1 /* keyedit.c - Edit properties of a key
2 * Copyright (C) 1998-2010 Free Software Foundation, Inc.
3 * Copyright (C) 1998-2015 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
28 #ifdef HAVE_LIBREADLINE
29 # define GNUPG_LIBREADLINE_H_INCLUDED
30 # include <readline/readline.h>
47 #include "keyserver-internal.h"
48 #include "call-agent.h"
50 static void show_prefs (PKT_user_id * uid, PKT_signature * selfsig,
52 static void show_names (estream_t fp, KBNODE keyblock, PKT_public_key * pk,
53 unsigned int flag, int with_prefs);
54 static void show_key_with_all_names (ctrl_t ctrl, estream_t fp,
55 KBNODE keyblock, int only_marked,
56 int with_revoker, int with_fpr,
57 int with_subkeys, int with_prefs,
59 static void show_key_and_fingerprint (kbnode_t keyblock, int with_subkeys);
60 static void show_key_and_grip (kbnode_t keyblock);
61 static void subkey_expire_warning (kbnode_t keyblock);
62 static int menu_adduid (KBNODE keyblock, int photo, const char *photo_name,
64 static void menu_deluid (KBNODE pub_keyblock);
65 static int menu_delsig (KBNODE pub_keyblock);
66 static int menu_clean (KBNODE keyblock, int self_only);
67 static void menu_delkey (KBNODE pub_keyblock);
68 static int menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive);
69 static int menu_expire (KBNODE pub_keyblock);
70 static int menu_backsign (KBNODE pub_keyblock);
71 static int menu_set_primary_uid (KBNODE pub_keyblock);
72 static int menu_set_preferences (KBNODE pub_keyblock);
73 static int menu_set_keyserver_url (const char *url, KBNODE pub_keyblock);
74 static int menu_set_notation (const char *string, KBNODE pub_keyblock);
75 static int menu_select_uid (KBNODE keyblock, int idx);
76 static int menu_select_uid_namehash (KBNODE keyblock, const char *namehash);
77 static int menu_select_key (KBNODE keyblock, int idx);
78 static int count_uids (KBNODE keyblock);
79 static int count_uids_with_flag (KBNODE keyblock, unsigned flag);
80 static int count_keys_with_flag (KBNODE keyblock, unsigned flag);
81 static int count_selected_uids (KBNODE keyblock);
82 static int real_uids_left (KBNODE keyblock);
83 static int count_selected_keys (KBNODE keyblock);
84 static int menu_revsig (KBNODE keyblock);
85 static int menu_revuid (KBNODE keyblock);
86 static int menu_revkey (KBNODE pub_keyblock);
87 static int menu_revsubkey (KBNODE pub_keyblock);
88 #ifndef NO_TRUST_MODELS
89 static int enable_disable_key (KBNODE keyblock, int disable);
90 #endif /*!NO_TRUST_MODELS*/
91 static void menu_showphoto (KBNODE keyblock);
93 static int update_trust = 0;
95 #define CONTROL_D ('D' - 'A' + 1)
97 #define NODFLG_BADSIG (1<<0) /* Bad signature. */
98 #define NODFLG_NOKEY (1<<1) /* No public key. */
99 #define NODFLG_SIGERR (1<<2) /* Other sig error. */
101 #define NODFLG_MARK_A (1<<4) /* Temporary mark. */
102 #define NODFLG_DELSIG (1<<5) /* To be deleted. */
104 #define NODFLG_SELUID (1<<8) /* Indicate the selected userid. */
105 #define NODFLG_SELKEY (1<<9) /* Indicate the selected key. */
106 #define NODFLG_SELSIG (1<<10) /* Indicate a selected signature. */
110 int non_exportable, non_revocable;
111 struct revocation_reason_info *reason;
112 byte trust_depth, trust_value;
118 /* TODO: Fix duplicated code between here and the check-sigs/list-sigs
119 code in keylist.c. */
121 print_and_check_one_sig_colon (KBNODE keyblock, KBNODE node,
122 int *inv_sigs, int *no_key, int *oth_err,
123 int *is_selfsig, int print_without_key)
125 PKT_signature *sig = node->pkt->pkt.signature;
128 /* TODO: Make sure a cached sig record here still has the pk that
129 issued it. See also keylist.c:list_keyblock_print */
131 rc = check_key_signature (keyblock, node, is_selfsig);
132 switch (gpg_err_code (rc))
135 node->flag &= ~(NODFLG_BADSIG | NODFLG_NOKEY | NODFLG_SIGERR);
138 case GPG_ERR_BAD_SIGNATURE:
139 node->flag = NODFLG_BADSIG;
144 case GPG_ERR_NO_PUBKEY:
145 case GPG_ERR_UNUSABLE_PUBKEY:
146 node->flag = NODFLG_NOKEY;
152 node->flag = NODFLG_SIGERR;
159 if (sigrc != '?' || print_without_key)
161 es_printf ("sig:%c::%d:%08lX%08lX:%lu:%lu:",
162 sigrc, sig->pubkey_algo, (ulong) sig->keyid[0],
163 (ulong) sig->keyid[1], (ulong) sig->timestamp,
164 (ulong) sig->expiredate);
166 if (sig->trust_depth || sig->trust_value)
167 es_printf ("%d %d", sig->trust_depth, sig->trust_value);
171 if (sig->trust_regexp)
172 es_write_sanitized (es_stdout,
173 sig->trust_regexp, strlen (sig->trust_regexp),
176 es_printf ("::%02x%c\n", sig->sig_class,
177 sig->flags.exportable ? 'x' : 'l');
179 if (opt.show_subpackets)
180 print_subpackets_colon (sig);
183 return (sigrc == '!');
188 * Print information about a signature, check it and return true
189 * if the signature is okay. NODE must be a signature packet.
192 print_and_check_one_sig (KBNODE keyblock, KBNODE node,
193 int *inv_sigs, int *no_key, int *oth_err,
194 int *is_selfsig, int print_without_key)
196 PKT_signature *sig = node->pkt->pkt.signature;
198 int is_rev = sig->sig_class == 0x30;
200 /* TODO: Make sure a cached sig record here still has the pk that
201 issued it. See also keylist.c:list_keyblock_print */
203 rc = check_key_signature (keyblock, node, is_selfsig);
204 switch (gpg_err_code (rc))
207 node->flag &= ~(NODFLG_BADSIG | NODFLG_NOKEY | NODFLG_SIGERR);
210 case GPG_ERR_BAD_SIGNATURE:
211 node->flag = NODFLG_BADSIG;
216 case GPG_ERR_NO_PUBKEY:
217 case GPG_ERR_UNUSABLE_PUBKEY:
218 node->flag = NODFLG_NOKEY;
224 node->flag = NODFLG_SIGERR;
230 if (sigrc != '?' || print_without_key)
232 tty_printf ("%s%c%c %c%c%c%c%c%c %s %s",
233 is_rev ? "rev" : "sig", sigrc,
234 (sig->sig_class - 0x10 > 0 &&
235 sig->sig_class - 0x10 <
236 4) ? '0' + sig->sig_class - 0x10 : ' ',
237 sig->flags.exportable ? ' ' : 'L',
238 sig->flags.revocable ? ' ' : 'R',
239 sig->flags.policy_url ? 'P' : ' ',
240 sig->flags.notation ? 'N' : ' ',
241 sig->flags.expired ? 'X' : ' ',
242 (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
244 sig->trust_depth : ' ', keystr (sig->keyid),
245 datestr_from_sig (sig));
246 if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
247 tty_printf (" %s", expirestr_from_sig (sig));
250 tty_printf ("[%s] ", gpg_strerror (rc));
251 else if (sigrc == '?')
