1 /* keylist.c - Print information about OpenPGP keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2008, 2010, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2013, 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
27 #ifdef HAVE_DOSISH_SYSTEM
28 # include <fcntl.h> /* for setmode() */
43 #include "call-agent.h"
44 #include "mbox-util.h"
49 static void list_all (ctrl_t, int, int);
50 static void list_one (ctrl_t ctrl,
51 strlist_t names, int secret, int mark_secret);
52 static void locate_one (ctrl_t ctrl, strlist_t names);
53 static void print_card_serialno (const char *serialno);
55 struct keylist_context
57 int check_sigs; /* If set signatures shall be verified. */
58 int good_sigs; /* Counter used if CHECK_SIGS is set. */
59 int inv_sigs; /* Counter used if CHECK_SIGS is set. */
60 int no_key; /* Counter used if CHECK_SIGS is set. */
61 int oth_err; /* Counter used if CHECK_SIGS is set. */
62 int no_validity; /* Do not show validity. */
66 static void list_keyblock (ctrl_t ctrl,
67 kbnode_t keyblock, int secret, int has_secret,
68 int fpr, struct keylist_context *listctx);
71 /* The stream used to write attribute packets to. */
72 static estream_t attrib_fp;
75 /* Release resources from a keylist context. */
77 keylist_context_release (struct keylist_context *listctx)
79 (void)listctx; /* Nothing to release. */
83 /* List the keys. If list is NULL, all available keys are listed.
84 With LOCATE_MODE set the locate algorithm is used to find a
87 public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
89 #ifndef NO_TRUST_MODELS
92 byte trust_model, marginals, completes, cert_depth, min_cert_level;
93 ulong created, nextcheck;
95 read_trust_options (&trust_model, &created, &nextcheck,
96 &marginals, &completes, &cert_depth, &min_cert_level);
98 es_fprintf (es_stdout, "tru:");
100 if (nextcheck && nextcheck <= make_timestamp ())
101 es_fprintf (es_stdout, "o");
102 if (trust_model != opt.trust_model)
103 es_fprintf (es_stdout, "t");
104 if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
105 || opt.trust_model == TM_TOFU_PGP)
107 if (marginals != opt.marginals_needed)
108 es_fprintf (es_stdout, "m");
109 if (completes != opt.completes_needed)
110 es_fprintf (es_stdout, "c");
111 if (cert_depth != opt.max_cert_depth)
112 es_fprintf (es_stdout, "d");
113 if (min_cert_level != opt.min_cert_level)
114 es_fprintf (es_stdout, "l");
117 es_fprintf (es_stdout, ":%d:%lu:%lu", trust_model, created, nextcheck);
119 /* Only show marginals, completes, and cert_depth in the classic
120 or PGP trust models since they are not meaningful
123 if (trust_model == TM_PGP || trust_model == TM_CLASSIC)
124 es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth);
125 es_fprintf (es_stdout, "\n");
127 #endif /*!NO_TRUST_MODELS*/
129 /* We need to do the stale check right here because it might need to
130 update the keyring while we already have the keyring open. This
131 is very bad for W32 because of a sharing violation. For real OSes
132 it might lead to false results if we are later listing a keyring
133 which is associated with the inode of a deleted file. */
134 check_trustdb_stale (ctrl);
137 tofu_begin_batch_update (ctrl);
141 locate_one (ctrl, list);
143 list_all (ctrl, 0, opt.with_secret);
145 list_one (ctrl, list, 0, opt.with_secret);
148 tofu_end_batch_update (ctrl);
154 secret_key_list (ctrl_t ctrl, strlist_t list)
158 check_trustdb_stale (ctrl);
161 list_all (ctrl, 1, 0);
162 else /* List by user id */
163 list_one (ctrl, list, 1, 0);
167 format_seckey_info (PKT_public_key *pk)
171 char pkstrbuf[PUBKEY_STRING_SIZE];
174 keyid_from_pk (pk, keyid);
175 p = get_user_id_native (keyid);
177 info = xtryasprintf ("sec %s/%s %s %s",
178 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
179 keystr (keyid), datestr_from_pk (pk), p);
187 print_seckey_info (PKT_public_key *pk)
189 char *p = format_seckey_info (pk);
190 tty_printf ("\n%s\n", p);
194 /* Print information about the public key. With FP passed as NULL,
195 the tty output interface is used, otherwise output is directted to
198 print_pubkey_info (estream_t fp, PKT_public_key *pk)
202 char pkstrbuf[PUBKEY_STRING_SIZE];
204 keyid_from_pk (pk, keyid);
206 /* If the pk was chosen by a particular user ID, that is the one to
209 p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
211 p = get_user_id_native (keyid);
215 tty_fprintf (fp, "%s %s/%s %s %s\n",
216 pk->flags.primary? "pub":"sub",
217 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
218 keystr (keyid), datestr_from_pk (pk), p);
223 /* Print basic information of a secret key including the card serial
224 number information. */
225 #ifdef ENABLE_CARD_SUPPORT
227 print_card_key_info (estream_t fp, kbnode_t keyblock)
233 char pkstrbuf[PUBKEY_STRING_SIZE];
236 for (node = keyblock; node; node = node->next)
238 if (node->pkt->pkttype == PKT_PUBLIC_KEY
239 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
242 PKT_public_key *pk = node->pkt->pkt.public_key;
245 rc = hexkeygrip_from_pk (pk, &hexgrip);
248 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
251 else if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
252 s2k_char = serialno? '>':' ';
254 s2k_char = '#'; /* Key not found. */
256 tty_fprintf (fp, "%s%c %s/%s %n",
257 node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb",
259 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
262 tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
263 tty_fprintf (fp, " ");
264 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
267 tty_fprintf (fp, "\n%*s%s", indent, "", _("card-no: "));
268 if (strlen (serialno) == 32
269 && !strncmp (serialno, "D27600012401", 12))
271 /* This is an OpenPGP card. Print the relevant part. */
272 /* Example: D2760001240101010001000003470000 */
274 tty_fprintf (fp, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
277 tty_fprintf (fp, "%s", serialno);
279 tty_fprintf (fp, "\n");
285 #endif /*ENABLE_CARD_SUPPORT*/
288 /* Flags = 0x01 hashed 0x02 critical. */
290 status_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
295 /* Don't print these. */
299 snprintf (status, sizeof status,
300 "%d %u %u ", type, flags, (unsigned int) len);
302 write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0);
306 /* Print a policy URL. Allowed values for MODE are:
307 * -1 - print to the TTY
308 * 0 - print to stdout.
