5 * Simple key manager program
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Header files ------------------------------------------------------*/
41 #include <mLib/base64.h>
42 #include <mLib/mdwopt.h>
43 #include <mLib/quis.h>
44 #include <mLib/report.h>
72 #include "sha256-mgf.h"
73 #include "sha224-mgf.h"
74 #include "sha384-mgf.h"
75 #include "sha512-mgf.h"
76 #include "tiger-mgf.h"
77 #include "rmd128-mgf.h"
78 #include "rmd160-mgf.h"
79 #include "rmd256-mgf.h"
80 #include "rmd320-mgf.h"
84 /*----- Handy global state ------------------------------------------------*/
86 static const char *keyfile = "keyring";
88 /*----- Useful shared functions -------------------------------------------*/
92 * Arguments: @key_file *f@ = pointer to key file block
93 * @unsigned how@ = method to open file with
97 * Use: Opens a key file and handles errors by panicking
101 static void doopen(key_file *f, unsigned how)
103 if (key_open(f, keyfile, how, key_moan, 0))
104 die(1, "couldn't open keyring `%s': %s", keyfile, strerror(errno));
107 /* --- @doclose@ --- *
109 * Arguments: @key_file *f@ = pointer to key file block
113 * Use: Closes a key file and handles errors by panicking
117 static void doclose(key_file *f)
119 switch (key_close(f)) {
121 die(EXIT_FAILURE, "couldn't write file `%s': %s",
122 keyfile, strerror(errno));
124 die(EXIT_FAILURE, "keyring file `%s' broken: %s (repair manually)",
125 keyfile, strerror(errno));
129 /* --- @setattr@ --- *
131 * Arguments: @key_file *f@ = pointer to key file block
132 * @key *k@ = pointer to key block
133 * @char *v[]@ = array of assignments (overwritten!)
137 * Use: Applies the attribute assignments to the key.
140 static void setattr(key_file *f, key *k, char *v[])
145 size_t eq = strcspn(p, "=");
147 moan("invalid assignment: `%s' (ignored)", p);
153 if ((err = key_putattr(f, k, *v, *p ? p : 0)) != 0)
154 die(EXIT_FAILURE, "couldn't set attributes: %s", key_strerror(err));
159 /*----- Seeding -----------------------------------------------------------*/
161 const struct seedalg { const char *p; grand *(*gen)(const void *, size_t); }
163 { "dsarand", dsarand_create },
164 { "rmd128-mgf", rmd128_mgfrand },
165 { "rmd160-mgf", rmd160_mgfrand },
166 { "rmd256-mgf", rmd256_mgfrand },
167 { "rmd320-mgf", rmd320_mgfrand },
168 { "sha-mgf", sha_mgfrand },
169 { "sha224-mgf", sha224_mgfrand },
170 { "sha256-mgf", sha256_mgfrand },
171 { "sha384-mgf", sha384_mgfrand },
172 { "sha512-mgf", sha512_mgfrand },
173 { "tiger-mgf", tiger_mgfrand },
177 #define SEEDALG_DEFAULT (seedtab + 2)
179 /*----- Key generation ----------------------------------------------------*/
181 /* --- Key generation parameters --- */
183 typedef struct keyopts {
184 key_file *kf; /* Pointer to key file */
185 key *k; /* Pointer to the actual key */
186 dstr tag; /* Full tag name for the key */
187 unsigned f; /* Flags for the new key */
188 unsigned bits, qbits; /* Bit length for the new key */
189 const char *curve; /* Elliptic curve name/info */
190 grand *r; /* Random number source */
191 key *p; /* Parameters key-data */
194 #define f_bogus 1u /* Error in parsing */
195 #define f_lock 2u /* Passphrase-lock private key */
196 #define f_quiet 4u /* Don't show a progress indicator */
197 #define f_limlee 8u /* Generate Lim-Lee primes */
198 #define f_subgroup 16u /* Generate a subgroup */
199 #define f_retag 32u /* Remove any existing tag */
201 /* --- @dolock@ --- *
203 * Arguments: @keyopts *k@ = key generation options
204 * @key_data **kd@ = pointer to key data to lock
205 * @const char *t@ = tag suffix or null
209 * Use: Does passphrase locking on new keys.
212 static void dolock(keyopts *k, key_data **kd, const char *t)
214 if (!(k->f & f_lock))
217 dstr_putf(&k->tag, ".%s", t);
218 if (key_plock(kd, 0, k->tag.buf))
219 die(EXIT_FAILURE, "couldn't lock key");
222 /* --- @copyparam@ --- *
224 * Arguments: @keyopts *k@ = pointer to key options
225 * @const char **pp@ = checklist of parameters
227 * Returns: Nonzero if parameters copied; zero if you have to generate
230 * Use: Copies parameters from a source key to the current one.
233 static int copyparam(keyopts *k, const char **pp)
239 /* --- Quick check if no parameters supplied --- */
244 /* --- Run through the checklist --- */
247 key_data *kd = key_structfind(k->p->k, *pp);
249 die(EXIT_FAILURE, "bad parameter key: parameter `%s' not found", *pp);
250 if ((kd->e & KF_CATMASK) != KCAT_SHARE)
251 die(EXIT_FAILURE, "bad parameter key: subkey `%s' is not shared", *pp);
255 /* --- Copy over the parameters --- */
259 key_setkeydata(k->kf, k->k, k->p->k);
261 /* --- Copy over attributes --- */
263 for (key_mkattriter(&i, k->p); key_nextattr(&i, &n, &v); )
264 key_putattr(k->kf, k->k, n, v);
273 * Arguments: @key_data *k@ = pointer to key data block
274 * @const char *tag@ = tag string to use
276 * Returns: Pointer to multiprecision integer key item.
278 * Use: Fetches an MP key component.
281 static mp *getmp(key_data *k, const char *tag)
283 k = key_structfind(k, tag);
285 die(EXIT_FAILURE, "unexpected failure looking up subkey `%s'", tag);
286 if ((k->e & KF_ENCMASK) != KENC_MP)
287 die(EXIT_FAILURE, "subkey `%s' has an incompatible type");
291 /* --- @keyrand@ --- *
293 * Arguments: @key_file *kf@ = pointer to key file
294 * @const char *id@ = pointer to key id (or null)
298 * Use: Keys the random number generator.
