3029 && revlen == node->pkt->pkt.user_id->len
3030 && !memcmp (node->pkt->pkt.user_id->name, uidtorev, revlen))
3032 struct revocation_reason_info *reason;
3034 reason = get_default_uid_revocation_reason ();
3035 err = core_revuid (ctrl, keyblock, node, reason, &modified);
3036 release_revocation_reason_info (reason);
3039 log_error (_("User ID revocation failed: %s\n"),
3040 gpg_strerror (err));
3043 err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
3046 log_error (_("update failed: %s\n"), gpg_strerror (err));
3051 revalidation_mark ();
3056 log_error (_("User ID revocation failed: %s\n"), gpg_strerror (GPG_ERR_NOT_FOUND));
3059 release_kbnode (keyblock);
3060 keydb_release (kdbhd);
3064 /* Find a keyblock by fingerprint because only this uniquely
3065 * identifies a key and may thus be used to select a key for
3066 * unattended subkey creation os key signing. */
3068 find_by_primary_fpr (ctrl_t ctrl, const char *fpr,
3069 kbnode_t *r_keyblock, KEYDB_HANDLE *r_kdbhd)
3072 kbnode_t keyblock = NULL;
3073 KEYDB_HANDLE kdbhd = NULL;
3074 KEYDB_SEARCH_DESC desc;
3075 byte fprbin[MAX_FINGERPRINT_LEN];
3081 if (classify_user_id (fpr, &desc, 1)
3082 || !(desc.mode == KEYDB_SEARCH_MODE_FPR
3083 || desc.mode == KEYDB_SEARCH_MODE_FPR16
3084 || desc.mode == KEYDB_SEARCH_MODE_FPR20))
3086 log_error (_("\"%s\" is not a fingerprint\n"), fpr);
3087 err = gpg_error (GPG_ERR_INV_NAME);
3090 err = get_pubkey_byname (ctrl, NULL, NULL, fpr, &keyblock, &kdbhd, 1, 1);
3093 log_error (_("key \"%s\" not found: %s\n"), fpr, gpg_strerror (err));
3097 /* Check that the primary fingerprint has been given. */
3098 fingerprint_from_pk (keyblock->pkt->pkt.public_key, fprbin, &fprlen);
3099 if (fprlen == 16 && desc.mode == KEYDB_SEARCH_MODE_FPR16
3100 && !memcmp (fprbin, desc.u.fpr, 16))
3102 else if (fprlen == 16 && desc.mode == KEYDB_SEARCH_MODE_FPR
3103 && !memcmp (fprbin, desc.u.fpr, 16)
3109 else if (fprlen == 20 && (desc.mode == KEYDB_SEARCH_MODE_FPR20
3110 || desc.mode == KEYDB_SEARCH_MODE_FPR)
3111 && !memcmp (fprbin, desc.u.fpr, 20))
3115 log_error (_("\"%s\" is not the primary fingerprint\n"), fpr);
3116 err = gpg_error (GPG_ERR_INV_NAME);
3120 *r_keyblock = keyblock;
3127 release_kbnode (keyblock);
3128 keydb_release (kdbhd);
3133 /* Unattended key signing function. If the key specifified by FPR is
3134 available and FPR is the primary fingerprint all user ids of the
3135 key are signed using the default signing key. If UIDS is an empty
3136 list all usable UIDs are signed, if it is not empty, only those
3137 user ids matching one of the entries of the list are signed. With
3138 LOCAL being true the signatures are marked as non-exportable. */
3140 keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids,
3141 strlist_t locusr, int local)
3144 kbnode_t keyblock = NULL;
3145 KEYDB_HANDLE kdbhd = NULL;
3152 #ifdef HAVE_W32_SYSTEM
3153 /* See keyedit_menu for why we need this. */
3154 check_trustdb_stale (ctrl);
3157 /* We require a fingerprint because only this uniquely identifies a
3158 key and may thus be used to select a key for unattended key
3160 if (find_by_primary_fpr (ctrl, fpr, &keyblock, &kdbhd))
3163 if (fix_keyblock (&keyblock))
3166 /* Give some info in verbose. */
3169 show_key_with_all_names (ctrl, es_stdout, keyblock, 0,
3170 1/*with_revoker*/, 1/*with_fingerprint*/,
3172 es_fflush (es_stdout);
3175 pk = keyblock->pkt->pkt.public_key;
3176 if (pk->flags.revoked)
3179 show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1);
3180 log_error ("%s%s", _("Key is revoked."), _(" Unable to sign.\n"));
3184 /* Set the flags according to the UIDS list. Fixme: We may want to
3185 use classify_user_id along with dedicated compare functions so
3186 that we match the same way as in the key lookup. */
3188 menu_select_uid (keyblock, 0); /* Better clear the flags first. */
3189 for (sl=uids; sl; sl = sl->next)
3191 const char *name = sl->d;
3194 sl->flags &= ~(1|2); /* Clear flags used for error reporting. */
3196 for (node = keyblock; node; node = node->next)
3198 if (node->pkt->pkttype == PKT_USER_ID)
3200 PKT_user_id *uid = node->pkt->pkt.user_id;
3202 if (uid->attrib_data)
3204 else if (*name == '='
3205 && strlen (name+1) == uid->len
3206 && !memcmp (uid->name, name + 1, uid->len))
3207 { /* Exact match - we don't do a check for ambiguity
3209 node->flag |= NODFLG_SELUID;
3212 sl->flags |= 1; /* Report as found. */
3216 else if (ascii_memistr (uid->name, uid->len,
3217 *name == '*'? name+1:name))
3219 node->flag |= NODFLG_SELUID;
3222 sl->flags |= 1; /* Report as found. */
3232 any = -1; /* Force failure at end. */
3233 sl->flags |= 2; /* Report as ambiguous. */
3237 /* Check whether all given user ids were found. */
3238 for (sl=uids; sl; sl = sl->next)
3239 if (!(sl->flags & 1))
3240 any = -1; /* That user id was not found. */
3242 /* Print an error if there was a problem with the user ids. */
3243 if (uids && any < 1)
3246 show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1);
3247 es_fflush (es_stdout);
3248 for (sl=uids; sl; sl = sl->next)
3250 if ((sl->flags & 2))
3251 log_info (_("Invalid user ID '%s': %s\n"),
3252 sl->d, gpg_strerror (GPG_ERR_AMBIGUOUS_NAME));
3253 else if (!(sl->flags & 1))
3254 log_info (_("Invalid user ID '%s': %s\n"),
3255 sl->d, gpg_strerror (GPG_ERR_NOT_FOUND));
3257 log_error ("%s %s", _("No matching user IDs."), _("Nothing to sign.\n"));
3262 sign_uids (ctrl, es_stdout, keyblock, locusr, &modified, local, 0, 0, 0, 1);
3263 es_fflush (es_stdout);
3267 err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
3270 log_error (_("update failed: %s\n"), gpg_strerror (err));
3275 log_info (_("Key not changed so no update needed.\n"));
3278 revalidation_mark ();
3282 release_kbnode (keyblock);
3283 keydb_release (kdbhd);
3287 /* Unattended subkey creation function.
3291 keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr,
3292 const char *usagestr, const char *expirestr)
3300 #ifdef HAVE_W32_SYSTEM
3301 /* See keyedit_menu for why we need this. */
3302 check_trustdb_stale (ctrl);
3305 /* We require a fingerprint because only this uniquely identifies a
3306 * key and may thus be used to select a key for unattended subkey
3308 if (find_by_primary_fpr (ctrl, fpr, &keyblock, &kdbhd))
3311 if (fix_keyblock (&keyblock))
3314 pk = keyblock->pkt->pkt.public_key;
3315 if (pk->flags.revoked)
3318 show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1);
3319 log_error ("%s%s", _("Key is revoked."), "\n");
3323 /* Create the subkey. Note that the called function already prints
3324 * an error message. */
3325 if (!generate_subkeypair (ctrl, keyblock, algostr, usagestr, expirestr))
3327 es_fflush (es_stdout);
3332 err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
3335 log_error (_("update failed: %s\n"), gpg_strerror (err));
3340 log_info (_("Key not changed so no update needed.\n"));
3343 release_kbnode (keyblock);
3344 keydb_release (kdbhd);
3348 /* Unattended expiration setting function for the main key.
3352 keyedit_quick_set_expire (ctrl_t ctrl, const char *fpr, const char *expirestr)
3361 #ifdef HAVE_W32_SYSTEM
3362 /* See keyedit_menu for why we need this. */
3363 check_trustdb_stale (ctrl);
3366 /* We require a fingerprint because only this uniquely identifies a
3367 * key and may thus be used to select a key for unattended
3368 * expiration setting. */
3369 err = find_by_primary_fpr (ctrl, fpr, &keyblock, &kdbhd);
3373 if (fix_keyblock (&keyblock))
3376 pk = keyblock->pkt->pkt.public_key;
3377 if (pk->flags.revoked)
3380 show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1);
3381 log_error ("%s%s", _("Key is revoked."), "\n");
3382 err = gpg_error (GPG_ERR_CERT_REVOKED);
3387 expire = parse_expire_string (expirestr);
3388 if (expire == (u32)-1 )
3390 log_error (_("'%s' is not a valid expiration time\n"), expirestr);
3391 err = gpg_error (GPG_ERR_INV_VALUE);
3395 expire += make_timestamp ();
3397 /* Set the new expiration date. */
3398 err = menu_expire (keyblock, 1, expire);
3399 if (gpg_err_code (err) == GPG_ERR_TRUE)
3403 es_fflush (es_stdout);
3408 err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
3411 log_error (_("update failed: %s\n"), gpg_strerror (err));
3415 revalidation_mark ();
3418 log_info (_("Key not changed so no update needed.\n"));
3421 release_kbnode (keyblock);
3422 keydb_release (kdbhd);
3424 write_status_error ("set_expire", err);
3430 tty_print_notations (int indent, PKT_signature * sig)
3433 struct notation *notation, *nd;
3441 notation = sig_to_notation (sig);
3443 for (nd = notation; nd; nd = nd->next)
3446 tty_printf ("%*s", indent, "");
3450 tty_print_utf8_string (nd->name, strlen (nd->name));
3452 tty_print_utf8_string (nd->value, strlen (nd->value));
3456 free_notation (notation);
3461 * Show preferences of a public keyblock.
