1 /* keygen.c - Generate a key pair
2 * Copyright (C) 1998-2007, 2009-2011 Free Software Foundation, Inc.
3 * Copyright (C) 2014, 2015, 2016 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
27 #include <sys/types.h>
41 #include "keyserver-internal.h"
42 #include "call-agent.h"
44 #include "../common/shareddefs.h"
46 #include "mbox-util.h"
49 /* The default algorithms. If you change them remember to change them
50 also in gpg.c:gpgconf_list. You should also check that the value
51 is inside the bounds enforced by ask_keysize and gen_xxx. See also
52 get_keysize_range which encodes the allowed ranges. */
53 #define DEFAULT_STD_KEY_PARAM "rsa2048/cert,sign+rsa2048/encr"
54 #define FUTURE_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr"
56 /* When generating keys using the streamlined key generation dialog,
57 use this as a default expiration interval. */
58 const char *default_expiration_interval = "2y";
60 /* Flag bits used during key generation. */
61 #define KEYGEN_FLAG_NO_PROTECTION 1
62 #define KEYGEN_FLAG_TRANSIENT_KEY 2
64 /* Maximum number of supported algorithm preferences. */
84 pKEYCREATIONDATE, /* Same in seconds since epoch. */
86 pKEYEXPIRE, /* in n seconds */
87 pSUBKEYEXPIRE, /* in n seconds */
96 struct para_data_s *next;
103 struct revocation_key revkey;
108 struct output_control_s
112 unsigned int keygen_flags;
118 armor_filter_context_t *afx;
123 struct opaque_data_usage_and_pk {
129 static int prefs_initialized = 0;
130 static byte sym_prefs[MAX_PREFS];
131 static int nsym_prefs;
132 static byte hash_prefs[MAX_PREFS];
133 static int nhash_prefs;
134 static byte zip_prefs[MAX_PREFS];
135 static int nzip_prefs;
136 static int mdc_available,ks_modify;
138 static gpg_error_t parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
139 const char *algostr, const char *usagestr,
140 const char *expirestr,
141 int *r_algo, unsigned int *r_usage,
143 unsigned int *r_nbits, char **r_curve);
144 static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
145 struct output_control_s *outctrl, int card );
146 static int write_keyblock (iobuf_t out, kbnode_t node);
147 static gpg_error_t gen_card_key (int keyno, int algo, int is_primary,
148 kbnode_t pub_root, u32 *timestamp,
150 static unsigned int get_keysize_range (int algo,
151 unsigned int *min, unsigned int *max);
155 /* Return the algo string for a default new key. */
157 get_default_pubkey_algo (void)
159 if (opt.def_new_key_algo)
161 if (*opt.def_new_key_algo && !strchr (opt.def_new_key_algo, ':'))
162 return opt.def_new_key_algo;
163 /* To avoid checking that option every time we delay that until
164 * here. The only thing we really need to make sure is that
165 * there is no colon in the string so that the --gpgconf-list
166 * command won't mess up its output. */
167 log_info (_("invalid value for option '%s'\n"), "--default-new-key-algo");
169 return DEFAULT_STD_KEY_PARAM;
174 print_status_key_created (int letter, PKT_public_key *pk, const char *handle)
176 byte array[MAX_FINGERPRINT_LEN], *s;
183 buf = xmalloc (MAX_FINGERPRINT_LEN*2+31 + strlen (handle) + 1);
192 fingerprint_from_pk (pk, array, &n);
194 /* Fixme: Use bin2hex */
195 for (i=0; i < n ; i++, s++, p += 2)
196 snprintf (p, 3, "%02X", *s);
202 for (i=0; handle[i] && i < 100; i++)
203 *p++ = isspace ((unsigned int)handle[i])? '_':handle[i];
206 write_status_text ((letter || pk)?STATUS_KEY_CREATED:STATUS_KEY_NOT_CREATED,
212 print_status_key_not_created (const char *handle)
214 print_status_key_created (0, NULL, handle);
220 write_uid( KBNODE root, const char *s )
222 PACKET *pkt = xmalloc_clear(sizeof *pkt );
223 size_t n = strlen(s);
225 pkt->pkttype = PKT_USER_ID;
226 pkt->pkt.user_id = xmalloc_clear (sizeof *pkt->pkt.user_id + n);
227 pkt->pkt.user_id->len = n;
228 pkt->pkt.user_id->ref = 1;
229 strcpy(pkt->pkt.user_id->name, s);
230 add_kbnode( root, new_kbnode( pkt ) );
234 do_add_key_flags (PKT_signature *sig, unsigned int use)
240 /* The spec says that all primary keys MUST be able to certify. */
241 if(sig->sig_class!=0x18)
244 if (use & PUBKEY_USAGE_SIG)
246 if (use & PUBKEY_USAGE_ENC)
247 buf[0] |= 0x04 | 0x08;
248 if (use & PUBKEY_USAGE_AUTH)
251 build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
256 keygen_add_key_expire (PKT_signature *sig, void *opaque)
258 PKT_public_key *pk = opaque;
264 if (pk->expiredate > pk->timestamp)
265 u = pk->expiredate - pk->timestamp;
269 buf[0] = (u >> 24) & 0xff;
270 buf[1] = (u >> 16) & 0xff;
271 buf[2] = (u >> 8) & 0xff;
273 build_sig_subpkt (sig, SIGSUBPKT_KEY_EXPIRE, buf, 4);
277 /* Make sure we don't leave a key expiration subpacket lying
279 delete_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE);
286 /* Add the key usage (i.e. key flags) in SIG from the public keys
287 * pubkey_usage field. OPAQUE has the public key. */
289 keygen_add_key_flags (PKT_signature *sig, void *opaque)
291 PKT_public_key *pk = opaque;
293 do_add_key_flags (sig, pk->pubkey_usage);
299 keygen_add_key_flags_and_expire (PKT_signature *sig, void *opaque)
301 struct opaque_data_usage_and_pk *oduap = opaque;
303 do_add_key_flags (sig, oduap->usage);
304 return keygen_add_key_expire (sig, oduap->pk);
309 set_one_pref (int val, int type, const char *item, byte *buf, int *nbuf)
313 for (i=0; i < *nbuf; i++ )
316 log_info (_("preference '%s' duplicated\n"), item);
320 if (*nbuf >= MAX_PREFS)
323 log_info(_("too many cipher preferences\n"));
325 log_info(_("too many digest preferences\n"));
327 log_info(_("too many compression preferences\n"));
334 buf[(*nbuf)++] = val;
339 * Parse the supplied string and use it to set the standard
340 * preferences. The string may be in a form like the one printed by
341 * "pref" (something like: "S10 S3 H3 H2 Z2 Z1") or the actual
342 * cipher/hash/compress names. Use NULL to set the default
343 * preferences. Returns: 0 = okay
346 keygen_set_std_prefs (const char *string,int personal)
348 byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS];
349 int nsym=0, nhash=0, nzip=0, val, rc=0;
350 int mdc=1, modify=0; /* mdc defaults on, modify defaults off. */
351 char dummy_string[20*4+1]; /* Enough for 20 items. */
353 if (!string || !ascii_strcasecmp (string, "default"))
355 if (opt.def_preference_list)
356 string=opt.def_preference_list;
359 int any_compress = 0;
360 dummy_string[0]='\0';
362 /* The rationale why we use the order AES256,192,128 is
363 for compatibility reasons with PGP. If gpg would
364 define AES128 first, we would get the somewhat
367 gpg -r pgpkey -r gpgkey ---gives--> AES256
368 gpg -r gpgkey -r pgpkey ---gives--> AES
370 Note that by using --personal-cipher-preferences it is
371 possible to prefer AES128.
374 /* Make sure we do not add more than 15 items here, as we
375 could overflow the size of dummy_string. We currently
377 if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES256) )
378 strcat(dummy_string,"S9 ");
379 if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES192) )
380 strcat(dummy_string,"S8 ");
381 if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES) )
382 strcat(dummy_string,"S7 ");
383 strcat(dummy_string,"S2 "); /* 3DES */
385 /* The default hash algo order is:
386 SHA-256, SHA-384, SHA-512, SHA-224, SHA-1.
388 if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
389 strcat (dummy_string, "H8 ");
391 if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
392 strcat (dummy_string, "H9 ");
394 if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
395 strcat (dummy_string, "H10 ");
397 if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224))
398 strcat (dummy_string, "H11 ");
400 strcat (dummy_string, "H2 "); /* SHA-1 */
402 if(!check_compress_algo(COMPRESS_ALGO_ZLIB))
404 strcat(dummy_string,"Z2 ");
408 if(!check_compress_algo(COMPRESS_ALGO_BZIP2))
410 strcat(dummy_string,"Z3 ");
414 if(!check_compress_algo(COMPRESS_ALGO_ZIP))
416 strcat(dummy_string,"Z1 ");
420 /* In case we have no compress algo at all, declare that
421 we prefer no compresssion. */
423 strcat(dummy_string,"Z0 ");
425 /* Remove the trailing space. */
426 if (*dummy_string && dummy_string[strlen (dummy_string)-1] == ' ')
427 dummy_string[strlen (dummy_string)-1] = 0;
432 else if (!ascii_strcasecmp (string, "none"))
437 char *dup, *tok, *prefstring;
439 dup = prefstring = xstrdup (string); /* need a writable string! */
441 while((tok=strsep(&prefstring," ,")))
443 if((val=string_to_cipher_algo (tok)))
445 if(set_one_pref(val,1,tok,sym,&nsym))
448 else if((val=string_to_digest_algo (tok)))
450 if(set_one_pref(val,2,tok,hash,&nhash))
453 else if((val=string_to_compress_algo(tok))>-1)
455 if(set_one_pref(val,3,tok,zip,&nzip))
458 else if (ascii_strcasecmp(tok,"mdc")==0)
460 else if (ascii_strcasecmp(tok,"no-mdc")==0)
462 else if (ascii_strcasecmp(tok,"ks-modify")==0)
464 else if (ascii_strcasecmp(tok,"no-ks-modify")==0)
468 log_info (_("invalid item '%s' in preference string\n"),tok);
480 if(personal==PREFTYPE_SYM)
482 xfree(opt.personal_cipher_prefs);
485 opt.personal_cipher_prefs=NULL;
490 opt.personal_cipher_prefs=
491 xmalloc(sizeof(prefitem_t *)*(nsym+1));
493 for (i=0; i<nsym; i++)
495 opt.personal_cipher_prefs[i].type = PREFTYPE_SYM;
496 opt.personal_cipher_prefs[i].value = sym[i];
499 opt.personal_cipher_prefs[i].type = PREFTYPE_NONE;
500 opt.personal_cipher_prefs[i].value = 0;
503 else if(personal==PREFTYPE_HASH)
505 xfree(opt.personal_digest_prefs);
508 opt.personal_digest_prefs=NULL;
513 opt.personal_digest_prefs=
514 xmalloc(sizeof(prefitem_t *)*(nhash+1));
516 for (i=0; i<nhash; i++)
518 opt.personal_digest_prefs[i].type = PREFTYPE_HASH;
519 opt.personal_digest_prefs[i].value = hash[i];
522 opt.personal_digest_prefs[i].type = PREFTYPE_NONE;
523 opt.personal_digest_prefs[i].value = 0;
526 else if(personal==PREFTYPE_ZIP)
528 xfree(opt.personal_compress_prefs);
531 opt.personal_compress_prefs=NULL;
536 opt.personal_compress_prefs=
537 xmalloc(sizeof(prefitem_t *)*(nzip+1));
539 for (i=0; i<nzip; i++)
541 opt.personal_compress_prefs[i].type = PREFTYPE_ZIP;
542 opt.personal_compress_prefs[i].value = zip[i];
545 opt.personal_compress_prefs[i].type = PREFTYPE_NONE;
546 opt.personal_compress_prefs[i].value = 0;
552 memcpy (sym_prefs, sym, (nsym_prefs=nsym));
553 memcpy (hash_prefs, hash, (nhash_prefs=nhash));
554 memcpy (zip_prefs, zip, (nzip_prefs=nzip));
557 prefs_initialized = 1;
564 /* Return a fake user ID containing the preferences. Caller must
567 keygen_get_std_prefs(void)
570 PKT_user_id *uid=xmalloc_clear(sizeof(PKT_user_id));
572 if(!prefs_initialized)
573 keygen_set_std_prefs(NULL,0);
577 uid->prefs=xmalloc((sizeof(prefitem_t *)*
578 (nsym_prefs+nhash_prefs+nzip_prefs+1)));
580 for(i=0;i<nsym_prefs;i++,j++)
582 uid->prefs[j].type=PREFTYPE_SYM;
583 uid->prefs[j].value=sym_prefs[i];
586 for(i=0;i<nhash_prefs;i++,j++)
588 uid->prefs[j].type=PREFTYPE_HASH;
589 uid->prefs[j].value=hash_prefs[i];
592 for(i=0;i<nzip_prefs;i++,j++)
594 uid->prefs[j].type=PREFTYPE_ZIP;
595 uid->prefs[j].value=zip_prefs[i];
598 uid->prefs[j].type=PREFTYPE_NONE;
599 uid->prefs[j].value=0;
601 uid->flags.mdc=mdc_available;
602 uid->flags.ks_modify=ks_modify;
608 add_feature_mdc (PKT_signature *sig,int enabled)
615 s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n );
616 /* Already set or cleared */
618 ((enabled && (s[0] & 0x01)) || (!enabled && !(s[0] & 0x01))))
621 if (!s || !n) { /* create a new one */
623 buf = xmalloc_clear (n);
631 buf[0] |= 0x01; /* MDC feature */
635 /* Are there any bits set? */
641 delete_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES);
643 build_sig_subpkt (sig, SIGSUBPKT_FEATURES, buf, n);
649 add_keyserver_modify (PKT_signature *sig,int enabled)
656 /* The keyserver modify flag is a negative flag (i.e. no-modify) */
659 s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n );
660 /* Already set or cleared */
662 ((enabled && (s[0] & 0x80)) || (!enabled && !(s[0] & 0x80))))
665 if (!s || !n) { /* create a new one */
667 buf = xmalloc_clear (n);
675 buf[0] |= 0x80; /* no-modify flag */
679 /* Are there any bits set? */
685 delete_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS);
687 build_sig_subpkt (sig, SIGSUBPKT_KS_FLAGS, buf, n);
694 keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
698 if (!prefs_initialized)
699 keygen_set_std_prefs (NULL, 0);
702 build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs);
705 delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM);
706 delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM);
710 build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs);
713 delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH);
714 delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_HASH);
718 build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR, zip_prefs, nzip_prefs);
721 delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR);
722 delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR);
725 /* Make sure that the MDC feature flag is set if needed. */
726 add_feature_mdc (sig,mdc_available);
727 add_keyserver_modify (sig,ks_modify);
728 keygen_add_keyserver_url(sig,NULL);
735 * Add preference to the self signature packet.
736 * This is only called for packets with version > 3.