301 static void keyrand(key_file *kf, const char *id)
305 /* --- Find the key --- */
308 if ((k = key_bytag(kf, id)) == 0)
309 die(EXIT_FAILURE, "key `%s' not found", id);
311 k = key_bytype(kf, "catacomb-rand");
314 key_data *kd = k->k, *kkd;
318 switch (kd->e & KF_ENCMASK) {
324 if (key_punlock(&kkd, kd, d.buf))
325 die(EXIT_FAILURE, "error unlocking key `%s'", d.buf);
333 die(EXIT_FAILURE, "bad encoding type for key `%s'", d.buf);
337 /* --- Key the generator --- */
339 rand_key(RAND_GLOBAL, kd->u.k.k, kd->u.k.sz);
344 /* --- Key generation algorithms --- */
346 static void alg_binary(keyopts *k)
356 die(EXIT_FAILURE, "no shared parameters for binary keys");
358 sz = (k->bits + 7) >> 3;
360 m = (1 << (((k->bits - 1) & 7) + 1)) - 1;
361 k->r->ops->fill(k->r, p, sz);
363 kd = key_newbinary(KCAT_SYMM | KF_BURN, p, sz);
366 key_setkeydata(k->kf, k->k, kd);
371 static void alg_des(keyopts *k)
381 die(EXIT_FAILURE, "no shared parameters for DES keys");
382 if (k->bits % 56 || k->bits > 168)
383 die(EXIT_FAILURE, "DES keys must be 56, 112 or 168 bits long");
387 k->r->ops->fill(k->r, p, sz);
388 for (i = 0; i < sz; i++) {
389 octet x = p[i] | 0x01;
393 p[i] = (p[i] & 0xfe) | (x & 0x01);
395 kd = key_newbinary(KCAT_SYMM | KF_BURN, p, sz);
398 key_setkeydata(k->kf, k->k, kd);
403 static void alg_rsa(keyopts *k)
408 /* --- Sanity checking --- */
411 die(EXIT_FAILURE, "no shared parameters for RSA keys");
415 /* --- Generate the RSA parameters --- */
417 if (rsa_gen(&rp, k->bits, k->r, 0,
418 (k->f & f_quiet) ? 0 : pgen_ev, 0))
419 die(EXIT_FAILURE, "RSA key generation failed");
421 /* --- Run a test encryption --- */
424 grand *g = fibrand_create(k->r->ops->word(k->r));
426 mp *m = mprand_range(MP_NEW, rp.n, g, 0);
431 c = rsa_qpubop(&rpp, MP_NEW, m);
432 c = rsa_qprivop(&rp, c, c, g);
435 die(EXIT_FAILURE, "test encryption failed");
441 /* --- Allrighty then --- */
443 kd = key_newstruct();
444 key_structsteal(kd, "n", key_newmp(KCAT_PUB, rp.n));
445 key_structsteal(kd, "e", key_newmp(KCAT_PUB, rp.e));
447 kkd = key_newstruct();
448 key_structsteal(kkd, "d", key_newmp(KCAT_PRIV | KF_BURN, rp.d));
449 key_structsteal(kkd, "p", key_newmp(KCAT_PRIV | KF_BURN, rp.p));
450 key_structsteal(kkd, "q", key_newmp(KCAT_PRIV | KF_BURN, rp.q));
451 key_structsteal(kkd, "q-inv", key_newmp(KCAT_PRIV | KF_BURN, rp.q_inv));
452 key_structsteal(kkd, "d-mod-p", key_newmp(KCAT_PRIV | KF_BURN, rp.dp));
453 key_structsteal(kkd, "d-mod-q", key_newmp(KCAT_PRIV | KF_BURN, rp.dq));
454 dolock(k, &kkd, "private");
455 key_structsteal(kd, "private", kkd);
456 key_setkeydata(k->kf, k->k, kd);
461 static void alg_dsaparam(keyopts *k)
463 static const char *pl[] = { "q", "p", "g", 0 };
464 if (!copyparam(k, pl)) {
473 /* --- Choose appropriate bit lengths if necessary --- */
480 /* --- Allocate a seed block --- */
482 sz = (k->qbits + 7) >> 3;
484 k->r->ops->fill(k->r, p, sz);
486 /* --- Allocate the parameters --- */
488 if (dsa_gen(&dp, k->qbits, k->bits, 0, p, sz, &ds,
489 (k->f & f_quiet) ? 0 : pgen_ev, 0))
490 die(EXIT_FAILURE, "DSA parameter generation failed");
492 /* --- Store the parameters --- */
494 kd = key_newstruct();
495 key_structsteal(kd, "q", key_newmp(KCAT_SHARE, dp.q));
496 key_structsteal(kd, "p", key_newmp(KCAT_SHARE, dp.p));
497 key_structsteal(kd, "g", key_newmp(KCAT_SHARE, dp.g));
501 key_setkeydata(k->kf, k->k, kd);
504 /* --- Store the seed for future verification --- */
509 base64_encode(&c, ds.p, ds.sz, &d);
510 base64_encode(&c, 0, 0, &d);
512 key_putattr(k->kf, k->k, "seed", d.buf);
514 dstr_putf(&d, "%u", ds.count);
515 key_putattr(k->kf, k->k, "count", d.buf);
522 static void alg_dsa(keyopts *k)
529 /* --- Get the shared parameters --- */
532 key_split(&k->k->k); kd = k->k->k;
537 /* --- Choose a private key --- */
539 x = mprand_range(MP_NEWSEC, q, k->r, 0);
540 mpmont_create(&mm, p);
541 y = mpmont_exp(&mm, MP_NEW, g, x);
543 /* --- Store everything away --- */
545 key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
547 kkd = key_newstruct();
548 key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
549 dolock(k, &kkd, "private");
550 key_structsteal(kd, "private", kkd);
552 mp_drop(x); mp_drop(y);
555 static void alg_dhparam(keyopts *k)
557 static const char *pl[] = { "p", "q", "g", 0 };
559 if (!copyparam(k, pl)) {
568 if (strcmp(k->curve, "list") == 0) {
570 LIST("Built-in prime fields", stdout, ptab[i].name, ptab[i].name);
574 if (dh_parse(&qd, &dp))
575 die(EXIT_FAILURE, "error in field spec: %s", qd.e);
577 die(EXIT_FAILURE, "junk at end of field spec");
578 if ((g = group_prime(&dp)) == 0)
579 die(EXIT_FAILURE, "invalid prime field");
580 if (!(k->f & f_quiet) && (e = G_CHECK(g, &rand_global)) != 0)
581 moan("WARNING! group check failed: %s", e);
589 /* --- Choose a large safe prime number --- */
591 if (k->f & f_limlee) {
596 rc = dh_limlee(&dp, k->qbits, k->bits,
597 (k->f & f_subgroup) ? DH_SUBGROUP : 0,
598 0, k->r, (k->f & f_quiet) ? 0 : pgen_ev, 0,
599 (k->f & f_quiet) ? 0 : pgen_evspin, 0, &nf, &f);
603 for (i = 0; i < nf; i++) {
606 mp_writedstr(f[i], &d, 10);
609 key_putattr(k->kf, k->k, "factors", d.buf);
613 rc = dh_gen(&dp, k->qbits, k->bits, 0, k->r,
614 (k->f & f_quiet) ? 0 : pgen_ev, 0);
617 die(EXIT_FAILURE, "Diffie-Hellman parameter generation failed");
620 kd = key_newstruct();
621 key_structsteal(kd, "p", key_newmp(KCAT_SHARE, dp.p));
622 key_structsteal(kd, "q", key_newmp(KCAT_SHARE, dp.q));
623 key_structsteal(kd, "g", key_newmp(KCAT_SHARE, dp.g));
627 key_setkeydata(k->kf, k->k, kd);
632 static void alg_dh(keyopts *k)
639 /* --- Get the shared parameters --- */
642 key_split(&k->k->k); kd = k->k->k;
647 /* --- Choose a suitable private key --- *
649 * Since %$g$% has order %$q$%, choose %$x < q$%.