309 * 1 - use log_info and emit status messages.
310 * 2 - emit only status messages.
313 show_policy_url (PKT_signature * sig, int indent, int mode)
318 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
321 enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit)))
327 tty_fprintf (fp, "%*s", indent, "");
330 str = _("Critical signature policy: ");
332 str = _("Signature policy: ");
334 log_info ("%s", str);
336 tty_fprintf (fp, "%s", str);
337 tty_print_utf8_string2 (fp, p, len, 0);
338 tty_fprintf (fp, "\n");
342 write_status_buffer (STATUS_POLICY_URL, p, len, 0);
347 /* Print a keyserver URL. Allowed values for MODE are:
348 * -1 - print to the TTY
349 * 0 - print to stdout.
350 * 1 - use log_info and emit status messages.
351 * 2 - emit only status messages.
354 show_keyserver_url (PKT_signature * sig, int indent, int mode)
359 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
362 enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq,
369 tty_fprintf (fp, "%*s", indent, "");
372 str = _("Critical preferred keyserver: ");
374 str = _("Preferred keyserver: ");
376 log_info ("%s", str);
378 tty_fprintf (es_stdout, "%s", str);
379 tty_print_utf8_string2 (fp, p, len, 0);
380 tty_fprintf (fp, "\n");
384 status_one_subpacket (SIGSUBPKT_PREF_KS, len,
385 (crit ? 0x02 : 0) | 0x01, p);
390 /* Print notation data. Allowed values for MODE are:
391 * -1 - print to the TTY
392 * 0 - print to stdout.
393 * 1 - use log_info and emit status messages.
394 * 2 - emit only status messages.
396 * Defined bits in WHICH:
397 * 1 - standard notations
401 show_notation (PKT_signature * sig, int indent, int mode, int which)
403 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
404 notation_t nd, notations;
409 notations = sig_to_notation (sig);
411 /* There may be multiple notations in the same sig. */
412 for (nd = notations; nd; nd = nd->next)
416 int has_at = !!strchr (nd->name, '@');
418 if ((which & 1 && !has_at) || (which & 2 && has_at))
422 tty_fprintf (fp, "%*s", indent, "");
424 if (nd->flags.critical)
425 str = _("Critical signature notation: ");
427 str = _("Signature notation: ");
429 log_info ("%s", str);
431 tty_fprintf (es_stdout, "%s", str);
432 /* This is all UTF8 */
433 tty_print_utf8_string2 (fp, nd->name, strlen (nd->name), 0);
434 tty_fprintf (fp, "=");
435 tty_print_utf8_string2 (fp, nd->value, strlen (nd->value), 0);
436 /* (We need to use log_printf so that the next call to a
437 log function does not insert an extra LF.) */
441 tty_fprintf (fp, "\n");
447 write_status_buffer (STATUS_NOTATION_NAME,
448 nd->name, strlen (nd->name), 0);
449 if (nd->flags.critical || nd->flags.human)
450 write_status_text (STATUS_NOTATION_FLAGS,
451 nd->flags.critical && nd->flags.human? "1 1" :
452 nd->flags.critical? "1 0" : "0 1");
453 write_status_buffer (STATUS_NOTATION_DATA,
454 nd->value, strlen (nd->value), 50);
458 free_notation (notations);
463 print_signature_stats (struct keylist_context *s)
466 return; /* Signature checking was not requested. */
468 /* Better flush stdout so that the stats are always printed after
470 es_fflush (es_stdout);
473 log_info (ngettext("%d good signature\n",
474 "%d good signatures\n", s->good_sigs), s->good_sigs);
477 log_info (ngettext("%d bad signature\n",
478 "%d bad signatures\n", s->inv_sigs), s->inv_sigs);
481 log_info (ngettext("%d signature not checked due to a missing key\n",
482 "%d signatures not checked due to missing keys\n",
483 s->no_key), s->no_key);
486 log_info (ngettext("%d signature not checked due to an error\n",
487 "%d signatures not checked due to errors\n",
488 s->oth_err), s->oth_err);
492 /* List all keys. If SECRET is true only secret keys are listed. If
493 MARK_SECRET is true secret keys are indicated in a public key
496 list_all (ctrl_t ctrl, int secret, int mark_secret)
499 KBNODE keyblock = NULL;
502 const char *lastresname, *resname;
503 struct keylist_context listctx;
505 memset (&listctx, 0, sizeof (listctx));
507 listctx.check_sigs = 1;
511 rc = gpg_error_from_syserror ();
513 rc = keydb_search_first (hd);
516 if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
517 log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc));
524 rc = keydb_get_keyblock (hd, &keyblock);
527 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
528 continue; /* Skip legacy keys. */
529 log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
533 if (secret || mark_secret)
534 any_secret = !agent_probe_any_secret_key (NULL, keyblock);
538 if (secret && !any_secret)
539 ; /* Secret key listing requested but this isn't one. */
542 if (!opt.with_colons)
544 resname = keydb_get_resource_name (hd);
545 if (lastresname != resname)
549 es_fprintf (es_stdout, "%s\n", resname);
550 for (i = strlen (resname); i; i--)
551 es_putc ('-', es_stdout);
552 es_putc ('\n', es_stdout);
553 lastresname = resname;
556 merge_keys_and_selfsig (keyblock);
557 list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint,
560 release_kbnode (keyblock);
563 while (!(rc = keydb_search_next (hd)));
564 es_fflush (es_stdout);
565 if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
566 log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
567 if (keydb_get_skipped_counter (hd))
568 log_info (ngettext("Warning: %lu key skipped due to its large size\n",
569 "Warning: %lu keys skipped due to their large sizes\n",
570 keydb_get_skipped_counter (hd)),
571 keydb_get_skipped_counter (hd));
573 if (opt.check_sigs && !opt.with_colons)