739 keygen_add_std_prefs (PKT_signature *sig, void *opaque)
741 PKT_public_key *pk = opaque;
743 do_add_key_flags (sig, pk->pubkey_usage);
744 keygen_add_key_expire (sig, opaque );
745 keygen_upd_std_prefs (sig, opaque);
746 keygen_add_keyserver_url (sig,NULL);
752 keygen_add_keyserver_url(PKT_signature *sig, void *opaque)
754 const char *url=opaque;
757 url=opt.def_keyserver_url;
760 build_sig_subpkt(sig,SIGSUBPKT_PREF_KS,url,strlen(url));
762 delete_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS);
768 keygen_add_notations(PKT_signature *sig,void *opaque)
770 struct notation *notation;
772 /* We always start clean */
773 delete_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION);
774 delete_sig_subpkt(sig->unhashed,SIGSUBPKT_NOTATION);
775 sig->flags.notation=0;
777 for(notation=opaque;notation;notation=notation->next)
778 if(!notation->flags.ignore)
783 n1=strlen(notation->name);
784 if(notation->altvalue)
785 n2=strlen(notation->altvalue);
786 else if(notation->bdat)
789 n2=strlen(notation->value);
791 buf = xmalloc( 8 + n1 + n2 );
793 /* human readable or not */
794 buf[0] = notation->bdat?0:0x80;
795 buf[1] = buf[2] = buf[3] = 0;
800 memcpy(buf+8, notation->name, n1 );
801 if(notation->altvalue)
802 memcpy(buf+8+n1, notation->altvalue, n2 );
803 else if(notation->bdat)
804 memcpy(buf+8+n1, notation->bdat, n2 );
806 memcpy(buf+8+n1, notation->value, n2 );
807 build_sig_subpkt( sig, SIGSUBPKT_NOTATION |
808 (notation->flags.critical?SIGSUBPKT_FLAG_CRITICAL:0),
817 keygen_add_revkey (PKT_signature *sig, void *opaque)
819 struct revocation_key *revkey = opaque;
820 byte buf[2+MAX_FINGERPRINT_LEN];
822 buf[0] = revkey->class;
823 buf[1] = revkey->algid;
824 memcpy (&buf[2], revkey->fpr, MAX_FINGERPRINT_LEN);
826 build_sig_subpkt (sig, SIGSUBPKT_REV_KEY, buf, 2+MAX_FINGERPRINT_LEN);
828 /* All sigs with revocation keys set are nonrevocable. */
829 sig->flags.revocable = 0;
831 build_sig_subpkt (sig, SIGSUBPKT_REVOCABLE, buf, 1);
840 /* Create a back-signature. If TIMESTAMP is not NULL, use it for the
841 signature creation time. */
843 make_backsig (PKT_signature *sig, PKT_public_key *pk,
844 PKT_public_key *sub_pk, PKT_public_key *sub_psk,
845 u32 timestamp, const char *cache_nonce)
848 PKT_signature *backsig;
850 cache_public_key (sub_pk);
852 err = make_keysig_packet (&backsig, pk, NULL, sub_pk, sub_psk, 0x19,
853 0, timestamp, 0, NULL, NULL, cache_nonce);
855 log_error ("make_keysig_packet failed for backsig: %s\n",
859 /* Get it into a binary packed form. */
860 IOBUF backsig_out = iobuf_temp();
863 init_packet (&backsig_pkt);
864 backsig_pkt.pkttype = PKT_SIGNATURE;
865 backsig_pkt.pkt.signature = backsig;
866 err = build_packet (backsig_out, &backsig_pkt);
867 free_packet (&backsig_pkt);
869 log_error ("build_packet failed for backsig: %s\n", gpg_strerror (err));
873 byte *buf = iobuf_get_temp_buffer (backsig_out);
875 /* Remove the packet header. */
883 else if(buf[1] < 224)
885 pktlen = (buf[1]-192)*256;
886 pktlen += buf[2]+192;
889 else if (buf[1] == 255)
891 pktlen = buf32_to_size_t (buf+2);
908 pktlen = (size_t)buf[mark++] << 24;
909 pktlen |= buf[mark++] << 16;
912 pktlen |= buf[mark++] << 8;
915 pktlen |= buf[mark++];
921 /* Now make the binary blob into a subpacket. */
922 build_sig_subpkt (sig, SIGSUBPKT_SIGNATURE, buf, pktlen);
924 iobuf_close (backsig_out);
932 /* Write a direct key signature to the first key in ROOT using the key
933 PSK. REVKEY is describes the direct key signature and TIMESTAMP is
934 the timestamp to set on the signature. */
936 write_direct_sig (KBNODE root, PKT_public_key *psk,
937 struct revocation_key *revkey, u32 timestamp,
938 const char *cache_nonce)
947 log_info (_("writing direct signature\n"));
949 /* Get the pk packet from the pub_tree. */
950 node = find_kbnode (root, PKT_PUBLIC_KEY);
953 pk = node->pkt->pkt.public_key;
955 /* We have to cache the key, so that the verification of the
956 signature creation is able to retrieve the public key. */
957 cache_public_key (pk);
959 /* Make the signature. */
960 err = make_keysig_packet (&sig, pk, NULL,NULL, psk, 0x1F,
962 keygen_add_revkey, revkey, cache_nonce);
965 log_error ("make_keysig_packet failed: %s\n", gpg_strerror (err) );
969 pkt = xmalloc_clear (sizeof *pkt);
970 pkt->pkttype = PKT_SIGNATURE;
971 pkt->pkt.signature = sig;
972 add_kbnode (root, new_kbnode (pkt));
978 /* Write a self-signature to the first user id in ROOT using the key
979 PSK. USE and TIMESTAMP give the extra data we need for the
982 write_selfsigs (KBNODE root, PKT_public_key *psk,
983 unsigned int use, u32 timestamp, const char *cache_nonce)
993 log_info (_("writing self signature\n"));
995 /* Get the uid packet from the list. */
996 node = find_kbnode (root, PKT_USER_ID);
998 BUG(); /* No user id packet in tree. */
999 uid = node->pkt->pkt.user_id;
1001 /* Get the pk packet from the pub_tree. */
1002 node = find_kbnode (root, PKT_PUBLIC_KEY);
1005 pk = node->pkt->pkt.public_key;
1007 /* The usage has not yet been set - do it now. */
1008 pk->pubkey_usage = use;
1010 /* We have to cache the key, so that the verification of the
1011 signature creation is able to retrieve the public key. */
1012 cache_public_key (pk);
1014 /* Make the signature. */
1015 err = make_keysig_packet (&sig, pk, uid, NULL, psk, 0x13,
1017 keygen_add_std_prefs, pk, cache_nonce);
1020 log_error ("make_keysig_packet failed: %s\n", gpg_strerror (err));
1024 pkt = xmalloc_clear (sizeof *pkt);
1025 pkt->pkttype = PKT_SIGNATURE;
1026 pkt->pkt.signature = sig;
1027 add_kbnode (root, new_kbnode (pkt));
1033 /* Write the key binding signature. If TIMESTAMP is not NULL use the
1034 signature creation time. PRI_PSK is the key use for signing.
1035 SUB_PSK is a key used to create a back-signature; that one is only
1036 used if USE has the PUBKEY_USAGE_SIG capability. */
1038 write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk,
1039 unsigned int use, u32 timestamp, const char *cache_nonce)
1045 PKT_public_key *pri_pk, *sub_pk;
1046 struct opaque_data_usage_and_pk oduap;
1049 log_info(_("writing key binding signature\n"));
1051 /* Get the primary pk packet from the tree. */
1052 node = find_kbnode (root, PKT_PUBLIC_KEY);
1055 pri_pk = node->pkt->pkt.public_key;
1057 /* We have to cache the key, so that the verification of the
1058 * signature creation is able to retrieve the public key. */
1059 cache_public_key (pri_pk);
1061 /* Find the last subkey. */
1063 for (node = root; node; node = node->next )
1065 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1066 sub_pk = node->pkt->pkt.public_key;
1071 /* Make the signature. */
1074 err = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_psk, 0x18,
1076 keygen_add_key_flags_and_expire, &oduap,
1080 log_error ("make_keysig_packeto failed: %s\n", gpg_strerror (err));
1084 /* Make a backsig. */
1085 if (use & PUBKEY_USAGE_SIG)
1087 err = make_backsig (sig, pri_pk, sub_pk, sub_psk, timestamp, cache_nonce);
1092 pkt = xmalloc_clear ( sizeof *pkt );
1093 pkt->pkttype = PKT_SIGNATURE;
1094 pkt->pkt.signature = sig;
1095 add_kbnode (root, new_kbnode (pkt) );
1101 ecckey_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, int algo)
1104 gcry_sexp_t list, l2;
1114 list = gcry_sexp_find_token (sexp, "public-key", 0);
1116 return gpg_error (GPG_ERR_INV_OBJ);
1117 l2 = gcry_sexp_cadr (list);
1118 gcry_sexp_release (list);
1121 return gpg_error (GPG_ERR_NO_OBJ);
1123 l2 = gcry_sexp_find_token (list, "curve", 0);
1126 err = gpg_error (GPG_ERR_NO_OBJ);
1129 curve = gcry_sexp_nth_string (l2, 1);
1132 err = gpg_error (GPG_ERR_NO_OBJ);
1135 gcry_sexp_release (l2);
1136 oidstr = openpgp_curve_to_oid (curve, &nbits);
1139 /* That can't happen because we used one of the curves
1140 gpg_curve_to_oid knows about. */
1141 err = gpg_error (GPG_ERR_INV_OBJ);
1144 err = openpgp_oid_from_str (oidstr, &array[0]);
1148 l2 = gcry_sexp_find_token (list, "q", 0);
1151 err = gpg_error (GPG_ERR_NO_OBJ);
1154 array[1] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
1155 gcry_sexp_release (l2);
1158 err = gpg_error (GPG_ERR_INV_OBJ);
1161 gcry_sexp_release (list);
1163 if (algo == PUBKEY_ALGO_ECDH)
1165 array[2] = pk_ecdh_default_params (nbits);
1168 err = gpg_error_from_syserror ();
1177 for (i=0; i < 3; i++)
1179 gcry_mpi_release (array[i]);
1187 /* Extract key parameters from SEXP and store them in ARRAY. ELEMS is
1188 a string where each character denotes a parameter name. TOPNAME is
1189 the name of the top element above the elements. */
1191 key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp,
1192 const char *topname, const char *elems)
1194 gcry_sexp_t list, l2;
1199 list = gcry_sexp_find_token (sexp, topname, 0);
1201 return gpg_error (GPG_ERR_INV_OBJ);
1202 l2 = gcry_sexp_cadr (list);
1203 gcry_sexp_release (list);
1206 return gpg_error (GPG_ERR_NO_OBJ);
1208 for (idx=0,s=elems; *s; s++, idx++)
1210 l2 = gcry_sexp_find_token (list, s, 1);
1213 rc = gpg_error (GPG_ERR_NO_OBJ); /* required parameter not found */
1216 array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
1217 gcry_sexp_release (l2);
1220 rc = gpg_error (GPG_ERR_INV_OBJ); /* required parameter invalid */
1224 gcry_sexp_release (list);
1229 for (i=0; i<idx; i++)
1231 gcry_mpi_release (array[i]);
1234 gcry_sexp_release (list);
1240 /* Create a keyblock using the given KEYGRIP. ALGO is the OpenPGP
1241 algorithm of that keygrip. */
1243 do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip,
1244 kbnode_t pub_root, u32 timestamp, u32 expireval,
1251 const char *algoelem;
1253 if (hexkeygrip[0] == '&')
1258 case PUBKEY_ALGO_RSA: algoelem = "ne"; break;
1259 case PUBKEY_ALGO_DSA: algoelem = "pqgy"; break;
1260 case PUBKEY_ALGO_ELGAMAL_E: algoelem = "pgy"; break;
1261 case PUBKEY_ALGO_ECDH:
1262 case PUBKEY_ALGO_ECDSA: algoelem = ""; break;
1263 case PUBKEY_ALGO_EDDSA: algoelem = ""; break;
1264 default: return gpg_error (GPG_ERR_INTERNAL);
1268 /* Ask the agent for the public key matching HEXKEYGRIP. */
1270 unsigned char *public;
1272 err = agent_readkey (ctrl, 0, hexkeygrip, &public);
1275 err = gcry_sexp_sscan (&s_key, NULL,
1276 public, gcry_sexp_canon_len (public, 0, NULL, NULL));
1282 /* Build a public key packet. */
1283 pk = xtrycalloc (1, sizeof *pk);
1286 err = gpg_error_from_syserror ();
1287 gcry_sexp_release (s_key);
1291 pk->timestamp = timestamp;
1294 pk->expiredate = pk->timestamp + expireval;
1295 pk->pubkey_algo = algo;
1297 if (algo == PUBKEY_ALGO_ECDSA
1298 || algo == PUBKEY_ALGO_EDDSA
1299 || algo == PUBKEY_ALGO_ECDH )
1300 err = ecckey_from_sexp (pk->pkey, s_key, algo);
1302 err = key_from_sexp (pk->pkey, s_key, "public-key", algoelem);
1305 log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) );
1306 gcry_sexp_release (s_key);
1307 free_public_key (pk);
1310 gcry_sexp_release (s_key);
1312 pkt = xtrycalloc (1, sizeof *pkt);
1315 err = gpg_error_from_syserror ();
1316 free_public_key (pk);
1320 pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
1321 pkt->pkt.public_key = pk;
1322 add_kbnode (pub_root, new_kbnode (pkt));
1328 /* Common code for the key generation function gen_xxx. */
1330 common_gen (const char *keyparms, int algo, const char *algoelem,
1331 kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey,
1332 int keygen_flags, const char *passphrase,
1333 char **cache_nonce_addr, char **passwd_nonce_addr)
1340 err = agent_genkey (NULL, cache_nonce_addr, passwd_nonce_addr, keyparms,
1341 !!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION),
1346 log_error ("agent_genkey failed: %s\n", gpg_strerror (err) );
1350 pk = xtrycalloc (1, sizeof *pk);
1353 err = gpg_error_from_syserror ();
1354 gcry_sexp_release (s_key);
1358 pk->timestamp = timestamp;
1361 pk->expiredate = pk->timestamp + expireval;
1362 pk->pubkey_algo = algo;
1364 if (algo == PUBKEY_ALGO_ECDSA
1365 || algo == PUBKEY_ALGO_EDDSA
1366 || algo == PUBKEY_ALGO_ECDH )
1367 err = ecckey_from_sexp (pk->pkey, s_key, algo);
1369 err = key_from_sexp (pk->pkey, s_key, "public-key", algoelem);
1372 log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) );
1373 gcry_sexp_release (s_key);
1374 free_public_key (pk);
1377 gcry_sexp_release (s_key);
1379 pkt = xtrycalloc (1, sizeof *pkt);
1382 err = gpg_error_from_syserror ();
1383 free_public_key (pk);
1387 pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
1388 pkt->pkt.public_key = pk;
1389 add_kbnode (pub_root, new_kbnode (pkt));
1396 * Generate an Elgamal key.
1399 gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
1400 u32 timestamp, u32 expireval, int is_subkey,
1401 int keygen_flags, const char *passphrase,
1402 char **cache_nonce_addr, char **passwd_nonce_addr)
1408 log_assert (is_ELGAMAL (algo));
1413 log_info (_("keysize invalid; using %u bits\n"), nbits );
1415 else if (nbits > 4096)
1418 log_info (_("keysize invalid; using %u bits\n"), nbits );
1423 nbits = ((nbits + 31) / 32) * 32;
1424 log_info (_("keysize rounded up to %u bits\n"), nbits );
1427 /* Note that we use transient-key only if no-protection has also
1429 snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
1430 keyparms = xtryasprintf ("(genkey(%s(nbits %zu:%s)%s))",
1431 algo == GCRY_PK_ELG_E ? "openpgp-elg" :
1432 algo == GCRY_PK_ELG ? "elg" : "x-oops" ,
1433 strlen (nbitsstr), nbitsstr,
1434 ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
1435 && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
1436 "(transient-key)" : "" );
1438 err = gpg_error_from_syserror ();
1441 err = common_gen (keyparms, algo, "pgy",
1442 pub_root, timestamp, expireval, is_subkey,
1443 keygen_flags, passphrase,
1444 cache_nonce_addr, passwd_nonce_addr);
1453 * Generate an DSA key
1456 gen_dsa (unsigned int nbits, KBNODE pub_root,
1457 u32 timestamp, u32 expireval, int is_subkey,
1458 int keygen_flags, const char *passphrase,
1459 char **cache_nonce_addr, char **passwd_nonce_addr)
1470 log_info(_("keysize invalid; using %u bits\n"), nbits );
1472 else if ( nbits > 3072 )
1475 log_info(_("keysize invalid; using %u bits\n"), nbits );
1480 nbits = ((nbits + 63) / 64) * 64;
1481 log_info(_("keysize rounded up to %u bits\n"), nbits );
1484 /* To comply with FIPS rules we round up to the next value unless in
1486 if (!opt.expert && nbits > 1024 && (nbits % 1024))
1488 nbits = ((nbits + 1023) / 1024) * 1024;
1489 log_info(_("keysize rounded up to %u bits\n"), nbits );
1493 Figure out a q size based on the key size. FIPS 180-3 says:
1500 2048/256 is an odd pair since there is also a 2048/224 and
1501 3072/256. Matching sizes is not a very exact science.
1503 We'll do 256 qbits for nbits over 2047, 224 for nbits over 1024
1504 but less than 2048, and 160 for 1024 (DSA1).