652 x = mprand_range(MP_NEWSEC, q, k->r, 0);
654 /* --- Compute the public key %$y = g^x \bmod p$% --- */
656 mpmont_create(&mm, p);
657 y = mpmont_exp(&mm, MP_NEW, g, x);
660 /* --- Store everything away --- */
662 key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
664 kkd = key_newstruct();
665 key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
666 dolock(k, &kkd, "private");
667 key_structsteal(kd, "private", kkd);
669 mp_drop(x); mp_drop(y);
672 static void alg_bbs(keyopts *k)
677 /* --- Sanity checking --- */
680 die(EXIT_FAILURE, "no shared parameters for Blum-Blum-Shub keys");
684 /* --- Generate the BBS parameters --- */
686 if (bbs_gen(&bp, k->bits, k->r, 0,
687 (k->f & f_quiet) ? 0 : pgen_ev, 0))
688 die(EXIT_FAILURE, "Blum-Blum-Shub key generation failed");
690 /* --- Allrighty then --- */
692 kd = key_newstruct();
693 key_structsteal(kd, "n", key_newmp(KCAT_PUB, bp.n));
695 kkd = key_newstruct();
696 key_structsteal(kkd, "p", key_newmp(KCAT_PRIV | KF_BURN, bp.p));
697 key_structsteal(kkd, "q", key_newmp(KCAT_PRIV | KF_BURN, bp.q));
698 dolock(k, &kkd, "private");
699 key_structsteal(kd, "private", kkd);
700 key_setkeydata(k->kf, k->k, kd);
706 static void alg_binparam(keyopts *k)
708 static const char *pl[] = { "p", "q", "g", 0 };
709 if (!copyparam(k, pl)) {
716 /* --- Decide on a field --- */
718 if (!k->bits) k->bits = 128;
719 if (k->curve && strcmp(k->curve, "list") == 0) {
721 LIST("Built-in binary fields", stdout,
722 bintab[i].name, bintab[i].name);
726 if (k->bits <= 40) k->curve = "p1363-40";
727 else if (k->bits <= 56) k->curve = "p1363-56";
728 else if (k->bits <= 64) k->curve = "p1363-64";
729 else if (k->bits <= 80) k->curve = "p1363-80";
730 else if (k->bits <= 112) k->curve = "p1363-112";
731 else if (k->bits <= 128) k->curve = "p1363-128";
734 "no built-in binary fields provide %u-bit security",
739 /* --- Check it --- */
743 if (dhbin_parse(&qd, &gb))
744 die(EXIT_FAILURE, "error in field spec: %s", qd.e);
746 die(EXIT_FAILURE, "junk at end of field spec");
747 if ((g = group_binary(&gb)) == 0)
748 die(EXIT_FAILURE, "invalid binary field");
749 if (!(k->f & f_quiet) && (e = G_CHECK(g, &rand_global)) != 0)
750 moan("WARNING! group check failed: %s", e);
753 /* --- Write out the answer --- */
755 kd = key_newstruct();
756 key_structsteal(kd, "p", key_newmp(KCAT_SHARE, gb.p));
757 key_structsteal(kd, "q", key_newmp(KCAT_SHARE, gb.q));
758 key_structsteal(kd, "g", key_newmp(KCAT_SHARE, gb.g));
762 key_setkeydata(k->kf, k->k, kd);
767 static void alg_bin(keyopts *k)
774 /* --- Get the shared parameters --- */
777 key_split(&k->k->k); kd = k->k->k;
782 /* --- Choose a suitable private key --- *
784 * Since %$g$% has order %$q$%, choose %$x < q$%.
787 x = mprand_range(MP_NEWSEC, q, k->r, 0);
789 /* --- Compute the public key %$y = g^x \bmod p$% --- */
791 gfreduce_create(&r, p);
792 y = gfreduce_exp(&r, MP_NEW, g, x);
793 gfreduce_destroy(&r);
795 /* --- Store everything away --- */
797 key_structsteal(kd, "y", key_newmp(KCAT_PUB, y));
799 kkd = key_newstruct();
800 key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
801 dolock(k, &kkd, "private");
802 key_structsteal(kd, "private", kkd);
804 mp_drop(x); mp_drop(y);
807 static void alg_ecparam(keyopts *k)
809 static const char *pl[] = { "curve", 0 };
810 if (!copyparam(k, pl)) {
815 /* --- Decide on a curve --- */
817 if (!k->bits) k->bits = 256;
818 if (k->curve && strcmp(k->curve, "list") == 0) {
820 LIST("Built-in elliptic curves", stdout,
821 ectab[i].name, ectab[i].name);
825 if (k->bits <= 56) k->curve = "secp112r1";
826 else if (k->bits <= 64) k->curve = "secp128r1";
827 else if (k->bits <= 80) k->curve = "secp160r1";
828 else if (k->bits <= 96) k->curve = "secp192r1";
829 else if (k->bits <= 112) k->curve = "secp224r1";
830 else if (k->bits <= 128) k->curve = "secp256r1";
831 else if (k->bits <= 192) k->curve = "secp384r1";
832 else if (k->bits <= 256) k->curve = "secp521r1";
834 die(EXIT_FAILURE, "no built-in curves provide %u-bit security",
838 /* --- Check it --- */
840 if ((e = ec_getinfo(&ei, k->curve)) != 0)
841 die(EXIT_FAILURE, "error in curve spec: %s", e);
842 if (!(k->f & f_quiet) && (e = ec_checkinfo(&ei, k->r)) != 0)
843 moan("WARNING! curve check failed: %s", e);
846 /* --- Write out the answer --- */
848 kd = key_newstruct();
849 key_structsteal(kd, "curve", key_newstring(KCAT_SHARE, k->curve));
850 key_setkeydata(k->kf, k->k, kd);
855 static void alg_ec(keyopts *k)
864 /* --- Get the curve --- */
867 key_split(&k->k->k); kd = k->k->k;
868 if ((kkd = key_structfind(kd, "curve")) == 0)
869 die(EXIT_FAILURE, "unexpected failure looking up subkey `curve')");
870 if ((kkd->e & KF_ENCMASK) != KENC_STRING)
871 die(EXIT_FAILURE, "subkey `curve' is not a string");
872 if ((e = ec_getinfo(&ei, kkd->u.p)) != 0)
873 die(EXIT_FAILURE, "error in curve spec: %s", e);
875 /* --- Invent a private exponent and compute the public key --- */
877 x = mprand_range(MP_NEWSEC, ei.r, k->r, 0);