574 print_signature_stats (&listctx);
577 keylist_context_release (&listctx);
578 release_kbnode (keyblock);
584 list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)
587 KBNODE keyblock = NULL;
590 const char *keyring_str = _("Keyring");
592 struct keylist_context listctx;
594 memset (&listctx, 0, sizeof (listctx));
595 if (!secret && opt.check_sigs)
596 listctx.check_sigs = 1;
598 /* fixme: using the bynames function has the disadvantage that we
599 * don't know wether one of the names given was not found. OTOH,
600 * this function has the advantage to list the names in the
601 * sequence as defined by the keyDB and does not duplicate
602 * outputs. A solution could be do test whether all given have
603 * been listed (this needs a way to use the keyDB search
604 * functions) or to have the search function return indicators for
605 * found names. Yet another way is to use the keydb search
606 * facilities directly. */
607 rc = getkey_bynames (&ctx, NULL, names, secret, &keyblock);
610 log_error ("error reading key: %s\n", gpg_strerror (rc));
617 if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
619 resname = keydb_get_resource_name (get_ctx_handle (ctx));
620 es_fprintf (es_stdout, "%s: %s\n", keyring_str, resname);
621 for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
622 es_putc ('-', es_stdout);
623 es_putc ('\n', es_stdout);
626 keyblock, secret, mark_secret, opt.fingerprint, &listctx);
627 release_kbnode (keyblock);
629 while (!getkey_next (ctx, NULL, &keyblock));
632 if (opt.check_sigs && !opt.with_colons)
633 print_signature_stats (&listctx);
635 keylist_context_release (&listctx);
640 locate_one (ctrl_t ctrl, strlist_t names)
644 GETKEY_CTX ctx = NULL;
645 KBNODE keyblock = NULL;
646 struct keylist_context listctx;
648 memset (&listctx, 0, sizeof (listctx));
650 listctx.check_sigs = 1;
652 for (sl = names; sl; sl = sl->next)
654 rc = get_best_pubkey_byname (ctrl, &ctx, NULL, sl->d, &keyblock, 1, 0);
657 if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
658 log_error ("error reading key: %s\n", gpg_strerror (rc));
659 else if (opt.verbose)
660 log_info (_("key \"%s\" not found: %s\n"),
661 sl->d, gpg_strerror (rc));
667 list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx);
668 release_kbnode (keyblock);
670 while (ctx && !getkey_next (ctx, NULL, &keyblock));
676 if (opt.check_sigs && !opt.with_colons)
677 print_signature_stats (&listctx);
679 keylist_context_release (&listctx);
684 print_key_data (PKT_public_key * pk)
686 int n = pk ? pubkey_get_npkey (pk->pubkey_algo) : 0;
689 for (i = 0; i < n; i++)
691 es_fprintf (es_stdout, "pkd:%d:%u:", i, mpi_get_nbits (pk->pkey[i]));
692 mpi_print (es_stdout, pk->pkey[i], 1);
693 es_putc (':', es_stdout);
694 es_putc ('\n', es_stdout);
699 print_capabilities (PKT_public_key *pk, KBNODE keyblock)
701 unsigned int use = pk->pubkey_usage;
704 if (use & PUBKEY_USAGE_ENC)
705 es_putc ('e', es_stdout);
707 if (use & PUBKEY_USAGE_SIG)
709 es_putc ('s', es_stdout);
710 if (pk->flags.primary)
712 es_putc ('c', es_stdout);
713 /* The PUBKEY_USAGE_CERT flag was introduced later and we
714 used to always print 'c' for a primary key. To avoid any
715 regression here we better track whether we printed 'c'
721 if ((use & PUBKEY_USAGE_CERT) && !c_printed)
722 es_putc ('c', es_stdout);
724 if ((use & PUBKEY_USAGE_AUTH))
725 es_putc ('a', es_stdout);
727 if ((use & PUBKEY_USAGE_UNKNOWN))
728 es_putc ('?', es_stdout);
732 /* Figure out the usable capabilities. */
734 int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0;
736 for (k = keyblock; k; k = k->next)
738 if (k->pkt->pkttype == PKT_PUBLIC_KEY
739 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
741 pk = k->pkt->pkt.public_key;
743 if (pk->flags.primary)
744 disabled = pk_is_disabled (pk);
746 if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired)
748 if (pk->pubkey_usage & PUBKEY_USAGE_ENC)
750 if (pk->pubkey_usage & PUBKEY_USAGE_SIG)
753 if (pk->flags.primary)
756 if (pk->pubkey_usage & PUBKEY_USAGE_CERT)
758 if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
764 es_putc ('E', es_stdout);
766 es_putc ('S', es_stdout);
768 es_putc ('C', es_stdout);
770 es_putc ('A', es_stdout);
772 es_putc ('D', es_stdout);
775 es_putc (':', es_stdout);
779 /* FLAGS: 0x01 hashed
782 print_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
787 es_fprintf (es_stdout, "spk:%d:%u:%u:", type, flags, (unsigned int) len);
789 for (i = 0; i < len; i++)
791 /* printable ascii other than : and % */
792 if (buf[i] >= 32 && buf[i] <= 126 && buf[i] != ':' && buf[i] != '%')
793 es_fprintf (es_stdout, "%c", buf[i]);
795 es_fprintf (es_stdout, "%%%02X", buf[i]);
798 es_fprintf (es_stdout, "\n");
803 print_subpackets_colon (PKT_signature * sig)
807 log_assert (opt.show_subpackets);
809 for (i = opt.show_subpackets; *i; i++)
817 while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit)))
818 print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
822 while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit)))
823 print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
829 dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
836 for (i = 0; i < uid->numattribs; i++)
838 if (is_status_enabled ())
840 byte array[MAX_FINGERPRINT_LEN], *p;
841 char buf[(MAX_FINGERPRINT_LEN * 2) + 90];
846 fingerprint_from_pk (pk, array, &n);
849 for (j = 0; j < n; j++, p++)
850 sprintf (buf + 2 * j, "%02X", *p);
852 sprintf (buf + strlen (buf), " %lu %u %u %u %lu %lu %u",