253 else if (*is_selfsig)
255 tty_printf (is_rev ? _("[revocation]") : _("[self-signature]"));
260 char *p = get_user_id (sig->keyid, &n);
261 tty_print_utf8_string2 (NULL, p, n,
262 opt.screen_columns - keystrlen () - 26 -
264 list_options & LIST_SHOW_SIG_EXPIRE) ? 11
270 if (sig->flags.policy_url && (opt.list_options & LIST_SHOW_POLICY_URLS))
271 show_policy_url (sig, 3, 0);
273 if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
274 show_notation (sig, 3, 0,
276 list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0) +
278 list_options & LIST_SHOW_USER_NOTATIONS) ? 2 : 0));
280 if (sig->flags.pref_ks && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
281 show_keyserver_url (sig, 3, 0);
284 return (sigrc == '!');
290 * Check the keysigs and set the flags to indicate errors.
291 * Returns true if error found.
294 check_all_keysigs (KBNODE keyblock, int only_selected)
303 int selected = !only_selected;
306 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
308 if (node->pkt->pkttype == PKT_USER_ID)
310 PKT_user_id *uid = node->pkt->pkt.user_id;
313 selected = (node->flag & NODFLG_SELUID);
317 tty_print_utf8_string (uid->name, uid->len);
319 if (anyuid && !has_selfsig)
325 else if (selected && node->pkt->pkttype == PKT_SIGNATURE
326 && ((node->pkt->pkt.signature->sig_class & ~3) == 0x10
327 || node->pkt->pkt.signature->sig_class == 0x30))
331 if (print_and_check_one_sig (keyblock, node, &inv_sigs,
332 &no_key, &oth_err, &selfsig, 0))
337 /* Hmmm: should we update the trustdb here? */
343 tty_printf (_("1 bad signature\n"));
345 tty_printf (_("%d bad signatures\n"), inv_sigs);
347 tty_printf (_("1 signature not checked due to a missing key\n"));
349 tty_printf (_("%d signatures not checked due to missing keys\n"), no_key);
351 tty_printf (_("1 signature not checked due to an error\n"));
353 tty_printf (_("%d signatures not checked due to errors\n"), oth_err);
354 if (mis_selfsig == 1)
355 tty_printf (_("1 user ID without valid self-signature detected\n"));
356 else if (mis_selfsig)
357 tty_printf (_("%d user IDs without valid self-signatures detected\n"),
360 return inv_sigs || no_key || oth_err || mis_selfsig;
365 sign_mk_attrib (PKT_signature * sig, void *opaque)
367 struct sign_attrib *attrib = opaque;
370 if (attrib->non_exportable)
372 buf[0] = 0; /* not exportable */
373 build_sig_subpkt (sig, SIGSUBPKT_EXPORTABLE, buf, 1);
376 if (attrib->non_revocable)
378 buf[0] = 0; /* not revocable */
379 build_sig_subpkt (sig, SIGSUBPKT_REVOCABLE, buf, 1);
383 revocation_reason_build_cb (sig, attrib->reason);
385 if (attrib->trust_depth)
387 /* Not critical. If someone doesn't understand trust sigs,
388 this can still be a valid regular signature. */
389 buf[0] = attrib->trust_depth;
390 buf[1] = attrib->trust_value;
391 build_sig_subpkt (sig, SIGSUBPKT_TRUST, buf, 2);
393 /* Critical. If someone doesn't understands regexps, this
394 whole sig should be invalid. Note the +1 for the length -
395 regexps are null terminated. */
396 if (attrib->trust_regexp)
397 build_sig_subpkt (sig, SIGSUBPKT_FLAG_CRITICAL | SIGSUBPKT_REGEXP,
398 attrib->trust_regexp,
399 strlen (attrib->trust_regexp) + 1);
407 trustsig_prompt (byte * trust_value, byte * trust_depth, char **regexp)
415 /* Same string as pkclist.c:do_edit_ownertrust */
417 ("Please decide how far you trust this user to correctly verify"
418 " other users' keys\n(by looking at passports, checking"
419 " fingerprints from different sources, etc.)\n"));
421 tty_printf (_(" %d = I trust marginally\n"), 1);
422 tty_printf (_(" %d = I trust fully\n"), 2);
425 while (*trust_value == 0)
427 p = cpr_get ("trustsig_prompt.trust_value", _("Your selection? "));
430 /* 60 and 120 are as per RFC2440 */
431 if (p[0] == '1' && !p[1])
433 else if (p[0] == '2' && !p[1])
440 tty_printf (_("Please enter the depth of this trust signature.\n"
441 "A depth greater than 1 allows the key you are signing to make\n"
442 "trust signatures on your behalf.\n"));
445 while (*trust_depth == 0)
447 p = cpr_get ("trustsig_prompt.trust_depth", _("Your selection? "));
450 *trust_depth = atoi (p);
456 tty_printf (_("Please enter a domain to restrict this signature, "
457 "or enter for none.\n"));
461 p = cpr_get ("trustsig_prompt.trust_regexp", _("Your selection? "));
468 int regexplen = 100, ind;
470 *regexp = xmalloc (regexplen);
472 /* Now mangle the domain the user entered into a regexp. To do
473 this, \-escape everything that isn't alphanumeric, and attach
474 "<[^>]+[@.]" to the front, and ">$" to the end. */
476 strcpy (*regexp, "<[^>]+[@.]");
477 ind = strlen (*regexp);
481 if (!((*q >= 'A' && *q <= 'Z')
482 || (*q >= 'a' && *q <= 'z') || (*q >= '0' && *q <= '9')))
483 (*regexp)[ind++] = '\\';
485 (*regexp)[ind++] = *q;
487 if ((regexplen - ind) < 3)
490 *regexp = xrealloc (*regexp, regexplen);
496 (*regexp)[ind] = '\0';
497 strcat (*regexp, ">$");
506 * Loop over all LOCUSR and and sign the uids after asking. If no
507 * user id is marked, all user ids will be signed; if some user_ids
508 * are marked only those will be signed. If QUICK is true the
509 * function won't ask the user and use sensible defaults.
512 sign_uids (ctrl_t ctrl, estream_t fp,
513 kbnode_t keyblock, strlist_t locusr, int *ret_modified,
514 int local, int nonrevocable, int trust, int interactive,
518 SK_LIST sk_list = NULL;
519 SK_LIST sk_rover = NULL;
520 PKT_public_key *pk = NULL;
521 KBNODE node, uidnode;
522 PKT_public_key *primary_pk = NULL;
523 int select_all = !count_selected_uids (keyblock) || interactive;
525 /* Build a list of all signators.