878 ec_mul(ei.c, &p, &ei.g, x);
880 /* --- Store everything away --- */
882 key_structsteal(kd, "p", key_newec(KCAT_PUB, &p));
884 kkd = key_newstruct();
885 key_structsteal(kkd, "x", key_newmp(KCAT_PRIV | KF_BURN, x));
886 dolock(k, &kkd, "private");
887 key_structsteal(kd, "private", kkd);
895 /* --- The algorithm tables --- */
897 typedef struct keyalg {
899 void (*proc)(keyopts *o);
903 static keyalg algtab[] = {
904 { "binary", alg_binary, "Plain binary data" },
905 { "des", alg_des, "Binary with DES-style parity" },
906 { "rsa", alg_rsa, "RSA public-key encryption" },
907 { "bbs", alg_bbs, "Blum-Blum-Shub generator" },
908 { "dsa", alg_dsa, "DSA digital signatures" },
909 { "dsa-param", alg_dsaparam, "DSA shared parameters" },
910 { "dh", alg_dh, "Diffie-Hellman key exchange" },
911 { "dh-param", alg_dhparam, "Diffie-Hellman parameters" },
912 { "bindh", alg_bin, "DH over a binary field" },
913 { "bindh-param", alg_binparam, "Binary-field DH parameters" },
914 { "ec-param", alg_ecparam, "Elliptic curve parameters" },
915 { "ec", alg_ec, "Elliptic curve crypto" },
919 /* --- @cmd_add@ --- */
921 static int cmd_add(int argc, char *argv[])
924 time_t exp = KEXP_EXPIRE;
925 const char *tag = 0, *ptag = 0;
927 keyalg *alg = algtab;
928 const char *rtag = 0;
929 const struct seedalg *sa = SEEDALG_DEFAULT;
930 keyopts k = { 0, 0, DSTR_INIT, 0, 0, 0, 0, 0 };
931 const char *seed = 0;
934 /* --- Parse options for the subcommand --- */
937 static struct option opt[] = {
938 { "algorithm", OPTF_ARGREQ, 0, 'a' },
939 { "bits", OPTF_ARGREQ, 0, 'b' },
940 { "qbits", OPTF_ARGREQ, 0, 'B' },
941 { "parameters", OPTF_ARGREQ, 0, 'p' },
942 { "expire", OPTF_ARGREQ, 0, 'e' },
943 { "comment", OPTF_ARGREQ, 0, 'c' },
944 { "tag", OPTF_ARGREQ, 0, 't' },
945 { "rand-id", OPTF_ARGREQ, 0, 'R' },
946 { "curve", OPTF_ARGREQ, 0, 'C' },
947 { "seedalg", OPTF_ARGREQ, 0, 'A' },
948 { "seed", OPTF_ARGREQ, 0, 's' },
949 { "newseed", OPTF_ARGREQ, 0, 'n' },
950 { "lock", 0, 0, 'l' },
951 { "quiet", 0, 0, 'q' },
952 { "lim-lee", 0, 0, 'L' },
953 { "subgroup", 0, 0, 'S' },
956 int i = mdwopt(argc, argv, "+a:b:B:p:e:c:t:R:C:A:s:n:lqrLS",
961 /* --- Handle the various options --- */
965 /* --- Read an algorithm name --- */
969 size_t sz = strlen(optarg);
971 if (strcmp(optarg, "list") == 0) {
972 for (a = algtab; a->name; a++)
973 printf("%-10s %s\n", a->name, a->help);
978 for (a = algtab; a->name; a++) {
979 if (strncmp(optarg, a->name, sz) == 0) {
980 if (a->name[sz] == 0) {
984 die(EXIT_FAILURE, "ambiguous algorithm name `%s'", optarg);
990 die(EXIT_FAILURE, "unknown algorithm name `%s'", optarg);
993 /* --- Bits must be nonzero and a multiple of 8 --- */
997 k.bits = strtoul(optarg, &p, 0);
998 if (k.bits == 0 || *p != 0)
999 die(EXIT_FAILURE, "bad bitlength `%s'", optarg);
1004 k.qbits = strtoul(optarg, &p, 0);
1005 if (k.qbits == 0 || *p != 0)
1006 die(EXIT_FAILURE, "bad bitlength `%s'", optarg);
1009 /* --- Parameter selection --- */
1015 /* --- Expiry dates get passed to @get_date@ for parsing --- */
1018 if (strcmp(optarg, "forever") == 0)
1021 exp = get_date(optarg, 0);
1023 die(EXIT_FAILURE, "bad expiry date `%s'", optarg);
1027 /* --- Store comments without interpretation --- */
1030 if (key_chkcomment(optarg))
1031 die(EXIT_FAILURE, "bad comment string `%s'", optarg);
1035 /* --- Elliptic curve parameters --- */
1041 /* --- Store tags --- */
1044 if (key_chkident(optarg))
1045 die(EXIT_FAILURE, "bad tag string `%s'", optarg);
1052 /* --- Seeding --- */
1055 const struct seedalg *ss;
1056 if (strcmp(optarg, "list") == 0) {
1057 printf("Seed algorithms:\n");
1058 for (ss = seedtab; ss->p; ss++)
1059 printf(" %s\n", ss->p);
1062 if (seed) die(EXIT_FAILURE, "seed already set -- put -A first");
1064 for (ss = seedtab; ss->p; ss++) {
1065 if (strcmp(optarg, ss->p) == 0)
1069 die(EXIT_FAILURE, "seed algorithm `%s' not known", optarg);
1075 if (seed) die(EXIT_FAILURE, "seed already set");
1077 base64_decode(&b, optarg, strlen(optarg), &d);
1078 base64_decode(&b, 0, 0, &d);
1079 k.r = sa->gen(d.buf, d.len);
1088 unsigned n = strtoul(optarg, &p, 0);
1089 if (n == 0 || *p != 0 || n % 8 != 0)
1090 die(EXIT_FAILURE, "bad seed length `%s'", optarg);
1091 if (seed) die(EXIT_FAILURE, "seed already set");
1094 rand_get(RAND_GLOBAL, p, n);
1096 base64_encode(&b, p, n, &d);
1097 base64_encode(&b, 0, 0, &d);
1099 k.r = sa->gen(p, n);
1102 /* --- Other flags --- */
1120 /* --- Other things are bogus --- */
1128 /* --- Various sorts of bogosity --- */
1130 if ((k.f & f_bogus) || optind + 1 > argc) {
1132 "Usage: add [OPTIONS] TYPE [ATTR...]");
1134 if (key_chkident(argv[optind]))
1135 die(EXIT_FAILURE, "bad key type `%s'", argv[optind]);
1137 /* --- Set up various bits of the state --- */
1139 if (exp == KEXP_EXPIRE)
1140 exp = time(0) + 14 * 24 * 60 * 60;
1142 /* --- Open the file and create the basic key block --- *
1144 * Keep on generating keyids until one of them doesn't collide.