3464 show_prefs (PKT_user_id * uid, PKT_signature * selfsig, int verbose)
3466 const prefitem_t fake = { 0, 0 };
3467 const prefitem_t *prefs;
3482 int any, des_seen = 0, sha1_seen = 0, uncomp_seen = 0;
3485 tty_printf (_("Cipher: "));
3486 for (i = any = 0; prefs[i].type; i++)
3488 if (prefs[i].type == PREFTYPE_SYM)
3493 /* We don't want to display strings for experimental algos */
3494 if (!openpgp_cipher_test_algo (prefs[i].value)
3495 && prefs[i].value < 100)
3496 tty_printf ("%s", openpgp_cipher_algo_name (prefs[i].value));
3498 tty_printf ("[%d]", prefs[i].value);
3499 if (prefs[i].value == CIPHER_ALGO_3DES)
3507 tty_printf ("%s", openpgp_cipher_algo_name (CIPHER_ALGO_3DES));
3510 tty_printf (_("Digest: "));
3511 for (i = any = 0; prefs[i].type; i++)
3513 if (prefs[i].type == PREFTYPE_HASH)
3518 /* We don't want to display strings for experimental algos */
3519 if (!gcry_md_test_algo (prefs[i].value) && prefs[i].value < 100)
3520 tty_printf ("%s", gcry_md_algo_name (prefs[i].value));
3522 tty_printf ("[%d]", prefs[i].value);
3523 if (prefs[i].value == DIGEST_ALGO_SHA1)
3531 tty_printf ("%s", gcry_md_algo_name (DIGEST_ALGO_SHA1));
3534 tty_printf (_("Compression: "));
3535 for (i = any = 0; prefs[i].type; i++)
3537 if (prefs[i].type == PREFTYPE_ZIP)
3539 const char *s = compress_algo_to_string (prefs[i].value);
3544 /* We don't want to display strings for experimental algos */
3545 if (s && prefs[i].value < 100)
3546 tty_printf ("%s", s);
3548 tty_printf ("[%d]", prefs[i].value);
3549 if (prefs[i].value == COMPRESS_ALGO_NONE)
3559 tty_printf ("%s", compress_algo_to_string (COMPRESS_ALGO_ZIP));
3562 tty_printf ("%s", compress_algo_to_string (COMPRESS_ALGO_NONE));
3564 if (uid->flags.mdc || !uid->flags.ks_modify)
3567 tty_printf (_("Features: "));
3574 if (!uid->flags.ks_modify)
3578 tty_printf (_("Keyserver no-modify"));
3585 const byte *pref_ks;
3588 pref_ks = parse_sig_subpkt (selfsig->hashed,
3589 SIGSUBPKT_PREF_KS, &pref_ks_len);
3590 if (pref_ks && pref_ks_len)
3593 tty_printf (_("Preferred keyserver: "));
3594 tty_print_utf8_string (pref_ks, pref_ks_len);
3598 if (selfsig->flags.notation)
3601 tty_printf (_("Notations: "));
3602 tty_print_notations (5 + strlen (_("Notations: ")), selfsig);
3609 for (i = 0; prefs[i].type; i++)
3611 tty_printf (" %c%d", prefs[i].type == PREFTYPE_SYM ? 'S' :
3612 prefs[i].type == PREFTYPE_HASH ? 'H' :
3613 prefs[i].type == PREFTYPE_ZIP ? 'Z' : '?',
3617 tty_printf (" [mdc]");
3618 if (!uid->flags.ks_modify)
3619 tty_printf (" [no-ks-modify]");
3625 /* This is the version of show_key_with_all_names used when
3626 opt.with_colons is used. It prints all available data in a easy to
3627 parse format and does not translate utf8 */
3629 show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
3632 int i, j, ulti_hack = 0;
3633 byte pk_version = 0;
3634 PKT_public_key *primary = NULL;
3641 for (node = keyblock; node; node = node->next)
3643 if (node->pkt->pkttype == PKT_PUBLIC_KEY
3644 || (node->pkt->pkttype == PKT_PUBLIC_SUBKEY))
3646 PKT_public_key *pk = node->pkt->pkt.public_key;
3649 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
3651 pk_version = pk->version;
3655 keyid_from_pk (pk, keyid);
3656 have_seckey = !agent_probe_secret_key (ctrl, pk);
3658 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
3659 es_fputs (have_seckey? "sec:" : "pub:", fp);
3661 es_fputs (have_seckey? "ssb:" : "sub:", fp);
3663 if (!pk->flags.valid)
3665 else if (pk->flags.revoked)
3667 else if (pk->has_expired)
3669 else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks))
3671 int trust = get_validity_info (ctrl, keyblock, pk, NULL);
3674 es_putc (trust, fp);
3677 es_fprintf (fp, ":%u:%d:%08lX%08lX:%lu:%lu::",
3680 (ulong) keyid[0], (ulong) keyid[1],
3681 (ulong) pk->timestamp, (ulong) pk->expiredate);
3682 if (node->pkt->pkttype == PKT_PUBLIC_KEY
3683 && !(opt.fast_list_mode || opt.no_expensive_trust_checks))
3684 es_putc (get_ownertrust_info (pk), fp);
3688 /* Print capabilities. */
3689 if ((pk->pubkey_usage & PUBKEY_USAGE_ENC))
3691 if ((pk->pubkey_usage & PUBKEY_USAGE_SIG))
3693 if ((pk->pubkey_usage & PUBKEY_USAGE_CERT))
3695 if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
3699 print_fingerprint (fp, pk, 0);
3700 print_revokers (fp, pk);
3706 for (node = keyblock; node; node = node->next)
3708 if (node->pkt->pkttype == PKT_USER_ID)
3710 PKT_user_id *uid = node->pkt->pkt.user_id;
3714 if (uid->attrib_data)
3715 es_fputs ("uat:", fp);
3717 es_fputs ("uid:", fp);
3719 if (uid->is_revoked)
3720 es_fputs ("r::::::::", fp);
3721 else if (uid->is_expired)
3722 es_fputs ("e::::::::", fp);
3723 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
3724 es_fputs ("::::::::", fp);
3729 if (primary && !ulti_hack)
3730 uid_validity = get_validity_info (ctrl, keyblock, primary, uid);
3733 es_fprintf (fp, "%c::::::::", uid_validity);
3736 if (uid->attrib_data)
3737 es_fprintf (fp, "%u %lu", uid->numattribs, uid->attrib_len);
3739 es_write_sanitized (fp, uid->name, uid->len, ":", NULL);
3742 /* signature class */
3747 if (pk_version > 3 || uid->selfsigversion > 3)
3749 const prefitem_t *prefs = uid->prefs;
3751 for (j = 0; prefs && prefs[j].type; j++)
3756 "%c%d", prefs[j].type == PREFTYPE_SYM ? 'S' :
3757 prefs[j].type == PREFTYPE_HASH ? 'H' :
3758 prefs[j].type == PREFTYPE_ZIP ? 'Z' : '?',
3762 es_fputs (",mdc", fp);
3763 if (!uid->flags.ks_modify)
3764 es_fputs (",no-ks-modify", fp);
3768 es_fprintf (fp, "%d,", i);
3769 if (uid->is_primary)
3771 if (uid->is_revoked)
3773 if (uid->is_expired)
3775 if ((node->flag & NODFLG_SELUID))
3777 if ((node->flag & NODFLG_MARK_A))
3780 if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
3783 enum tofu_policy policy;
3784 if (! tofu_get_policy (ctrl, primary, uid, &policy)
3785 && policy != TOFU_POLICY_NONE)
3786 es_fprintf (fp, "%s", tofu_policy_str (policy));
3797 show_names (ctrl_t ctrl, estream_t fp,
3798 kbnode_t keyblock, PKT_public_key * pk, unsigned int flag,
3804 for (node = keyblock; node; node = node->next)
3806 if (node->pkt->pkttype == PKT_USER_ID && !is_deleted_kbnode (node))
3808 PKT_user_id *uid = node->pkt->pkt.user_id;
3810 if (!flag || (flag && (node->flag & flag)))
3812 if (!(flag & NODFLG_MARK_A) && pk)
3813 tty_fprintf (fp, "%s ", uid_trust_string_fixed (ctrl, pk, uid));
3815 if (flag & NODFLG_MARK_A)
3816 tty_fprintf (fp, " ");
3817 else if (node->flag & NODFLG_SELUID)
3818 tty_fprintf (fp, "(%d)* ", i);
3819 else if (uid->is_primary)
3820 tty_fprintf (fp, "(%d). ", i);
3822 tty_fprintf (fp, "(%d) ", i);
3823 tty_print_utf8_string2 (fp, uid->name, uid->len, 0);
3824 tty_fprintf (fp, "\n");
3825 if (with_prefs && pk)
3827 if (pk->version > 3 || uid->selfsigversion > 3)
3829 PKT_signature *selfsig = NULL;
3832 for (signode = node->next;
3833 signode && signode->pkt->pkttype == PKT_SIGNATURE;
3834 signode = signode->next)
3836 if (signode->pkt->pkt.signature->
3837 flags.chosen_selfsig)
3839 selfsig = signode->pkt->pkt.signature;
3844 show_prefs (uid, selfsig, with_prefs == 2);
3847 tty_fprintf (fp, _("There are no preferences on a"
3848 " PGP 2.x-style user ID.\n"));
3857 * Display the key a the user ids, if only_marked is true, do only so
3858 * for user ids with mark A flag set and do not display the index
3859 * number. If FP is not NULL print to the given stream and not to the
3860 * tty (ignored in with-colons mode).