527 * We use the CERT flag to request the primary which must always
528 * be one which is capable of signing keys. I can't see a reason
529 * why to sign keys using a subkey. Implementation of USAGE_CERT
530 * is just a hack in getkey.c and does not mean that a subkey
531 * marked as certification capable will be used. */
532 rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_CERT);
536 /* Loop over all signators. */
537 for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
539 u32 sk_keyid[2], pk_keyid[2];
540 char *p, *trust_regexp = NULL;
541 int class = 0, selfsig = 0;
542 u32 duration = 0, timestamp = 0;
543 byte trust_depth = 0, trust_value = 0;
546 keyid_from_pk (pk, sk_keyid);
548 /* Set mark A for all selected user ids. */
549 for (node = keyblock; node; node = node->next)
551 if (select_all || (node->flag & NODFLG_SELUID))
552 node->flag |= NODFLG_MARK_A;
554 node->flag &= ~NODFLG_MARK_A;
557 /* Reset mark for uids which are already signed. */
559 for (node = keyblock; node; node = node->next)
561 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
563 primary_pk = node->pkt->pkt.public_key;
564 keyid_from_pk (primary_pk, pk_keyid);
566 /* Is this a self-sig? */
567 if (pk_keyid[0] == sk_keyid[0] && pk_keyid[1] == sk_keyid[1])
570 else if (node->pkt->pkttype == PKT_USER_ID)
572 uidnode = (node->flag & NODFLG_MARK_A) ? node : NULL;
578 user = utf8_to_native (uidnode->pkt->pkt.user_id->name,
579 uidnode->pkt->pkt.user_id->len, 0);
581 if (uidnode->pkt->pkt.user_id->is_revoked)
583 tty_fprintf (fp, _("User ID \"%s\" is revoked."), user);
586 tty_fprintf (fp, "\n");
587 else if (opt.expert && !quick)
589 tty_fprintf (fp, "\n");
590 /* No, so remove the mark and continue */
591 if (!cpr_get_answer_is_yes ("sign_uid.revoke_okay",
592 _("Are you sure you "
593 "still want to sign "
596 uidnode->flag &= ~NODFLG_MARK_A;
599 else if (interactive)
604 uidnode->flag &= ~NODFLG_MARK_A;
606 tty_fprintf (fp, _(" Unable to sign.\n"));
609 else if (uidnode->pkt->pkt.user_id->is_expired)
611 tty_fprintf (fp, _("User ID \"%s\" is expired."), user);
614 tty_fprintf (fp, "\n");
615 else if (opt.expert && !quick)
617 tty_fprintf (fp, "\n");
618 /* No, so remove the mark and continue */
619 if (!cpr_get_answer_is_yes ("sign_uid.expire_okay",
620 _("Are you sure you "
621 "still want to sign "
624 uidnode->flag &= ~NODFLG_MARK_A;
627 else if (interactive)
632 uidnode->flag &= ~NODFLG_MARK_A;
634 tty_fprintf (fp, _(" Unable to sign.\n"));
637 else if (!uidnode->pkt->pkt.user_id->created && !selfsig)
639 tty_fprintf (fp, _("User ID \"%s\" is not self-signed."),
642 if (opt.expert && !quick)
644 tty_fprintf (fp, "\n");
645 /* No, so remove the mark and continue */
646 if (!cpr_get_answer_is_yes ("sign_uid.nosig_okay",
647 _("Are you sure you "
648 "still want to sign "
651 uidnode->flag &= ~NODFLG_MARK_A;
654 else if (interactive)
659 uidnode->flag &= ~NODFLG_MARK_A;
661 tty_fprintf (fp, _(" Unable to sign.\n"));
665 if (uidnode && interactive && !yesreally && !quick)
668 _("User ID \"%s\" is signable. "), user);
669 if (!cpr_get_answer_is_yes ("sign_uid.sign_okay",
670 _("Sign it? (y/N) ")))
672 uidnode->flag &= ~NODFLG_MARK_A;
680 else if (uidnode && node->pkt->pkttype == PKT_SIGNATURE
681 && (node->pkt->pkt.signature->sig_class & ~3) == 0x10)
683 if (sk_keyid[0] == node->pkt->pkt.signature->keyid[0]
684 && sk_keyid[1] == node->pkt->pkt.signature->keyid[1])
689 user = utf8_to_native (uidnode->pkt->pkt.user_id->name,
690 uidnode->pkt->pkt.user_id->len, 0);
692 /* It's a v3 self-sig. Make it into a v4 self-sig? */
693 if (node->pkt->pkt.signature->version < 4
694 && selfsig && !quick)
697 _("The self-signature on \"%s\"\n"
698 "is a PGP 2.x-style signature.\n"), user);
700 /* Note that the regular PGP2 warning below
701 still applies if there are no v4 sigs on
705 if (cpr_get_answer_is_yes ("sign_uid.v4_promote_okay",
706 _("Do you want to promote "
707 "it to an OpenPGP self-"
708 "signature? (y/N) ")))
710 node->flag |= NODFLG_DELSIG;
716 /* Is the current signature expired? */
717 if (node->pkt->pkt.signature->flags.expired)
719 tty_fprintf (fp, _("Your current signature on \"%s\"\n"
720 "has expired.\n"), user);
722 if (quick || cpr_get_answer_is_yes
723 ("sign_uid.replace_expired_okay",
724 _("Do you want to issue a "
725 "new signature to replace "
726 "the expired one? (y/N) ")))
728 /* Mark these for later deletion. We
729 don't want to delete them here, just in
730 case the replacement signature doesn't
731 happen for some reason. We only delete
732 these after the replacement is already
735 node->flag |= NODFLG_DELSIG;
741 if (!node->pkt->pkt.signature->flags.exportable && !local)
743 /* It's a local sig, and we want to make a
745 tty_fprintf (fp, _("Your current signature on \"%s\"\n"
746 "is a local signature.\n"), user);
748 if (quick || cpr_get_answer_is_yes
749 ("sign_uid.local_promote_okay",
750 _("Do you want to promote "
751 "it to a full exportable " "signature? (y/N) ")))
753 /* Mark these for later deletion. We
754 don't want to delete them here, just in
755 case the replacement signature doesn't
756 happen for some reason. We only delete
757 these after the replacement is already
760 node->flag |= NODFLG_DELSIG;
766 /* Fixme: see whether there is a revocation in which
767 * case we should allow to sign it again. */
768 if (!node->pkt->pkt.signature->flags.exportable && local)
770 _("\"%s\" was already locally signed by key %s\n"),
771 user, keystr_from_pk (pk));
774 _("\"%s\" was already signed by key %s\n"),
775 user, keystr_from_pk (pk));
777 if (opt.expert && !quick
778 && cpr_get_answer_is_yes ("sign_uid.dupe_okay",
779 _("Do you want to sign it "
780 "again anyway? (y/N) ")))
782 /* Don't delete the old sig here since this is
783 an --expert thing. */
788 snprintf (buf, sizeof buf, "%08lX%08lX",
789 (ulong) pk->keyid[0], (ulong) pk->keyid[1]);
790 write_status_text (STATUS_ALREADY_SIGNED, buf);
791 uidnode->flag &= ~NODFLG_MARK_A; /* remove mark */
798 /* Check whether any uids are left for signing. */