1147 doopen(&f, KOPEN_WRITE);
1150 /* --- Key the generator --- */
1155 uint32 id = rand_global.ops->word(&rand_global);
1157 if ((err = key_new(&f, id, argv[optind], exp, &k.k)) == 0)
1159 else if (err != KERR_DUPID)
1160 die(EXIT_FAILURE, "error adding new key: %s", key_strerror(err));
1163 /* --- Set various simple attributes --- */
1168 if (k.f & f_retag) {
1169 if ((kk = key_bytag(&f, tag)) != 0 &&
1171 strcmp(kk->tag, tag) == 0)
1172 key_settag(&f, kk, 0);
1174 if ((err = key_settag(&f, k.k, tag)) != 0)
1175 die(EXIT_FAILURE, "error setting key tag: %s", key_strerror(err));
1179 int err = key_setcomment(&f, k.k, c);
1181 die(EXIT_FAILURE, "error setting key comment: %s", key_strerror(err));
1184 setattr(&f, k.k, argv + optind + 1);
1186 key_putattr(&f, k.k, "genseed", seed);
1187 key_putattr(&f, k.k, "seedalg", sa->p);
1190 key_fulltag(k.k, &k.tag);
1192 /* --- Find the parameter key --- */
1195 if ((k.p = key_bytag(&f, ptag)) == 0)
1196 die(EXIT_FAILURE, "parameter key `%s' not found", ptag);
1197 if ((k.p->k->e & KF_ENCMASK) != KENC_STRUCT)
1198 die(EXIT_FAILURE, "parameter key `%s' is not structured", ptag);
1201 /* --- Now generate the actual key data --- */
1207 dstr_destroy(&k.tag);
1212 /*----- Key listing -------------------------------------------------------*/
1214 /* --- Listing options --- */
1216 typedef struct listopts {
1217 const char *tfmt; /* Date format (@strftime@-style) */
1218 int v; /* Verbosity level */
1219 unsigned f; /* Various flags */
1220 time_t t; /* Time now (for key expiry) */
1221 key_filter kf; /* Filter for matching keys */
1224 /* --- Listing flags --- */
1226 #define f_newline 2u /* Write newline before next entry */
1227 #define f_attr 4u /* Written at least one attribute */
1228 #define f_utc 8u /* Emit UTC time, not local time */
1230 /* --- @showkeydata@ --- *
1232 * Arguments: @key_data *k@ = pointer to key to write
1233 * @int ind@ = indentation level
1234 * @listopts *o@ = listing options
1235 * @dstr *d@ = tag string for this subkey
1239 * Use: Emits a piece of key data in a human-readable format.
1242 static void showkeydata(key_data *k, int ind, listopts *o, dstr *d)
1244 #define INDENT(i) do { \
1246 for (_i = 0; _i < (i); _i++) { \
1251 switch (k->e & KF_ENCMASK) {
1253 /* --- Binary key data --- *
1255 * Emit as a simple hex dump.
1259 const octet *p = k->u.k.k;
1260 const octet *l = p + k->u.k.sz;
1263 fputs(" {", stdout);
1268 } else if (sz % 8 == 0)
1272 printf("%02x", *p++);
1277 fputs("}\n", stdout);
1280 /* --- Encrypted data --- *
1282 * If the user is sufficiently keen, ask for a passphrase and decrypt the
1283 * key. Otherwise just say that it's encrypted and move on.
1288 fputs(" encrypted\n", stdout);
1291 if (key_punlock(&kd, k, d->buf))
1292 printf(" <failed to unlock %s>\n", d->buf);
1294 fputs(" encrypted", stdout);
1295 showkeydata(kd, ind, o, d);
1301 /* --- Integer keys --- *
1303 * Emit as a large integer in decimal. This makes using the key in
1304 * `calc' or whatever easier.
1309 mp_writefile(k->u.m, stdout, 10);
1313 /* --- Strings --- */
1316 printf(" `%s'\n", k->u.p);
1319 /* --- Elliptic curve points --- */
1322 if (EC_ATINF(&k->u.e))
1323 fputs(" inf\n", stdout);
1325 fputs(" 0x", stdout); mp_writefile(k->u.e.x, stdout, 16);
1326 fputs(", 0x", stdout); mp_writefile(k->u.e.y, stdout, 16);
1331 /* --- Structured keys --- *
1333 * Just iterate over the subkeys.
1341 fputs(" {\n", stdout);
1342 for (key_mksubkeyiter(&i, k); key_nextsubkey(&i, &tag, &k); ) {
1343 if (!key_match(k, &o->kf))
1346 printf("%s =", tag);
1348 dstr_putf(d, ".%s", tag);
1349 showkeydata(k, ind + 2, o, d);
1352 fputs("}\n", stdout);
1359 /* --- @showkey@ --- *
1361 * Arguments: @key *k@ = pointer to key to show
1362 * @listopts *o@ = pointer to listing options
1366 * Use: Emits a listing of a particular key.