1509 else if ( nbits > 1024)
1515 log_info (_("WARNING: some OpenPGP programs can't"
1516 " handle a DSA key with this digest size\n"));
1518 snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
1519 snprintf (qbitsstr, sizeof qbitsstr, "%u", qbits);
1520 keyparms = xtryasprintf ("(genkey(dsa(nbits %zu:%s)(qbits %zu:%s)%s))",
1521 strlen (nbitsstr), nbitsstr,
1522 strlen (qbitsstr), qbitsstr,
1523 ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
1524 && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
1525 "(transient-key)" : "" );
1527 err = gpg_error_from_syserror ();
1530 err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy",
1531 pub_root, timestamp, expireval, is_subkey,
1532 keygen_flags, passphrase,
1533 cache_nonce_addr, passwd_nonce_addr);
1543 * Generate an ECC key
1546 gen_ecc (int algo, const char *curve, kbnode_t pub_root,
1547 u32 timestamp, u32 expireval, int is_subkey,
1548 int keygen_flags, const char *passphrase,
1549 char **cache_nonce_addr, char **passwd_nonce_addr)
1554 log_assert (algo == PUBKEY_ALGO_ECDSA
1555 || algo == PUBKEY_ALGO_EDDSA
1556 || algo == PUBKEY_ALGO_ECDH);
1558 if (!curve || !*curve)
1559 return gpg_error (GPG_ERR_UNKNOWN_CURVE);
1561 /* Note that we use the "comp" flag with EdDSA to request the use of
1562 a 0x40 compression prefix octet. */
1563 if (algo == PUBKEY_ALGO_EDDSA)
1564 keyparms = xtryasprintf
1565 ("(genkey(ecc(curve %zu:%s)(flags eddsa comp%s)))",
1566 strlen (curve), curve,
1567 (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
1568 && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
1569 " transient-key" : ""));
1570 else if (algo == PUBKEY_ALGO_ECDH && !strcmp (curve, "Curve25519"))
1571 keyparms = xtryasprintf
1572 ("(genkey(ecc(curve %zu:%s)(flags djb-tweak comp%s)))",
1573 strlen (curve), curve,
1574 (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
1575 && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
1576 " transient-key" : ""));
1578 keyparms = xtryasprintf
1579 ("(genkey(ecc(curve %zu:%s)(flags nocomp%s)))",
1580 strlen (curve), curve,
1581 (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
1582 && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
1583 " transient-key" : ""));
1586 err = gpg_error_from_syserror ();
1589 err = common_gen (keyparms, algo, "",
1590 pub_root, timestamp, expireval, is_subkey,
1591 keygen_flags, passphrase,
1592 cache_nonce_addr, passwd_nonce_addr);
1601 * Generate an RSA key.
1604 gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
1605 u32 timestamp, u32 expireval, int is_subkey,
1606 int keygen_flags, const char *passphrase,
1607 char **cache_nonce_addr, char **passwd_nonce_addr)
1612 const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096);
1614 log_assert (is_RSA(algo));
1617 nbits = get_keysize_range (algo, NULL, NULL);
1622 log_info (_("keysize invalid; using %u bits\n"), nbits );
1624 else if (nbits > maxsize)
1627 log_info (_("keysize invalid; using %u bits\n"), nbits );
1632 nbits = ((nbits + 31) / 32) * 32;
1633 log_info (_("keysize rounded up to %u bits\n"), nbits );
1636 snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
1637 keyparms = xtryasprintf ("(genkey(rsa(nbits %zu:%s)%s))",
1638 strlen (nbitsstr), nbitsstr,
1639 ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
1640 && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
1641 "(transient-key)" : "" );
1643 err = gpg_error_from_syserror ();
1646 err = common_gen (keyparms, algo, "ne",
1647 pub_root, timestamp, expireval, is_subkey,
1648 keygen_flags, passphrase,
1649 cache_nonce_addr, passwd_nonce_addr);
1659 * return 0 on error or the multiplier
1662 check_valid_days( const char *s )
1672 return 0; /* e.g. "2323wc" */
1673 if( *s == 'd' || *s == 'D' )
1675 if( *s == 'w' || *s == 'W' )
1677 if( *s == 'm' || *s == 'M' )
1679 if( *s == 'y' || *s == 'Y' )
1686 print_key_flags(int flags)
1688 if(flags&PUBKEY_USAGE_SIG)
1689 tty_printf("%s ",_("Sign"));
1691 if(flags&PUBKEY_USAGE_CERT)
1692 tty_printf("%s ",_("Certify"));
1694 if(flags&PUBKEY_USAGE_ENC)
1695 tty_printf("%s ",_("Encrypt"));
1697 if(flags&PUBKEY_USAGE_AUTH)
1698 tty_printf("%s ",_("Authenticate"));
1702 /* Ask for the key flags and return them. CURRENT gives the current
1703 * usage which should normally be given as 0. */
1705 ask_key_flags (int algo, int subkey, unsigned int current)
1707 /* TRANSLATORS: Please use only plain ASCII characters for the
1708 translation. If this is not possible use single digits. The
1709 string needs to 8 bytes long. Here is a description of the
1712 s = Toggle signing capability
1713 e = Toggle encryption capability
1714 a = Toggle authentication capability
1717 const char *togglers = _("SsEeAaQq");
1718 char *answer = NULL;
1720 unsigned int possible = openpgp_pk_algo_usage(algo);
1722 if ( strlen(togglers) != 8 )
1724 tty_printf ("NOTE: Bad translation at %s:%d. "
1725 "Please report.\n", __FILE__, __LINE__);
1726 togglers = "11223300";
1729 /* Only primary keys may certify. */
1731 possible&=~PUBKEY_USAGE_CERT;
1733 /* Preload the current set with the possible set, minus
1734 authentication if CURRENT has been given as 0. If CURRENT has
1735 been has non-zero we mask with all possible usages. */
1737 current &= possible;
1739 current = (possible&~PUBKEY_USAGE_AUTH);
1744 tty_printf(_("Possible actions for a %s key: "),
1745 (algo == PUBKEY_ALGO_ECDSA
1746 || algo == PUBKEY_ALGO_EDDSA)
1747 ? "ECDSA/EdDSA" : openpgp_pk_algo_name (algo));
1748 print_key_flags(possible);
1750 tty_printf(_("Current allowed actions: "));
1751 print_key_flags(current);
1754 if(possible&PUBKEY_USAGE_SIG)
1755 tty_printf(_(" (%c) Toggle the sign capability\n"),
1757 if(possible&PUBKEY_USAGE_ENC)
1758 tty_printf(_(" (%c) Toggle the encrypt capability\n"),
1760 if(possible&PUBKEY_USAGE_AUTH)
1761 tty_printf(_(" (%c) Toggle the authenticate capability\n"),
1764 tty_printf(_(" (%c) Finished\n"),togglers[6]);
1768 answer = cpr_get("keygen.flags",_("Your selection? "));
1773 /* Hack to allow direct entry of the capabilities. */
1775 for (s=answer+1; *s; s++)
1777 if ((*s == 's' || *s == 'S') && (possible&PUBKEY_USAGE_SIG))
1778 current |= PUBKEY_USAGE_SIG;
1779 else if ((*s == 'e' || *s == 'E') && (possible&PUBKEY_USAGE_ENC))
1780 current |= PUBKEY_USAGE_ENC;
1781 else if ((*s == 'a' || *s == 'A') && (possible&PUBKEY_USAGE_AUTH))
1782 current |= PUBKEY_USAGE_AUTH;
1783 else if (!subkey && *s == 'c')
1785 /* Accept 'c' for the primary key because USAGE_CERT
1786 will will be set anyway. This is for folks who
1787 want to experiment with a cert-only primary key. */
1788 current |= PUBKEY_USAGE_CERT;
1793 else if (strlen(answer)>1)
1794 tty_printf(_("Invalid selection.\n"));
1795 else if(*answer=='\0' || *answer==togglers[6] || *answer==togglers[7])
1797 else if((*answer==togglers[0] || *answer==togglers[1])
1798 && possible&PUBKEY_USAGE_SIG)
1800 if(current&PUBKEY_USAGE_SIG)
1801 current&=~PUBKEY_USAGE_SIG;
1803 current|=PUBKEY_USAGE_SIG;
1805 else if((*answer==togglers[2] || *answer==togglers[3])
1806 && possible&PUBKEY_USAGE_ENC)
1808 if(current&PUBKEY_USAGE_ENC)
1809 current&=~PUBKEY_USAGE_ENC;
1811 current|=PUBKEY_USAGE_ENC;
1813 else if((*answer==togglers[4] || *answer==togglers[5])
1814 && possible&PUBKEY_USAGE_AUTH)
1816 if(current&PUBKEY_USAGE_AUTH)
1817 current&=~PUBKEY_USAGE_AUTH;
1819 current|=PUBKEY_USAGE_AUTH;
1822 tty_printf(_("Invalid selection.\n"));
1831 /* Check whether we have a key for the key with HEXGRIP. Returns 0 if
1832 there is no such key or the OpenPGP algo number for the key. */
1834 check_keygrip (ctrl_t ctrl, const char *hexgrip)
1837 unsigned char *public;
1839 const char *algostr;
1841 if (hexgrip[0] == '&')
1844 err = agent_readkey (ctrl, 0, hexgrip, &public);
1847 publiclen = gcry_sexp_canon_len (public, 0, NULL, NULL);
1849 get_pk_algo_from_canon_sexp (public, publiclen, &algostr);
1852 /* FIXME: Mapping of ECC algorithms is probably not correct. */
1855 else if (!strcmp (algostr, "rsa"))
1856 return PUBKEY_ALGO_RSA;
1857 else if (!strcmp (algostr, "dsa"))
1858 return PUBKEY_ALGO_DSA;
1859 else if (!strcmp (algostr, "elg"))
1860 return PUBKEY_ALGO_ELGAMAL_E;
1861 else if (!strcmp (algostr, "ecc"))
1862 return PUBKEY_ALGO_ECDH;
1863 else if (!strcmp (algostr, "ecdsa"))
1864 return PUBKEY_ALGO_ECDSA;
1865 else if (!strcmp (algostr, "eddsa"))
1866 return PUBKEY_ALGO_EDDSA;
1873 /* Ask for an algorithm. The function returns the algorithm id to
1874 * create. If ADDMODE is false the function won't show an option to
1875 * create the primary and subkey combined and won't set R_USAGE
1876 * either. If a combined algorithm has been selected, the subkey
1877 * algorithm is stored at R_SUBKEY_ALGO. If R_KEYGRIP is given, the
1878 * user has the choice to enter the keygrip of an existing key. That
1879 * keygrip is then stored at this address. The caller needs to free
1882 ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
1885 char *keygrip = NULL;
1886 char *answer = NULL;
1891 r_subkey_algo = &dummy_algo;
1893 tty_printf (_("Please select what kind of key you want:\n"));
1897 tty_printf (_(" (%d) RSA and RSA (default)\n"), 1 );
1900 if (!addmode && opt.compliance != CO_DE_VS)
1901 tty_printf (_(" (%d) DSA and Elgamal\n"), 2 );
1903 if (opt.compliance != CO_DE_VS)
1904 tty_printf (_(" (%d) DSA (sign only)\n"), 3 );
1906 tty_printf (_(" (%d) RSA (sign only)\n"), 4 );
1911 if (opt.compliance != CO_DE_VS)
1912 tty_printf (_(" (%d) Elgamal (encrypt only)\n"), 5 );
1914 tty_printf (_(" (%d) RSA (encrypt only)\n"), 6 );
1919 if (opt.compliance != CO_DE_VS)
1920 tty_printf (_(" (%d) DSA (set your own capabilities)\n"), 7 );
1922 tty_printf (_(" (%d) RSA (set your own capabilities)\n"), 8 );
1926 #if GPG_USE_ECDSA || GPG_USE_ECDH || GPG_USE_EDDSA
1927 if (opt.expert && !addmode)
1928 tty_printf (_(" (%d) ECC and ECC\n"), 9 );
1930 tty_printf (_(" (%d) ECC (sign only)\n"), 10 );
1932 tty_printf (_(" (%d) ECC (set your own capabilities)\n"), 11 );
1933 if (opt.expert && addmode)
1934 tty_printf (_(" (%d) ECC (encrypt only)\n"), 12 );
1937 if (opt.expert && r_keygrip)
1938 tty_printf (_(" (%d) Existing key\n"), 13 );
1945 answer = cpr_get ("keygen.algo", _("Your selection? "));
1947 algo = *answer? atoi (answer) : 1;
1949 if (opt.compliance == CO_DE_VS
1950 && (algo == 2 || algo == 3 || algo == 5 || algo == 7))
1952 tty_printf (_("Invalid selection.\n"));
1954 else if ((algo == 1 || !strcmp (answer, "rsa+rsa")) && !addmode)
1956 algo = PUBKEY_ALGO_RSA;
1957 *r_subkey_algo = PUBKEY_ALGO_RSA;
1960 else if ((algo == 2 || !strcmp (answer, "dsa+elg")) && !addmode)
1962 algo = PUBKEY_ALGO_DSA;
1963 *r_subkey_algo = PUBKEY_ALGO_ELGAMAL_E;
1966 else if (algo == 3 || !strcmp (answer, "dsa"))
1968 algo = PUBKEY_ALGO_DSA;
1969 *r_usage = PUBKEY_USAGE_SIG;
1972 else if (algo == 4 || !strcmp (answer, "rsa/s"))
1974 algo = PUBKEY_ALGO_RSA;
1975 *r_usage = PUBKEY_USAGE_SIG;
1978 else if ((algo == 5 || !strcmp (answer, "elg")) && addmode)
1980 algo = PUBKEY_ALGO_ELGAMAL_E;
1981 *r_usage = PUBKEY_USAGE_ENC;
1984 else if ((algo == 6 || !strcmp (answer, "rsa/e")) && addmode)
1986 algo = PUBKEY_ALGO_RSA;
1987 *r_usage = PUBKEY_USAGE_ENC;
1990 else if ((algo == 7 || !strcmp (answer, "dsa/*")) && opt.expert)
1992 algo = PUBKEY_ALGO_DSA;
1993 *r_usage = ask_key_flags (algo, addmode, 0);
1996 else if ((algo == 8 || !strcmp (answer, "rsa/*")) && opt.expert)
1998 algo = PUBKEY_ALGO_RSA;
1999 *r_usage = ask_key_flags (algo, addmode, 0);
2002 else if ((algo == 9 || !strcmp (answer, "ecc+ecc"))
2003 && opt.expert && !addmode)
2005 algo = PUBKEY_ALGO_ECDSA;
2006 *r_subkey_algo = PUBKEY_ALGO_ECDH;
2009 else if ((algo == 10 || !strcmp (answer, "ecc/s")) && opt.expert)
2011 algo = PUBKEY_ALGO_ECDSA;
2012 *r_usage = PUBKEY_USAGE_SIG;
2015 else if ((algo == 11 || !strcmp (answer, "ecc/*")) && opt.expert)
2017 algo = PUBKEY_ALGO_ECDSA;
2018 *r_usage = ask_key_flags (algo, addmode, 0);
2021 else if ((algo == 12 || !strcmp (answer, "ecc/e"))
2022 && opt.expert && addmode)
2024 algo = PUBKEY_ALGO_ECDH;
2025 *r_usage = PUBKEY_USAGE_ENC;
2028 else if ((algo == 13 || !strcmp (answer, "keygrip"))
2029 && opt.expert && r_keygrip)
2034 answer = tty_get (_("Enter the keygrip: "));
2036 trim_spaces (answer);
2044 if (strlen (answer) != 40 &&
2045 !(answer[0] == '&' && strlen (answer+1) == 40))
2047 (_("Not a valid keygrip (expecting 40 hex digits)\n"));
2048 else if (!(algo = check_keygrip (ctrl, answer)) )
2049 tty_printf (_("No key with this keygrip\n"));
2056 *r_usage = ask_key_flags (algo, addmode, 0);
2060 tty_printf (_("Invalid selection.\n"));
2066 *r_keygrip = keygrip;
2072 get_keysize_range (int algo, unsigned int *min, unsigned int *max)
2075 unsigned int dummy1, dummy2;
2084 case PUBKEY_ALGO_DSA:
2085 *min = opt.expert? 768 : 1024;
2090 case PUBKEY_ALGO_ECDSA:
2091 case PUBKEY_ALGO_ECDH:
2097 case PUBKEY_ALGO_EDDSA:
2104 *min = opt.compliance == CO_DE_VS ? 2048: 1024;
2114 /* Return a fixed up keysize depending on ALGO. */
2116 fixup_keysize (unsigned int nbits, int algo, int silent)
2118 if (algo == PUBKEY_ALGO_DSA && (nbits % 64))
2120 nbits = ((nbits + 63) / 64) * 64;
2122 tty_printf (_("rounded up to %u bits\n"), nbits);
2124 else if (algo == PUBKEY_ALGO_EDDSA)
2126 if (nbits != 255 && nbits != 441)
2133 tty_printf (_("rounded to %u bits\n"), nbits);
2136 else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
2138 if (nbits != 256 && nbits != 384 && nbits != 521)
2142 else if (nbits < 384)
2147 tty_printf (_("rounded to %u bits\n"), nbits);
2150 else if ((nbits % 32))
2152 nbits = ((nbits + 31) / 32) * 32;
2154 tty_printf (_("rounded up to %u bits\n"), nbits );
2161 /* Ask for the key size. ALGO is the algorithm. If PRIMARY_KEYSIZE
2162 is not 0, the function asks for the size of the encryption
2165 ask_keysize (int algo, unsigned int primary_keysize)
2168 unsigned int min, def, max;
2169 int for_subkey = !!primary_keysize;
2172 def = get_keysize_range (algo, &min, &max);
2174 if (primary_keysize && !opt.expert)
2176 /* Deduce the subkey size from the primary key size. */
2177 if (algo == PUBKEY_ALGO_DSA && primary_keysize > 3072)
2178 nbits = 3072; /* For performance reasons we don't support more
2179 than 3072 bit DSA. However we won't see this
2180 case anyway because DSA can't be used as an
2181 encryption subkey ;-). */
2183 nbits = primary_keysize;
2188 tty_printf(_("%s keys may be between %u and %u bits long.\n"),
2189 openpgp_pk_algo_name (algo), min, max);
2193 char *prompt, *answer;
2196 prompt = xasprintf (_("What keysize do you want "
2197 "for the subkey? (%u) "), def);
2199 prompt = xasprintf (_("What keysize do you want? (%u) "), def);
2200 answer = cpr_get ("keygen.size", prompt);
2202 nbits = *answer? atoi (answer): def;
2206 if(nbits<min || nbits>max)
2207 tty_printf(_("%s keysizes must be in the range %u-%u\n"),
2208 openpgp_pk_algo_name (algo), min, max);
2213 tty_printf (_("Requested keysize is %u bits\n"), nbits);
2216 nbits = fixup_keysize (nbits, algo, autocomp);
2221 /* Ask for the curve. ALGO is the selected algorithm which this
2222 function may adjust. Returns a malloced string with the name of
2223 the curve. BOTH tells that gpg creates a primary and subkey. */
2225 ask_curve (int *algo, int *subkey_algo)
2227 /* NB: We always use a complete algo list so that we have stable
2228 numbers in the menu regardless on how Gpg was configured. */
2231 const char* eddsa_curve; /* Corresponding EdDSA curve. */
2232 const char *pretty_name;
2233 unsigned int supported : 1; /* Supported by gpg. */
2234 unsigned int de_vs : 1; /* Allowed in CO_DE_VS. */
2235 unsigned int expert_only : 1; /* Only with --expert */
2236 unsigned int available : 1; /* Available in Libycrypt (runtime checked) */
2238 #if GPG_USE_ECDSA || GPG_USE_ECDH
2239 # define MY_USE_ECDSADH 1
2241 # define MY_USE_ECDSADH 0
2243 { "Curve25519", "Ed25519", "Curve 25519", !!GPG_USE_EDDSA, 0, 0, 0 },
2244 { "Curve448", "Ed448", "Curve 448", 0/*reserved*/ , 0, 1, 0 },
2245 { "NIST P-256", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 },
2246 { "NIST P-384", NULL, NULL, MY_USE_ECDSADH, 0, 0, 0 },
2247 { "NIST P-521", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 },
2248 { "brainpoolP256r1", NULL, "Brainpool P-256", MY_USE_ECDSADH, 1, 1, 0 },
2249 { "brainpoolP384r1", NULL, "Brainpool P-384", MY_USE_ECDSADH, 1, 1, 0 },
2250 { "brainpoolP512r1", NULL, "Brainpool P-512", MY_USE_ECDSADH, 1, 1, 0 },
2251 { "secp256k1", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 },
2253 #undef MY_USE_ECDSADH
2256 char *result = NULL;
2257 gcry_sexp_t keyparms;
2259 tty_printf (_("Please select which elliptic curve you want:\n"));
2262 for (idx=0; idx < DIM(curves); idx++)
2266 curves[idx].available = 0;
2267 if (!curves[idx].supported)
2270 if (opt.compliance==CO_DE_VS)
2272 if (!curves[idx].de_vs)
2273 continue; /* Not allowed. */
2275 else if (!opt.expert && curves[idx].expert_only)
2278 /* We need to switch from the ECDH name of the curve to the
2279 EDDSA name of the curve if we want a signing key. */
2280 gcry_sexp_release (keyparms);
2281 rc = gcry_sexp_build (&keyparms, NULL,
2282 "(public-key(ecc(curve %s)))",
2283 curves[idx].eddsa_curve? curves[idx].eddsa_curve
2284 /**/ : curves[idx].name);
2287 if (!gcry_pk_get_curve (keyparms, 0, NULL))
2289 if (subkey_algo && curves[idx].eddsa_curve)
2291 /* Both Curve 25519 (or 448) keys are to be created. Check that
2292 Libgcrypt also supports the real Curve25519 (or 448). */
2293 gcry_sexp_release (keyparms);
2294 rc = gcry_sexp_build (&keyparms, NULL,
2295 "(public-key(ecc(curve %s)))",
2299 if (!gcry_pk_get_curve (keyparms, 0, NULL))
2303 curves[idx].available = 1;
2304 tty_printf (" (%d) %s\n", idx + 1,
2305 curves[idx].pretty_name?