799 if (!count_uids_with_flag (keyblock, NODFLG_MARK_A))
801 tty_fprintf (fp, _("Nothing to sign with key %s\n"),
802 keystr_from_pk (pk));
806 /* Ask whether we really should sign these user id(s). */
807 tty_fprintf (fp, "\n");
808 show_key_with_all_names (ctrl, fp, keyblock, 1, 0, 1, 0, 0, 0);
809 tty_fprintf (fp, "\n");
811 if (primary_pk->expiredate && !selfsig)
813 u32 now = make_timestamp ();
815 if (primary_pk->expiredate <= now)
817 tty_fprintf (fp, _("This key has expired!"));
819 if (opt.expert && !quick)
821 tty_fprintf (fp, " ");
822 if (!cpr_get_answer_is_yes ("sign_uid.expired_okay",
823 _("Are you sure you still "
824 "want to sign it? (y/N) ")))
829 tty_fprintf (fp, _(" Unable to sign.\n"));
835 tty_fprintf (fp, _("This key is due to expire on %s.\n"),
836 expirestr_from_pk (primary_pk));
838 if (opt.ask_cert_expire && !quick)
840 char *answer = cpr_get ("sign_uid.expire",
841 _("Do you want your signature to "
842 "expire at the same time? (Y/n) "));
843 if (answer_is_yes_no_default (answer, 1))
845 /* This fixes the signature timestamp we're
846 going to make as now. This is so the
847 expiration date is exactly correct, and not
848 a few seconds off (due to the time it takes
849 to answer the questions, enter the
852 duration = primary_pk->expiredate - now;
861 /* Only ask for duration if we haven't already set it to match
862 the expiration of the pk */
863 if (!duration && !selfsig)
865 if (opt.ask_cert_expire && !quick)
866 duration = ask_expire_interval (1, opt.def_cert_expire);
868 duration = parse_expire_string (opt.def_cert_expire);
875 if (opt.batch || !opt.ask_cert_level || quick)
876 class = 0x10 + opt.def_cert_level;
882 _("How carefully have you verified the key you are "
883 "about to sign actually belongs\nto the person "
884 "named above? If you don't know what to "
885 "answer, enter \"0\".\n"));
886 tty_fprintf (fp, "\n");
887 tty_fprintf (fp, _(" (0) I will not answer.%s\n"),
888 opt.def_cert_level == 0 ? " (default)" : "");
889 tty_fprintf (fp, _(" (1) I have not checked at all.%s\n"),
890 opt.def_cert_level == 1 ? " (default)" : "");
891 tty_fprintf (fp, _(" (2) I have done casual checking.%s\n"),
892 opt.def_cert_level == 2 ? " (default)" : "");
894 _(" (3) I have done very careful checking.%s\n"),
895 opt.def_cert_level == 3 ? " (default)" : "");
896 tty_fprintf (fp, "\n");
900 answer = cpr_get ("sign_uid.class",
902 "(enter '?' for more information): "));
903 if (answer[0] == '\0')
904 class = 0x10 + opt.def_cert_level; /* Default */
905 else if (ascii_strcasecmp (answer, "0") == 0)
906 class = 0x10; /* Generic */
907 else if (ascii_strcasecmp (answer, "1") == 0)
908 class = 0x11; /* Persona */
909 else if (ascii_strcasecmp (answer, "2") == 0)
910 class = 0x12; /* Casual */
911 else if (ascii_strcasecmp (answer, "3") == 0)
912 class = 0x13; /* Positive */
914 tty_fprintf (fp, _("Invalid selection.\n"));
921 trustsig_prompt (&trust_value, &trust_depth, &trust_regexp);
926 p = get_user_id_native (sk_keyid);
928 _("Are you sure that you want to sign this key with your\n"
929 "key \"%s\" (%s)\n"), p, keystr_from_pk (pk));
935 tty_fprintf (fp, "\n");
936 tty_fprintf (fp, _("This will be a self-signature.\n"));
940 tty_fprintf (fp, "\n");
941 tty_fprintf (fp, _("WARNING: the signature will not be marked "
942 "as non-exportable.\n"));
947 tty_fprintf (fp, "\n");
948 tty_fprintf (fp, _("WARNING: the signature will not be marked "
949 "as non-revocable.\n"));
956 tty_fprintf (fp, "\n");
958 _("The signature will be marked as non-exportable.\n"));
963 tty_fprintf (fp, "\n");
965 _("The signature will be marked as non-revocable.\n"));
971 tty_fprintf (fp, "\n");
972 tty_fprintf (fp, _("I have not checked this key at all.\n"));
976 tty_fprintf (fp, "\n");
977 tty_fprintf (fp, _("I have checked this key casually.\n"));
981 tty_fprintf (fp, "\n");
982 tty_fprintf (fp, _("I have checked this key very carefully.\n"));
987 tty_fprintf (fp, "\n");
989 if (opt.batch && opt.answer_yes)
993 else if (!cpr_get_answer_is_yes ("sign_uid.okay",
994 _("Really sign? (y/N) ")))
997 /* Now we can sign the user ids. */
998 reloop: /* (Must use this, because we are modifing the list.) */
1000 for (node = keyblock; node; node = node->next)
1002 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
1003 primary_pk = node->pkt->pkt.public_key;
1004 else if (node->pkt->pkttype == PKT_USER_ID
1005 && (node->flag & NODFLG_MARK_A))
1009 struct sign_attrib attrib;
1011 assert (primary_pk);
1012 memset (&attrib, 0, sizeof attrib);
1013 attrib.non_exportable = local;
1014 attrib.non_revocable = nonrevocable;
1015 attrib.trust_depth = trust_depth;
1016 attrib.trust_value = trust_value;
1017 attrib.trust_regexp = trust_regexp;
1018 node->flag &= ~NODFLG_MARK_A;
1020 /* We force creation of a v4 signature for local
1021 * signatures, otherwise we would not generate the
1022 * subpacket with v3 keys and the signature becomes
1026 rc = make_keysig_packet (&sig, primary_pk,
1027 node->pkt->pkt.user_id,
1031 keygen_add_std_prefs, primary_pk,
1034 rc = make_keysig_packet (&sig, primary_pk,
1035 node->pkt->pkt.user_id,
1039 timestamp, duration,
1040 sign_mk_attrib, &attrib,
1044 write_status_error ("keysig", rc);
1045 log_error (_("signing failed: %s\n"), gpg_strerror (rc));
1049 *ret_modified = 1; /* We changed the keyblock. */
1052 pkt = xmalloc_clear (sizeof *pkt);
1053 pkt->pkttype = PKT_SIGNATURE;
1054 pkt->pkt.signature = sig;
1055 insert_kbnode (node, new_kbnode (pkt), PKT_SIGNATURE);
1060 /* Delete any sigs that got promoted */
1061 for (node = keyblock; node; node = node->next)
1062 if (node->flag & NODFLG_DELSIG)
1063 delete_kbnode (node);
1064 } /* End loop over signators. */
1067 release_sk_list (sk_list);
1073 * Change the passphrase of the primary and all secondary keys. Note
1074 * that it is common to use only one passphrase for the primary and
1075 * all subkeys. However, this is now (since GnuPG 2.1) all up to the
1076 * gpg-agent. Returns 0 on success or an error code.