1369 static void showkey(key *k, listopts *o)
1371 char ebuf[24], dbuf[24];
1374 /* --- Skip the key if the filter doesn't match --- */
1376 if (!key_match(k->k, &o->kf))
1379 /* --- Sort out the expiry and deletion times --- */
1381 if (KEY_EXPIRED(o->t, k->exp))
1382 strcpy(ebuf, "expired");
1383 else if (k->exp == KEXP_FOREVER)
1384 strcpy(ebuf, "forever");
1386 tm = (o->f & f_utc) ? gmtime(&k->exp) : localtime(&k->exp);
1387 strftime(ebuf, sizeof(ebuf), o->tfmt, tm);
1390 if (KEY_EXPIRED(o->t, k->del))
1391 strcpy(dbuf, "deleted");
1392 else if (k->del == KEXP_FOREVER)
1393 strcpy(dbuf, "forever");
1395 tm = (o->f & f_utc) ? gmtime(&k->del) : localtime(&k->del);
1396 strftime(dbuf, sizeof(dbuf), o->tfmt, tm);
1399 /* --- If in compact format, just display and quit --- */
1402 if (!(o->f & f_newline)) {
1403 printf("%8s %-20s %-20s %-10s %-10s\n",
1404 "Id", "Tag", "Type", "Expire", "Delete");
1406 printf("%08lx %-20s %-20s %-10s %-10s\n",
1407 (unsigned long)k->id, k->tag ? k->tag : "<none>",
1408 k->type, ebuf, dbuf);
1413 /* --- Display the standard header --- */
1415 if (o->f & f_newline)
1416 fputc('\n', stdout);
1417 printf("keyid: %08lx\n", (unsigned long)k->id);
1418 printf("tag: %s\n", k->tag ? k->tag : "<none>");
1419 printf("type: %s\n", k->type);
1420 printf("expiry: %s\n", ebuf);
1421 printf("delete: %s\n", dbuf);
1422 printf("comment: %s\n", k->c ? k->c : "<none>");
1424 /* --- Display the attributes --- */
1428 const char *av, *an;
1431 printf("attributes:");
1432 for (key_mkattriter(&i, k); key_nextattr(&i, &an, &av); ) {
1433 printf("\n %s = %s", an, av);
1437 fputc('\n', stdout);
1442 /* --- If dumping requested, dump the raw key data --- */
1446 fputs("key:", stdout);
1448 showkeydata(k->k, 0, o, &d);
1455 /* --- @cmd_list@ --- */
1457 static int cmd_list(int argc, char *argv[])
1461 listopts o = { 0, 0, 0, 0, { 0, 0 } };
1463 /* --- Parse subcommand options --- */
1466 static struct option opt[] = {
1467 { "quiet", 0, 0, 'q' },
1468 { "verbose", 0, 0, 'v' },
1469 { "utc", 0, 0, 'u' },
1470 { "filter", OPTF_ARGREQ, 0, 'f' },
1473 int i = mdwopt(argc, argv, "+uqvf:", opt, 0, 0, 0);
1490 int e = key_readflags(optarg, &p, &o.kf.f, &o.kf.m);
1492 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1501 die(EXIT_FAILURE, "Usage: list [-uqv] [-f FILTER] [TAG...]");
1503 /* --- Open the key file --- */
1505 doopen(&f, KOPEN_READ);
1508 /* --- Set up the time format --- */
1511 o.tfmt = "%Y-%m-%d";
1512 else if (o.f & f_utc)
1513 o.tfmt = "%Y-%m-%d %H:%M:%S UTC";
1515 o.tfmt = "%Y-%m-%d %H:%M:%S %Z";
1517 /* --- If specific keys were requested use them, otherwise do all --- *
1519 * Some day, this might turn into a wildcard match.
1522 if (optind < argc) {
1524 if ((k = key_bytag(&f, argv[optind])) != 0)
1527 moan("key `%s' not found", argv[optind]);
1531 } while (optind < argc);
1534 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
1542 return (EXIT_FAILURE);
1547 /*----- Command implementation --------------------------------------------*/
1549 /* --- @cmd_expire@ --- */
1551 static int cmd_expire(int argc, char *argv[])
1559 die(EXIT_FAILURE, "Usage: expire TAG...");
1560 doopen(&f, KOPEN_WRITE);
1561 for (i = 1; i < argc; i++) {
1562 if ((k = key_bytag(&f, argv[i])) != 0)
1565 moan("key `%s' not found", argv[i]);
1573 /* --- @cmd_delete@ --- */
1575 static int cmd_delete(int argc, char *argv[])
1583 die(EXIT_FAILURE, "Usage: delete TAG...");
1584 doopen(&f, KOPEN_WRITE);
1585 for (i = 1; i < argc; i++) {
1586 if ((k = key_bytag(&f, argv[i])) != 0)
1589 moan("key `%s' not found", argv[i]);
1597 /* --- @cmd_setattr@ --- */
1599 static int cmd_setattr(int argc, char *argv[])
1605 die(EXIT_FAILURE, "Usage: setattr TAG ATTR...");
1606 doopen(&f, KOPEN_WRITE);
1607 if ((k = key_bytag(&f, argv[1])) == 0)
1608 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1609 setattr(&f, k, argv + 2);
1614 /* --- @cmd_getattr@ --- */
1616 static int cmd_getattr(int argc, char *argv[])
1624 die(EXIT_FAILURE, "Usage: getattr TAG ATTR");
1625 doopen(&f, KOPEN_READ);
1626 if ((k = key_bytag(&f, argv[1])) == 0)
1627 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1629 if ((p = key_getattr(&f, k, argv[2])) == 0)
1630 die(EXIT_FAILURE, "no attribute `%s' for key `%s'", argv[2], d.buf);
1637 /* --- @cmd_finger@ --- */
1639 static void fingerprint(key *k, const gchash *ch, const key_filter *kf)
1647 if (key_fingerprint(k, h, kf)) {
1650 for (i = 0; i < ch->hashsz; i++) {
1651 if (i && i % 4 == 0)
1653 printf("%02x", p[i]);
1655 printf(" %s\n", d.buf);
1661 static int cmd_finger(int argc, char *argv[])
1665 const gchash *ch = &rmd160;
1666 key_filter kf = { KF_NONSECRET, KF_NONSECRET };
1669 static struct option opt[] = {
1670 { "filter", OPTF_ARGREQ, 0, 'f' },
1671 { "algorithm", OPTF_ARGREQ, 0, 'a' },
1674 int i = mdwopt(argc, argv, "+f:a:", opt, 0, 0, 0);
1680 int err = key_readflags(optarg, &p, &kf.f, &kf.m);
1682 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1685 if ((ch = ghash_byname(optarg)) == 0)
1686 die(EXIT_FAILURE, "unknown hash algorithm `%s'", optarg);
1694 argv += optind; argc -= optind;
1696 die(EXIT_FAILURE, "Usage: fingerprint [-f FILTER] [TAG...]");
1698 doopen(&f, KOPEN_READ);
1702 for (i = 0; i < argc; i++) {
1703 key *k = key_bytag(&f, argv[i]);
1705 fingerprint(k, ch, &kf);
1708 moan("key `%s' not found", argv[i]);
1714 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
1715 fingerprint(k, ch, &kf);
1720 /* --- @cmd_verify@ --- */
1722 static unsigned xdigit(char c)