2306 curves[idx].pretty_name:curves[idx].name);
2308 gcry_sexp_release (keyparms);
2313 answer = cpr_get ("keygen.curve", _("Your selection? "));
2315 idx = *answer? atoi (answer) : 1;
2316 if (*answer && !idx)
2318 /* See whether the user entered the name of the curve. */
2319 for (idx=0; idx < DIM(curves); idx++)
2321 if (!opt.expert && curves[idx].expert_only)
2323 if (!stricmp (curves[idx].name, answer)
2324 || (curves[idx].pretty_name
2325 && !stricmp (curves[idx].pretty_name, answer)))
2328 if (idx == DIM(curves))
2335 if (idx < 0 || idx >= DIM (curves) || !curves[idx].available)
2336 tty_printf (_("Invalid selection.\n"));
2339 /* If the user selected a signing algorithm and Curve25519
2340 we need to set the algo to EdDSA and update the curve name. */
2341 if ((*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA)
2342 && curves[idx].eddsa_curve)
2344 if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA)
2345 *subkey_algo = PUBKEY_ALGO_EDDSA;
2346 *algo = PUBKEY_ALGO_EDDSA;
2347 result = xstrdup (curves[idx].eddsa_curve);
2350 result = xstrdup (curves[idx].name);
2356 result = xstrdup (curves[0].name);
2363 * Parse an expire string and return its value in seconds.
2364 * Returns (u32)-1 on error.
2365 * This isn't perfect since scan_isodatestr returns unix time, and
2366 * OpenPGP actually allows a 32-bit time *plus* a 32-bit offset.
2367 * Because of this, we only permit setting expirations up to 2106, but
2368 * OpenPGP could theoretically allow up to 2242. I think we'll all
2369 * just cope for the next few years until we get a 64-bit time_t or
2373 parse_expire_string( const char *string )
2378 u32 curtime = make_timestamp ();
2381 if (!string || !*string || !strcmp (string, "none")
2382 || !strcmp (string, "never") || !strcmp (string, "-"))
2384 else if (!strncmp (string, "seconds=", 8))
2385 seconds = atoi (string+8);
2386 else if ((abs_date = scan_isodatestr(string))
2387 && (abs_date+86400/2) > curtime)
2388 seconds = (abs_date+86400/2) - curtime;
2389 else if ((tt = isotime2epoch (string)) != (time_t)(-1))
2390 seconds = (u32)tt - curtime;
2391 else if ((mult = check_valid_days (string)))
2392 seconds = atoi (string) * 86400L * mult;
2394 seconds = (u32)(-1);
2399 /* Parse a Creation-Date string which is either "1986-04-26" or
2400 "19860426T042640". Returns 0 on error. */
2402 parse_creation_string (const char *string)
2408 else if ( !strncmp (string, "seconds=", 8) )
2409 seconds = atoi (string+8);
2410 else if ( !(seconds = scan_isodatestr (string)))
2412 time_t tmp = isotime2epoch (string);
2413 seconds = (tmp == (time_t)(-1))? 0 : tmp;
2419 /* object == 0 for a key, and 1 for a sig */
2421 ask_expire_interval(int object,const char *def_expire)
2431 tty_printf(_("Please specify how long the key should be valid.\n"
2432 " 0 = key does not expire\n"
2433 " <n> = key expires in n days\n"
2434 " <n>w = key expires in n weeks\n"
2435 " <n>m = key expires in n months\n"
2436 " <n>y = key expires in n years\n"));
2442 tty_printf(_("Please specify how long the signature should be valid.\n"
2443 " 0 = signature does not expire\n"
2444 " <n> = signature expires in n days\n"
2445 " <n>w = signature expires in n weeks\n"
2446 " <n>m = signature expires in n months\n"
2447 " <n>y = signature expires in n years\n"));
2454 /* Note: The elgamal subkey for DSA has no expiration date because
2455 * it must be signed with the DSA key and this one has the expiration
2465 answer = cpr_get("keygen.valid",_("Key is valid for? (0) "));
2470 prompt = xasprintf (_("Signature is valid for? (%s) "), def_expire);
2471 answer = cpr_get("siggen.valid",prompt);
2475 answer=xstrdup(def_expire);
2478 trim_spaces(answer);
2479 curtime = make_timestamp ();
2480 interval = parse_expire_string( answer );
2481 if( interval == (u32)-1 )
2483 tty_printf(_("invalid value\n"));
2489 tty_printf((object==0)
2490 ? _("Key does not expire at all\n")
2491 : _("Signature does not expire at all\n"));
2495 tty_printf(object==0
2496 ? _("Key expires at %s\n")
2497 : _("Signature expires at %s\n"),
2498 asctimestamp((ulong)(curtime + interval) ) );
2499 #if SIZEOF_TIME_T <= 4 && !defined (HAVE_UNSIGNED_TIME_T)
2500 if ( (time_t)((ulong)(curtime+interval)) < 0 )
2501 tty_printf (_("Your system can't display dates beyond 2038.\n"
2502 "However, it will be correctly handled up to"
2505 #endif /*SIZEOF_TIME_T*/
2506 if ( (time_t)((unsigned long)(curtime+interval)) < curtime )
2508 tty_printf (_("invalid value\n"));
2513 if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay",
2514 _("Is this correct? (y/N) ")) )
2525 u32 x = ask_expire_interval(0,NULL);
2526 return x? make_timestamp() + x : 0;
2531 static PKT_user_id *
2532 uid_from_string (const char *string)
2537 n = strlen (string);
2538 uid = xmalloc_clear (sizeof *uid + n);
2540 strcpy (uid->name, string);
2546 /* Return true if the user id UID already exists in the keyblock. */
2548 uid_already_in_keyblock (kbnode_t keyblock, const char *uid)
2550 PKT_user_id *uidpkt = uid_from_string (uid);
2554 for (node=keyblock; node && !result; node=node->next)
2555 if (!is_deleted_kbnode (node)
2556 && node->pkt->pkttype == PKT_USER_ID
2557 && !cmp_user_ids (uidpkt, node->pkt->pkt.user_id))
2559 free_user_id (uidpkt);
2564 /* Ask for a user ID. With a MODE of 1 an extra help prompt is
2565 printed for use during a new key creation. If KEYBLOCK is not NULL
2566 the function prevents the creation of an already existing user
2567 ID. IF FULL is not set some prompts are not shown. */
2569 ask_user_id (int mode, int full, KBNODE keyblock)
2572 char *aname, *acomment, *amail, *uid;
2576 /* TRANSLATORS: This is the new string telling the user what
2577 gpg is now going to do (i.e. ask for the parts of the user
2578 ID). Note that if you do not translate this string, a
2579 different string will be used, which might still have
2580 a correct translation. */
2583 "GnuPG needs to construct a user ID to identify your key.\n"
2585 const char *s2 = _(s1);
2587 if (!strcmp (s1, s2))
2589 /* There is no translation for the string thus we to use
2590 the old info text. gettext has no way to tell whether
2591 a translation is actually available, thus we need to
2592 to compare again. */
2593 /* TRANSLATORS: This string is in general not anymore used
2594 but you should keep your existing translation. In case
2595 the new string is not translated this old string will
2597 const char *s3 = N_("\n"
2598 "You need a user ID to identify your key; "
2599 "the software constructs the user ID\n"
2600 "from the Real Name, Comment and Email Address in this form:\n"
2601 " \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n\n");
2602 const char *s4 = _(s3);
2603 if (strcmp (s3, s4))
2604 s2 = s3; /* A translation exists - use it. */
2606 tty_printf ("%s", s2) ;
2608 uid = aname = acomment = amail = NULL;
2616 aname = cpr_get("keygen.name",_("Real name: "));
2620 if( opt.allow_freeform_uid )
2623 if( strpbrk( aname, "<>" ) )
2625 tty_printf(_("Invalid character in name\n"));
2626 tty_printf(_("The characters '%s' and '%s' may not "
2627 "appear in name\n"), "<", ">");
2629 else if( digitp(aname) )
2630 tty_printf(_("Name may not start with a digit\n"));
2631 else if (*aname && strlen (aname) < 5)
2633 tty_printf(_("Name must be at least 5 characters long\n"));
2634 /* However, we allow an empty name. */
2643 amail = cpr_get("keygen.email",_("Email address: "));
2646 if( !*amail || opt.allow_freeform_uid )
2647 break; /* no email address is okay */
2648 else if ( !is_valid_mailbox (amail) )
2649 tty_printf(_("Not a valid email address\n"));
2658 acomment = cpr_get("keygen.comment",_("Comment: "));
2659 trim_spaces(acomment);
2662 break; /* no comment is okay */
2663 else if( strpbrk( acomment, "()" ) )
2664 tty_printf(_("Invalid character in comment\n"));
2671 acomment = xstrdup ("");
2677 uid = p = xmalloc(strlen(aname)+strlen(amail)+strlen(acomment)+12+10);
2678 if (!*aname && *amail && !*acomment && !random_is_faked ())
2679 { /* Empty name and comment but with mail address. Use
2680 simplified form with only the non-angle-bracketed mail
2682 p = stpcpy (p, amail);
2686 p = stpcpy (p, aname );
2688 p = stpcpy(stpcpy(stpcpy(p," ("), acomment),")");
2690 p = stpcpy(stpcpy(stpcpy(p," <"), amail),">");
2693 /* Append a warning if the RNG is switched into fake mode. */
2694 if ( random_is_faked () )
2695 strcpy(p, " (insecure!)" );
2697 /* print a note in case that UTF8 mapping has to be done */
2698 for(p=uid; *p; p++ ) {
2700 tty_printf(_("You are using the '%s' character set.\n"),
2701 get_native_charset() );
2706 tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid);
2708 if( !*amail && !opt.allow_freeform_uid
2709 && (strchr( aname, '@' ) || strchr( acomment, '@'))) {
2711 tty_printf(_("Please don't put the email address "
2712 "into the real name or the comment\n") );
2715 if (!fail && keyblock)
2717 if (uid_already_in_keyblock (keyblock, uid))
2719 tty_printf (_("Such a user ID already exists on this key!\n"));
2725 /* TRANSLATORS: These are the allowed answers in
2726 lower and uppercase. Below you will find the matching
2727 string which should be translated accordingly and the
2728 letter changed to match the one in the answer string.
2733 o = Okay (ready, continue)
2736 const char *ansstr = _("NnCcEeOoQq");
2738 if( strlen(ansstr) != 10 )
2740 if( cpr_enabled() ) {
2741 answer = xstrdup (ansstr + (fail?8:6));
2745 answer = cpr_get("keygen.userid.cmd", fail?
2746 _("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") :
2747 _("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "));
2751 answer = cpr_get("keygen.userid.cmd", fail?