1079 change_passphrase (ctrl_t ctrl, kbnode_t keyblock)
1085 u32 keyid[2], subid[2];
1086 char *hexgrip = NULL;
1087 char *cache_nonce = NULL;
1088 char *passwd_nonce = NULL;
1090 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1093 log_error ("Oops; public key missing!\n");
1094 err = gpg_error (GPG_ERR_INTERNAL);
1097 pk = node->pkt->pkt.public_key;
1098 keyid_from_pk (pk, keyid);
1100 /* Check whether it is likely that we will be able to change the
1101 passphrase for any subkey. */
1102 for (any = 0, node = keyblock; node; node = node->next)
1104 if (node->pkt->pkttype == PKT_PUBLIC_KEY
1105 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1109 pk = node->pkt->pkt.public_key;
1110 keyid_from_pk (pk, subid);
1113 err = hexkeygrip_from_pk (pk, &hexgrip);
1116 err = agent_get_keyinfo (ctrl, hexgrip, &serialno);
1117 if (!err && serialno)
1118 ; /* Key on card. */
1119 else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
1120 ; /* Maybe stub key. */
1122 any = 1; /* Key is known. */
1124 log_error ("key %s: error getting keyinfo from agent: %s\n",
1125 keystr_with_sub (keyid, subid), gpg_strerror (err));
1132 tty_printf (_("Key has only stub or on-card key items - "
1133 "no passphrase to change.\n"));
1137 /* Change the passphrase for all keys. */
1138 for (any = 0, node = keyblock; node; node = node->next)
1140 if (node->pkt->pkttype == PKT_PUBLIC_KEY
1141 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1145 pk = node->pkt->pkt.public_key;
1146 keyid_from_pk (pk, subid);
1149 err = hexkeygrip_from_pk (pk, &hexgrip);
1153 desc = gpg_format_keydesc (pk, FORMAT_KEYDESC_NORMAL, 1);
1154 err = agent_passwd (ctrl, hexgrip, desc, &cache_nonce, &passwd_nonce);
1158 log_log ((gpg_err_code (err) == GPG_ERR_CANCELED
1159 || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
1160 ? GPGRT_LOG_INFO : GPGRT_LOG_ERROR,
1161 _("key %s: error changing passphrase: %s\n"),
1162 keystr_with_sub (keyid, subid),
1163 gpg_strerror (err));
1164 if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
1171 xfree (cache_nonce);
1172 xfree (passwd_nonce);
1179 * There are some keys out (due to a bug in gnupg), where the sequence
1180 * of the packets is wrong. This function fixes that.
1181 * Returns: true if the keyblock has been fixed.
1183 * Note: This function does not work if there is more than one user ID.
1186 fix_key_signature_order (KBNODE keyblock)
1188 KBNODE node, last, subkey;
1191 /* Locate key signatures of class 0x10..0x13 behind sub key packets. */
1192 for (subkey = last = NULL, node = keyblock; node;
1193 last = node, node = node->next)
1195 switch (node->pkt->pkttype)
1197 case PKT_PUBLIC_SUBKEY:
1198 case PKT_SECRET_SUBKEY:
1200 subkey = last; /* Actually it is the one before the subkey. */
1205 PKT_signature *sig = node->pkt->pkt.signature;
1206 if (sig->sig_class >= 0x10 && sig->sig_class <= 0x13)
1208 log_info (_("moving a key signature to the correct place\n"));
1209 last->next = node->next;
1210 node->next = subkey->next;
1211 subkey->next = node;
1226 /* Fix various problems in the keyblock. Returns true if the keyblock
1227 was changed. Note that a pointer to the keyblock must be given and
1228 the function may change it (i.e. replacing the first node). */
1230 fix_keyblock (kbnode_t *keyblockp)
1234 if (fix_key_signature_order (*keyblockp))
1236 if (collapse_uids (keyblockp))
1238 reorder_keyblock (*keyblockp);
1239 /* If we modified the keyblock, make sure the flags are right. */
1241 merge_keys_and_selfsig (*keyblockp);
1248 parse_sign_type (const char *str, int *localsig, int *nonrevokesig,
1251 const char *p = str;
1255 if (ascii_strncasecmp (p, "l", 1) == 0)
1260 else if (ascii_strncasecmp (p, "nr", 2) == 0)
1265 else if (ascii_strncasecmp (p, "t", 1) == 0)
1280 * Menu driven key editor. If seckey_check is true, then a secret key
1281 * that matches username will be looked for. If it is false, not all
1282 * commands will be available.
1284 * Note: to keep track of certain selections we use node->mark MARKBIT_xxxx.
1287 /* Need an SK for this command */
1288 #define KEYEDIT_NEED_SK 1
1289 /* Cannot be viewing the SK for this command */
1290 #define KEYEDIT_NOT_SK 2
1291 /* Must be viewing the SK for this command */
1292 #define KEYEDIT_ONLY_SK 4
1293 /* Match the tail of the string */
1294 #define KEYEDIT_TAIL_MATCH 8
1299 cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
1300 cmdREVSIG, cmdREVKEY, cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG,
1301 cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY,
1302 cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF,
1303 cmdEXPIRE, cmdBACKSIGN,
1304 #ifndef NO_TRUST_MODELS
1305 cmdENABLEKEY, cmdDISABLEKEY,
1306 #endif /*!NO_TRUST_MODELS*/
1308 cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
1309 cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCHECKBKUPKEY,
1310 cmdCLEAN, cmdMINIMIZE, cmdGRIP, cmdNOP
1321 { "quit", cmdQUIT, 0, N_("quit this menu")},
1322 { "q", cmdQUIT, 0, NULL},
1323 { "save", cmdSAVE, 0, N_("save and quit")},
1324 { "help", cmdHELP, 0, N_("show this help")},
1325 { "?", cmdHELP, 0, NULL},
1326 { "fpr", cmdFPR, 0, N_("show key fingerprint")},
1327 { "grip", cmdGRIP, 0, N_("show the keygrip")},
1328 { "list", cmdLIST, 0, N_("list key and user IDs")},
1329 { "l", cmdLIST, 0, NULL},
1330 { "uid", cmdSELUID, 0, N_("select user ID N")},
1331 { "key", cmdSELKEY, 0, N_("select subkey N")},
1332 { "check", cmdCHECK, 0, N_("check signatures")},
1333 { "c", cmdCHECK, 0, NULL},
1334 { "cross-certify", cmdBACKSIGN, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
1335 { "backsign", cmdBACKSIGN, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
1336 { "sign", cmdSIGN, KEYEDIT_NOT_SK | KEYEDIT_TAIL_MATCH,
1337 N_("sign selected user IDs [* see below for related commands]")},
1338 { "s", cmdSIGN, KEYEDIT_NOT_SK, NULL},
1339 /* "lsign" and friends will never match since "sign" comes first
1340 and it is a tail match. They are just here so they show up in
1342 { "lsign", cmdNOP, 0, N_("sign selected user IDs locally")},