3863 show_key_with_all_names (ctrl_t ctrl, estream_t fp,
3864 KBNODE keyblock, int only_marked, int with_revoker,
3865 int with_fpr, int with_subkeys, int with_prefs,
3872 int have_seckey = 0;
3873 char *serialno = NULL;
3874 PKT_public_key *primary = NULL;
3875 char pkstrbuf[PUBKEY_STRING_SIZE];
3877 if (opt.with_colons)
3879 show_key_with_all_names_colon (ctrl, fp, keyblock);
3884 for (node = keyblock; node; node = node->next)
3886 if (node->pkt->pkttype == PKT_PUBLIC_KEY
3887 || (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY
3888 && !is_deleted_kbnode (node)))
3890 PKT_public_key *pk = node->pkt->pkt.public_key;
3891 const char *otrust = "err";
3892 const char *trust = "err";
3894 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
3896 /* do it here, so that debug messages don't clutter the
3898 static int did_warn = 0;
3900 trust = get_validity_string (ctrl, pk, NULL);
3901 otrust = get_ownertrust_string (pk);
3903 /* Show a warning once */
3905 && (get_validity (ctrl, keyblock, pk, NULL, NULL, 0)
3906 & TRUST_FLAG_PENDING_CHECK))
3915 if (pk->flags.revoked)
3917 char *user = get_user_id_string_native (pk->revoked.keyid);
3919 _("The following key was revoked on"
3920 " %s by %s key %s\n"),
3921 revokestr_from_pk (pk),
3922 gcry_pk_algo_name (pk->revoked.algo), user);
3928 if (!pk->revkey && pk->numrevkeys)
3931 for (i = 0; i < pk->numrevkeys; i++)
3937 algo = gcry_pk_algo_name (pk->revkey[i].algid);
3938 keyid_from_fingerprint (pk->revkey[i].fpr,
3939 MAX_FINGERPRINT_LEN, r_keyid);
3941 user = get_user_id_string_native (r_keyid);
3943 _("This key may be revoked by %s key %s"),
3944 algo ? algo : "?", user);
3946 if (pk->revkey[i].class & 0x40)
3948 tty_fprintf (fp, " ");
3949 tty_fprintf (fp, _("(sensitive)"));
3952 tty_fprintf (fp, "\n");
3957 keyid_from_pk (pk, NULL);
3964 err = hexkeygrip_from_pk (pk, &hexgrip);
3967 log_error ("error computing a keygrip: %s\n",
3968 gpg_strerror (err));
3972 have_seckey = !agent_get_keyinfo (ctrl, hexgrip, &serialno, NULL);
3978 node->pkt->pkttype == PKT_PUBLIC_KEY && have_seckey? "sec" :
3979 node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub" :
3980 have_seckey ? "ssb" :
3982 (node->flag & NODFLG_SELKEY) ? '*' : ' ',
3983 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
3984 keystr (pk->keyid));
3986 if (opt.legacy_list_mode)
3987 tty_fprintf (fp, " ");
3989 tty_fprintf (fp, "\n ");
3991 tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
3992 tty_fprintf (fp, " ");
3993 if (pk->flags.revoked)
3994 tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk));
3995 else if (pk->has_expired)
3996 tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk));
3998 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
3999 tty_fprintf (fp, " ");
4000 tty_fprintf (fp, _("usage: %s"), usagestr_from_pk (pk, 1));
4001 tty_fprintf (fp, "\n");
4005 /* The agent told us that a secret key is available and
4006 that it has been stored on a card. */
4007 tty_fprintf (fp, "%*s%s", opt.legacy_list_mode? 21:5, "",
4009 if (strlen (serialno) == 32
4010 && !strncmp (serialno, "D27600012401", 12))
4012 /* This is an OpenPGP card. Print the relevant part. */
4013 /* Example: D2760001240101010001000003470000 */
4015 tty_fprintf (fp, "%.*s %.*s\n",
4016 4, serialno+16, 8, serialno+20);
4019 tty_fprintf (fp, "%s\n", serialno);
4022 else if (pk->seckey_info
4023 && pk->seckey_info->is_protected
4024 && pk->seckey_info->s2k.mode == 1002)
4026 /* FIXME: Check wether this code path is still used. */
4027 tty_fprintf (fp, "%*s%s", opt.legacy_list_mode? 21:5, "",
4029 if (pk->seckey_info->ivlen == 16
4030 && !memcmp (pk->seckey_info->iv,
4031 "\xD2\x76\x00\x01\x24\x01", 6))
4033 /* This is an OpenPGP card. */
4034 for (i = 8; i < 14; i++)
4037 tty_fprintf (fp, " ");
4038 tty_fprintf (fp, "%02X", pk->seckey_info->iv[i]);
4043 /* Unknown card: Print all. */
4044 for (i = 0; i < pk->seckey_info->ivlen; i++)
4045 tty_fprintf (fp, "%02X", pk->seckey_info->iv[i]);
4047 tty_fprintf (fp, "\n");
4050 if (node->pkt->pkttype == PKT_PUBLIC_KEY
4051 || node->pkt->pkttype == PKT_SECRET_KEY)
4053 if (opt.trust_model != TM_ALWAYS)
4055 tty_fprintf (fp, "%*s",
4056 opt.legacy_list_mode?
4057 ((int) keystrlen () + 13):5, "");
4058 /* Ownertrust is only meaningful for the PGP or
4059 classic trust models, or PGP combined with TOFU */
4060 if (opt.trust_model == TM_PGP
4061 || opt.trust_model == TM_CLASSIC
4062 || opt.trust_model == TM_TOFU_PGP)
4064 int width = 14 - strlen (otrust);
4067 tty_fprintf (fp, _("trust: %s"), otrust);
4068 tty_fprintf (fp, "%*s", width, "");
4071 tty_fprintf (fp, _("validity: %s"), trust);
4072 tty_fprintf (fp, "\n");
4074 if (node->pkt->pkttype == PKT_PUBLIC_KEY
4075 && (get_ownertrust (pk) & TRUST_FLAG_DISABLED))
4077 tty_fprintf (fp, "*** ");
4078 tty_fprintf (fp, _("This key has been disabled"));
4079 tty_fprintf (fp, "\n");
4083 if ((node->pkt->pkttype == PKT_PUBLIC_KEY
4084 || node->pkt->pkttype == PKT_SECRET_KEY) && with_fpr)
4086 print_fingerprint (fp, pk, 2);
4087 tty_fprintf (fp, "\n");
4092 show_names (ctrl, fp,
4093 keyblock, primary, only_marked ? NODFLG_MARK_A : 0, with_prefs);
4095 if (do_warn && !nowarn)
4096 tty_fprintf (fp, _("Please note that the shown key validity"
4097 " is not necessarily correct\n"
4098 "unless you restart the program.\n"));
4104 /* Display basic key information. This function is suitable to show
4105 information on the key without any dependencies on the trustdb or
4106 any other internal GnuPG stuff. KEYBLOCK may either be a public or
4107 a secret key. This function may be called with KEYBLOCK containing
4108 secret keys and thus the printing of "pub" vs. "sec" does only
4109 depend on the packet type and not by checking with gpg-agent. */
4111 show_basic_key_info (KBNODE keyblock)
4115 char pkstrbuf[PUBKEY_STRING_SIZE];
4117 /* The primary key */
4118 for (node = keyblock; node; node = node->next)
4120 if (node->pkt->pkttype == PKT_PUBLIC_KEY
4121 || node->pkt->pkttype == PKT_SECRET_KEY)
4123 PKT_public_key *pk = node->pkt->pkt.public_key;
4125 /* Note, we use the same format string as in other show
4126 functions to make the translation job easier. */
4127 tty_printf ("%s %s/%s ",
4128 node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub" :
4129 node->pkt->pkttype == PKT_PUBLIC_SUBKEY ? "sub" :
4130 node->pkt->pkttype == PKT_SECRET_KEY ? "sec" :"ssb",
4131 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
4132 keystr_from_pk (pk));
4133 tty_printf (_("created: %s"), datestr_from_pk (pk));
4135 tty_printf (_("expires: %s"), expirestr_from_pk (pk));
4137 print_fingerprint (NULL, pk, 3);
4143 for (i = 0, node = keyblock; node; node = node->next)
4145 if (node->pkt->pkttype == PKT_USER_ID)
4147 PKT_user_id *uid = node->pkt->pkt.user_id;
4151 if (uid->is_revoked)
4152 tty_printf ("[%s] ", _("revoked"));
4153 else if (uid->is_expired)
4154 tty_printf ("[%s] ", _("expired"));
4155 tty_print_utf8_string (uid->name, uid->len);
4163 show_key_and_fingerprint (kbnode_t keyblock, int with_subkeys)
4166 PKT_public_key *pk = NULL;
4167 char pkstrbuf[PUBKEY_STRING_SIZE];
4169 for (node = keyblock; node; node = node->next)
4171 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
4173 pk = node->pkt->pkt.public_key;
4174 tty_printf ("pub %s/%s %s ",
4175 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
4177 datestr_from_pk (pk));
4179 else if (node->pkt->pkttype == PKT_USER_ID)
4181 PKT_user_id *uid = node->pkt->pkt.user_id;
4182 tty_print_utf8_string (uid->name, uid->len);
4188 print_fingerprint (NULL, pk, 2);
4191 for (node = keyblock; node; node = node->next)
4193 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4195 pk = node->pkt->pkt.public_key;
4196 tty_printf ("sub %s/%s %s [%s]\n",
4197 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
4199 datestr_from_pk (pk),
4200 usagestr_from_pk (pk, 0));
4202 print_fingerprint (NULL, pk, 4);
4209 /* Show a listing of the primary and its subkeys along with their
4212 show_key_and_grip (kbnode_t keyblock)
4215 PKT_public_key *pk = NULL;
4216 char pkstrbuf[PUBKEY_STRING_SIZE];
4219 for (node = keyblock; node; node = node->next)
4221 if (node->pkt->pkttype == PKT_PUBLIC_KEY
4222 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4224 pk = node->pkt->pkt.public_key;
4225 tty_printf ("%s %s/%s %s [%s]\n",
4226 node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
4227 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
4229 datestr_from_pk (pk),
4230 usagestr_from_pk (pk, 0));
4232 if (!hexkeygrip_from_pk (pk, &hexgrip))
4234 tty_printf (" Keygrip: %s\n", hexgrip);
4242 /* Show a warning if no uids on the key have the primary uid flag
4245 no_primary_warning (KBNODE keyblock)
4248 int have_primary = 0, uid_count = 0;
4250 /* TODO: if we ever start behaving differently with a primary or
4251 non-primary attribute ID, we will need to check for attributes
4254 for (node = keyblock; node; node = node->next)
4256 if (node->pkt->pkttype == PKT_USER_ID
4257 && node->pkt->pkt.user_id->attrib_data == NULL)
4261 if (node->pkt->pkt.user_id->is_primary == 2)
4269 if (uid_count > 1 && !have_primary)
4271 ("WARNING: no user ID has been marked as primary. This command"
4272 " may\n cause a different user ID to become"
4273 " the assumed primary.\n"));
4277 /* Print a warning if the latest encryption subkey expires soon. This
4278 function is called after the expire data of the primary key has
4281 subkey_expire_warning (kbnode_t keyblock)
4283 u32 curtime = make_timestamp ();
4286 /* u32 mainexpire = 0; */
4288 u32 latest_date = 0;
4290 for (node = keyblock; node; node = node->next)
4292 /* if (node->pkt->pkttype == PKT_PUBLIC_KEY) */
4294 /* pk = node->pkt->pkt.public_key; */
4295 /* mainexpire = pk->expiredate; */
4298 if (node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
4300 pk = node->pkt->pkt.public_key;
4302 if (!pk->flags.valid)
4304 if (pk->flags.revoked)
4306 if (pk->timestamp > curtime)
4307 continue; /* Ignore future keys. */
4308 if (!(pk->pubkey_usage & PUBKEY_USAGE_ENC))
4309 continue; /* Not an encryption key. */
4311 if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date))
4313 latest_date = pk->timestamp;
4314 subexpire = pk->expiredate;
4319 return; /* No valid subkey with an expiration time. */
4321 if (curtime + (10*86400) > subexpire)
4323 log_info (_("WARNING: Your encryption subkey expires soon.\n"));
4324 log_info (_("You may want to change its expiration date too.\n"));
4330 * Ask for a new user id, add the self-signature, and update the
4331 * keyblock. If UIDSTRING is not NULL the user ID is generated
4332 * unattended using that string. UIDSTRING is expected to be utf-8
4333 * encoded and white space trimmed. Returns true if there is a new
4337 menu_adduid (ctrl_t ctrl, kbnode_t pub_keyblock,
4338 int photo, const char *photo_name, const char *uidstring)
4341 PKT_public_key *pk = NULL;
4342 PKT_signature *sig = NULL;
4345 KBNODE pub_where = NULL;
4348 if (photo && uidstring)
4349 return 0; /* Not allowed. */
4351 for (node = pub_keyblock; node; pub_where = node, node = node->next)
4353 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
4354 pk = node->pkt->pkt.public_key;
4355 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4358 if (!node) /* No subkey. */
4366 for (node = pub_keyblock; node; node = node->next)
4367 if (node->pkt->pkttype == PKT_USER_ID &&
4368 node->pkt->pkt.user_id->attrib_data != NULL)
4374 /* It is legal but bad for compatibility to add a photo ID to a
4375 v3 key as it means that PGP2 will not be able to use that key
4376 anymore. Also, PGP may not expect a photo on a v3 key.