2752 _("Change (N)ame, (E)mail, or (Q)uit? ") :
2753 _("Change (N)ame, (E)mail, or (O)kay/(Q)uit? "));
2756 if( strlen(answer) > 1 )
2758 else if( *answer == ansstr[0] || *answer == ansstr[1] ) {
2759 xfree(aname); aname = NULL;
2762 else if( *answer == ansstr[2] || *answer == ansstr[3] ) {
2763 xfree(acomment); acomment = NULL;
2766 else if( *answer == ansstr[4] || *answer == ansstr[5] ) {
2767 xfree(amail); amail = NULL;
2770 else if( *answer == ansstr[6] || *answer == ansstr[7] ) {
2772 tty_printf(_("Please correct the error first\n"));
2775 xfree(aname); aname = NULL;
2776 xfree(acomment); acomment = NULL;
2777 xfree(amail); amail = NULL;
2781 else if( *answer == ansstr[8] || *answer == ansstr[9] ) {
2782 xfree(aname); aname = NULL;
2783 xfree(acomment); acomment = NULL;
2784 xfree(amail); amail = NULL;
2785 xfree(uid); uid = NULL;
2791 if (!amail && !acomment)
2793 xfree(uid); uid = NULL;
2796 char *p = native_to_utf8( uid );
2804 /* Basic key generation. Here we divert to the actual generation
2805 routines based on the requested algorithm. */
2807 do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root,
2808 u32 timestamp, u32 expiredate, int is_subkey,
2809 int keygen_flags, const char *passphrase,
2810 char **cache_nonce_addr, char **passwd_nonce_addr)
2814 /* Fixme: The entropy collecting message should be moved to a
2815 libgcrypt progress handler. */
2818 "We need to generate a lot of random bytes. It is a good idea to perform\n"
2819 "some other action (type on the keyboard, move the mouse, utilize the\n"
2820 "disks) during the prime generation; this gives the random number\n"
2821 "generator a better chance to gain enough entropy.\n") );
2823 if (algo == PUBKEY_ALGO_ELGAMAL_E)
2824 err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
2825 keygen_flags, passphrase,
2826 cache_nonce_addr, passwd_nonce_addr);
2827 else if (algo == PUBKEY_ALGO_DSA)
2828 err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey,
2829 keygen_flags, passphrase,
2830 cache_nonce_addr, passwd_nonce_addr);
2831 else if (algo == PUBKEY_ALGO_ECDSA
2832 || algo == PUBKEY_ALGO_EDDSA
2833 || algo == PUBKEY_ALGO_ECDH)
2834 err = gen_ecc (algo, curve, pub_root, timestamp, expiredate, is_subkey,
2835 keygen_flags, passphrase,
2836 cache_nonce_addr, passwd_nonce_addr);
2837 else if (algo == PUBKEY_ALGO_RSA)
2838 err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
2839 keygen_flags, passphrase,
2840 cache_nonce_addr, passwd_nonce_addr);
2848 /* Generate a new user id packet or return NULL if canceled. If
2849 KEYBLOCK is not NULL the function prevents the creation of an
2850 already existing user ID. If UIDSTR is not NULL the user is not
2851 asked but UIDSTR is used to create the user id packet; if the user
2852 id already exists NULL is returned. UIDSTR is expected to be utf-8
2853 encoded and should have already been checked for a valid length
2856 generate_user_id (KBNODE keyblock, const char *uidstr)
2863 if (uid_already_in_keyblock (keyblock, uidstr))
2864 return NULL; /* Already exists. */
2865 uid = uid_from_string (uidstr);
2869 p = ask_user_id (1, 1, keyblock);
2871 return NULL; /* Canceled. */
2872 uid = uid_from_string (p);
2879 /* Helper for parse_key_parameter_string for one part of the
2880 * specification string; i.e. ALGO/FLAGS. If STRING is NULL or empty
2881 * success is returned. On error an error code is returned. Note
2882 * that STRING may be modified by this function. NULL may be passed
2883 * for any parameter. FOR_SUBKEY shall be true if this is used as a
2886 parse_key_parameter_part (char *string, int for_subkey,
2887 int *r_algo, unsigned int *r_size,
2888 unsigned int *r_keyuse,
2889 char const **r_curve)
2894 const char *curve = NULL;
2895 int ecdh_or_ecdsa = 0;
2901 if (!string || !*string)
2902 return 0; /* Success. */
2904 flags = strchr (string, '/');
2909 if (strlen (string) >= 3 && (digitp (string+3) || !string[3]))
2911 if (!ascii_memcasecmp (string, "rsa", 3))
2912 algo = PUBKEY_ALGO_RSA;
2913 else if (!ascii_memcasecmp (string, "dsa", 3))
2914 algo = PUBKEY_ALGO_DSA;
2915 else if (!ascii_memcasecmp (string, "elg", 3))
2916 algo = PUBKEY_ALGO_ELGAMAL_E;
2921 size = get_keysize_range (algo, NULL, NULL);
2924 size = strtoul (string+3, &endp, 10);
2925 if (size < 512 || size > 16384 || *endp)
2926 return gpg_error (GPG_ERR_INV_VALUE);
2929 else if ((curve = openpgp_is_curve_supported (string, &algo, &size)))
2933 algo = PUBKEY_ALGO_ECDH; /* Default ECC algorithm. */
2934 ecdh_or_ecdsa = 1; /* We may need to switch the algo. */
2938 return gpg_error (GPG_ERR_UNKNOWN_CURVE);
2940 /* Parse the flags. */
2944 char **tokens = NULL;
2946 tokens = strtokenize (flags, ",");
2948 return gpg_error_from_syserror ();
2950 for (i=0; (s = tokens[i]); i++)
2954 else if (!ascii_strcasecmp (s, "sign"))
2955 keyuse |= PUBKEY_USAGE_SIG;
2956 else if (!ascii_strcasecmp (s, "encrypt")
2957 || !ascii_strcasecmp (s, "encr"))
2958 keyuse |= PUBKEY_USAGE_ENC;
2959 else if (!ascii_strcasecmp (s, "auth"))
2960 keyuse |= PUBKEY_USAGE_AUTH;
2961 else if (!ascii_strcasecmp (s, "cert"))
2962 keyuse |= PUBKEY_USAGE_CERT;
2963 else if (!ascii_strcasecmp (s, "ecdsa"))
2965 if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
2966 algo = PUBKEY_ALGO_ECDSA;
2970 return gpg_error (GPG_ERR_INV_FLAG);
2974 else if (!ascii_strcasecmp (s, "ecdh"))
2976 if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
2977 algo = PUBKEY_ALGO_ECDH;
2981 return gpg_error (GPG_ERR_INV_FLAG);
2985 else if (!ascii_strcasecmp (s, "eddsa"))
2987 /* Not required but we allow it for consistency. */
2988 if (algo == PUBKEY_ALGO_EDDSA)
2993 return gpg_error (GPG_ERR_INV_FLAG);
2999 return gpg_error (GPG_ERR_UNKNOWN_FLAG);
3006 /* If not yet decided switch between ecdh and ecdsa. */
3007 if (ecdh_or_ecdsa && keyuse)
3008 algo = (keyuse & PUBKEY_USAGE_ENC)? PUBKEY_ALGO_ECDH : PUBKEY_ALGO_ECDSA;
3009 else if (ecdh_or_ecdsa)
3010 algo = for_subkey? PUBKEY_ALGO_ECDH : PUBKEY_ALGO_ECDSA;
3012 /* Set or fix key usage. */
3015 if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA
3016 || algo == PUBKEY_ALGO_DSA)
3017 keyuse = PUBKEY_USAGE_SIG;
3018 else if (algo == PUBKEY_ALGO_RSA)
3019 keyuse = for_subkey? PUBKEY_USAGE_ENC : PUBKEY_USAGE_SIG;
3021 keyuse = PUBKEY_USAGE_ENC;
3023 else if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA
3024 || algo == PUBKEY_ALGO_DSA)
3026 keyuse &= ~PUBKEY_USAGE_ENC; /* Forbid encryption. */
3028 else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ELGAMAL_E)
3030 keyuse = PUBKEY_USAGE_ENC; /* Allow only encryption. */
3033 /* Make sure a primary key can certify. */
3035 keyuse |= PUBKEY_USAGE_CERT;
3037 /* Check that usage is actually possible. */
3038 if (/**/((keyuse & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT))
3039 && !pubkey_get_nsig (algo))
3040 || ((keyuse & PUBKEY_USAGE_ENC)
3041 && !pubkey_get_nenc (algo))
3042 || (for_subkey && (keyuse & PUBKEY_USAGE_CERT)))
3043 return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
3045 /* Return values. */
3050 unsigned int min, def, max;
3052 /* Make sure the keysize is in the allowed range. */
3053 def = get_keysize_range (algo, &min, &max);
3056 else if (size < min)
3058 else if (size > max)
3061 *r_size = fixup_keysize (size, algo, 1);
3071 /* Parse and return the standard key generation parameter.
3072 * The string is expected to be in this format:
3074 * ALGO[/FLAGS][+SUBALGO[/FLAGS]]
3076 * Here ALGO is a string in the same format as printed by the
3077 * keylisting. For example:
3079 * rsa3072 := RSA with 3072 bit.
3080 * dsa2048 := DSA with 2048 bit.
3081 * elg2048 := Elgamal with 2048 bit.
3082 * ed25519 := EDDSA using curve Ed25519.
3083 * cv25519 := ECDH using curve Curve25519.
3084 * nistp256:= ECDSA or ECDH using curve NIST P-256
3086 * All strings with an unknown prefix are considered an elliptic
3087 * curve. Curves which have no implicit algorithm require that FLAGS
3088 * is given to select whether ECDSA or ECDH is used; this can eoither
3089 * be done using an algorithm keyword or usage keywords.
3091 * FLAGS is a comma delimited string of keywords:
3093 * cert := Allow usage Certify
3094 * sign := Allow usage Sign
3095 * encr := Allow usage Encrypt
3096 * auth := Allow usage Authentication
3097 * encrypt := Alias for "encr"
3098 * ecdsa := Use algorithm ECDSA.
3099 * eddsa := Use algorithm EdDSA.
3100 * ecdh := Use algorithm ECDH.
3102 * There are several defaults and fallbacks depending on the
3103 * algorithm. PART can be used to select which part of STRING is
3106 * 0 := Only the part of the primary key
3107 * 1 := If there is one part parse that one, if there are
3108 * two parts parse the second part. Always return
3109 * in the args for the primary key (R_ALGO,....).
3113 parse_key_parameter_string (const char *string, int part,
3114 int *r_algo, unsigned int *r_size,
3116 char const **r_curve,
3117 int *r_subalgo, unsigned int *r_subsize,
3118 unsigned *r_subkeyuse,
3119 char const **r_subcurve)
3121 gpg_error_t err = 0;
3122 char *primary, *secondary;
3141 if (!string || !*string
3142 || !strcmp (string, "default") || !strcmp (string, "-"))
3143 string = get_default_pubkey_algo ();
3144 else if (!strcmp (string, "future-default"))
3145 string = FUTURE_STD_KEY_PARAM;
3147 primary = xstrdup (string);
3148 secondary = strchr (primary, '+');
3151 if (part == -1 || part == 0)
3153 err = parse_key_parameter_part (primary, 0, r_algo, r_size,
3155 if (!err && part == -1)
3156 err = parse_key_parameter_part (secondary, 1, r_subalgo, r_subsize,
3157 r_subkeyuse, r_subcurve);
3161 /* If we have SECONDARY, use that part. If there is only one
3162 * part consider this to be the subkey algo. */
3163 err = parse_key_parameter_part (secondary? secondary : primary, 1,
3164 r_algo, r_size, r_keyuse, r_curve);
3174 /* Append R to the linked list PARA. */
3176 append_to_parameter (struct para_data_s *para, struct para_data_s *r)
3184 /* Release the parameter list R. */
3186 release_parameter_list (struct para_data_s *r)
3188 struct para_data_s *r2;
3193 if (r->key == pPASSPHRASE && *r->u.value)
3194 wipememory (r->u.value, strlen (r->u.value));
3199 static struct para_data_s *
3200 get_parameter( struct para_data_s *para, enum para_name key )
3202 struct para_data_s *r;
3204 for( r = para; r && r->key != key; r = r->next )
3210 get_parameter_value( struct para_data_s *para, enum para_name key )
3212 struct para_data_s *r = get_parameter( para, key );
3213 return (r && *r->u.value)? r->u.value : NULL;
3217 /* This is similar to get_parameter_value but also returns the empty
3218 string. This is required so that quick_generate_keypair can use an
3219 empty Passphrase to specify no-protection. */
3221 get_parameter_passphrase (struct para_data_s *para)
3223 struct para_data_s *r = get_parameter (para, pPASSPHRASE);
3224 return r ? r->u.value : NULL;
3229 get_parameter_algo( struct para_data_s *para, enum para_name key,
3233 struct para_data_s *r = get_parameter( para, key );
3241 /* Note that we need to handle the ECC algorithms specified as
3242 strings directly because Libgcrypt folds them all to ECC. */
3243 if (!ascii_strcasecmp (r->u.value, "default"))
3245 /* Note: If you change this default algo, remember to change it
3246 * also in gpg.c:gpgconf_list. */
3247 /* FIXME: We only allow the algo here and have a separate thing
3248 * for the curve etc. That is a ugly but demanded for backward
3249 * compatibility with the batch key generation. It would be
3250 * better to make full use of parse_key_parameter_string. */
3251 parse_key_parameter_string (NULL, 0,
3252 &i, NULL, NULL, NULL,
3253 NULL, NULL, NULL, NULL);
3258 else if (digitp (r->u.value))
3259 i = atoi( r->u.value );
3260 else if (!strcmp (r->u.value, "ELG-E")
3261 || !strcmp (r->u.value, "ELG"))
3262 i = PUBKEY_ALGO_ELGAMAL_E;
3263 else if (!ascii_strcasecmp (r->u.value, "EdDSA"))
3264 i = PUBKEY_ALGO_EDDSA;
3265 else if (!ascii_strcasecmp (r->u.value, "ECDSA"))
3266 i = PUBKEY_ALGO_ECDSA;
3267 else if (!ascii_strcasecmp (r->u.value, "ECDH"))
3268 i = PUBKEY_ALGO_ECDH;
3270 i = map_pk_gcry_to_openpgp (gcry_pk_map_name (r->u.value));
3272 if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
3273 i = 0; /* we don't want to allow generation of these algorithms */
3278 /* Parse a usage string. The usage keywords "auth", "sign", "encr"
3279 * may be delimited by space, tab, or comma. On error -1 is returned
3280 * instead of the usage flags. */
3282 parse_usagestr (const char *usagestr)
3285 char **tokens = NULL;
3288 unsigned int use = 0;
3290 tokens = strtokenize (usagestr, " \t,");
3293 err = gpg_error_from_syserror ();
3294 log_error ("strtokenize failed: %s\n", gpg_strerror (err));
3298 for (i=0; (s = tokens[i]); i++)
3302 else if (!ascii_strcasecmp (s, "sign"))
3303 use |= PUBKEY_USAGE_SIG;
3304 else if (!ascii_strcasecmp (s, "encrypt")
3305 || !ascii_strcasecmp (s, "encr"))
3306 use |= PUBKEY_USAGE_ENC;
3307 else if (!ascii_strcasecmp (s, "auth"))
3308 use |= PUBKEY_USAGE_AUTH;
3309 else if (!ascii_strcasecmp (s, "cert"))
3310 use |= PUBKEY_USAGE_CERT;
3314 return -1; /* error */
3324 * Parse the usage parameter and set the keyflags. Returns -1 on
3325 * error, 0 for no usage given or 1 for usage available.