1343 { "tsign", cmdNOP, 0, N_("sign selected user IDs with a trust signature")},
1344 { "nrsign", cmdNOP, 0,
1345 N_("sign selected user IDs with a non-revocable signature")},
1346 { "debug", cmdDEBUG, 0, NULL},
1347 { "adduid", cmdADDUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("add a user ID")},
1348 { "addphoto", cmdADDPHOTO, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1349 N_("add a photo ID")},
1350 { "deluid", cmdDELUID, KEYEDIT_NOT_SK, N_("delete selected user IDs")},
1351 /* delphoto is really deluid in disguise */
1352 { "delphoto", cmdDELUID, KEYEDIT_NOT_SK, NULL},
1353 { "addkey", cmdADDKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("add a subkey")},
1354 #ifdef ENABLE_CARD_SUPPORT
1355 { "addcardkey", cmdADDCARDKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1356 N_("add a key to a smartcard")},
1357 { "keytocard", cmdKEYTOCARD, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK,
1358 N_("move a key to a smartcard")},
1359 { "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK,
1360 N_("move a backup key to a smartcard")},
1361 { "checkbkupkey", cmdCHECKBKUPKEY, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK, NULL},
1362 #endif /*ENABLE_CARD_SUPPORT */
1363 { "delkey", cmdDELKEY, KEYEDIT_NOT_SK, N_("delete selected subkeys")},
1364 { "addrevoker", cmdADDREVOKER, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1365 N_("add a revocation key")},
1366 { "delsig", cmdDELSIG, KEYEDIT_NOT_SK,
1367 N_("delete signatures from the selected user IDs")},
1368 { "expire", cmdEXPIRE, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1369 N_("change the expiration date for the key or selected subkeys")},
1370 { "primary", cmdPRIMARY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1371 N_("flag the selected user ID as primary")},
1372 { "toggle", cmdTOGGLE, KEYEDIT_NEED_SK, NULL}, /* Dummy command. */
1373 { "t", cmdTOGGLE, KEYEDIT_NEED_SK, NULL},
1374 { "pref", cmdPREF, KEYEDIT_NOT_SK, N_("list preferences (expert)")},
1375 { "showpref", cmdSHOWPREF, KEYEDIT_NOT_SK, N_("list preferences (verbose)")},
1376 { "setpref", cmdSETPREF, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1377 N_("set preference list for the selected user IDs")},
1378 { "updpref", cmdSETPREF, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
1379 { "keyserver", cmdPREFKS, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1380 N_("set the preferred keyserver URL for the selected user IDs")},
1381 { "notation", cmdNOTATION, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1382 N_("set a notation for the selected user IDs")},
1383 { "passwd", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1384 N_("change the passphrase")},
1385 { "password", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
1386 #ifndef NO_TRUST_MODELS
1387 { "trust", cmdTRUST, KEYEDIT_NOT_SK, N_("change the ownertrust")},
1388 #endif /*!NO_TRUST_MODELS*/
1389 { "revsig", cmdREVSIG, KEYEDIT_NOT_SK,
1390 N_("revoke signatures on the selected user IDs")},
1391 { "revuid", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1392 N_("revoke selected user IDs")},
1393 { "revphoto", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
1394 { "revkey", cmdREVKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
1395 N_("revoke key or selected subkeys")},
1396 #ifndef NO_TRUST_MODELS
1397 { "enable", cmdENABLEKEY, KEYEDIT_NOT_SK, N_("enable key")},
1398 { "disable", cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key")},
1399 #endif /*!NO_TRUST_MODELS*/
1400 { "showphoto", cmdSHOWPHOTO, 0, N_("show selected photo IDs")},
1401 { "clean", cmdCLEAN, KEYEDIT_NOT_SK,
1402 N_("compact unusable user IDs and remove unusable signatures from key")},
1403 { "minimize", cmdMINIMIZE, KEYEDIT_NOT_SK,
1404 N_("compact unusable user IDs and remove all signatures from key")},
1406 { NULL, cmdNONE, 0, NULL}
1411 #ifdef HAVE_LIBREADLINE
1414 These two functions are used by readline for command completion.
1418 command_generator (const char *text, int state)
1420 static int list_index, len;
1423 /* If this is a new word to complete, initialize now. This includes
1424 saving the length of TEXT for efficiency, and initializing the
1425 index variable to 0. */
1429 len = strlen (text);
1432 /* Return the next partial match */
1433 while ((name = cmds[list_index].name))
1435 /* Only complete commands that have help text */
1436 if (cmds[list_index++].desc && strncmp (name, text, len) == 0)
1437 return strdup (name);
1444 keyedit_completion (const char *text, int start, int end)
1446 /* If we are at the start of a line, we try and command-complete.
1447 If not, just do nothing for now. */
1452 return rl_completion_matches (text, command_generator);
1454 rl_attempted_completion_over = 1;
1458 #endif /* HAVE_LIBREADLINE */
1462 /* Main function of the menu driven key editor. */
1464 keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
1465 strlist_t commands, int quiet, int seckey_check)
1467 enum cmdids cmd = 0;
1468 gpg_error_t err = 0;
1469 KBNODE keyblock = NULL;
1470 KEYDB_HANDLE kdbhd = NULL;
1471 int have_seckey = 0;
1472 char *answer = NULL;
1475 int sec_shadowing = 0;
1476 int run_subkey_warnings = 0;
1477 int have_commands = !!commands;
1479 if (opt.command_fd != -1)
1481 else if (opt.batch && !have_commands)
1483 log_error (_("can't do this in batch mode\n"));
1487 #ifdef HAVE_W32_SYSTEM
1488 /* Due to Windows peculiarities we need to make sure that the
1489 trustdb stale check is done before we open another file
1490 (i.e. by searching for a key). In theory we could make sure
1491 that the files are closed after use but the open/close caches
1492 inhibits that and flushing the cache right before the stale
1493 check is not easy to implement. Thus we take the easy way out
1494 and run the stale check as early as possible. Note, that for
1495 non- W32 platforms it is run indirectly trough a call to
1497 check_trustdb_stale ();
1500 /* Get the public key */
1501 err = get_pubkey_byname (ctrl, NULL, NULL, username, &keyblock, &kdbhd, 1, 1);
1504 log_error (_("key \"%s\" not found: %s\n"), username, gpg_strerror (err));