4377 Don't bother to ask this if the key already has a photo - any
4378 damage has already been done at that point. -dms */
4379 if (pk->version == 3 && !hasattrib)
4383 tty_printf (_("WARNING: This is a PGP2-style key. "
4384 "Adding a photo ID may cause some versions\n"
4385 " of PGP to reject this key.\n"));
4387 if (!cpr_get_answer_is_yes ("keyedit.v3_photo.okay",
4388 _("Are you sure you still want "
4389 "to add it? (y/N) ")))
4394 tty_printf (_("You may not add a photo ID to "
4395 "a PGP2-style key.\n"));
4400 uid = generate_photo_id (ctrl, pk, photo_name);
4403 uid = generate_user_id (pub_keyblock, uidstring);
4408 write_status_error ("adduid", gpg_error (304));
4409 log_error ("%s", _("Such a user ID already exists on this key!\n"));
4414 err = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x13, 0, 0, 0,
4415 keygen_add_std_prefs, pk, NULL);
4418 write_status_error ("keysig", err);
4419 log_error ("signing failed: %s\n", gpg_strerror (err));
4424 /* Insert/append to public keyblock */
4425 pkt = xmalloc_clear (sizeof *pkt);
4426 pkt->pkttype = PKT_USER_ID;
4427 pkt->pkt.user_id = uid;
4428 node = new_kbnode (pkt);
4430 insert_kbnode (pub_where, node, 0);
4432 add_kbnode (pub_keyblock, node);
4433 pkt = xmalloc_clear (sizeof *pkt);
4434 pkt->pkttype = PKT_SIGNATURE;
4435 pkt->pkt.signature = sig;
4437 insert_kbnode (node, new_kbnode (pkt), 0);
4439 add_kbnode (pub_keyblock, new_kbnode (pkt));
4445 * Remove all selected userids from the keyring
4448 menu_deluid (KBNODE pub_keyblock)
4453 for (node = pub_keyblock; node; node = node->next)
4455 if (node->pkt->pkttype == PKT_USER_ID)
4457 selected = node->flag & NODFLG_SELUID;
4460 /* Only cause a trust update if we delete a
4461 non-revoked user id */
4462 if (!node->pkt->pkt.user_id->is_revoked)
4464 delete_kbnode (node);
4467 else if (selected && node->pkt->pkttype == PKT_SIGNATURE)
4468 delete_kbnode (node);
4469 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4472 commit_kbnode (&pub_keyblock);
4477 menu_delsig (KBNODE pub_keyblock)
4480 PKT_user_id *uid = NULL;
4483 for (node = pub_keyblock; node; node = node->next)
4485 if (node->pkt->pkttype == PKT_USER_ID)
4487 uid = (node->flag & NODFLG_SELUID) ? node->pkt->pkt.user_id : NULL;
4489 else if (uid && node->pkt->pkttype == PKT_SIGNATURE)
4491 int okay, valid, selfsig, inv_sig, no_key, other_err;
4493 tty_printf ("uid ");
4494 tty_print_utf8_string (uid->name, uid->len);
4497 okay = inv_sig = no_key = other_err = 0;
4498 if (opt.with_colons)
4499 valid = print_and_check_one_sig_colon (pub_keyblock, node,
4501 &other_err, &selfsig, 1);
4503 valid = print_and_check_one_sig (pub_keyblock, node,
4504 &inv_sig, &no_key, &other_err,
4509 okay = cpr_get_answer_yes_no_quit
4510 ("keyedit.delsig.valid",
4511 _("Delete this good signature? (y/N/q)"));
4513 /* Only update trust if we delete a good signature.
4514 The other two cases do not affect trust. */
4518 else if (inv_sig || other_err)
4519 okay = cpr_get_answer_yes_no_quit
4520 ("keyedit.delsig.invalid",
4521 _("Delete this invalid signature? (y/N/q)"));
4523 okay = cpr_get_answer_yes_no_quit
4524 ("keyedit.delsig.unknown",
4525 _("Delete this unknown signature? (y/N/q)"));
4530 && !cpr_get_answer_is_yes
4531 ("keyedit.delsig.selfsig",
4532 _("Really delete this self-signature? (y/N)")))
4536 delete_kbnode (node);
4541 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4547 commit_kbnode (&pub_keyblock);
4548 tty_printf (ngettext("Deleted %d signature.\n",
4549 "Deleted %d signatures.\n", changed), changed);
4552 tty_printf (_("Nothing deleted.\n"));
4559 menu_clean (KBNODE keyblock, int self_only)
4562 int modified = 0, select_all = !count_selected_uids (keyblock);
4564 for (uidnode = keyblock->next;
4565 uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
4566 uidnode = uidnode->next)
4568 if (uidnode->pkt->pkttype == PKT_USER_ID
4569 && (uidnode->flag & NODFLG_SELUID || select_all))
4571 int uids = 0, sigs = 0;
4572 char *user = utf8_to_native (uidnode->pkt->pkt.user_id->name,
4573 uidnode->pkt->pkt.user_id->len,
4576 clean_one_uid (keyblock, uidnode, opt.verbose, self_only, &uids,
4582 if (uidnode->pkt->pkt.user_id->is_revoked)
4583 reason = _("revoked");
4584 else if (uidnode->pkt->pkt.user_id->is_expired)
4585 reason = _("expired");
4587 reason = _("invalid");
4589 tty_printf (_("User ID \"%s\" compacted: %s\n"), user, reason);
4595 tty_printf (ngettext("User ID \"%s\": %d signature removed\n",
4596 "User ID \"%s\": %d signatures removed\n",
4602 tty_printf (self_only == 1 ?
4603 _("User ID \"%s\": already minimized\n") :
4604 _("User ID \"%s\": already clean\n"), user);
4616 * Remove some of the secondary keys
4619 menu_delkey (KBNODE pub_keyblock)
4624 for (node = pub_keyblock; node; node = node->next)
4626 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4628 selected = node->flag & NODFLG_SELKEY;
4630 delete_kbnode (node);
4632 else if (selected && node->pkt->pkttype == PKT_SIGNATURE)
4633 delete_kbnode (node);
4637 commit_kbnode (&pub_keyblock);
4639 /* No need to set update_trust here since signing keys are no
4640 longer used to certify other keys, so there is no change in
4641 trust when revoking/removing them. */
4646 * Ask for a new revoker, create the self-signature and put it into
4647 * the keyblock. Returns true if there is a new revoker.
4650 menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
4652 PKT_public_key *pk = NULL;
4653 PKT_public_key *revoker_pk = NULL;
4654 PKT_signature *sig = NULL;
4656 struct revocation_key revkey;
4660 log_assert (pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
4662 pk = pub_keyblock->pkt->pkt.public_key;
4664 if (pk->numrevkeys == 0 && pk->version == 3)
4666 /* It is legal but bad for compatibility to add a revoker to a
4667 v3 key as it means that PGP2 will not be able to use that key
4668 anymore. Also, PGP may not expect a revoker on a v3 key.
4669 Don't bother to ask this if the key already has a revoker -
4670 any damage has already been done at that point. -dms */
4673 tty_printf (_("WARNING: This is a PGP 2.x-style key. "
4674 "Adding a designated revoker may cause\n"
4675 " some versions of PGP to reject this key.\n"));
4677 if (!cpr_get_answer_is_yes ("keyedit.v3_revoker.okay",
4678 _("Are you sure you still want "
4679 "to add it? (y/N) ")))
4684 tty_printf (_("You may not add a designated revoker to "
4685 "a PGP 2.x-style key.\n"));
4694 free_public_key (revoker_pk);
4695 revoker_pk = xmalloc_clear (sizeof (*revoker_pk));
4699 answer = cpr_get_utf8
4700 ("keyedit.add_revoker",
4701 _("Enter the user ID of the designated revoker: "));
4702 if (answer[0] == '\0' || answer[0] == CONTROL_D)
4708 /* Note that I'm requesting CERT here, which usually implies
4709 primary keys only, but some casual testing shows that PGP and
4710 GnuPG both can handle a designated revocation from a subkey. */
4711 revoker_pk->req_usage = PUBKEY_USAGE_CERT;
4712 rc = get_pubkey_byname (ctrl, NULL, revoker_pk, answer, NULL, NULL, 1, 1);
4715 log_error (_("key \"%s\" not found: %s\n"), answer,
4723 fingerprint_from_pk (revoker_pk, revkey.fpr, &fprlen);
4726 log_error (_("cannot appoint a PGP 2.x style key as a "
4727 "designated revoker\n"));
4731 revkey.class = 0x80;
4733 revkey.class |= 0x40;
4734 revkey.algid = revoker_pk->pubkey_algo;
4736 if (cmp_public_keys (revoker_pk, pk) == 0)
4738 /* This actually causes no harm (after all, a key that
4739 designates itself as a revoker is the same as a
4740 regular key), but it's easy enough to check. */
4741 log_error (_("you cannot appoint a key as its own "
4742 "designated revoker\n"));
4747 keyid_from_pk (pk, NULL);
4749 /* Does this revkey already exist? */
4750 if (!pk->revkey && pk->numrevkeys)
4756 for (i = 0; i < pk->numrevkeys; i++)
4758 if (memcmp (&pk->revkey[i], &revkey,
4759 sizeof (struct revocation_key)) == 0)
4763 log_error (_("this key has already been designated "
4766 format_keyid (pk_keyid (pk), KF_LONG, buf, sizeof (buf));
4767 write_status_text (STATUS_ALREADY_SIGNED, buf);
4773 if (i < pk->numrevkeys)
4777 print_pubkey_info (NULL, revoker_pk);
4778 print_fingerprint (NULL, revoker_pk, 2);
4781 tty_printf (_("WARNING: appointing a key as a designated revoker "
4782 "cannot be undone!\n"));
4786 if (!cpr_get_answer_is_yes ("keyedit.add_revoker.okay",
4787 _("Are you sure you want to appoint this "
4788 "key as a designated revoker? (y/N) ")))
4791 free_public_key (revoker_pk);
4796 rc = make_keysig_packet (&sig, pk, NULL, NULL, pk, 0x1F, 0, 0, 0,
4797 keygen_add_revkey, &revkey, NULL);
4800 write_status_error ("keysig", rc);
4801 log_error ("signing failed: %s\n", gpg_strerror (rc));
4805 /* Insert into public keyblock. */
4806 pkt = xmalloc_clear (sizeof *pkt);
4807 pkt->pkttype = PKT_SIGNATURE;
4808 pkt->pkt.signature = sig;
4809 insert_kbnode (pub_keyblock, new_kbnode (pkt), PKT_SIGNATURE);
4815 free_seckey_enc (sig);
4816 free_public_key (revoker_pk);
4822 /* With FORCE_MAINKEY cleared this function handles the interactive
4823 * menu option "expire". With FORCE_MAINKEY set this functions only
4824 * sets the expiration date of the primary key to NEWEXPIRATION and
4825 * avoid all interactivity. Retirns 0 if nothing was done,