853 (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1,
854 uid->numattribs, (ulong) uid->created,
855 (ulong) uid->expiredate,
856 ((uid->is_primary ? 0x01 : 0) | (uid->
857 is_revoked ? 0x02 : 0) |
858 (uid->is_expired ? 0x04 : 0)));
859 write_status_text (STATUS_ATTRIBUTE, buf);
862 es_fwrite (uid->attribs[i].data, uid->attribs[i].len, 1, attrib_fp);
863 es_fflush (attrib_fp);
869 list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
870 struct keylist_context *listctx)
877 char *hexgrip = NULL;
878 char *serialno = NULL;
880 /* Get the keyid from the keyblock. */
881 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
884 log_error ("Oops; key lost!\n");
885 dump_kbnode (keyblock);
889 pk = node->pkt->pkt.public_key;
891 if (secret || opt.with_keygrip)
893 rc = hexkeygrip_from_pk (pk, &hexgrip);
895 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
900 /* Encode some info about the secret key in SECRET. */
901 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
902 secret = serialno? 3 : 1;
904 secret = 2; /* Key not found. */
907 if (!listctx->no_validity)
908 check_trustdb_stale (ctrl);
910 /* Print the "pub" line and in KF_NONE mode the fingerprint. */
911 print_key_line (es_stdout, pk, secret);
914 print_fingerprint (NULL, pk, 0);
916 if (opt.with_keygrip && hexgrip)
917 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
920 print_card_serialno (serialno);
922 if (opt.with_key_data)
925 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
927 if (node->pkt->pkttype == PKT_USER_ID)
929 PKT_user_id *uid = node->pkt->pkt.user_id;
931 int kl = opt.keyid_format == KF_NONE? 10 : keystrlen ();
933 if ((uid->is_expired || uid->is_revoked)
934 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
942 if (attrib_fp && uid->attrib_data != NULL)
943 dump_attribs (uid, pk);
945 if ((uid->is_revoked || uid->is_expired)
946 || ((opt.list_options & LIST_SHOW_UID_VALIDITY)
947 && !listctx->no_validity))
949 const char *validity;
951 validity = uid_trust_string_fixed (ctrl, pk, uid);
952 indent = ((kl + (opt.legacy_list_mode? 9:11))
953 - atoi (uid_trust_string_fixed (ctrl, NULL, NULL)));
954 if (indent < 0 || indent > 40)
957 es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity);
961 indent = kl + (opt.legacy_list_mode? 10:12);
962 es_fprintf (es_stdout, "uid%*s", indent, "");
965 print_utf8_buffer (es_stdout, uid->name, uid->len);
966 es_putc ('\n', es_stdout);
968 if (opt.with_wkd_hash)
970 char *mbox, *hash, *p;
973 mbox = mailbox_from_userid (uid->name);
974 if (mbox && (p = strchr (mbox, '@')))
977 gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
978 mbox, strlen (mbox));
979 hash = zb32_encode (hashbuf, 8*20);
982 es_fprintf (es_stdout, " %*s%s@%s\n",
983 indent, "", hash, p);
990 if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
991 show_photos (ctrl, uid->attribs, uid->numattribs, pk, uid);
993 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
995 PKT_public_key *pk2 = node->pkt->pkt.public_key;
997 if ((pk2->flags.revoked || pk2->has_expired)
998 && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS))
1006 xfree (serialno); serialno = NULL;
1007 xfree (hexgrip); hexgrip = NULL;
1008 if (secret || opt.with_keygrip)
1010 rc = hexkeygrip_from_pk (pk2, &hexgrip);
1012 log_error ("error computing a keygrip: %s\n",
1017 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1018 secret = serialno? 3 : 1;
1020 secret = '2'; /* Key not found. */
1023 /* Print the "sub" line. */
1024 print_key_line (es_stdout, pk2, secret);
1025 if (fpr > 1 || opt.with_subkey_fingerprint)
1027 print_fingerprint (NULL, pk2, 0);
1029 print_card_serialno (serialno);
1031 if (opt.with_keygrip && hexgrip)
1032 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1033 if (opt.with_key_data)
1034 print_key_data (pk2);
1036 else if (opt.list_sigs
1037 && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
1039 PKT_signature *sig = node->pkt->pkt.signature;
1043 if (listctx->check_sigs)
1045 rc = check_key_signature (keyblock, node, NULL);
1046 switch (gpg_err_code (rc))
1049 listctx->good_sigs++;
1052 case GPG_ERR_BAD_SIGNATURE:
1053 listctx->inv_sigs++;
1056 case GPG_ERR_NO_PUBKEY:
1057 case GPG_ERR_UNUSABLE_PUBKEY:
1066 /* TODO: Make sure a cached sig record here still has
1067 the pk that issued it. See also
1068 keyedit.c:print_and_check_one_sig */
1076 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1077 || sig->sig_class == 0x30)
1079 else if ((sig->sig_class & ~3) == 0x10)
1081 else if (sig->sig_class == 0x18)
1083 else if (sig->sig_class == 0x1F)
1087 es_fprintf (es_stdout, "sig "
1088 "[unexpected signature class 0x%02x]\n",
1093 es_fputs (sigstr, es_stdout);
1094 es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s",
1095 sigrc, (sig->sig_class - 0x10 > 0 &&
1096 sig->sig_class - 0x10 <
1097 4) ? '0' + sig->sig_class - 0x10 : ' ',
1098 sig->flags.exportable ? ' ' : 'L',
1099 sig->flags.revocable ? ' ' : 'R',
1100 sig->flags.policy_url ? 'P' : ' ',
1101 sig->flags.notation ? 'N' : ' ',
1102 sig->flags.expired ? 'X' : ' ',
1103 (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
1105 sig->trust_depth : ' ', keystr (sig->keyid),
1106 datestr_from_sig (sig));
1107 if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
1108 es_fprintf (es_stdout, " %s", expirestr_from_sig (sig));
1109 es_fprintf (es_stdout, " ");
1111 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1112 else if (sigrc == '?')