1724 if ('A' <= c && c <= 'Z') return (c + 10 - 'A');
1725 if ('a' <= c && c <= 'z') return (c + 10 - 'a');
1726 if ('0' <= c && c <= '9') return (c - '0');
1730 static void unhexify(octet *q, char *p, size_t n)
1736 if (*p == '-' || *p == ':' || isspace((unsigned char)*p)) {
1743 die(EXIT_FAILURE, "hex string too short");
1744 if (!isxdigit((unsigned char)*p))
1745 die(EXIT_FAILURE, "bad hex string");
1747 die(EXIT_FAILURE, "hex string too long");
1748 a = (a << 4) | xdigit(*p++);
1759 static int cmd_verify(int argc, char *argv[])
1763 const gchash *ch = &rmd160;
1768 key_filter kf = { KF_NONSECRET, KF_NONSECRET };
1771 static struct option opt[] = {
1772 { "filter", OPTF_ARGREQ, 0, 'f' },
1773 { "algorithm", OPTF_ARGREQ, 0, 'a' },
1776 int i = mdwopt(argc, argv, "+f:a:", opt, 0, 0, 0);
1782 int err = key_readflags(optarg, &p, &kf.f, &kf.m);
1784 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1787 if ((ch = ghash_byname(optarg)) == 0)
1788 die(EXIT_FAILURE, "unknown hash algorithm `%s'", optarg);
1796 argv += optind; argc -= optind;
1797 if (rc || argc != 2)
1798 die(EXIT_FAILURE, "Usage: verify [-f FILTER] TAG FINGERPRINT");
1800 doopen(&f, KOPEN_READ);
1802 if ((k = key_bytag(&f, argv[0])) == 0)
1803 die(EXIT_FAILURE, "key `%s' not found", argv[0]);
1804 buf = xmalloc(ch->hashsz);
1805 unhexify(buf, argv[1], ch->hashsz);
1807 if (!key_fingerprint(k, h, &kf))
1808 die(EXIT_FAILURE, "key has no fingerprintable components (as filtered)");
1809 fpr = GH_DONE(h, 0);
1810 if (memcmp(fpr, buf, ch->hashsz) != 0)
1811 die(EXIT_FAILURE, "key fingerprint mismatch");
1816 /* --- @cmd_comment@ --- */
1818 static int cmd_comment(int argc, char *argv[])
1824 if (argc < 2 || argc > 3)
1825 die(EXIT_FAILURE, "Usage: comment TAG [COMMENT]");
1826 doopen(&f, KOPEN_WRITE);
1827 if ((k = key_bytag(&f, argv[1])) == 0)
1828 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1829 if ((err = key_setcomment(&f, k, argv[2])) != 0)
1830 die(EXIT_FAILURE, "bad comment `%s': %s", argv[2], key_strerror(err));
1835 /* --- @cmd_tag@ --- */
1837 static int cmd_tag(int argc, char *argv[])
1846 static struct option opt[] = {
1847 { "retag", 0, 0, 'r' },
1850 int i = mdwopt(argc, argv, "+r", opt, 0, 0, 0);
1863 argv += optind; argc -= optind;
1864 if (argc < 1 || argc > 2 || rc)
1865 die(EXIT_FAILURE, "Usage: tag [-r] TAG [NEW-TAG]");
1866 doopen(&f, KOPEN_WRITE);
1867 if (flags & f_retag) {
1868 if ((k = key_bytag(&f, argv[1])) != 0 && strcmp(k->tag, argv[1]) == 0)
1869 key_settag(&f, k, 0);
1871 if ((k = key_bytag(&f, argv[0])) == 0)
1872 die(EXIT_FAILURE, "key `%s' not found", argv[0]);
1873 if ((err = key_settag(&f, k, argv[1])) != 0)
1874 die(EXIT_FAILURE, "bad tag `%s': %s", argv[1], key_strerror(err));
1879 /* --- @cmd_lock@ --- */
1881 static int cmd_lock(int argc, char *argv[])
1889 die(EXIT_FAILURE, "Usage: lock QTAG");
1890 doopen(&f, KOPEN_WRITE);
1891 if (key_qtag(&f, argv[1], &d, &k, &kd))
1892 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1893 if ((*kd)->e == KENC_ENCRYPT && key_punlock(kd, 0, d.buf))
1894 die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
1895 if (key_plock(kd, 0, d.buf))
1896 die(EXIT_FAILURE, "failed to lock key `%s'", d.buf);
1902 /* --- @cmd_unlock@ --- */
1904 static int cmd_unlock(int argc, char *argv[])
1912 die(EXIT_FAILURE, "Usage: unlock QTAG");
1913 doopen(&f, KOPEN_WRITE);
1914 if (key_qtag(&f, argv[1], &d, &k, &kd))
1915 die(EXIT_FAILURE, "key `%s' not found", argv[1]);
1916 if ((*kd)->e != KENC_ENCRYPT)
1917 die(EXIT_FAILURE, "key `%s' is not encrypted", d.buf);
1918 if (key_punlock(kd, 0, d.buf))
1919 die(EXIT_FAILURE, "couldn't unlock key `%s'", d.buf);
1925 /* --- @cmd_extract@ --- */
1927 static int cmd_extract(int argc, char *argv[])
1933 key_filter kf = { 0, 0 };
1935 const char *outfile = 0;
1939 static struct option opt[] = {
1940 { "filter", OPTF_ARGREQ, 0, 'f' },
1943 int i = mdwopt(argc, argv, "f:", opt, 0, 0, 0);
1949 int err = key_readflags(optarg, &p, &kf.f, &kf.m);
1951 die(EXIT_FAILURE, "bad filter string `%s'", optarg);
1959 argv += optind; argc -= optind;
1961 die(EXIT_FAILURE, "Usage: extract [-f FILTER] FILE [TAG...]");
1962 if (strcmp(*argv, "-") == 0)
1966 dstr_putf(&d, "%s.new", outfile);
1967 if (!(fp = fopen(d.buf, "w"))) {
1968 die(EXIT_FAILURE, "couldn't open `%s' for writing: %s",
1969 d.buf, strerror(errno));
1973 doopen(&f, KOPEN_READ);
1977 for (key_mkiter(&i, &f); (k = key_next(&i)) != 0; )
1978 key_extract(&f, k, fp, &kf);
1980 for (i = 1; i < argc; i++) {
1981 if ((k = key_bytag(&f, argv[i])) != 0)
1982 key_extract(&f, k, fp, &kf);
1984 moan("key `%s' not found", argv[i]);
1989 if (fclose(fp) || (outfile && rename(d.buf, outfile)))
1990 die(EXIT_FAILURE, "error writing file: %s", strerror(errno));
1996 /* --- @cmd_tidy@ --- */
1998 static int cmd_tidy(int argc, char *argv[])
2002 die(EXIT_FAILURE, "Usage: tidy");
2003 doopen(&f, KOPEN_WRITE);
2004 f.f |= KF_MODIFIED; /* Nasty hack */
2009 /* --- @cmd_merge@ --- */
2011 static int cmd_merge(int argc, char *argv[])
2017 die(EXIT_FAILURE, "Usage: merge FILE");
2018 if (strcmp(argv[1], "-") == 0)
2020 else if (!(fp = fopen(argv[1], "r"))) {
2021 die(EXIT_FAILURE, "couldn't open `%s' for reading: %s",
2022 argv[1], strerror(errno));
2025 doopen(&f, KOPEN_WRITE);
2026 key_merge(&f, argv[1], fp, key_moan, 0);
2031 /* --- @cmd_show@ --- */
2035 listtab[i].name, listtab[i].name) \
2036 LI("Hash functions", hash, \
2037 ghashtab[i], ghashtab[i]->name) \
2038 LI("Elliptic curves", ec, \