4826 * GPG_ERR_TRUE if the key was modified, or any other error code. */
4828 menu_expire (kbnode_t pub_keyblock, int force_mainkey, u32 newexpiration)
4833 PKT_public_key *main_pk, *sub_pk;
4841 expiredate = newexpiration;
4845 int n1 = count_selected_keys (pub_keyblock);
4848 if (!cpr_get_answer_is_yes
4849 ("keyedit.expire_multiple_subkeys.okay",
4850 _("Are you sure you want to change the"
4851 " expiration time for multiple subkeys? (y/N) ")))
4852 return gpg_error (GPG_ERR_CANCELED);;
4855 tty_printf (_("Changing expiration time for a subkey.\n"));
4858 tty_printf (_("Changing expiration time for the primary key.\n"));
4860 no_primary_warning (pub_keyblock);
4863 expiredate = ask_expiredate ();
4867 /* Now we can actually change the self-signature(s) */
4868 main_pk = sub_pk = NULL;
4871 for (node = pub_keyblock; node; node = node->next)
4873 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
4875 main_pk = node->pkt->pkt.public_key;
4876 keyid_from_pk (main_pk, keyid);
4877 main_pk->expiredate = expiredate;
4879 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4881 if ((node->flag & NODFLG_SELKEY) && !force_mainkey)
4883 sub_pk = node->pkt->pkt.public_key;
4884 sub_pk->expiredate = expiredate;
4889 else if (node->pkt->pkttype == PKT_USER_ID)
4890 uid = node->pkt->pkt.user_id;
4891 else if (main_pk && node->pkt->pkttype == PKT_SIGNATURE
4892 && (mainkey || sub_pk))
4894 PKT_signature *sig = node->pkt->pkt.signature;
4896 if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
4898 && uid->created && (sig->sig_class & ~3) == 0x10)
4899 || (!mainkey && sig->sig_class == 0x18))
4900 && sig->flags.chosen_selfsig)
4902 /* This is a self-signature which is to be replaced. */
4903 PKT_signature *newsig;
4908 if ((mainkey && main_pk->version < 4)
4909 || (!mainkey && sub_pk->version < 4))
4912 (_("You can't change the expiration date of a v3 key\n"));
4913 return gpg_error (GPG_ERR_LEGACY_KEY);
4917 rc = update_keysig_packet (&newsig, sig, main_pk, uid, NULL,
4918 main_pk, keygen_add_key_expire,
4922 update_keysig_packet (&newsig, sig, main_pk, NULL, sub_pk,
4923 main_pk, keygen_add_key_expire, sub_pk);
4926 log_error ("make_keysig_packet failed: %s\n",
4928 if (gpg_err_code (rc) == GPG_ERR_TRUE)
4929 rc = GPG_ERR_GENERAL;
4933 /* Replace the packet. */
4934 newpkt = xmalloc_clear (sizeof *newpkt);
4935 newpkt->pkttype = PKT_SIGNATURE;
4936 newpkt->pkt.signature = newsig;
4937 free_packet (node->pkt);
4946 return gpg_error (GPG_ERR_TRUE);
4950 /* Change the capability of a selected key. This command should only
4951 * be used to rectify badly created keys and as such is not suggested
4952 * for general use. */
4954 menu_changeusage (kbnode_t keyblock)
4958 PKT_public_key *main_pk, *sub_pk;
4963 n1 = count_selected_keys (keyblock);
4966 tty_printf (_("You must select exactly one key.\n"));
4970 tty_printf ("Changing usage of a subkey.\n");
4973 tty_printf ("Changing usage of the primary key.\n");
4977 /* Now we can actually change the self-signature(s) */
4978 main_pk = sub_pk = NULL;
4980 for (node = keyblock; node; node = node->next)
4982 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
4984 main_pk = node->pkt->pkt.public_key;
4985 keyid_from_pk (main_pk, keyid);
4987 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4989 if (node->flag & NODFLG_SELKEY)
4990 sub_pk = node->pkt->pkt.public_key;
4994 else if (node->pkt->pkttype == PKT_USER_ID)
4995 uid = node->pkt->pkt.user_id;
4996 else if (main_pk && node->pkt->pkttype == PKT_SIGNATURE
4997 && (mainkey || sub_pk))
4999 PKT_signature *sig = node->pkt->pkt.signature;
5000 if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
5002 && uid->created && (sig->sig_class & ~3) == 0x10)
5003 || (!mainkey && sig->sig_class == 0x18))
5004 && sig->flags.chosen_selfsig)
5006 /* This is the self-signature which is to be replaced. */
5007 PKT_signature *newsig;
5010 if ((mainkey && main_pk->version < 4)
5011 || (!mainkey && sub_pk->version < 4))
5013 log_info ("You can't change the capabilities of a v3 key\n");
5018 main_pk->pubkey_usage = ask_key_flags (main_pk->pubkey_algo, 0,
5019 main_pk->pubkey_usage);
5021 sub_pk->pubkey_usage = ask_key_flags (sub_pk->pubkey_algo, 1,
5022 sub_pk->pubkey_usage);
5025 rc = update_keysig_packet (&newsig, sig, main_pk, uid, NULL,
5026 main_pk, keygen_add_key_flags,
5030 update_keysig_packet (&newsig, sig, main_pk, NULL, sub_pk,
5031 main_pk, keygen_add_key_flags, sub_pk);
5034 log_error ("make_keysig_packet failed: %s\n",
5039 /* Replace the packet. */
5040 newpkt = xmalloc_clear (sizeof *newpkt);
5041 newpkt->pkttype = PKT_SIGNATURE;
5042 newpkt->pkt.signature = newsig;
5043 free_packet (node->pkt);
5057 menu_backsign (KBNODE pub_keyblock)
5059 int rc, modified = 0;
5060 PKT_public_key *main_pk;
5064 log_assert (pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
5066 merge_keys_and_selfsig (pub_keyblock);
5067 main_pk = pub_keyblock->pkt->pkt.public_key;
5068 keyid_from_pk (main_pk, NULL);
5070 /* We use the same timestamp for all backsigs so that we don't
5071 reveal information about the used machine. */
5072 timestamp = make_timestamp ();
5074 for (node = pub_keyblock; node; node = node->next)
5076 PKT_public_key *sub_pk = NULL;
5077 KBNODE node2, sig_pk = NULL /*,sig_sk = NULL*/;
5078 /* char *passphrase; */
5080 /* Find a signing subkey with no backsig */
5081 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
5083 if (node->pkt->pkt.public_key->pubkey_usage & PUBKEY_USAGE_SIG)
5085 if (node->pkt->pkt.public_key->flags.backsig)
5087 ("signing subkey %s is already cross-certified\n"),
5088 keystr_from_pk (node->pkt->pkt.public_key));
5090 sub_pk = node->pkt->pkt.public_key;
5093 tty_printf (_("subkey %s does not sign and so does"
5094 " not need to be cross-certified\n"),
5095 keystr_from_pk (node->pkt->pkt.public_key));
5101 /* Find the selected selfsig on this subkey */
5102 for (node2 = node->next;
5103 node2 && node2->pkt->pkttype == PKT_SIGNATURE; node2 = node2->next)
5104 if (node2->pkt->pkt.signature->version >= 4
5105 && node2->pkt->pkt.signature->flags.chosen_selfsig)
5114 /* Find the secret subkey that matches the public subkey */
5115 log_debug ("FIXME: Check whether a secret subkey is available.\n");
5118 /* tty_printf (_("no secret subkey for public subkey %s - ignoring\n"), */
5119 /* keystr_from_pk (sub_pk)); */
5124 /* Now we can get to work. */
5126 rc = make_backsig (sig_pk->pkt->pkt.signature, main_pk, sub_pk, sub_pk,
5130 PKT_signature *newsig;
5133 rc = update_keysig_packet (&newsig, sig_pk->pkt->pkt.signature,
5134 main_pk, NULL, sub_pk, main_pk,
5138 /* Put the new sig into place on the pubkey */
5139 newpkt = xmalloc_clear (sizeof (*newpkt));
5140 newpkt->pkttype = PKT_SIGNATURE;
5141 newpkt->pkt.signature = newsig;
5142 free_packet (sig_pk->pkt);
5143 xfree (sig_pk->pkt);
5144 sig_pk->pkt = newpkt;
5150 log_error ("update_keysig_packet failed: %s\n",
5157 log_error ("make_backsig failed: %s\n", gpg_strerror (rc));
5167 change_primary_uid_cb (PKT_signature * sig, void *opaque)
5171 /* first clear all primary uid flags so that we are sure none are
5172 * lingering around */
5173 delete_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID);
5174 delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PRIMARY_UID);
5176 /* if opaque is set,we want to set the primary id */
5180 build_sig_subpkt (sig, SIGSUBPKT_PRIMARY_UID, buf, 1);
5188 * Set the primary uid flag for the selected UID. We will also reset
5189 * all other primary uid flags. For this to work with have to update
5190 * all the signature timestamps. If we would do this with the current
5191 * time, we lose quite a lot of information, so we use a a kludge to
5192 * do this: Just increment the timestamp by one second which is
5193 * sufficient to updated a signature during import.
5196 menu_set_primary_uid (KBNODE pub_keyblock)
5198 PKT_public_key *main_pk;
5206 if (count_selected_uids (pub_keyblock) != 1)
5208 tty_printf (_("Please select exactly one user ID.\n"));
5216 /* Is our selected uid an attribute packet? */
5217 for (node = pub_keyblock; node; node = node->next)
5218 if (node->pkt->pkttype == PKT_USER_ID && node->flag & NODFLG_SELUID)
5219 attribute = (node->pkt->pkt.user_id->attrib_data != NULL);
5221 for (node = pub_keyblock; node; node = node->next)
5223 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
5224 break; /* No more user ids expected - ready. */
5226 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
5228 main_pk = node->pkt->pkt.public_key;
5229 keyid_from_pk (main_pk, keyid);
5231 else if (node->pkt->pkttype == PKT_USER_ID)
5233 uid = node->pkt->pkt.user_id;
5234 selected = node->flag & NODFLG_SELUID;
5236 else if (main_pk && uid && node->pkt->pkttype == PKT_SIGNATURE)
5238 PKT_signature *sig = node->pkt->pkt.signature;
5239 if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
5240 && (uid && (sig->sig_class & ~3) == 0x10)
5241 && attribute == (uid->attrib_data != NULL)
5242 && sig->flags.chosen_selfsig)
5244 if (sig->version < 4)
5247 utf8_to_native (uid->name, strlen (uid->name), 0);
5249 log_info (_("skipping v3 self-signature on user ID \"%s\"\n"),
5255 /* This is a selfsignature which is to be replaced.