1114 else if (!opt.fast_list_mode)
1117 char *p = get_user_id (sig->keyid, &n);
1118 print_utf8_buffer (es_stdout, p, n);
1121 es_putc ('\n', es_stdout);
1123 if (sig->flags.policy_url
1124 && (opt.list_options & LIST_SHOW_POLICY_URLS))
1125 show_policy_url (sig, 3, 0);
1127 if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
1128 show_notation (sig, 3, 0,
1130 list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
1133 list_options & LIST_SHOW_USER_NOTATIONS) ? 2 :
1136 if (sig->flags.pref_ks
1137 && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
1138 show_keyserver_url (sig, 3, 0);
1140 /* fixme: check or list other sigs here */
1143 es_putc ('\n', es_stdout);
1149 print_revokers (estream_t fp, PKT_public_key * pk)
1151 /* print the revoker record */
1152 if (!pk->revkey && pk->numrevkeys)
1158 for (i = 0; i < pk->numrevkeys; i++)
1162 es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid);
1163 p = pk->revkey[i].fpr;
1164 for (j = 0; j < 20; j++, p++)
1165 es_fprintf (fp, "%02X", *p);
1166 es_fprintf (fp, ":%02x%s:\n",
1167 pk->revkey[i].class,
1168 (pk->revkey[i].class & 0x40) ? "s" : "");
1174 /* List a key in colon mode. If SECRET is true this is a secret key
1175 record (i.e. requested via --list-secret-key). If HAS_SECRET a
1176 secret key is available even if SECRET is not set. */
1178 list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
1179 int secret, int has_secret)
1186 int trustletter = 0;
1187 int trustletter_print;
1188 int ownertrust_print;
1191 char *hexgrip_buffer = NULL;
1192 const char *hexgrip = NULL;
1193 char *serialno = NULL;
1196 /* Get the keyid from the keyblock. */
1197 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1200 log_error ("Oops; key lost!\n");
1201 dump_kbnode (keyblock);
1205 pk = node->pkt->pkt.public_key;
1206 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1208 rc = hexkeygrip_from_pk (pk, &hexgrip_buffer);
1210 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1211 /* In the error case we print an empty string so that we have a
1212 * "grp" record for each and subkey - even if it is empty. This
1213 * may help to prevent sync problems. */
1214 hexgrip = hexgrip_buffer? hexgrip_buffer : "";
1217 if ((secret || has_secret)
1218 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1219 stubkey = 1; /* Key not found. */
1221 keyid_from_pk (pk, keyid);
1222 if (!pk->flags.valid)
1223 trustletter_print = 'i';
1224 else if (pk->flags.revoked)
1225 trustletter_print = 'r';
1226 else if (pk->has_expired)
1227 trustletter_print = 'e';
1228 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1229 trustletter_print = 0;
1232 trustletter = get_validity_info (ctrl, keyblock, pk, NULL);
1233 if (trustletter == 'u')
1235 trustletter_print = trustletter;
1238 if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
1239 ownertrust_print = get_ownertrust_info (pk);
1241 ownertrust_print = 0;
1243 es_fputs (secret? "sec:":"pub:", es_stdout);
1244 if (trustletter_print)
1245 es_putc (trustletter_print, es_stdout);
1246 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::",
1249 (ulong) keyid[0], (ulong) keyid[1],
1250 colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
1252 if (ownertrust_print)
1253 es_putc (ownertrust_print, es_stdout);
1254 es_putc (':', es_stdout);
1256 es_putc (':', es_stdout);
1257 es_putc (':', es_stdout);
1258 print_capabilities (pk, keyblock);
1259 es_putc (':', es_stdout); /* End of field 13. */
1260 es_putc (':', es_stdout); /* End of field 14. */
1261 if (secret || has_secret)
1264 es_putc ('#', es_stdout);
1266 es_fputs (serialno, es_stdout);
1267 else if (has_secret)
1268 es_putc ('+', es_stdout);
1270 es_putc (':', es_stdout); /* End of field 15. */
1271 es_putc (':', es_stdout); /* End of field 16. */
1272 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1273 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1274 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1276 char *curve = openpgp_oid_to_str (pk->pkey[0]);
1277 const char *name = openpgp_oid_to_curve (curve, 0);
1280 es_fputs (name, es_stdout);
1283 es_putc (':', es_stdout); /* End of field 17. */
1284 es_putc (':', es_stdout); /* End of field 18. */
1285 es_putc ('\n', es_stdout);
1287 print_revokers (es_stdout, pk);
1288 print_fingerprint (NULL, pk, 0);
1290 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1291 if (opt.with_key_data)
1292 print_key_data (pk);