3328 parse_parameter_usage (const char *fname,
3329 struct para_data_s *para, enum para_name key)
3331 struct para_data_s *r = get_parameter( para, key );
3335 return 0; /* none (this is an optional parameter)*/
3337 i = parse_usagestr (r->u.value);
3340 log_error ("%s:%d: invalid usage list\n", fname, r->lnr );
3341 return -1; /* error */
3350 parse_revocation_key (const char *fname,
3351 struct para_data_s *para, enum para_name key)
3353 struct para_data_s *r = get_parameter( para, key );
3354 struct revocation_key revkey;
3359 return 0; /* none (this is an optional parameter) */
3364 revkey.algid=atoi(pn);
3368 /* Skip to the fpr */
3369 while(*pn && *pn!=':')
3377 for(i=0;i<MAX_FINGERPRINT_LEN && *pn;i++,pn+=2)
3379 int c=hextobyte(pn);
3386 /* skip to the tag */
3387 while(*pn && *pn!='s' && *pn!='S')
3390 if(ascii_strcasecmp(pn,"sensitive")==0)
3393 memcpy(&r->u.revkey,&revkey,sizeof(struct revocation_key));
3398 log_error("%s:%d: invalid revocation key\n", fname, r->lnr );
3399 return -1; /* error */
3404 get_parameter_u32( struct para_data_s *para, enum para_name key )
3406 struct para_data_s *r = get_parameter( para, key );
3410 if( r->key == pKEYCREATIONDATE )
3411 return r->u.creation;
3412 if( r->key == pKEYEXPIRE || r->key == pSUBKEYEXPIRE )
3414 if( r->key == pKEYUSAGE || r->key == pSUBKEYUSAGE )
3417 return (unsigned int)strtoul( r->u.value, NULL, 10 );
3421 get_parameter_uint( struct para_data_s *para, enum para_name key )
3423 return get_parameter_u32( para, key );
3426 static struct revocation_key *
3427 get_parameter_revkey( struct para_data_s *para, enum para_name key )
3429 struct para_data_s *r = get_parameter( para, key );
3430 return r? &r->u.revkey : NULL;
3434 proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname,
3435 struct output_control_s *outctrl, int card )
3437 struct para_data_s *r;
3438 const char *s1, *s2, *s3;
3442 int have_user_id = 0;
3445 /* Check that we have all required parameters. */
3446 r = get_parameter( para, pKEYTYPE );
3449 algo = get_parameter_algo (para, pKEYTYPE, &is_default);
3450 if (openpgp_pk_test_algo2 (algo, PUBKEY_USAGE_SIG))
3452 log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
3458 log_error ("%s: no Key-Type specified\n",fname);
3462 err = parse_parameter_usage (fname, para, pKEYUSAGE);
3465 /* Default to algo capabilities if key-usage is not provided and
3466 no default algorithm has been requested. */
3467 r = xmalloc_clear(sizeof(*r));
3469 r->u.usage = (is_default
3470 ? (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG)
3471 : openpgp_pk_algo_usage(algo));
3472 append_to_parameter (para, r);
3478 r = get_parameter (para, pKEYUSAGE);
3479 if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
3481 log_error ("%s:%d: specified Key-Usage not allowed for algo %d\n",
3482 fname, r->lnr, algo);
3488 r = get_parameter( para, pSUBKEYTYPE );
3491 algo = get_parameter_algo (para, pSUBKEYTYPE, &is_default);
3492 if (openpgp_pk_test_algo (algo))
3494 log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
3498 err = parse_parameter_usage (fname, para, pSUBKEYUSAGE);
3501 /* Default to algo capabilities if subkey-usage is not
3503 r = xmalloc_clear (sizeof(*r));
3504 r->key = pSUBKEYUSAGE;
3505 r->u.usage = (is_default
3507 : openpgp_pk_algo_usage (algo));
3508 append_to_parameter (para, r);
3514 r = get_parameter (para, pSUBKEYUSAGE);
3515 if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
3517 log_error ("%s:%d: specified Subkey-Usage not allowed"
3518 " for algo %d\n", fname, r->lnr, algo);
3525 if( get_parameter_value( para, pUSERID ) )
3529 /* create the formatted user ID */
3530 s1 = get_parameter_value( para, pNAMEREAL );
3531 s2 = get_parameter_value( para, pNAMECOMMENT );
3532 s3 = get_parameter_value( para, pNAMEEMAIL );
3533 if( s1 || s2 || s3 )
3535 n = (s1?strlen(s1):0) + (s2?strlen(s2):0) + (s3?strlen(s3):0);
3536 r = xmalloc_clear( sizeof *r + n + 20 );
3542 p = stpcpy(stpcpy(stpcpy(p," ("), s2 ),")");
3544 p = stpcpy(stpcpy(stpcpy(p," <"), s3 ),">");
3545 append_to_parameter (para, r);
3552 log_error("%s: no User-ID specified\n",fname);
3556 /* Set preferences, if any. */
3557 keygen_set_std_prefs(get_parameter_value( para, pPREFERENCES ), 0);
3559 /* Set keyserver, if any. */
3560 s1=get_parameter_value( para, pKEYSERVER );
3563 struct keyserver_spec *spec;
3565 spec = parse_keyserver_uri (s1, 1);
3568 free_keyserver_spec(spec);
3569 opt.def_keyserver_url=s1;
3573 r = get_parameter (para, pKEYSERVER);
3574 log_error("%s:%d: invalid keyserver url\n", fname, r->lnr );
3579 /* Set revoker, if any. */
3580 if (parse_revocation_key (fname, para, pREVOKER))
3584 /* Make KEYCREATIONDATE from Creation-Date. */
3585 r = get_parameter (para, pCREATIONDATE);
3586 if (r && *r->u.value)
3590 seconds = parse_creation_string (r->u.value);
3593 log_error ("%s:%d: invalid creation date\n", fname, r->lnr );
3596 r->u.creation = seconds;
3597 r->key = pKEYCREATIONDATE; /* Change that entry. */
3600 /* Make KEYEXPIRE from Expire-Date. */
3601 r = get_parameter( para, pEXPIREDATE );
3602 if( r && *r->u.value )
3606 seconds = parse_expire_string( r->u.value );
3607 if( seconds == (u32)-1 )
3609 log_error("%s:%d: invalid expire date\n", fname, r->lnr );
3612 r->u.expire = seconds;
3613 r->key = pKEYEXPIRE; /* change hat entry */
3614 /* also set it for the subkey */
3615 r = xmalloc_clear( sizeof *r + 20 );
3616 r->key = pSUBKEYEXPIRE;
3617 r->u.expire = seconds;
3618 append_to_parameter (para, r);
3621 do_generate_keypair (ctrl, para, outctrl, card );
3627 * Kludge to allow non interactive key generation controlled
3628 * by a parameter file.
3629 * Note, that string parameters are expected to be in UTF-8
3632 read_parameter_file (ctrl_t ctrl, const char *fname )
3634 static struct { const char *name;
3637 { "Key-Type", pKEYTYPE},
3638 { "Key-Length", pKEYLENGTH },
3639 { "Key-Curve", pKEYCURVE },
3640 { "Key-Usage", pKEYUSAGE },
3641 { "Subkey-Type", pSUBKEYTYPE },
3642 { "Subkey-Length", pSUBKEYLENGTH },
3643 { "Subkey-Curve", pSUBKEYCURVE },
3644 { "Subkey-Usage", pSUBKEYUSAGE },
3645 { "Name-Real", pNAMEREAL },
3646 { "Name-Email", pNAMEEMAIL },
3647 { "Name-Comment", pNAMECOMMENT },
3648 { "Expire-Date", pEXPIREDATE },
3649 { "Creation-Date", pCREATIONDATE },
3650 { "Passphrase", pPASSPHRASE },
3651 { "Preferences", pPREFERENCES },
3652 { "Revoker", pREVOKER },
3653 { "Handle", pHANDLE },
3654 { "Keyserver", pKEYSERVER },
3659 unsigned int maxlen, nline;
3662 const char *err = NULL;
3663 struct para_data_s *para, *r;
3665 struct output_control_s outctrl;
3667 memset( &outctrl, 0, sizeof( outctrl ) );
3668 outctrl.pub.afx = new_armor_context ();
3670 if( !fname || !*fname)
3673 fp = iobuf_open (fname);
3674 if (fp && is_secured_file (iobuf_get_fd (fp)))
3678 gpg_err_set_errno (EPERM);
3681 log_error (_("can't open '%s': %s\n"), fname, strerror(errno) );
3684 iobuf_ioctl (fp, IOBUF_IOCTL_NO_CACHE, 1, NULL);
3691 while ( iobuf_read_line (fp, &line, &nline, &maxlen) ) {
3692 char *keyword, *value;
3696 err = "line too long";
3699 for( p = line; isspace(*(byte*)p); p++ )
3701 if( !*p || *p == '#' )
3704 if( *keyword == '%' ) {
3705 for( ; !isspace(*(byte*)p); p++ )
3709 for( ; isspace(*(byte*)p); p++ )
3712 trim_trailing_ws( value, strlen(value) );
3713 if( !ascii_strcasecmp( keyword, "%echo" ) )
3714 log_info("%s\n", value );
3715 else if( !ascii_strcasecmp( keyword, "%dry-run" ) )
3717 else if( !ascii_strcasecmp( keyword, "%ask-passphrase" ) )
3718 ; /* Dummy for backward compatibility. */
3719 else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) )
3720 ; /* Dummy for backward compatibility. */
3721 else if( !ascii_strcasecmp( keyword, "%no-protection" ) )
3722 outctrl.keygen_flags |= KEYGEN_FLAG_NO_PROTECTION;
3723 else if( !ascii_strcasecmp( keyword, "%transient-key" ) )
3724 outctrl.keygen_flags |= KEYGEN_FLAG_TRANSIENT_KEY;
3725 else if( !ascii_strcasecmp( keyword, "%commit" ) ) {
3727 if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
3728 print_status_key_not_created
3729 (get_parameter_value (para, pHANDLE));
3730 release_parameter_list( para );
3733 else if( !ascii_strcasecmp( keyword, "%pubring" ) ) {
3734 if( outctrl.pub.fname && !strcmp( outctrl.pub.fname, value ) )
3735 ; /* still the same file - ignore it */
3737 xfree( outctrl.pub.newfname );
3738 outctrl.pub.newfname = xstrdup( value );
3739 outctrl.use_files = 1;
3742 else if( !ascii_strcasecmp( keyword, "%secring" ) ) {
3743 /* Ignore this command. */
3746 log_info("skipping control '%s' (%s)\n", keyword, value );
3753 if( !(p = strchr( p, ':' )) || p == keyword ) {
3754 err = "missing colon";
3759 for( ; isspace(*(byte*)p); p++ )
3762 err = "missing argument";
3766 trim_trailing_ws( value, strlen(value) );
3768 for(i=0; keywords[i].name; i++ ) {
3769 if( !ascii_strcasecmp( keywords[i].name, keyword ) )
3772 if( !keywords[i].name ) {
3773 err = "unknown keyword";
3776 if( keywords[i].key != pKEYTYPE && !para ) {
3777 err = "parameter block does not start with \"Key-Type\"";
3781 if( keywords[i].key == pKEYTYPE && para ) {
3783 if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
3784 print_status_key_not_created
3785 (get_parameter_value (para, pHANDLE));
3786 release_parameter_list( para );
3790 for( r = para; r; r = r->next ) {
3791 if( r->key == keywords[i].key )
3795 err = "duplicate keyword";
3799 r = xmalloc_clear( sizeof *r + strlen( value ) );
3801 r->key = keywords[i].key;
3802 strcpy( r->u.value, value );
3807 log_error("%s:%d: %s\n", fname, lnr, err );
3808 else if( iobuf_error (fp) ) {
3809 log_error("%s:%d: read error\n", fname, lnr);
3813 if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
3814 print_status_key_not_created (get_parameter_value (para, pHANDLE));
3817 if( outctrl.use_files ) { /* close open streams */
3818 iobuf_close( outctrl.pub.stream );
3820 /* Must invalidate that ugly cache to actually close it. */
3821 if (outctrl.pub.fname)
3822 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE,
3823 0, (char*)outctrl.pub.fname);
3825 xfree( outctrl.pub.fname );
3826 xfree( outctrl.pub.newfname );
3830 release_parameter_list( para );
3832 release_armor_context (outctrl.pub.afx);
3836 /* Helper for quick_generate_keypair. */
3837 static struct para_data_s *
3838 quickgen_set_para (struct para_data_s *para, int for_subkey,
3839 int algo, int nbits, const char *curve, unsigned int use)
3841 struct para_data_s *r;
3843 r = xmalloc_clear (sizeof *r + 30);
3844 r->key = for_subkey? pSUBKEYUSAGE : pKEYUSAGE;
3846 snprintf (r->u.value, 30, "%s%s%s%s",
3847 (use & PUBKEY_USAGE_ENC)? "encr " : "",
3848 (use & PUBKEY_USAGE_SIG)? "sign " : "",
3849 (use & PUBKEY_USAGE_AUTH)? "auth " : "",
3850 (use & PUBKEY_USAGE_CERT)? "cert " : "");
3852 strcpy (r->u.value, for_subkey ? "encr" : "sign");
3855 r = xmalloc_clear (sizeof *r + 20);
3856 r->key = for_subkey? pSUBKEYTYPE : pKEYTYPE;
3857 snprintf (r->u.value, 20, "%d", algo);
3863 r = xmalloc_clear (sizeof *r + strlen (curve));
3864 r->key = for_subkey? pSUBKEYCURVE : pKEYCURVE;
3865 strcpy (r->u.value, curve);
3871 r = xmalloc_clear (sizeof *r + 20);
3872 r->key = for_subkey? pSUBKEYLENGTH : pKEYLENGTH;
3873 sprintf (r->u.value, "%u", nbits);
3883 * Unattended generation of a standard key.