5256 We can just ignore v3 signatures because they are
5257 not able to carry the primary ID flag. We also
5258 ignore self-sigs on user IDs that are not of the
5259 same type that we are making primary. That is, if
5260 we are making a user ID primary, we alter user IDs.
5261 If we are making an attribute packet primary, we
5262 alter attribute packets. */
5264 /* FIXME: We must make sure that we only have one
5265 self-signature per user ID here (not counting
5267 PKT_signature *newsig;
5272 /* See whether this signature has the primary UID flag. */
5273 p = parse_sig_subpkt (sig->hashed,
5274 SIGSUBPKT_PRIMARY_UID, NULL);
5276 p = parse_sig_subpkt (sig->unhashed,
5277 SIGSUBPKT_PRIMARY_UID, NULL);
5278 if (p && *p) /* yes */
5279 action = selected ? 0 : -1;
5281 action = selected ? 1 : 0;
5285 int rc = update_keysig_packet (&newsig, sig,
5288 change_primary_uid_cb,
5289 action > 0 ? "x" : NULL);
5292 log_error ("update_keysig_packet failed: %s\n",
5296 /* replace the packet */
5297 newpkt = xmalloc_clear (sizeof *newpkt);
5298 newpkt->pkttype = PKT_SIGNATURE;
5299 newpkt->pkt.signature = newsig;
5300 free_packet (node->pkt);
5315 * Set preferences to new values for the selected user IDs
5318 menu_set_preferences (KBNODE pub_keyblock)
5320 PKT_public_key *main_pk;
5324 int selected, select_all;
5327 no_primary_warning (pub_keyblock);
5329 select_all = !count_selected_uids (pub_keyblock);
5331 /* Now we can actually change the self signature(s) */
5335 for (node = pub_keyblock; node; node = node->next)
5337 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
5338 break; /* No more user-ids expected - ready. */
5340 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
5342 main_pk = node->pkt->pkt.public_key;
5343 keyid_from_pk (main_pk, keyid);
5345 else if (node->pkt->pkttype == PKT_USER_ID)
5347 uid = node->pkt->pkt.user_id;
5348 selected = select_all || (node->flag & NODFLG_SELUID);
5350 else if (main_pk && uid && selected
5351 && node->pkt->pkttype == PKT_SIGNATURE)
5353 PKT_signature *sig = node->pkt->pkt.signature;
5354 if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
5355 && (uid && (sig->sig_class & ~3) == 0x10)
5356 && sig->flags.chosen_selfsig)
5358 if (sig->version < 4)
5361 utf8_to_native (uid->name, strlen (uid->name), 0);
5363 log_info (_("skipping v3 self-signature on user ID \"%s\"\n"),
5369 /* This is a selfsignature which is to be replaced
5370 * We have to ignore v3 signatures because they are
5371 * not able to carry the preferences. */
5372 PKT_signature *newsig;
5376 rc = update_keysig_packet (&newsig, sig,
5377 main_pk, uid, NULL, main_pk,
5378 keygen_upd_std_prefs, NULL);
5381 log_error ("update_keysig_packet failed: %s\n",
5385 /* replace the packet */
5386 newpkt = xmalloc_clear (sizeof *newpkt);
5387 newpkt->pkttype = PKT_SIGNATURE;
5388 newpkt->pkt.signature = newsig;
5389 free_packet (node->pkt);
5403 menu_set_keyserver_url (const char *url, KBNODE pub_keyblock)
5405 PKT_public_key *main_pk;
5409 int selected, select_all;
5413 no_primary_warning (pub_keyblock);
5416 answer = xstrdup (url);
5419 answer = cpr_get_utf8 ("keyedit.add_keyserver",
5420 _("Enter your preferred keyserver URL: "));
5421 if (answer[0] == '\0' || answer[0] == CONTROL_D)
5428 if (ascii_strcasecmp (answer, "none") == 0)
5432 struct keyserver_spec *keyserver = NULL;
5433 /* Sanity check the format */
5434 keyserver = parse_keyserver_uri (answer, 1);
5438 log_info (_("could not parse keyserver URL\n"));
5441 uri = xstrdup (keyserver->uri);
5442 free_keyserver_spec (keyserver);
5445 select_all = !count_selected_uids (pub_keyblock);
5447 /* Now we can actually change the self signature(s) */
5451 for (node = pub_keyblock; node; node = node->next)
5453 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
5456 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
5458 main_pk = node->pkt->pkt.public_key;
5459 keyid_from_pk (main_pk, keyid);
5461 else if (node->pkt->pkttype == PKT_USER_ID)
5463 uid = node->pkt->pkt.user_id;
5464 selected = select_all || (node->flag & NODFLG_SELUID);
5466 else if (main_pk && uid && selected
5467 && node->pkt->pkttype == PKT_SIGNATURE)
5469 PKT_signature *sig = node->pkt->pkt.signature;
5470 if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
5471 && (uid && (sig->sig_class & ~3) == 0x10)
5472 && sig->flags.chosen_selfsig)
5474 char *user = utf8_to_native (uid->name, strlen (uid->name), 0);
5475 if (sig->version < 4)
5476 log_info (_("skipping v3 self-signature on user ID \"%s\"\n"),
5480 /* This is a selfsignature which is to be replaced
5481 * We have to ignore v3 signatures because they are
5482 * not able to carry the subpacket. */
5483 PKT_signature *newsig;
5489 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &plen);
5492 tty_printf ("Current preferred keyserver for user"
5493 " ID \"%s\": ", user);
5494 tty_print_utf8_string (p, plen);
5496 if (!cpr_get_answer_is_yes
5497 ("keyedit.confirm_keyserver",
5499 ? _("Are you sure you want to replace it? (y/N) ")
5500 : _("Are you sure you want to delete it? (y/N) ")))
5503 else if (uri == NULL)
5505 /* There is no current keyserver URL, so there
5506 is no point in trying to un-set it. */
5510 rc = update_keysig_packet (&newsig, sig,
5513 keygen_add_keyserver_url, uri);
5516 log_error ("update_keysig_packet failed: %s\n",
5521 /* replace the packet */
5522 newpkt = xmalloc_clear (sizeof *newpkt);
5523 newpkt->pkttype = PKT_SIGNATURE;
5524 newpkt->pkt.signature = newsig;
5525 free_packet (node->pkt);
5541 menu_set_notation (const char *string, KBNODE pub_keyblock)
5543 PKT_public_key *main_pk;
5547 int selected, select_all;
5550 struct notation *notation;
5552 no_primary_warning (pub_keyblock);
5555 answer = xstrdup (string);
5558 answer = cpr_get_utf8 ("keyedit.add_notation",
5559 _("Enter the notation: "));
5560 if (answer[0] == '\0' || answer[0] == CONTROL_D)
5567 if (!ascii_strcasecmp (answer, "none")
5568 || !ascii_strcasecmp (answer, "-"))
5569 notation = NULL; /* Delete them all. */
5572 notation = string_to_notation (answer, 0);
5582 select_all = !count_selected_uids (pub_keyblock);
5584 /* Now we can actually change the self signature(s) */
5588 for (node = pub_keyblock; node; node = node->next)
5590 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
5593 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
5595 main_pk = node->pkt->pkt.public_key;
5596 keyid_from_pk (main_pk, keyid);
5598 else if (node->pkt->pkttype == PKT_USER_ID)
5600 uid = node->pkt->pkt.user_id;
5601 selected = select_all || (node->flag & NODFLG_SELUID);
5603 else if (main_pk && uid && selected
5604 && node->pkt->pkttype == PKT_SIGNATURE)
5606 PKT_signature *sig = node->pkt->pkt.signature;
5607 if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
5608 && (uid && (sig->sig_class & ~3) == 0x10)
5609 && sig->flags.chosen_selfsig)
5611 char *user = utf8_to_native (uid->name, strlen (uid->name), 0);
5612 if (sig->version < 4)
5613 log_info (_("skipping v3 self-signature on user ID \"%s\"\n"),
5617 PKT_signature *newsig;
5619 int rc, skip = 0, addonly = 1;
5621 if (sig->flags.notation)
5623 tty_printf ("Current notations for user ID \"%s\":\n",
5625 tty_print_notations (-9, sig);
5629 tty_printf ("No notations on user ID \"%s\"\n", user);
5630 if (notation == NULL)
5632 /* There are no current notations, so there
5633 is no point in trying to un-set them. */
5643 notation->next = sig_to_notation (sig);
5645 for (n = notation->next; n; n = n->next)
5646 if (strcmp (n->name, notation->name) == 0)
5648 if (notation->value)
5650 if (strcmp (n->value, notation->value) == 0)
5652 if (notation->flags.ignore)
5654 /* Value match with a delete
5656 n->flags.ignore = 1;
5661 /* Adding the same notation
5662 twice, so don't add it at
5665 tty_printf ("Skipping notation:"
5675 /* No value, so it means delete. */
5676 n->flags.ignore = 1;
5680 if (n->flags.ignore)
5682 tty_printf ("Removing notation: %s=%s\n",
5688 if (!notation->flags.ignore && !skip)
5689 tty_printf ("Adding notation: %s=%s\n",
5690 notation->name, notation->value);
5692 /* We tried to delete, but had no matches. */
5693 if (notation->flags.ignore && !deleting)
5698 tty_printf ("Removing all notations\n");
5705 !cpr_get_answer_is_yes ("keyedit.confirm_notation",
5706 _("Proceed? (y/N) "))))
5709 rc = update_keysig_packet (&newsig, sig,
5712 keygen_add_notations, notation);
5715 log_error ("update_keysig_packet failed: %s\n",
5717 free_notation (notation);
5722 /* replace the packet */
5723 newpkt = xmalloc_clear (sizeof *newpkt);
5724 newpkt->pkttype = PKT_SIGNATURE;
5725 newpkt->pkt.signature = newsig;
5726 free_packet (node->pkt);
5733 /* Snip off the notation list from the sig */
5734 free_notation (notation->next);
5735 notation->next = NULL;
5744 free_notation (notation);
5750 * Select one user id or remove all selection if IDX is 0 or select
5751 * all if IDX is -1. Returns: True if the selection changed.