1294 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1296 if (node->pkt->pkttype == PKT_USER_ID)
1298 PKT_user_id *uid = node->pkt->pkt.user_id;
1301 if (attrib_fp && uid->attrib_data != NULL)
1302 dump_attribs (uid, pk);
1304 if (uid->is_revoked)
1306 else if (uid->is_expired)
1308 else if (opt.no_expensive_trust_checks)
1313 uid_validity = get_validity_info (ctrl, keyblock, pk, uid);
1315 es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout);
1317 es_putc (uid_validity, es_stdout);
1318 es_fputs ("::::", es_stdout);
1320 es_fprintf (es_stdout, "%s:", colon_strtime (uid->created));
1321 es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate));
1323 namehash_from_uid (uid);
1325 for (i = 0; i < 20; i++)
1326 es_fprintf (es_stdout, "%02X", uid->namehash[i]);
1328 es_fprintf (es_stdout, "::");
1330 if (uid->attrib_data)
1331 es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len);
1333 es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
1334 es_putc (':', es_stdout);
1335 es_putc ('\n', es_stdout);
1337 if (!uid->attrib_data && opt.with_tofu_info
1338 && (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP))
1340 /* Print a "tfs" record. */
1341 tofu_write_tfs_record (ctrl, es_stdout, pk, uid->name);
1345 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1348 PKT_public_key *pk2;
1349 int need_hexgrip = !!hexgrip;
1351 pk2 = node->pkt->pkt.public_key;
1352 xfree (hexgrip_buffer); hexgrip_buffer = NULL; hexgrip = NULL;
1353 xfree (serialno); serialno = NULL;
1355 || secret || has_secret || opt.with_keygrip || opt.with_key_data)
1357 rc = hexkeygrip_from_pk (pk2, &hexgrip_buffer);
1359 log_error ("error computing a keygrip: %s\n",
1361 hexgrip = hexgrip_buffer? hexgrip_buffer : "";
1364 if ((secret||has_secret)
1365 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1366 stubkey = 1; /* Key not found. */
1368 keyid_from_pk (pk2, keyid2);
1369 es_fputs (secret? "ssb:":"sub:", es_stdout);
1370 if (!pk2->flags.valid)
1371 es_putc ('i', es_stdout);
1372 else if (pk2->flags.revoked)
1373 es_putc ('r', es_stdout);
1374 else if (pk2->has_expired)
1375 es_putc ('e', es_stdout);
1376 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1380 /* TRUSTLETTER should always be defined here. */
1382 es_fprintf (es_stdout, "%c", trustletter);
1384 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s:::::",
1385 nbits_from_pk (pk2),
1387 (ulong) keyid2[0], (ulong) keyid2[1],
1388 colon_datestr_from_pk (pk2), colon_strtime (pk2->expiredate)
1389 /* fixme: add LID and ownertrust here */
1391 print_capabilities (pk2, NULL);
1392 es_putc (':', es_stdout); /* End of field 13. */
1393 es_putc (':', es_stdout); /* End of field 14. */
1394 if (secret || has_secret)
1397 es_putc ('#', es_stdout);
1399 es_fputs (serialno, es_stdout);
1400 else if (has_secret)
1401 es_putc ('+', es_stdout);
1403 es_putc (':', es_stdout); /* End of field 15. */
1404 es_putc (':', es_stdout); /* End of field 16. */
1405 if (pk2->pubkey_algo == PUBKEY_ALGO_ECDSA
1406 || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA
1407 || pk2->pubkey_algo == PUBKEY_ALGO_ECDH)
1409 char *curve = openpgp_oid_to_str (pk2->pkey[0]);
1410 const char *name = openpgp_oid_to_curve (curve, 0);
1413 es_fputs (name, es_stdout);
1416 es_putc (':', es_stdout); /* End of field 17. */
1417 es_putc ('\n', es_stdout);
1418 print_fingerprint (NULL, pk2, 0);
1420 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1421 if (opt.with_key_data)
1422 print_key_data (pk2);
1424 else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE)
1426 PKT_signature *sig = node->pkt->pkt.signature;
1427 int sigrc, fprokay = 0;
1430 byte fparray[MAX_FINGERPRINT_LEN];
1434 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1435 || sig->sig_class == 0x30)
1437 else if ((sig->sig_class & ~3) == 0x10)
1439 else if (sig->sig_class == 0x18)
1441 else if (sig->sig_class == 0x1F)
1445 es_fprintf (es_stdout, "sig::::::::::%02x%c:\n",
1446 sig->sig_class, sig->flags.exportable ? 'x' : 'l');
1452 PKT_public_key *signer_pk = NULL;
1454 es_fflush (es_stdout);
1455 if (opt.no_sig_cache)
1456 signer_pk = xmalloc_clear (sizeof (PKT_public_key));
1458 rc = check_key_signature2 (keyblock, node, NULL, signer_pk,
1460 switch (gpg_err_code (rc))
1465 case GPG_ERR_BAD_SIGNATURE:
1468 case GPG_ERR_NO_PUBKEY:
1469 case GPG_ERR_UNUSABLE_PUBKEY:
1477 if (opt.no_sig_cache)
1481 fingerprint_from_pk (signer_pk, fparray, &fplen);
1484 free_public_key (signer_pk);