3886 quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
3887 const char *usagestr, const char *expirestr)
3890 struct para_data_s *para = NULL;
3891 struct para_data_s *r;
3892 struct output_control_s outctrl;
3895 memset (&outctrl, 0, sizeof outctrl);
3897 use_tty = (!opt.batch && !opt.answer_yes
3898 && !*algostr && !*usagestr && !*expirestr
3900 && gnupg_isatty (fileno (stdin))
3901 && gnupg_isatty (fileno (stdout))
3902 && gnupg_isatty (fileno (stderr)));
3904 r = xmalloc_clear (sizeof *r + strlen (uid));
3906 strcpy (r->u.value, uid);
3910 uid = trim_spaces (r->u.value);
3911 if (!*uid || (!opt.allow_freeform_uid && !is_valid_user_id (uid)))
3913 log_error (_("Key generation failed: %s\n"),
3914 gpg_strerror (GPG_ERR_INV_USER_ID));
3918 /* If gpg is directly used on the console ask whether a key with the
3919 given user id shall really be created. */
3922 tty_printf (_("About to create a key for:\n \"%s\"\n\n"), uid);
3923 if (!cpr_get_answer_is_yes_def ("quick_keygen.okay",
3924 _("Continue? (Y/n) "), 1))
3928 /* Check whether such a user ID already exists. */
3931 KEYDB_SEARCH_DESC desc;
3933 memset (&desc, 0, sizeof desc);
3934 desc.mode = KEYDB_SEARCH_MODE_EXACT;
3937 kdbhd = keydb_new ();
3941 err = keydb_search (kdbhd, &desc, 1, NULL);
3942 keydb_release (kdbhd);
3943 if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
3945 log_info (_("A key for \"%s\" already exists\n"), uid);
3949 || !cpr_get_answer_is_yes_def ("quick_keygen.force",
3950 _("Create anyway? (y/N) "), 0))
3952 write_status_error ("genkey", gpg_error (304));
3953 log_inc_errorcount (); /* we used log_info */
3956 log_info (_("creating anyway\n"));
3960 if (!*expirestr || strcmp (expirestr, "-") == 0)
3961 expirestr = default_expiration_interval;
3963 if ((!*algostr || !strcmp (algostr, "default")
3964 || !strcmp (algostr, "future-default"))
3965 && (!*usagestr || !strcmp (usagestr, "default")
3966 || !strcmp (usagestr, "-")))
3968 /* Use default key parameters. */
3970 unsigned int size, subsize;
3971 unsigned int keyuse, subkeyuse;
3972 const char *curve, *subcurve;
3974 err = parse_key_parameter_string (algostr, -1,
3975 &algo, &size, &keyuse, &curve,
3976 &subalgo, &subsize, &subkeyuse,
3980 log_error (_("Key generation failed: %s\n"), gpg_strerror (err));
3984 para = quickgen_set_para (para, 0, algo, size, curve, keyuse);
3986 para = quickgen_set_para (para, 1,
3987 subalgo, subsize, subcurve, subkeyuse);
3993 expire = parse_expire_string (expirestr);
3994 if (expire == (u32)-1 )
3996 err = gpg_error (GPG_ERR_INV_VALUE);
3997 log_error (_("Key generation failed: %s\n"), gpg_strerror (err));
4000 r = xmalloc_clear (sizeof *r + 20);
4001 r->key = pKEYEXPIRE;
4002 r->u.expire = expire;
4009 /* Extended unattended mode. Creates only the primary key. */
4016 err = parse_algo_usage_expire (ctrl, 0, algostr, usagestr, expirestr,
4017 &algo, &use, &expire, &nbits, &curve);
4020 log_error (_("Key generation failed: %s\n"), gpg_strerror (err) );
4024 para = quickgen_set_para (para, 0, algo, nbits, curve, use);
4025 r = xmalloc_clear (sizeof *r + 20);
4026 r->key = pKEYEXPIRE;
4027 r->u.expire = expire;
4032 /* If the pinentry loopback mode is not and we have a static
4033 passphrase (i.e. set with --passphrase{,-fd,-file} while in batch
4034 mode), we use that passphrase for the new key. */
4035 if (opt.pinentry_mode != PINENTRY_MODE_LOOPBACK
4036 && have_static_passphrase ())
4038 const char *s = get_static_passphrase ();
4040 r = xmalloc_clear (sizeof *r + strlen (s));
4041 r->key = pPASSPHRASE;
4042 strcpy (r->u.value, s);
4047 proc_parameter_file (ctrl, para, "[internal]", &outctrl, 0);
4050 release_parameter_list (para);
4055 * Generate a keypair (fname is only used in batch mode) If
4056 * CARD_SERIALNO is not NULL the function will create the keys on an
4057 * OpenPGP Card. If CARD_BACKUP_KEY has been set and CARD_SERIALNO is
4058 * NOT NULL, the encryption key for the card is generated on the host,
4059 * imported to the card and a backup file created by gpg-agent. If
4060 * FULL is not set only the basic prompts are used (except for batch
4064 generate_keypair (ctrl_t ctrl, int full, const char *fname,
4065 const char *card_serialno, int card_backup_key)
4074 struct para_data_s *para = NULL;
4075 struct para_data_s *r;
4076 struct output_control_s outctrl;
4078 #ifndef ENABLE_CARD_SUPPORT
4079 (void)card_backup_key;
4082 memset( &outctrl, 0, sizeof( outctrl ) );
4084 if (opt.batch && card_serialno)
4086 /* We don't yet support unattended key generation. */
4087 log_error (_("can't do this in batch mode\n"));
4093 read_parameter_file (ctrl, fname);
4099 #ifdef ENABLE_CARD_SUPPORT
4100 struct agent_card_info_s info;
4102 memset (&info, 0, sizeof (info));
4103 err = agent_scd_getattr ("KEY-ATTR", &info);
4106 log_error (_("error getting current key info: %s\n"),
4107 gpg_strerror (err));
4111 r = xcalloc (1, sizeof *r + strlen (card_serialno) );
4113 strcpy( r->u.value, card_serialno);
4117 r = xcalloc (1, sizeof *r + 20 );
4119 sprintf( r->u.value, "%d", info.key_attr[0].algo );
4122 r = xcalloc (1, sizeof *r + 20 );
4124 strcpy (r->u.value, "sign");
4128 r = xcalloc (1, sizeof *r + 20 );
4129 r->key = pSUBKEYTYPE;
4130 sprintf( r->u.value, "%d", info.key_attr[1].algo );
4133 r = xcalloc (1, sizeof *r + 20 );
4134 r->key = pSUBKEYUSAGE;
4135 strcpy (r->u.value, "encrypt");
4138 if (info.key_attr[1].algo == PUBKEY_ALGO_RSA)
4140 r = xcalloc (1, sizeof *r + 20 );
4141 r->key = pSUBKEYLENGTH;
4142 sprintf( r->u.value, "%u", info.key_attr[1].nbits);
4146 else if (info.key_attr[1].algo == PUBKEY_ALGO_ECDSA
4147 || info.key_attr[1].algo == PUBKEY_ALGO_EDDSA
4148 || info.key_attr[1].algo == PUBKEY_ALGO_ECDH)
4150 r = xcalloc (1, sizeof *r + strlen (info.key_attr[1].curve));
4151 r->key = pSUBKEYCURVE;
4152 strcpy (r->u.value, info.key_attr[1].curve);
4157 r = xcalloc (1, sizeof *r + 20 );
4158 r->key = pAUTHKEYTYPE;
4159 sprintf( r->u.value, "%d", info.key_attr[2].algo );
4163 if (card_backup_key)
4165 r = xcalloc (1, sizeof *r + 1);
4166 r->key = pCARDBACKUPKEY;
4167 strcpy (r->u.value, "1");
4171 #endif /*ENABLE_CARD_SUPPORT*/
4173 else if (full) /* Full featured key generation. */
4178 /* Fixme: To support creating a primary key by keygrip we better
4179 also define the keyword for the parameter file. Note that
4180 the subkey case will never be asserted if a keygrip has been
4182 algo = ask_algo (ctrl, 0, &subkey_algo, &use, NULL);
4185 /* Create primary and subkey at once. */
4187 if (algo == PUBKEY_ALGO_ECDSA
4188 || algo == PUBKEY_ALGO_EDDSA
4189 || algo == PUBKEY_ALGO_ECDH)
4191 curve = ask_curve (&algo, &subkey_algo);
4192 r = xmalloc_clear( sizeof *r + 20 );
4194 sprintf( r->u.value, "%d", algo);
4198 r = xmalloc_clear (sizeof *r + strlen (curve));
4200 strcpy (r->u.value, curve);
4206 r = xmalloc_clear( sizeof *r + 20 );
4208 sprintf( r->u.value, "%d", algo);
4211 nbits = ask_keysize (algo, 0);
4212 r = xmalloc_clear( sizeof *r + 20 );
4213 r->key = pKEYLENGTH;
4214 sprintf( r->u.value, "%u", nbits);
4218 r = xmalloc_clear( sizeof *r + 20 );
4220 strcpy( r->u.value, "sign" );
4224 r = xmalloc_clear( sizeof *r + 20 );
4225 r->key = pSUBKEYTYPE;
4226 sprintf( r->u.value, "%d", subkey_algo);
4229 r = xmalloc_clear( sizeof *r + 20 );
4230 r->key = pSUBKEYUSAGE;
4231 strcpy( r->u.value, "encrypt" );
4235 if (algo == PUBKEY_ALGO_ECDSA
4236 || algo == PUBKEY_ALGO_EDDSA
4237 || algo == PUBKEY_ALGO_ECDH)
4239 if (algo == PUBKEY_ALGO_EDDSA
4240 && subkey_algo == PUBKEY_ALGO_ECDH)
4242 /* Need to switch to a different curve for the
4245 curve = xstrdup ("Curve25519");
4247 r = xmalloc_clear (sizeof *r + strlen (curve));
4248 r->key = pSUBKEYCURVE;
4249 strcpy (r->u.value, curve);
4254 else /* Create only a single key. */
4256 /* For ECC we need to ask for the curve before storing the
4257 algo because ask_curve may change the algo. */
4258 if (algo == PUBKEY_ALGO_ECDSA
4259 || algo == PUBKEY_ALGO_EDDSA
4260 || algo == PUBKEY_ALGO_ECDH)
4262 curve = ask_curve (&algo, NULL);
4263 r = xmalloc_clear (sizeof *r + strlen (curve));
4265 strcpy (r->u.value, curve);
4270 r = xmalloc_clear( sizeof *r + 20 );
4272 sprintf( r->u.value, "%d", algo );
4278 r = xmalloc_clear( sizeof *r + 25 );
4280 sprintf( r->u.value, "%s%s%s",
4281 (use & PUBKEY_USAGE_SIG)? "sign ":"",
4282 (use & PUBKEY_USAGE_ENC)? "encrypt ":"",
4283 (use & PUBKEY_USAGE_AUTH)? "auth":"" );
4290 if (algo == PUBKEY_ALGO_ECDSA
4291 || algo == PUBKEY_ALGO_EDDSA
4292 || algo == PUBKEY_ALGO_ECDH)
4294 /* The curve has already been set. */
4298 nbits = ask_keysize (both? subkey_algo : algo, nbits);
4299 r = xmalloc_clear( sizeof *r + 20 );
4300 r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
4301 sprintf( r->u.value, "%u", nbits);
4308 else /* Default key generation. */
4311 unsigned int size, subsize;
4312 unsigned int keyuse, subkeyuse;
4313 const char *curve, *subcurve;
4315 tty_printf ( _("Note: Use \"%s %s\""
4316 " for a full featured key generation dialog.\n"),
4322 , "--full-generate-key" );
4324 err = parse_key_parameter_string (NULL, -1,
4325 &algo, &size, &keyuse, &curve,
4327 &subkeyuse, &subcurve);
4330 log_error (_("Key generation failed: %s\n"), gpg_strerror (err));
4333 para = quickgen_set_para (para, 0, algo, size, curve, keyuse);
4335 para = quickgen_set_para (para, 1,
4336 subalgo, subsize, subcurve, subkeyuse);
4342 expire = full? ask_expire_interval (0, NULL)
4343 : parse_expire_string (default_expiration_interval);
4344 r = xcalloc (1, sizeof *r + 20);
4345 r->key = pKEYEXPIRE;
4346 r->u.expire = expire;
4349 r = xcalloc (1, sizeof *r + 20);
4350 r->key = pSUBKEYEXPIRE;
4351 r->u.expire = expire;
4355 uid = ask_user_id (0, full, NULL);
4358 log_error(_("Key generation canceled.\n"));
4359 release_parameter_list( para );
4362 r = xcalloc (1, sizeof *r + strlen (uid));
4364 strcpy (r->u.value, uid);
4368 proc_parameter_file (ctrl, para, "[internal]", &outctrl, !!card_serialno);
4369 release_parameter_list (para);
4373 /* Create and delete a dummy packet to start off a list of kbnodes. */
4375 start_tree(KBNODE *tree)
4379 pkt=xmalloc_clear(sizeof(*pkt));
4380 pkt->pkttype=PKT_NONE;
4381 *tree=new_kbnode(pkt);
4382 delete_kbnode(*tree);
4386 /* Write the *protected* secret key to the file. */
4388 card_write_key_to_backup_file (PKT_public_key *sk, const char *backup_dir)
4390 gpg_error_t err = 0;
4392 char keyid_buffer[2 * 8 + 1];
4393 char name_buffer[50];
4399 format_keyid (pk_keyid (sk), KF_LONG, keyid_buffer, sizeof (keyid_buffer));
4400 snprintf (name_buffer, sizeof name_buffer, "sk_%s.gpg", keyid_buffer);
4402 fname = make_filename (backup_dir, name_buffer, NULL);
4403 /* Note that the umask call is not anymore needed because
4404 iobuf_create now takes care of it. However, it does not harm
4405 and thus we keep it. */
4406 oldmask = umask (077);
4407 if (is_secured_filename (fname))
4410 gpg_err_set_errno (EPERM);
4413 fp = iobuf_create (fname, 1);
4417 err = gpg_error_from_syserror ();
4418 log_error (_("can't create backup file '%s': %s\n"), fname, strerror (errno) );
4422 pkt = xcalloc (1, sizeof *pkt);
4423 pkt->pkttype = PKT_SECRET_KEY;
4424 pkt->pkt.secret_key = sk;
4426 rc = build_packet (fp, pkt);
4429 log_error ("build packet failed: %s\n", gpg_strerror (rc));
4437 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
4438 log_info (_("Note: backup of card key saved to '%s'\n"), fname);
4440 fprbuf = hexfingerprint (sk, NULL, 0);
4441 write_status_text_and_buffer (STATUS_BACKUP_KEY_CREATED, fprbuf,
4442 fname, strlen (fname), 0);
4453 /* Store key to card and make a backup file in OpenPGP format. */
4455 card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
4456 const char *backup_dir)
4459 gnupg_isotime_t timestamp;
4463 struct agent_card_info_s info;
4464 gcry_cipher_hd_t cipherhd = NULL;
4465 char *cache_nonce = NULL;
4469 sk = copy_public_key (NULL, sub_psk);
4471 return gpg_error_from_syserror ();
4473 epoch2isotime (timestamp, (time_t)sk->timestamp);
4474 err = hexkeygrip_from_pk (sk, &hexgrip);
4478 memset(&info, 0, sizeof (info));
4479 rc = agent_scd_getattr ("SERIALNO", &info);
4481 return (gpg_error_t)rc;
4483 rc = agent_keytocard (hexgrip, 2, 1, info.serialno, timestamp);
4484 xfree (info.serialno);
4487 err = (gpg_error_t)rc;
4491 err = agent_keywrap_key (ctrl, 1, &kek, &keklen);
4494 log_error ("error getting the KEK: %s\n", gpg_strerror (err));
4498 err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
4499 GCRY_CIPHER_MODE_AESWRAP, 0);
4501 err = gcry_cipher_setkey (cipherhd, kek, keklen);
4504 log_error ("error setting up an encryption context: %s\n",
4505 gpg_strerror (err));
4509 err = receive_seckey_from_agent (ctrl, cipherhd, 0,
4510 &cache_nonce, hexgrip, sk);
4513 log_error ("error getting secret key from agent: %s\n",
4514 gpg_strerror (err));
4518 err = card_write_key_to_backup_file (sk, backup_dir);
4520 log_error ("writing card key to backup file: %s\n", gpg_strerror (err));
4522 /* Remove secret key data in agent side. */
4523 agent_scd_learn (NULL, 1);
4526 xfree (cache_nonce);
4527 gcry_cipher_close (cipherhd);
4530 free_public_key (sk);
4536 do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
4537 struct output_control_s *outctrl, int card)
4540 KBNODE pub_root = NULL;
4542 PKT_public_key *pri_psk = NULL;
4543 PKT_public_key *sub_psk = NULL;
4544 struct revocation_key *revkey;
4547 char *cache_nonce = NULL;
4549 if (outctrl->dryrun)
4551 log_info("dry-run mode - key generation skipped\n");
4555 if ( outctrl->use_files )
4557 if ( outctrl->pub.newfname )
4559 iobuf_close(outctrl->pub.stream);
4560 outctrl->pub.stream = NULL;
4561 if (outctrl->pub.fname)
4562 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE,
4563 0, (char*)outctrl->pub.fname);
4564 xfree( outctrl->pub.fname );
4565 outctrl->pub.fname = outctrl->pub.newfname;
4566 outctrl->pub.newfname = NULL;
4568 if (is_secured_filename (outctrl->pub.fname) )
4570 outctrl->pub.stream = NULL;
4571 gpg_err_set_errno (EPERM);
4574 outctrl->pub.stream = iobuf_create (outctrl->pub.fname, 0);
4575 if (!outctrl->pub.stream)
4577 log_error(_("can't create '%s': %s\n"), outctrl->pub.newfname,
4583 outctrl->pub.afx->what = 1;
4584 push_armor_filter (outctrl->pub.afx, outctrl->pub.stream);
4587 log_assert( outctrl->pub.stream );
4589 log_info (_("writing public key to '%s'\n"), outctrl->pub.fname );
4593 /* We create the packets as a tree of kbnodes. Because the
4594 structure we create is known in advance we simply generate a
4595 linked list. The first packet is a dummy packet which we flag as
4596 deleted. The very first packet must always be a KEY packet. */
4598 start_tree (&pub_root);
4600 timestamp = get_parameter_u32 (para, pKEYCREATIONDATE);
4602 timestamp = make_timestamp ();
4604 /* Note that, depending on the backend (i.e. the used scdaemon
4605 version), the card key generation may update TIMESTAMP for each
4606 key. Thus we need to pass TIMESTAMP to all signing function to
4607 make sure that the binding signature is done using the timestamp
4608 of the corresponding (sub)key and not that of the primary key.