1508 if (fix_keyblock (&keyblock))
1511 /* See whether we have a matching secret key. */
1514 have_seckey = !agent_probe_any_secret_key (ctrl, keyblock);
1515 if (have_seckey && !quiet)
1516 tty_printf (_("Secret key is available.\n"));
1519 /* Main command loop. */
1522 int i, arg_number, photo;
1523 const char *arg_string = "";
1525 PKT_public_key *pk = keyblock->pkt->pkt.public_key;
1529 if (redisplay && !quiet)
1531 /* Show using flags: with_revoker, with_subkeys. */
1532 show_key_with_all_names (ctrl, NULL, keyblock, 0, 1, 0, 1, 0, 0);
1537 if (run_subkey_warnings)
1539 run_subkey_warnings = 0;
1540 if (!count_selected_keys (keyblock))
1541 subkey_expire_warning (keyblock);
1551 answer = xstrdup (commands->d);
1552 commands = commands->next;
1556 answer = xstrdup ("quit");
1563 #ifdef HAVE_LIBREADLINE
1564 tty_enable_completion (keyedit_completion);
1566 answer = cpr_get_no_help ("keyedit.prompt", GPG_NAME "> ");
1568 tty_disable_completion ();
1570 trim_spaces (answer);
1572 while (*answer == '#');
1574 arg_number = 0; /* Here is the init which egcc complains about. */
1575 photo = 0; /* Same here. */
1578 else if (*answer == CONTROL_D)
1580 else if (digitp (answer))
1583 arg_number = atoi (answer);
1587 if ((p = strchr (answer, ' ')))
1590 trim_spaces (answer);
1592 arg_number = atoi (p);
1596 for (i = 0; cmds[i].name; i++)
1598 if (cmds[i].flags & KEYEDIT_TAIL_MATCH)
1600 size_t l = strlen (cmds[i].name);
1601 size_t a = strlen (answer);
1604 if (!ascii_strcasecmp (&answer[a - l], cmds[i].name))
1606 answer[a - l] = '\0';
1611 else if (!ascii_strcasecmp (answer, cmds[i].name))
1614 if ((cmds[i].flags & KEYEDIT_NEED_SK) && !have_seckey)
1616 tty_printf (_("Need the secret key to do this.\n"));
1623 /* Dispatch the command. */
1627 for (i = 0; cmds[i].name; i++)
1629 if ((cmds[i].flags & KEYEDIT_NEED_SK) && !have_seckey)
1630 ; /* Skip those item if we do not have the secret key. */
1631 else if (cmds[i].desc)
1632 tty_printf ("%-11s %s\n", cmds[i].name, _(cmds[i].desc));
1637 (_("* The 'sign' command may be prefixed with an 'l' for local "
1638 "signatures (lsign),\n"
1639 " a 't' for trust signatures (tsign), an 'nr' for "
1640 "non-revocable signatures\n"
1641 " (nrsign), or any combination thereof (ltsign, "
1642 "tnrsign, etc.).\n"));
1650 show_key_and_fingerprint
1651 (keyblock, (*arg_string == '*'
1652 && (!arg_string[1] || spacep (arg_string + 1))));
1656 show_key_and_grip (keyblock);
1660 if (strlen (arg_string) == NAMEHASH_LEN * 2)
1661 redisplay = menu_select_uid_namehash (keyblock, arg_string);
1664 if (*arg_string == '*'
1665 && (!arg_string[1] || spacep (arg_string + 1)))
1666 arg_number = -1; /* Select all. */
1667 redisplay = menu_select_uid (keyblock, arg_number);
1673 if (*arg_string == '*'
1674 && (!arg_string[1] || spacep (arg_string + 1)))
1675 arg_number = -1; /* Select all. */
1676 if (menu_select_key (keyblock, arg_number))
1682 check_all_keysigs (keyblock, count_selected_uids (keyblock));
1687 int localsig = 0, nonrevokesig = 0, trustsig = 0, interactive = 0;
1689 if (pk->flags.revoked)
1691 tty_printf (_("Key is revoked."));
1696 if (!cpr_get_answer_is_yes
1697 ("keyedit.sign_revoked.okay",
1698 _("Are you sure you still want to sign it? (y/N) ")))
1703 tty_printf (_(" Unable to sign.\n"));
1708 if (count_uids (keyblock) > 1 && !count_selected_uids (keyblock)
1709 && !cpr_get_answer_is_yes ("keyedit.sign_all.okay",
1710 _("Really sign all user IDs?"
1713 if (opt.interactive)
1717 tty_printf (_("Hint: Select the user IDs to sign\n"));
1723 /* What sort of signing are we doing? */
1724 if (!parse_sign_type
1725 (answer, &localsig, &nonrevokesig, &trustsig))
1727 tty_printf (_("Unknown signature type '%s'\n"), answer);
1731 sign_uids (ctrl, NULL, keyblock, locusr, &modified,
1732 localsig, nonrevokesig, trustsig, interactive, 0);
1737 dump_kbnode (keyblock);
1741 /* The toggle command is a leftover from old gpg versions
1742 where we worked with a secret and a public keyring. It
1743 is not necessary anymore but we keep this command for the
1744 sake of scripts using it. */
1751 tty_printf (_("This command is not allowed while in %s mode.\n"),
1752 compliance_option_string ());
1758 if (menu_adduid (keyblock, photo, arg_string, NULL))
1763 merge_keys_and_selfsig (keyblock);
1771 if (!(n1 = count_selected_uids (keyblock)))
1772 tty_printf (_("You must select at least one user ID.\n"));
1773 else if (real_uids_left (keyblock) < 1)
1774 tty_printf (_("You can't delete the last user ID!\n"));
1775 else if (cpr_get_answer_is_yes
1776 ("keyedit.remove.uid.okay",
1777 n1 > 1 ? _("Really remove all selected user IDs? (y/N) ")
1778 : _("Really remove this user ID? (y/N) ")))
1780 menu_deluid (keyblock);
1791 if (!(n1 = count_selected_uids (keyblock)))
1792 tty_printf (_("You must select at least one user ID.\n"));
1793 else if (menu_delsig (keyblock))
1795 /* No redisplay here, because it may scroll away some
1796 * of the status output of this command. */
1803 if (!generate_subkeypair (ctrl, keyblock))
1807 merge_keys_and_selfsig (keyblock);
1811 #ifdef ENABLE_CARD_SUPPORT
1813 if (!card_generate_subkey (keyblock))
1817 merge_keys_and_selfsig (keyblock);
1824 switch (count_selected_keys (keyblock))
1827 if (cpr_get_answer_is_yes
1828 ("keyedit.keytocard.use_primary",
1829 /* TRANSLATORS: Please take care: This is about
1830 moving the key and not about removing it. */
1831 _("Really move the primary key? (y/N) ")))
1835 for (node = keyblock; node; node = node->next)
1837 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1838 && node->flag & NODFLG_SELKEY)
1843 tty_printf (_("You must select exactly one key.\n"));
1848 PKT_public_key *xxpk = node->pkt->pkt.public_key;
1849 if (card_store_subkey (node, xxpk ? xxpk->pubkey_usage : 0))
1859 case cmdCHECKBKUPKEY:
1860 log_debug ("FIXME: This needs to be changed\n");
1862 /* Ask for a filename, check whether this is really a
1863 backup key as generated by the card generation, parse
1864 that key and store it on card. */
1873 tty_printf (_("Command expects a filename argument\n"));