1493 if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode)
1494 siguid = get_user_id (sig->keyid, &siguidlen);
1502 es_fputs (sigstr, es_stdout);
1503 es_putc (':', es_stdout);
1505 es_putc (sigrc, es_stdout);
1506 es_fprintf (es_stdout, "::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1507 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1508 colon_datestr_from_sig (sig),
1509 colon_expirestr_from_sig (sig));
1511 if (sig->trust_depth || sig->trust_value)
1512 es_fprintf (es_stdout, "%d %d", sig->trust_depth, sig->trust_value);
1513 es_fprintf (es_stdout, ":");
1515 if (sig->trust_regexp)
1516 es_write_sanitized (es_stdout, sig->trust_regexp,
1517 strlen (sig->trust_regexp), ":", NULL);
1518 es_fprintf (es_stdout, ":");
1521 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1523 es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL);
1525 es_fprintf (es_stdout, ":%02x%c::", sig->sig_class,
1526 sig->flags.exportable ? 'x' : 'l');
1528 if (opt.no_sig_cache && opt.check_sigs && fprokay)
1530 for (i = 0; i < fplen; i++)
1531 es_fprintf (es_stdout, "%02X", fparray[i]);
1534 es_fprintf (es_stdout, ":::%d:\n", sig->digest_algo);
1536 if (opt.show_subpackets)
1537 print_subpackets_colon (sig);
1539 /* fixme: check or list other sigs here */
1544 xfree (hexgrip_buffer);
1549 * Reorder the keyblock so that the primary user ID (and not attribute
1550 * packet) comes first. Fixme: Replace this by a generic sort
1553 do_reorder_keyblock (KBNODE keyblock, int attr)
1555 KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
1558 for (node = keyblock; node; primary0 = node, node = node->next)
1560 if (node->pkt->pkttype == PKT_USER_ID &&
1561 ((attr && node->pkt->pkt.user_id->attrib_data) ||
1562 (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
1563 node->pkt->pkt.user_id->is_primary)
1565 primary = primary2 = node;
1566 for (node = node->next; node; primary2 = node, node = node->next)
1568 if (node->pkt->pkttype == PKT_USER_ID
1569 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1570 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1579 return; /* No primary key flag found (should not happen). */
1581 for (last = NULL, node = keyblock; node; last = node, node = node->next)
1583 if (node->pkt->pkttype == PKT_USER_ID)
1587 log_assert (last); /* The user ID is never the first packet. */
1588 log_assert (primary0); /* Ditto (this is the node before primary). */
1589 if (node == primary)
1590 return; /* Already the first one. */
1592 last->next = primary;
1593 primary0->next = primary2->next;
1594 primary2->next = node;
1598 reorder_keyblock (KBNODE keyblock)
1600 do_reorder_keyblock (keyblock, 1);
1601 do_reorder_keyblock (keyblock, 0);
1605 list_keyblock (ctrl_t ctrl,
1606 KBNODE keyblock, int secret, int has_secret, int fpr,
1607 struct keylist_context *listctx)
1609 reorder_keyblock (keyblock);
1611 if (opt.with_colons)
1612 list_keyblock_colon (ctrl, keyblock, secret, has_secret);
1614 list_keyblock_print (ctrl, keyblock, secret, fpr, listctx);
1617 es_fflush (es_stdout);
1621 /* Public function used by keygen to list a keyblock. If NO_VALIDITY
1622 * is set the validity of a key is never shown. */
1624 list_keyblock_direct (ctrl_t ctrl,
1625 kbnode_t keyblock, int secret, int has_secret, int fpr,
1628 struct keylist_context listctx;
1630 memset (&listctx, 0, sizeof (listctx));
1631 listctx.no_validity = !!no_validity;
1632 list_keyblock (ctrl, keyblock, secret, has_secret, fpr, &listctx);
1633 keylist_context_release (&listctx);
1637 /* Print an hex digit in ICAO spelling. */
1639 print_icao_hexdigit (estream_t fp, int c)
1641 static const char *list[16] = {
1642 "Zero", "One", "Two", "Three", "Four", "Five", "Six", "Seven",
1643 "Eight", "Niner", "Alfa", "Bravo", "Charlie", "Delta", "Echo", "Foxtrot"
1646 tty_fprintf (fp, "%s", list[c&15]);
1651 * Function to print the finperprint.
1652 * mode 0: as used in key listings, opt.with_colons is honored
1653 * 1: print using log_info ()
1654 * 2: direct use of tty
1655 * 3: direct use of tty but only primary key.
1656 * 4: direct use of tty but only subkey.
1657 * 10: Same as 0 but with_colons etc is ignored.
1658 * 20: Same as 0 but using a compact format.
1660 * Modes 1 and 2 will try and print both subkey and primary key
1661 * fingerprints. A MODE with bit 7 set is used internally. If
1662 * OVERRIDE_FP is not NULL that stream will be used in 0 instead
1663 * of es_stdout or instead of the TTY in modes 2 and 3.