4609 An alternative implementation could tell the signing function the
4610 node of the subkey but that is more work than just to pass the
4611 current timestamp. */
4614 err = do_create (get_parameter_algo( para, pKEYTYPE, NULL ),
4615 get_parameter_uint( para, pKEYLENGTH ),
4616 get_parameter_value (para, pKEYCURVE),
4619 get_parameter_u32( para, pKEYEXPIRE ), 0,
4620 outctrl->keygen_flags,
4621 get_parameter_passphrase (para),
4622 &cache_nonce, NULL);
4624 err = gen_card_key (1, get_parameter_algo( para, pKEYTYPE, NULL ),
4625 1, pub_root, ×tamp,
4626 get_parameter_u32 (para, pKEYEXPIRE));
4628 /* Get the pointer to the generated public key packet. */
4631 pri_psk = pub_root->next->pkt->pkt.public_key;
4632 log_assert (pri_psk);
4634 /* Make sure a few fields are correctly set up before going
4636 pri_psk->flags.primary = 1;
4637 keyid_from_pk (pri_psk, NULL);
4638 /* We don't use pk_keyid to get keyid, because it also asserts
4639 that main_keyid is set! */
4640 keyid_copy (pri_psk->main_keyid, pri_psk->keyid);
4643 if (!err && (revkey = get_parameter_revkey (para, pREVOKER)))
4644 err = write_direct_sig (pub_root, pri_psk, revkey, timestamp, cache_nonce);
4646 if (!err && (s = get_parameter_value (para, pUSERID)))
4648 write_uid (pub_root, s );
4649 err = write_selfsigs (pub_root, pri_psk,
4650 get_parameter_uint (para, pKEYUSAGE), timestamp,
4654 /* Write the auth key to the card before the encryption key. This
4655 is a partial workaround for a PGP bug (as of this writing, all
4656 versions including 8.1), that causes it to try and encrypt to
4657 the most recent subkey regardless of whether that subkey is
4658 actually an encryption type. In this case, the auth key is an
4659 RSA key so it succeeds. */
4661 if (!err && card && get_parameter (para, pAUTHKEYTYPE))
4663 err = gen_card_key (3, get_parameter_algo( para, pAUTHKEYTYPE, NULL ),
4664 0, pub_root, ×tamp,
4665 get_parameter_u32 (para, pKEYEXPIRE));
4667 err = write_keybinding (pub_root, pri_psk, NULL,
4668 PUBKEY_USAGE_AUTH, timestamp, cache_nonce);
4671 if (!err && get_parameter (para, pSUBKEYTYPE))
4675 if (!card || (s = get_parameter_value (para, pCARDBACKUPKEY)))
4677 err = do_create (get_parameter_algo (para, pSUBKEYTYPE, NULL),
4678 get_parameter_uint (para, pSUBKEYLENGTH),
4679 get_parameter_value (para, pSUBKEYCURVE),
4682 get_parameter_u32 (para, pSUBKEYEXPIRE), 1,
4683 s ? KEYGEN_FLAG_NO_PROTECTION : outctrl->keygen_flags,
4684 get_parameter_passphrase (para),
4685 &cache_nonce, NULL);
4686 /* Get the pointer to the generated public subkey packet. */
4691 for (node = pub_root; node; node = node->next)
4692 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4693 sub_psk = node->pkt->pkt.public_key;
4694 log_assert (sub_psk);
4697 err = card_store_key_with_backup (ctrl,
4698 sub_psk, gnupg_homedir ());
4703 err = gen_card_key (2, get_parameter_algo (para, pSUBKEYTYPE, NULL),
4704 0, pub_root, ×tamp,
4705 get_parameter_u32 (para, pKEYEXPIRE));
4709 err = write_keybinding (pub_root, pri_psk, sub_psk,
4710 get_parameter_uint (para, pSUBKEYUSAGE),
4711 timestamp, cache_nonce);
4715 if (!err && outctrl->use_files) /* Direct write to specified files. */
4717 err = write_keyblock (outctrl->pub.stream, pub_root);
4719 log_error ("can't write public key: %s\n", gpg_strerror (err));
4721 else if (!err) /* Write to the standard keyrings. */
4723 KEYDB_HANDLE pub_hd;
4725 pub_hd = keydb_new ();
4727 err = gpg_error_from_syserror ();
4730 err = keydb_locate_writable (pub_hd);
4732 log_error (_("no writable public keyring found: %s\n"),
4733 gpg_strerror (err));
4736 if (!err && opt.verbose)
4738 log_info (_("writing public key to '%s'\n"),
4739 keydb_get_resource_name (pub_hd));
4744 err = keydb_insert_keyblock (pub_hd, pub_root);
4746 log_error (_("error writing public keyring '%s': %s\n"),
4747 keydb_get_resource_name (pub_hd), gpg_strerror (err));
4750 keydb_release (pub_hd);
4757 no_enc_rsa = ((get_parameter_algo (para, pKEYTYPE, NULL)
4759 && get_parameter_uint (para, pKEYUSAGE)
4760 && !((get_parameter_uint (para, pKEYUSAGE)
4761 & PUBKEY_USAGE_ENC)) );
4763 pk = find_kbnode (pub_root, PKT_PUBLIC_KEY)->pkt->pkt.public_key;
4765 keyid_from_pk (pk, pk->main_keyid);
4766 register_trusted_keyid (pk->main_keyid);
4768 update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK)
4769 | TRUST_ULTIMATE ));
4771 gen_standard_revoke (pk, cache_nonce);
4773 /* Get rid of the first empty packet. */
4774 commit_kbnode (&pub_root);
4778 tty_printf (_("public and secret key created and signed.\n") );
4780 merge_keys_and_selfsig (pub_root);
4781 list_keyblock_direct (ctrl, pub_root, 0, 1, 1, 1);
4786 && (get_parameter_algo (para, pKEYTYPE, NULL) == PUBKEY_ALGO_DSA
4788 && !get_parameter (para, pSUBKEYTYPE) )
4790 tty_printf(_("Note that this key cannot be used for "
4791 "encryption. You may want to use\n"
4792 "the command \"--edit-key\" to generate a "
4793 "subkey for this purpose.\n") );
4801 log_error ("key generation failed: %s\n", gpg_strerror (err) );
4803 tty_printf (_("Key generation failed: %s\n"), gpg_strerror (err) );
4804 write_status_error (card? "card_key_generate":"key_generate", err);
4805 print_status_key_not_created ( get_parameter_value (para, pHANDLE) );
4809 PKT_public_key *pk = find_kbnode (pub_root,
4810 PKT_PUBLIC_KEY)->pkt->pkt.public_key;
4811 print_status_key_created (did_sub? 'B':'P', pk,
4812 get_parameter_value (para, pHANDLE));
4815 release_kbnode (pub_root);
4816 xfree (cache_nonce);
4821 parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
4822 const char *algostr, const char *usagestr,
4823 const char *expirestr,
4824 int *r_algo, unsigned int *r_usage, u32 *r_expire,
4825 unsigned int *r_nbits, char **r_curve)
4829 unsigned int use, nbits;
4832 const char *curve = NULL;
4838 /* Parse the algo string. */
4839 if (algostr && *algostr == '&' && strlen (algostr) == 41)
4841 /* Take algo from existing key. */
4842 algo = check_keygrip (ctrl, algostr+1);
4843 /* FIXME: We need the curve name as well. */
4844 return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
4847 err = parse_key_parameter_string (algostr, for_subkey? 1 : 0,
4848 &algo, &nbits, &use, &curve,
4849 NULL, NULL, NULL, NULL);
4853 /* Parse the usage string. */
4854 if (!usagestr || !*usagestr
4855 || !strcmp (usagestr, "default") || !strcmp (usagestr, "-"))
4856 ; /* Keep usage from parse_key_parameter_string. */
4857 else if ((wantuse = parse_usagestr (usagestr)) != -1)
4860 return gpg_error (GPG_ERR_INV_VALUE);
4862 /* Make sure a primary key has the CERT usage. */
4864 use |= PUBKEY_USAGE_CERT;
4866 /* Check that usage is possible. NB: We have the same check in
4867 * parse_key_parameter_string but need it here again in case the
4868 * separate usage value has been given. */
4869 if (/**/((use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT))
4870 && !pubkey_get_nsig (algo))
4871 || ((use & PUBKEY_USAGE_ENC)
4872 && !pubkey_get_nenc (algo))
4873 || (for_subkey && (use & PUBKEY_USAGE_CERT)))
4874 return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
4876 /* Parse the expire string. */
4877 expire = parse_expire_string (expirestr);
4878 if (expire == (u32)-1 )
4879 return gpg_error (GPG_ERR_INV_VALUE);
4883 *r_curve = xtrystrdup (curve);
4885 return gpg_error_from_syserror ();
4895 /* Add a new subkey to an existing key. Returns 0 if a new key has
4896 been generated and put into the keyblocks. If any of ALGOSTR,
4897 USAGESTR, or EXPIRESTR is NULL interactive mode is used. */
4899 generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
4900 const char *usagestr, const char *expirestr)
4902 gpg_error_t err = 0;
4905 PKT_public_key *pri_psk = NULL;
4906 PKT_public_key *sub_psk = NULL;
4910 unsigned int nbits = 0;
4913 char *key_from_hexgrip = NULL;
4914 char *hexgrip = NULL;
4915 char *serialno = NULL;
4916 char *cache_nonce = NULL;
4917 char *passwd_nonce = NULL;
4919 interactive = (!algostr || !usagestr || !expirestr);
4921 /* Break out the primary key. */
4922 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
4925 log_error ("Oops; primary key missing in keyblock!\n");
4926 err = gpg_error (GPG_ERR_BUG);
4929 pri_psk = node->pkt->pkt.public_key;
4931 cur_time = make_timestamp ();
4933 if (pri_psk->timestamp > cur_time)
4935 ulong d = pri_psk->timestamp - cur_time;
4936 log_info ( d==1 ? _("key has been created %lu second "
4937 "in future (time warp or clock problem)\n")
4938 : _("key has been created %lu seconds "
4939 "in future (time warp or clock problem)\n"), d );
4940 if (!opt.ignore_time_conflict)
4942 err = gpg_error (GPG_ERR_TIME_CONFLICT);
4947 if (pri_psk->version < 4)
4949 log_info (_("Note: creating subkeys for v3 keys "
4950 "is not OpenPGP compliant\n"));
4951 err = gpg_error (GPG_ERR_CONFLICT);
4955 err = hexkeygrip_from_pk (pri_psk, &hexgrip);
4958 if (agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
4961 tty_printf (_("Secret parts of primary key are not available.\n"));
4963 log_info ( _("Secret parts of primary key are not available.\n"));
4964 err = gpg_error (GPG_ERR_NO_SECKEY);
4970 tty_printf (_("Secret parts of primary key are stored on-card.\n"));
4972 log_info ( _("Secret parts of primary key are stored on-card.\n"));
4977 algo = ask_algo (ctrl, 1, NULL, &use, &key_from_hexgrip);
4980 if (key_from_hexgrip)
4982 else if (algo == PUBKEY_ALGO_ECDSA
4983 || algo == PUBKEY_ALGO_EDDSA
4984 || algo == PUBKEY_ALGO_ECDH)
4985 curve = ask_curve (&algo, NULL);
4987 nbits = ask_keysize (algo, 0);
4989 expire = ask_expire_interval (0, NULL);
4990 if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",
4991 _("Really create? (y/N) ")))
4993 err = gpg_error (GPG_ERR_CANCELED);
4997 else /* Unattended mode. */
4999 err = parse_algo_usage_expire (ctrl, 1, algostr, usagestr, expirestr,
5000 &algo, &use, &expire, &nbits, &curve);
5005 /* Verify the passphrase now so that we get a cache item for the
5006 * primary key passphrase. The agent also returns a passphrase
5007 * nonce, which we can use to set the passphrase for the subkey to
5008 * that of the primary key. */
5010 char *desc = gpg_format_keydesc (pri_psk, FORMAT_KEYDESC_NORMAL, 1);
5011 err = agent_passwd (ctrl, hexgrip, desc, 1 /*=verify*/,
5012 &cache_nonce, &passwd_nonce);
5016 /* Start creation. */
5017 if (key_from_hexgrip)
5019 err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip,
5020 keyblock, cur_time, expire, 1);
5026 /* If the pinentry loopback mode is not and we have a static
5027 passphrase (i.e. set with --passphrase{,-fd,-file} while in batch
5028 mode), we use that passphrase for the new subkey. */
5029 if (opt.pinentry_mode != PINENTRY_MODE_LOOPBACK
5030 && have_static_passphrase ())
5031 passwd = get_static_passphrase ();
5035 err = do_create (algo, nbits, curve,
5036 keyblock, cur_time, expire, 1, 0,
5037 passwd, &cache_nonce, &passwd_nonce);
5042 /* Get the pointer to the generated public subkey packet. */
5043 for (node = keyblock; node; node = node->next)
5044 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
5045 sub_psk = node->pkt->pkt.public_key;
5047 /* Write the binding signature. */
5048 err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time,
5053 print_status_key_created ('S', sub_psk, NULL);
5057 xfree (key_from_hexgrip);
5061 xfree (cache_nonce);
5062 xfree (passwd_nonce);
5064 log_error (_("Key generation failed: %s\n"), gpg_strerror (err) );
5069 #ifdef ENABLE_CARD_SUPPORT
5070 /* Generate a subkey on a card. */
5072 generate_card_subkeypair (kbnode_t pub_keyblock,
5073 int keyno, const char *serialno)
5075 gpg_error_t err = 0;
5077 PKT_public_key *pri_pk = NULL;
5081 struct para_data_s *para = NULL;
5082 PKT_public_key *sub_pk = NULL;
5084 struct agent_card_info_s info;
5086 log_assert (keyno >= 1 && keyno <= 3);
5088 memset (&info, 0, sizeof (info));
5089 err = agent_scd_getattr ("KEY-ATTR", &info);
5092 log_error (_("error getting current key info: %s\n"), gpg_strerror (err));
5095 algo = info.key_attr[keyno-1].algo;
5097 para = xtrycalloc (1, sizeof *para + strlen (serialno) );
5100 err = gpg_error_from_syserror ();
5103 para->key = pSERIALNO;
5104 strcpy (para->u.value, serialno);
5106 /* Break out the primary secret key */
5107 node = find_kbnode (pub_keyblock, PKT_PUBLIC_KEY);
5110 log_error ("Oops; publkic key lost!\n");
5111 err = gpg_error (GPG_ERR_INTERNAL);
5114 pri_pk = node->pkt->pkt.public_key;
5116 cur_time = make_timestamp();
5117 if (pri_pk->timestamp > cur_time)
5119 ulong d = pri_pk->timestamp - cur_time;
5120 log_info (d==1 ? _("key has been created %lu second "
5121 "in future (time warp or clock problem)\n")
5122 : _("key has been created %lu seconds "
5123 "in future (time warp or clock problem)\n"), d );
5124 if (!opt.ignore_time_conflict)
5126 err = gpg_error (GPG_ERR_TIME_CONFLICT);
5131 if (pri_pk->version < 4)
5133 log_info (_("Note: creating subkeys for v3 keys "
5134 "is not OpenPGP compliant\n"));
5135 err = gpg_error (GPG_ERR_NOT_SUPPORTED);
5139 expire = ask_expire_interval (0, NULL);
5141 use = PUBKEY_USAGE_SIG;
5142 else if (keyno == 2)
5143 use = PUBKEY_USAGE_ENC;
5145 use = PUBKEY_USAGE_AUTH;
5146 if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.cardsub.okay",
5147 _("Really create? (y/N) ")))
5149 err = gpg_error (GPG_ERR_CANCELED);
5153 /* Note, that depending on the backend, the card key generation may
5155 err = gen_card_key (keyno, algo, 0, pub_keyblock, &cur_time, expire);
5156 /* Get the pointer to the generated public subkey packet. */
5159 for (node = pub_keyblock; node; node = node->next)
5160 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
5161 sub_pk = node->pkt->pkt.public_key;
5162 log_assert (sub_pk);
5163 err = write_keybinding (pub_keyblock, pri_pk, sub_pk,
5164 use, cur_time, NULL);
5169 log_error (_("Key generation failed: %s\n"), gpg_strerror (err) );
5171 print_status_key_created ('S', sub_pk, NULL);
5172 release_parameter_list (para);
5175 #endif /* !ENABLE_CARD_SUPPORT */
5178 * Write a keyblock to an output stream
5181 write_keyblock( IOBUF out, KBNODE node )
5183 for( ; node ; node = node->next )
5185 if(!is_deleted_kbnode(node))
5187 int rc = build_packet( out, node->pkt );
5190 log_error("build_packet(%d) failed: %s\n",
5191 node->pkt->pkttype, gpg_strerror (rc) );
5201 /* Note that timestamp is an in/out arg. */
5203 gen_card_key (int keyno, int algo, int is_primary, kbnode_t pub_root,
5204 u32 *timestamp, u32 expireval)
5206 #ifdef ENABLE_CARD_SUPPORT
5211 unsigned char *public;
5214 snprintf (keyid, DIM(keyid), "OPENPGP.%d", keyno);
5216 pk = xtrycalloc (1, sizeof *pk );
5218 return gpg_error_from_syserror ();
5219 pkt = xtrycalloc (1, sizeof *pkt);
5223 return gpg_error_from_syserror ();
5226 /* Note: SCD knows the serialnumber, thus there is no point in passing it. */
5227 err = agent_scd_genkey (keyno, 1, timestamp);
5228 /* The code below is not used because we force creation of
5229 * the a card key (3rd arg).
5230 * if (gpg_err_code (rc) == GPG_ERR_EEXIST)
5232 * tty_printf ("\n");
5233 * log_error ("WARNING: key does already exists!\n");
5234 * tty_printf ("\n");
5235 * if ( cpr_get_answer_is_yes( "keygen.card.replace_key",
5236 * _("Replace existing key? ")))
5237 * rc = agent_scd_genkey (keyno, 1, timestamp);
5242 log_error ("key generation failed: %s\n", gpg_strerror (err));
5248 /* Send the READKEY command so that the agent creates a shadow key for
5249 card key. We need to do that now so that we are able to create
5250 the self-signatures. */
5251 err = agent_readkey (NULL, 1, keyid, &public);
5254 err = gcry_sexp_sscan (&s_key, NULL, public,
5255 gcry_sexp_canon_len (public, 0, NULL, NULL));
5260 if (algo == PUBKEY_ALGO_RSA)
5261 err = key_from_sexp (pk->pkey, s_key, "public-key", "ne");
5262 else if (algo == PUBKEY_ALGO_ECDSA
5263 || algo == PUBKEY_ALGO_EDDSA
5264 || algo == PUBKEY_ALGO_ECDH )
5265 err = ecckey_from_sexp (pk->pkey, s_key, algo);
5267 err = gpg_error (GPG_ERR_PUBKEY_ALGO);
5268 gcry_sexp_release (s_key);
5272 log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) );
5273 free_public_key (pk);
5277 pk->timestamp = *timestamp;
5280 pk->expiredate = pk->timestamp + expireval;
5281 pk->pubkey_algo = algo;
5283 pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
5284 pkt->pkt.public_key = pk;
5285 add_kbnode (pub_root, new_kbnode (pkt));
5294 return gpg_error (GPG_ERR_NOT_SUPPORTED);
5295 #endif /*!ENABLE_CARD_SUPPORT*/