5754 menu_select_uid (KBNODE keyblock, int idx)
5759 if (idx == -1) /* Select all. */
5761 for (node = keyblock; node; node = node->next)
5762 if (node->pkt->pkttype == PKT_USER_ID)
5763 node->flag |= NODFLG_SELUID;
5766 else if (idx) /* Toggle. */
5768 for (i = 0, node = keyblock; node; node = node->next)
5770 if (node->pkt->pkttype == PKT_USER_ID)
5776 tty_printf (_("No user ID with index %d\n"), idx);
5780 for (i = 0, node = keyblock; node; node = node->next)
5782 if (node->pkt->pkttype == PKT_USER_ID)
5786 if ((node->flag & NODFLG_SELUID))
5787 node->flag &= ~NODFLG_SELUID;
5789 node->flag |= NODFLG_SELUID;
5794 else /* Unselect all */
5796 for (node = keyblock; node; node = node->next)
5797 if (node->pkt->pkttype == PKT_USER_ID)
5798 node->flag &= ~NODFLG_SELUID;
5805 /* Search in the keyblock for a uid that matches namehash */
5807 menu_select_uid_namehash (KBNODE keyblock, const char *namehash)
5809 byte hash[NAMEHASH_LEN];
5813 log_assert (strlen (namehash) == NAMEHASH_LEN * 2);
5815 for (i = 0; i < NAMEHASH_LEN; i++)
5816 hash[i] = hextobyte (&namehash[i * 2]);
5818 for (node = keyblock->next; node; node = node->next)
5820 if (node->pkt->pkttype == PKT_USER_ID)
5822 namehash_from_uid (node->pkt->pkt.user_id);
5823 if (memcmp (node->pkt->pkt.user_id->namehash, hash, NAMEHASH_LEN) ==
5826 if (node->flag & NODFLG_SELUID)
5827 node->flag &= ~NODFLG_SELUID;
5829 node->flag |= NODFLG_SELUID;
5838 tty_printf (_("No user ID with hash %s\n"), namehash);
5847 * Select secondary keys
5848 * Returns: True if the selection changed.
5851 menu_select_key (KBNODE keyblock, int idx, char *p)
5857 is_hex_digits = p && strlen (p) >= 8;
5860 /* Skip initial spaces. */
5863 /* If the id starts with 0x accept and ignore it. */
5864 if (p[0] == '0' && p[1] == 'x')
5867 for (i = 0, j = 0; p[i]; i ++)
5868 if (hexdigitp (&p[i]))
5870 p[j] = toupper (p[i]);
5873 else if (spacep (&p[i]))
5883 /* In case we skipped some spaces, add a new NUL terminator. */
5886 /* If we skipped some spaces, make sure that we still have
5887 at least 8 characters. */
5888 is_hex_digits = (/* Short keyid. */
5892 /* Fingerprints are (currently) 32 or 40
5894 || strlen (p) >= 32);
5901 for (node = keyblock; node; node = node->next)
5902 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
5903 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
5906 if (strlen (p) == 8 || strlen (p) == 16)
5910 keyid_from_pk (node->pkt->pkt.public_key, kid);
5911 format_keyid (kid, strlen (p) == 8 ? KF_SHORT : KF_LONG,
5912 kid_str, sizeof (kid_str));
5914 if (strcmp (p, kid_str) == 0)
5919 char fp[2*MAX_FINGERPRINT_LEN + 1];
5920 hexfingerprint (node->pkt->pkt.public_key, fp, sizeof (fp));
5921 if (strcmp (fp, p) == 0)
5927 if ((node->flag & NODFLG_SELKEY))
5928 node->flag &= ~NODFLG_SELKEY;
5930 node->flag |= NODFLG_SELKEY;
5939 tty_printf (_("No subkey with key ID '%s'.\n"), p);
5943 if (idx == -1) /* Select all. */
5945 for (node = keyblock; node; node = node->next)
5946 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
5947 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
5948 node->flag |= NODFLG_SELKEY;
5950 else if (idx) /* Toggle selection. */
5952 for (i = 0, node = keyblock; node; node = node->next)
5954 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
5955 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
5961 tty_printf (_("No subkey with index %d\n"), idx);
5965 for (i = 0, node = keyblock; node; node = node->next)
5967 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
5968 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
5971 if ((node->flag & NODFLG_SELKEY))
5972 node->flag &= ~NODFLG_SELKEY;
5974 node->flag |= NODFLG_SELKEY;
5978 else /* Unselect all. */
5980 for (node = keyblock; node; node = node->next)
5981 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
5982 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
5983 node->flag &= ~NODFLG_SELKEY;
5991 count_uids_with_flag (KBNODE keyblock, unsigned flag)
5996 for (node = keyblock; node; node = node->next)
5997 if (node->pkt->pkttype == PKT_USER_ID && (node->flag & flag))
6004 count_keys_with_flag (KBNODE keyblock, unsigned flag)
6009 for (node = keyblock; node; node = node->next)
6010 if ((node->pkt->pkttype == PKT_PUBLIC_SUBKEY
6011 || node->pkt->pkttype == PKT_SECRET_SUBKEY) && (node->flag & flag))
6018 count_uids (KBNODE keyblock)
6023 for (node = keyblock; node; node = node->next)
6024 if (node->pkt->pkttype == PKT_USER_ID)
6031 * Returns true if there is at least one selected user id
6034 count_selected_uids (KBNODE keyblock)
6036 return count_uids_with_flag (keyblock, NODFLG_SELUID);
6041 count_selected_keys (KBNODE keyblock)
6043 return count_keys_with_flag (keyblock, NODFLG_SELKEY);
6047 /* Returns how many real (i.e. not attribute) uids are unmarked. */
6049 real_uids_left (KBNODE keyblock)
6054 for (node = keyblock; node; node = node->next)
6055 if (node->pkt->pkttype == PKT_USER_ID && !(node->flag & NODFLG_SELUID) &&
6056 !node->pkt->pkt.user_id->attrib_data)
6064 * Ask whether the signature should be revoked. If the user commits this,
6065 * flag bit MARK_A is set on the signature and the user ID.
6068 ask_revoke_sig (KBNODE keyblock, KBNODE node)
6072 PKT_signature *sig = node->pkt->pkt.signature;
6073 KBNODE unode = find_prev_kbnode (keyblock, node, PKT_USER_ID);
6077 log_error ("Oops: no user ID for signature\n");
6081 uid = unode->pkt->pkt.user_id;
6083 if (opt.with_colons)
6085 if (uid->attrib_data)
6086 printf ("uat:::::::::%u %lu", uid->numattribs, uid->attrib_len);
6089 es_printf ("uid:::::::::");
6090 es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
6095 print_and_check_one_sig_colon (keyblock, node, NULL, NULL, NULL, NULL,
6100 char *p = utf8_to_native (unode->pkt->pkt.user_id->name,
6101 unode->pkt->pkt.user_id->len, 0);
6102 tty_printf (_("user ID: \"%s\"\n"), p);
6105 tty_printf (_("signed by your key %s on %s%s%s\n"),
6106 keystr (sig->keyid), datestr_from_sig (sig),
6107 sig->flags.exportable ? "" : _(" (non-exportable)"), "");
6109 if (sig->flags.expired)
6111 tty_printf (_("This signature expired on %s.\n"),
6112 expirestr_from_sig (sig));
6113 /* Use a different question so we can have different help text */
6114 doit = cpr_get_answer_is_yes
6115 ("ask_revoke_sig.expired",
6116 _("Are you sure you still want to revoke it? (y/N) "));
6119 doit = cpr_get_answer_is_yes
6120 ("ask_revoke_sig.one",
6121 _("Create a revocation certificate for this signature? (y/N) "));
6125 node->flag |= NODFLG_MARK_A;
6126 unode->flag |= NODFLG_MARK_A;
6132 * Display all user ids of the current public key together with signatures
6133 * done by one of our keys. Then walk over all this sigs and ask the user
6134 * whether he wants to revoke this signature.
6135 * Return: True when the keyblock has changed.
6138 menu_revsig (KBNODE keyblock)
6141 PKT_public_key *primary_pk;
6144 int rc, any, skip = 1, all = !count_selected_uids (keyblock);
6145 struct revocation_reason_info *reason = NULL;
6147 log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
6149 /* First check whether we have any signatures at all. */
6151 for (node = keyblock; node; node = node->next)
6153 node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A);
6154 if (node->pkt->pkttype == PKT_USER_ID)
6156 if (node->flag & NODFLG_SELUID || all)
6161 else if (!skip && node->pkt->pkttype == PKT_SIGNATURE
6162 && ((sig = node->pkt->pkt.signature),
6163 have_secret_key_with_kid (sig->keyid)))
6165 if ((sig->sig_class & ~3) == 0x10)
6175 tty_printf (_("Not signed by you.\n"));
6180 /* FIXME: detect duplicates here */
6181 tty_printf (_("You have signed these user IDs on key %s:\n"),
6182 keystr_from_pk (keyblock->pkt->pkt.public_key));
6183 for (node = keyblock; node; node = node->next)
6185 node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A);
6186 if (node->pkt->pkttype == PKT_USER_ID)
6188 if (node->flag & NODFLG_SELUID || all)
6190 PKT_user_id *uid = node->pkt->pkt.user_id;
6191 /* Hmmm: Should we show only UIDs with a signature? */
6193 tty_print_utf8_string (uid->name, uid->len);
6200 else if (!skip && node->pkt->pkttype == PKT_SIGNATURE
6201 && ((sig = node->pkt->pkt.signature),
6202 have_secret_key_with_kid (sig->keyid)))
6204 if ((sig->sig_class & ~3) == 0x10)
6207 tty_printf (_("signed by your key %s on %s%s%s\n"),
6208 keystr (sig->keyid), datestr_from_sig (sig),
6209 sig->flags.exportable ? "" : _(" (non-exportable)"),
6210 sig->flags.revocable ? "" : _(" (non-revocable)"));
6211 if (sig->flags.revocable)
6212 node->flag |= NODFLG_SELSIG;
6214 else if (sig->sig_class == 0x30)
6217 tty_printf (_("revoked by your key %s on %s\n"),
6218 keystr (sig->keyid), datestr_from_sig (sig));
6226 for (node = keyblock; node; node = node->next)
6228 if (!(node->flag & NODFLG_SELSIG))
6230 ask_revoke_sig (keyblock, node);
6233 /* present selected */
6235 for (node = keyblock; node; node = node->next)
6237 if (!(node->flag & NODFLG_MARK_A))
6242 tty_printf (_("You are about to revoke these signatures:\n"));
6244 if (node->pkt->pkttype == PKT_USER_ID)
6246 PKT_user_id *uid = node->pkt->pkt.user_id;
6248 tty_print_utf8_string (uid->name, uid->len);
6251 else if (node->pkt->pkttype == PKT_SIGNATURE)
6253 sig = node->pkt->pkt.signature;
6255 tty_printf (_("signed by your key %s on %s%s%s\n"),
6256 keystr (sig->keyid), datestr_from_sig (sig), "",
6257 sig->flags.exportable ? "" : _(" (non-exportable)"));