1666 print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode)
1668 char hexfpr[2*MAX_FINGERPRINT_LEN+1];
1674 int with_colons = opt.with_colons;
1675 int with_icao = opt.with_icao_spelling;
1684 else if (mode == 20)
1691 if (!opt.fingerprint && !opt.with_fingerprint
1692 && opt.with_subkey_fingerprint)
1695 if (pk->main_keyid[0] == pk->keyid[0]
1696 && pk->main_keyid[1] == pk->keyid[1])
1699 /* Just to be safe */
1700 if ((mode & 0x80) && !primary)
1702 log_error ("primary key is not really primary!\n");
1708 if (!primary && (mode == 1 || mode == 2))
1710 PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
1711 get_pubkey (primary_pk, pk->main_keyid);
1712 print_fingerprint (override_fp, primary_pk, (mode | 0x80));
1713 free_public_key (primary_pk);
1718 fp = log_get_stream ();
1720 text = _("Primary key fingerprint:");
1722 text = _(" Subkey fingerprint:");
1726 fp = override_fp; /* Use tty or given stream. */
1728 /* TRANSLATORS: this should fit into 24 bytes so that the
1729 * fingerprint data is properly aligned with the user ID */
1730 text = _(" Primary key fingerprint:");
1732 text = _(" Subkey fingerprint:");
1736 fp = override_fp; /* Use tty or given stream. */
1737 text = _(" Key fingerprint =");
1741 fp = override_fp; /* Use tty or given stream. */
1742 text = _(" Subkey fingerprint:");
1746 fp = override_fp? override_fp : es_stdout;
1747 if (opt.keyid_format == KF_NONE)
1749 text = " "; /* To indent ICAO spelling. */
1753 text = _(" Key fingerprint =");
1756 hexfingerprint (pk, hexfpr, sizeof hexfpr);
1757 if (with_colons && !mode)
1759 es_fprintf (fp, "fpr:::::::::%s:", hexfpr);
1761 else if (compact && !opt.fingerprint && !opt.with_fingerprint)
1763 tty_fprintf (fp, "%*s%s", 6, "", hexfpr);
1767 char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1];
1768 format_hexfingerprint (hexfpr, fmtfpr, sizeof fmtfpr);
1770 tty_fprintf (fp, "%*s%s", 6, "", fmtfpr);
1772 tty_fprintf (fp, "%s %s", text, fmtfpr);
1774 tty_fprintf (fp, "\n");
1775 if (!with_colons && with_icao)
1778 tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, "");
1779 for (i = 0, p = hexfpr; *p; i++, p++)
1784 tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, "");
1786 tty_fprintf (fp, " ");
1788 tty_fprintf (fp, " ");
1789 print_icao_hexdigit (fp, xtoi_1 (p));
1791 tty_fprintf (fp, "\"\n");
1795 /* Print the serial number of an OpenPGP card if available. */
1797 print_card_serialno (const char *serialno)
1801 if (opt.with_colons)
1802 return; /* Handled elsewhere. */
1804 es_fputs (_(" Card serial no. ="), es_stdout);
1805 es_putc (' ', es_stdout);
1806 if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12))
1808 /* This is an OpenPGP card. Print the relevant part. */
1809 /* Example: D2760001240101010001000003470000 */
1811 es_fprintf (es_stdout, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
1814 es_fputs (serialno, es_stdout);
1815 es_putc ('\n', es_stdout);
1819 /* Print a public or secret (sub)key line. Example:
1821 * pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31]
1822 * 80615870F5BAD690333686D0F2AD85AC1E42B367
1824 * Some global options may result in a different output format. If
1825 * SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and
1826 * depending on the value a flag character is shown:
1828 * 1 := ' ' Regular secret key
1829 * 2 := '#' Stub secret key
1830 * 3 := '>' Secret key is on a token.
1833 print_key_line (estream_t fp, PKT_public_key *pk, int secret)
1835 char pkstrbuf[PUBKEY_STRING_SIZE];
1837 tty_fprintf (fp, "%s%c %s",
1838 pk->flags.primary? (secret? "sec":"pub")
1839 /**/ : (secret? "ssb":"sub"),
1840 secret == 2? '#' : secret == 3? '>' : ' ',
1841 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf));
1842 if (opt.keyid_format != KF_NONE)
1843 tty_fprintf (fp, "/%s", keystr_from_pk (pk));
1844 tty_fprintf (fp, " %s", datestr_from_pk (pk));
1846 if ((opt.list_options & LIST_SHOW_USAGE))
1848 tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0));
1850 if (pk->flags.revoked)
1852 tty_fprintf (fp, " [");
1853 tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk));
1854 tty_fprintf (fp, "]");
1856 else if (pk->has_expired)
1858 tty_fprintf (fp, " [");
1859 tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk));
1860 tty_fprintf (fp, "]");
1862 else if (pk->expiredate)
1864 tty_fprintf (fp, " [");
1865 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
1866 tty_fprintf (fp, "]");
1870 /* I need to think about this some more. It's easy enough to
1871 include, but it looks sort of confusing in the listing... */
1872 if (opt.list_options & LIST_SHOW_VALIDITY)
1874 int validity = get_validity (ctrl, pk, NULL, NULL, 0);
1875 tty_fprintf (fp, " [%s]", trust_value_to_string (validity));
1879 if (pk->pubkey_algo >= 100)
1880 tty_fprintf (fp, " [experimental algorithm %d]", pk->pubkey_algo);
1882 tty_fprintf (fp, "\n");
1884 /* if the user hasn't explicitly asked for human-readable
1885 fingerprints, show compact fpr of primary key: */
1886 if (pk->flags.primary &&
1887 !opt.fingerprint && !opt.with_fingerprint)
1888 print_fingerprint (fp, pk, 20);
1893 set_attrib_fd (int fd)
1895 static int last_fd = -1;
1897 if (fd != -1 && last_fd == fd)
1900 /* Fixme: Do we need to check for the log stream here? */
1901 if (attrib_fp && attrib_fp != log_get_stream ())
1902 es_fclose (attrib_fp);
1907 if (! gnupg_fd_valid (fd))
1908 log_fatal ("attribute-fd is invalid: %s\n", strerror (errno));
1910 #ifdef HAVE_DOSISH_SYSTEM
1911 setmode (fd, O_BINARY);
1914 attrib_fp = es_stdout;
1916 attrib_fp = es_stderr;
1918 attrib_fp = es_fdopen (fd, "wb");
1921 log_fatal ("can't open fd %d for attribute output: %s\n",
1922 fd, strerror (errno));