2039 ectab[i].name, ectab[i].name) \
2040 LI("Prime Diffie-Hellman groups", dh, \
2041 ptab[i].name, ptab[i].name) \
2042 LI("Binary Diffie-Hellman groups", bindh, \
2043 bintab[i].name, bintab[i].name) \
2044 LI("Key-generation algorithms", keygen, \
2045 algtab[i].name, algtab[i].name) \
2046 LI("Random seeding algorithms", seed, \
2047 seedtab[i].p, seedtab[i].p)
2049 MAKELISTTAB(listtab, LISTS)
2051 static int cmd_show(int argc, char *argv[])
2053 return (displaylists(listtab, argv + 1));
2056 /*----- Main command table ------------------------------------------------*/
2058 static int cmd_help(int argc, char *argv[]);
2060 static cmd cmds[] = {
2061 { "help", cmd_help, "help [COMMAND...]" },
2062 { "show", cmd_show, "show [ITEM...]" },
2063 { "list", cmd_list, "list [-uqv] [-f FILTER] [TAG...]", "\
2066 -u, --utc Display expiry times etc. in UTC, not local time.\n\
2067 -q, --quiet Show less information.\n\
2068 -v, --verbose Show more information.\n\
2070 { "fingerprint", cmd_finger, "fingerprint [-f FILTER] [TAG...]", "\
2073 -f, --filter=FILT Only hash key components matching FILT.\n\
2074 -a, --algorithm=HASH Use the named HASH algorithm.\n\
2075 ($ show hash for list.)\n\
2077 { "verify", cmd_verify, "verify [-f FILTER] TAG FINGERPRINT", "\
2080 -f, --filter=FILT Only hash key components matching FILT.\n\
2081 -a, --algorithm=HASH Use the named HASH algorithm.\n\
2082 ($ show hash for list.)\n\
2084 { "extract", cmd_extract, "extract [-f FILTER] FILE [TAG...]", "\
2087 -f, --filter=FILT Only extract key components matching FILT.\n\
2089 { "merge", cmd_merge, "merge FILE" },
2090 { "expire", cmd_expire, "expire TAG..." },
2091 { "delete", cmd_delete, "delete TAG..." },
2092 { "setattr", cmd_setattr, "setattr TAG ATTR..." },
2093 { "getattr", cmd_getattr, "getattr TAG ATTR" },
2094 { "comment", cmd_comment, "comment TAG [COMMENT]" },
2095 { "lock", cmd_lock, "lock QTAG" },
2096 { "unlock", cmd_unlock, "unlock QTAG" },
2097 { "tag", cmd_tag, "tag [-r] TAG [NEW-TAG]", "\
2100 -r, --retag Untag any key currently called new-tag.\n\
2102 { "tidy", cmd_tidy, "tidy" },
2104 "add [-OPTIONS] TYPE [ATTR...]\n\
2105 Options: [-lqrLS] [-a ALG] [-bB BITS] [-p PARAM] [-R TAG]\n\
2106 [-A SEEDALG] [-s SEED] [-n BITS]\n\
2107 [-e EXPIRE] [-t TAG] [-c COMMENT]", "\
2110 -a, --algorithm=ALG Generate keys suitable for ALG.\n\
2111 ($ show keygen for list.)\n\
2112 -b, --bits=N Generate an N-bit key.\n\
2113 -B, --qbits=N Use an N-bit subgroup or factors.\n\
2114 -p, --parameters=TAG Get group parameters from TAG.\n\
2115 -C, --curve=NAME Use elliptic curve or DH group NAME.\n\
2116 ($ show ec or $ show dh for list.)\n\
2117 -A, --seedalg=ALG Use pseudorandom generator ALG to generate key.\n\
2118 ($ show seed for list.)\n\
2119 -s, --seed=BASE64 Use Base64-encoded string BASE64 as seed.\n\
2120 -n, --newseed=COUNT Generate new COUNT-bit seed.\n\
2121 -e, --expire=TIME Make the key expire after TIME.\n\
2122 -c, --comment=STRING Attach the command STRING to the key.\n\
2123 -t, --tag=TAG Tag the key with the name TAG.\n\
2124 -r, --retag Untag any key currently with that tag.\n\
2125 -R, --rand-id=TAG Use key named TAG for the random number generator.\n\
2126 -l, --lock Lock the generated key with a passphrase.\n\
2127 -q, --quiet Don't give progress indicators while working.\n\
2128 -L, --lim-lee Generate Lim-Lee primes for Diffie-Hellman groups.\n\
2129 -S, --subgroup Use a prime-order subgroup for Diffie-Hellman.\n\
2134 static int cmd_help(int argc, char *argv[])
2136 sc_help(cmds, stdout, argv + 1);
2140 /*----- Main code ---------------------------------------------------------*/
2142 /* --- Helpful GNUy functions --- */
2144 static void usage(FILE *fp)
2146 pquis(fp, "Usage: $ [-k KEYRING] COMMAND [ARGS]\n");
2149 void version(FILE *fp)
2151 pquis(fp, "$, Catacomb version " VERSION "\n");
2154 void help_global(FILE *fp)
2158 Performs various simple key management operations.\n\
2160 Global command line options:\n\
2162 -h, --help [COMMAND...] Display this help text (or help for COMMANDs).\n\
2163 -v, --version Display version number.\n\
2164 -u, --usage Display short usage summary.\n\
2166 -k, --keyring=FILE Read and write keys in FILE.\n",
2172 * Arguments: @int argc@ = number of command line arguments
2173 * @char *argv[]@ = array of command line arguments
2175 * Returns: Nonzero on failure.
2177 * Use: Main program. Performs simple key management functions.
2180 int main(int argc, char *argv[])
2186 /* --- Initialization --- */
2191 /* --- Parse command line options --- */
2194 static struct option opt[] = {
2196 /* --- Standard GNUy help options --- */
2198 { "help", 0, 0, 'h' },
2199 { "version", 0, 0, 'v' },
2200 { "usage", 0, 0, 'u' },
2202 /* --- Real live useful options --- */
2204 { "keyring", OPTF_ARGREQ, 0, 'k' },
2206 /* --- Magic terminator --- */
2210 int i = mdwopt(argc, argv, "+hvu k:", opt, 0, 0, 0);
2216 /* --- GNU help options --- */
2219 sc_help(cmds, stdout, argv + optind);
2228 /* --- Real useful options --- */
2234 /* --- Bogosity --- */
2242 /* --- Complain about excessive bogons --- */
2244 if (f & f_bogus || optind == argc) {
2249 /* --- Initialize the Catacomb random number generator --- */
2251 rand_noisesrc(RAND_GLOBAL, &noise_source);
2252 rand_seed(RAND_GLOBAL, 160);
2254 /* --- Dispatch to appropriate command handler --- */
2259 return (findcmd(cmds, argv[0])->cmd(argc, argv));
2262 /*----- That's all, folks -------------------------------------------------*/
~mdw / catacomb / blob