6261 return 0; /* none selected */
6263 if (!cpr_get_answer_is_yes
6264 ("ask_revoke_sig.okay",
6265 _("Really create the revocation certificates? (y/N) ")))
6266 return 0; /* forget it */
6268 reason = ask_revocation_reason (0, 1, 0);
6270 { /* user decided to cancel */
6274 /* now we can sign the user ids */
6275 reloop: /* (must use this, because we are modifing the list) */
6276 primary_pk = keyblock->pkt->pkt.public_key;
6277 for (node = keyblock; node; node = node->next)
6281 struct sign_attrib attrib;
6282 PKT_public_key *signerkey;
6284 if (!(node->flag & NODFLG_MARK_A)
6285 || node->pkt->pkttype != PKT_SIGNATURE)
6287 unode = find_prev_kbnode (keyblock, node, PKT_USER_ID);
6288 log_assert (unode); /* we already checked this */
6290 memset (&attrib, 0, sizeof attrib);
6291 attrib.reason = reason;
6292 attrib.non_exportable = !node->pkt->pkt.signature->flags.exportable;
6294 node->flag &= ~NODFLG_MARK_A;
6295 signerkey = xmalloc_secure_clear (sizeof *signerkey);
6296 if (get_seckey (signerkey, node->pkt->pkt.signature->keyid))
6298 log_info (_("no secret key\n"));
6299 free_public_key (signerkey);
6302 rc = make_keysig_packet (&sig, primary_pk,
6303 unode->pkt->pkt.user_id,
6304 NULL, signerkey, 0x30, 0, 0, 0,
6305 sign_mk_attrib, &attrib, NULL);
6306 free_public_key (signerkey);
6309 write_status_error ("keysig", rc);
6310 log_error (_("signing failed: %s\n"), gpg_strerror (rc));
6311 release_revocation_reason_info (reason);
6314 changed = 1; /* we changed the keyblock */
6316 /* Are we revoking our own uid? */
6317 if (primary_pk->keyid[0] == sig->keyid[0] &&
6318 primary_pk->keyid[1] == sig->keyid[1])
6319 unode->pkt->pkt.user_id->is_revoked = 1;
6320 pkt = xmalloc_clear (sizeof *pkt);
6321 pkt->pkttype = PKT_SIGNATURE;
6322 pkt->pkt.signature = sig;
6323 insert_kbnode (unode, new_kbnode (pkt), 0);
6327 release_revocation_reason_info (reason);
6332 /* return 0 if revocation of NODE (which must be a User ID) was
6333 successful, non-zero if there was an error. *modified will be set
6334 to 1 if a change was made. */
6336 core_revuid (ctrl_t ctrl, kbnode_t keyblock, KBNODE node,
6337 const struct revocation_reason_info *reason, int *modified)
6339 PKT_public_key *pk = keyblock->pkt->pkt.public_key;
6342 if (node->pkt->pkttype != PKT_USER_ID)
6344 rc = gpg_error (GPG_ERR_NO_USER_ID);
6345 write_status_error ("keysig", rc);
6346 log_error (_("tried to revoke a non-user ID: %s\n"), gpg_strerror (rc));
6351 PKT_user_id *uid = node->pkt->pkt.user_id;
6353 if (uid->is_revoked)
6355 char *user = utf8_to_native (uid->name, uid->len, 0);
6356 log_info (_("user ID \"%s\" is already revoked\n"), user);
6363 struct sign_attrib attrib;
6364 u32 timestamp = make_timestamp ();
6366 if (uid->created >= timestamp)
6368 /* Okay, this is a problem. The user ID selfsig was
6369 created in the future, so we need to warn the user and
6370 set our revocation timestamp one second after that so
6371 everything comes out clean. */
6373 log_info (_("WARNING: a user ID signature is dated %d"
6374 " seconds in the future\n"),
6375 uid->created - timestamp);
6377 timestamp = uid->created + 1;
6380 memset (&attrib, 0, sizeof attrib);
6381 /* should not need to cast away const here; but
6382 revocation_reason_build_cb needs to take a non-const
6383 void* in order to meet the function signtuare for the
6384 mksubpkt argument to make_keysig_packet */
6385 attrib.reason = (struct revocation_reason_info *)reason;
6387 rc = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x30, 0,
6389 sign_mk_attrib, &attrib, NULL);
6392 write_status_error ("keysig", rc);
6393 log_error (_("signing failed: %s\n"), gpg_strerror (rc));
6398 pkt = xmalloc_clear (sizeof *pkt);
6399 pkt->pkttype = PKT_SIGNATURE;
6400 pkt->pkt.signature = sig;
6401 insert_kbnode (node, new_kbnode (pkt), 0);
6403 #ifndef NO_TRUST_MODELS
6404 /* If the trustdb has an entry for this key+uid then the
6405 trustdb needs an update. */
6407 && ((get_validity (ctrl, keyblock, pk, uid, NULL, 0)
6409 >= TRUST_UNDEFINED))
6411 #endif /*!NO_TRUST_MODELS*/
6413 node->pkt->pkt.user_id->is_revoked = 1;
6422 /* Revoke a user ID (i.e. revoke a user ID selfsig). Return true if
6423 keyblock changed. */
6425 menu_revuid (ctrl_t ctrl, kbnode_t pub_keyblock)
6427 PKT_public_key *pk = pub_keyblock->pkt->pkt.public_key;
6431 struct revocation_reason_info *reason = NULL;
6433 /* Note that this is correct as per the RFCs, but nevertheless
6434 somewhat meaningless in the real world. 1991 did define the 0x30
6435 sig class, but PGP 2.x did not actually implement it, so it would
6436 probably be safe to use v4 revocations everywhere. -ds */
6438 for (node = pub_keyblock; node; node = node->next)
6439 if (pk->version > 3 || (node->pkt->pkttype == PKT_USER_ID &&
6440 node->pkt->pkt.user_id->selfsigversion > 3))
6442 if ((reason = ask_revocation_reason (0, 1, 4)))
6448 reloop: /* (better this way because we are modifying the keyring) */
6449 for (node = pub_keyblock; node; node = node->next)
6450 if (node->pkt->pkttype == PKT_USER_ID && (node->flag & NODFLG_SELUID))
6453 rc = core_revuid (ctrl, pub_keyblock, node, reason, &modified);
6458 node->flag &= ~NODFLG_SELUID;
6465 commit_kbnode (&pub_keyblock);
6468 release_revocation_reason_info (reason);
6474 * Revoke the whole key.
6477 menu_revkey (KBNODE pub_keyblock)
6479 PKT_public_key *pk = pub_keyblock->pkt->pkt.public_key;
6480 int rc, changed = 0;
6481 struct revocation_reason_info *reason;
6485 if (pk->flags.revoked)
6487 tty_printf (_("Key %s is already revoked.\n"), keystr_from_pk (pk));
6491 reason = ask_revocation_reason (1, 0, 0);
6492 /* user decided to cancel */
6496 rc = make_keysig_packet (&sig, pk, NULL, NULL, pk,
6498 revocation_reason_build_cb, reason, NULL);
6501 write_status_error ("keysig", rc);
6502 log_error (_("signing failed: %s\n"), gpg_strerror (rc));
6506 changed = 1; /* we changed the keyblock */
6508 pkt = xmalloc_clear (sizeof *pkt);
6509 pkt->pkttype = PKT_SIGNATURE;
6510 pkt->pkt.signature = sig;
6511 insert_kbnode (pub_keyblock, new_kbnode (pkt), 0);
6512 commit_kbnode (&pub_keyblock);
6517 release_revocation_reason_info (reason);
6523 menu_revsubkey (KBNODE pub_keyblock)
6525 PKT_public_key *mainpk;
6529 struct revocation_reason_info *reason = NULL;
6531 reason = ask_revocation_reason (1, 0, 0);
6533 return 0; /* User decided to cancel. */
6535 reloop: /* (better this way because we are modifing the keyring) */
6536 mainpk = pub_keyblock->pkt->pkt.public_key;
6537 for (node = pub_keyblock; node; node = node->next)
6539 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
6540 && (node->flag & NODFLG_SELKEY))
6544 PKT_public_key *subpk = node->pkt->pkt.public_key;
6545 struct sign_attrib attrib;
6547 if (subpk->flags.revoked)
6549 tty_printf (_("Subkey %s is already revoked.\n"),
6550 keystr_from_pk (subpk));
6554 memset (&attrib, 0, sizeof attrib);
6555 attrib.reason = reason;
6557 node->flag &= ~NODFLG_SELKEY;
6558 rc = make_keysig_packet (&sig, mainpk, NULL, subpk, mainpk,
6559 0x28, 0, 0, 0, sign_mk_attrib, &attrib,
6563 write_status_error ("keysig", rc);
6564 log_error (_("signing failed: %s\n"), gpg_strerror (rc));
6565 release_revocation_reason_info (reason);
6568 changed = 1; /* we changed the keyblock */
6570 pkt = xmalloc_clear (sizeof *pkt);
6571 pkt->pkttype = PKT_SIGNATURE;
6572 pkt->pkt.signature = sig;
6573 insert_kbnode (node, new_kbnode (pkt), 0);
6577 commit_kbnode (&pub_keyblock);
6579 /* No need to set update_trust here since signing keys no longer
6580 are used to certify other keys, so there is no change in trust
6581 when revoking/removing them */
6583 release_revocation_reason_info (reason);
6588 /* Note that update_ownertrust is going to mark the trustdb dirty when
6589 enabling or disabling a key. This is arguably sub-optimal as
6590 disabled keys are still counted in the web of trust, but perhaps
6591 not worth adding extra complexity to change. -ds */
6592 #ifndef NO_TRUST_MODELS
6594 enable_disable_key (KBNODE keyblock, int disable)
6596 PKT_public_key *pk =
6597 find_kbnode (keyblock, PKT_PUBLIC_KEY)->pkt->pkt.public_key;
6598 unsigned int trust, newtrust;
6600 trust = newtrust = get_ownertrust (pk);
6601 newtrust &= ~TRUST_FLAG_DISABLED;
6603 newtrust |= TRUST_FLAG_DISABLED;
6604 if (trust == newtrust)
6605 return 0; /* already in that state */
6606 update_ownertrust (pk, newtrust);
6609 #endif /*!NO_TRUST_MODELS*/
6613 menu_showphoto (ctrl_t ctrl, kbnode_t keyblock)
6616 int select_all = !count_selected_uids (keyblock);
6618 PKT_public_key *pk = NULL;
6620 /* Look for the public key first. We have to be really, really,
6621 explicit as to which photo this is, and what key it is a UID on
6622 since people may want to sign it. */
6624 for (node = keyblock; node; node = node->next)
6626 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
6627 pk = node->pkt->pkt.public_key;
6628 else if (node->pkt->pkttype == PKT_USER_ID)
6630 PKT_user_id *uid = node->pkt->pkt.user_id;
6633 if ((select_all || (node->flag & NODFLG_SELUID)) &&
6634 uid->attribs != NULL)
6638 for (i = 0; i < uid->numattribs; i++)
6643 if (uid->attribs[i].type == ATTRIB_IMAGE &&
6644 parse_image_header (&uid->attribs[i], &type, &size))
6646 tty_printf (_("Displaying %s photo ID of size %ld for "
6647 "key %s (uid %d)\n"),
6648 image_type_to_string (type, 1),
6649 (ulong) size, keystr_from_pk (pk), count);
6650 show_photos (ctrl, &uid->attribs[i], 1, pk, uid);