1877 /* Open that file. */
1878 a = iobuf_open (fname);
1879 if (a && is_secured_file (iobuf_get_fd (a)))
1883 gpg_err_set_errno (EPERM);
1887 tty_printf (_("Can't open '%s': %s\n"),
1888 fname, strerror (errno));
1892 /* Parse and check that file. */
1893 pkt = xmalloc (sizeof *pkt);
1895 err = parse_packet (a, pkt);
1897 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char *) fname);
1898 if (!err && pkt->pkttype != PKT_SECRET_KEY
1899 && pkt->pkttype != PKT_SECRET_SUBKEY)
1900 err = GPG_ERR_NO_SECKEY;
1903 tty_printf (_("Error reading backup key from '%s': %s\n"),
1904 fname, gpg_strerror (err));
1909 node = new_kbnode (pkt);
1911 if (cmd == cmdCHECKBKUPKEY)
1913 /* PKT_public_key *sk = node->pkt->pkt.secret_key; */
1914 /* switch (is_secret_key_protected (sk)) */
1916 /* case 0: /\* Not protected. *\/ */
1917 /* tty_printf (_("This key is not protected.\n")); */
1920 /* log_error (_("unknown key protection algorithm\n")); */
1923 /* if (sk->protect.s2k.mode == 1001) */
1924 /* tty_printf (_("Secret parts of key" */
1925 /* " are not available.\n")); */
1926 /* if (sk->protect.s2k.mode == 1002) */
1927 /* tty_printf (_("Secret parts of key" */
1928 /* " are stored on-card.\n")); */
1930 /* check_secret_key (sk, 0); */
1933 else /* Store it. */
1935 if (card_store_subkey (node, 0))
1941 release_kbnode (node);
1945 #endif /* ENABLE_CARD_SUPPORT */
1951 if (!(n1 = count_selected_keys (keyblock)))
1952 tty_printf (_("You must select at least one key.\n"));
1953 else if (!cpr_get_answer_is_yes
1954 ("keyedit.remove.subkey.okay",
1955 n1 > 1 ? _("Do you really want to delete the "
1956 "selected keys? (y/N) ")
1957 : _("Do you really want to delete this key? (y/N) ")))
1961 menu_delkey (keyblock);
1972 if (ascii_strcasecmp (arg_string, "sensitive") == 0)
1974 if (menu_addrevoker (ctrl, keyblock, sensitive))
1978 merge_keys_and_selfsig (keyblock);
1987 if (!(n1 = count_selected_uids (keyblock)))
1988 tty_printf (_("You must select at least one user ID.\n"));
1989 else if (cpr_get_answer_is_yes
1990 ("keyedit.revoke.uid.okay",
1991 n1 > 1 ? _("Really revoke all selected user IDs? (y/N) ")
1992 : _("Really revoke this user ID? (y/N) ")))
1994 if (menu_revuid (keyblock))
2007 if (!(n1 = count_selected_keys (keyblock)))
2009 if (cpr_get_answer_is_yes ("keyedit.revoke.subkey.okay",
2010 _("Do you really want to revoke"
2011 " the entire key? (y/N) ")))
2013 if (menu_revkey (keyblock))
2019 else if (cpr_get_answer_is_yes ("keyedit.revoke.subkey.okay",
2021 _("Do you really want to revoke"
2022 " the selected subkeys? (y/N) ")
2023 : _("Do you really want to revoke"
2024 " this subkey? (y/N) ")))
2026 if (menu_revsubkey (keyblock))
2033 merge_keys_and_selfsig (keyblock);
2038 if (menu_expire (keyblock))
2040 merge_keys_and_selfsig (keyblock);
2041 run_subkey_warnings = 1;
2048 if (menu_backsign (keyblock))
2056 if (menu_set_primary_uid (keyblock))
2058 merge_keys_and_selfsig (keyblock);
2065 change_passphrase (ctrl, keyblock);
2068 #ifndef NO_TRUST_MODELS
2070 if (opt.trust_model == TM_EXTERNAL)
2072 tty_printf (_("Owner trust may not be set while "
2073 "using a user provided trust database\n"));
2077 show_key_with_all_names (ctrl, NULL, keyblock, 0, 0, 0, 1, 0, 0);
2079 if (edit_ownertrust (find_kbnode (keyblock,
2080 PKT_PUBLIC_KEY)->pkt->pkt.
2084 /* No real need to set update_trust here as
2085 edit_ownertrust() calls revalidation_mark()
2090 #endif /*!NO_TRUST_MODELS*/
2094 int count = count_selected_uids (keyblock);
2095 assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
2096 show_names (NULL, keyblock, keyblock->pkt->pkt.public_key,
2097 count ? NODFLG_SELUID : 0, 1);
2103 int count = count_selected_uids (keyblock);
2104 assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
2105 show_names (NULL, keyblock, keyblock->pkt->pkt.public_key,
2106 count ? NODFLG_SELUID : 0, 2);
2112 PKT_user_id *tempuid;
2114 keygen_set_std_prefs (!*arg_string ? "default" : arg_string, 0);
2116 tempuid = keygen_get_std_prefs ();
2117 tty_printf (_("Set preference list to:\n"));
2118 show_prefs (tempuid, NULL, 1);
2119 free_user_id (tempuid);
2121 if (cpr_get_answer_is_yes
2122 ("keyedit.setpref.okay",
2123 count_selected_uids (keyblock) ?
2124 _("Really update the preferences"
2125 " for the selected user IDs? (y/N) ")
2126 : _("Really update the preferences? (y/N) ")))
2128 if (menu_set_preferences (keyblock))
2130 merge_keys_and_selfsig (keyblock);
2139 if (menu_set_keyserver_url (*arg_string ? arg_string : NULL,
2142 merge_keys_and_selfsig (keyblock);
2149 if (menu_set_notation (*arg_string ? arg_string : NULL,
2152 merge_keys_and_selfsig (keyblock);
2162 if (menu_revsig (keyblock))
2169 #ifndef NO_TRUST_MODELS
2172 if (enable_disable_key (keyblock, cmd == cmdDISABLEKEY))
2178 #endif /*!NO_TRUST_MODELS*/
2181 menu_showphoto (keyblock);
2185 if (menu_clean (keyblock, 0))
2186 redisplay = modified = 1;
2190 if (menu_clean (keyblock, 1))
2191 redisplay = modified = 1;
2197 if (!modified && !sec_shadowing)
2199 if (!cpr_get_answer_is_yes ("keyedit.save.okay",
2200 _("Save changes? (y/N) ")))
2203 || cpr_get_answer_is_yes ("keyedit.cancel.okay",
2204 _("Quit without saving? (y/N) ")))
2212 err = keydb_update_keyblock (kdbhd, keyblock);
2215 log_error (_("update failed: %s\n"), gpg_strerror (err));
2222 err = agent_scd_learn (NULL, 1);
2225 log_error (_("update failed: %s\n"), gpg_strerror (err));
2230 if (!modified && !sec_shadowing)
2231 tty_printf (_("Key not changed so no update needed.\n"));
2235 revalidation_mark ();
2243 tty_printf (_("Invalid command (try \"help\")\n"));
2246 } /* End of the main command loop. */
2249 release_kbnode (keyblock);
2250 keydb_release (kdbhd);
2255 /* Change the passphrase of the secret key identified by USERNAME. */
2257 keyedit_passwd (ctrl_t ctrl, const char *username)
2261 kbnode_t keyblock = NULL;
2263 pk = xtrycalloc (1, sizeof *pk);
2266 err = gpg_error_from_syserror ();
2269 err = getkey_byname (NULL, pk, username, 1, &keyblock);
2273 err = change_passphrase (ctrl, keyblock);
2276 release_kbnode (keyblock);
2277 free_public_key (pk);
2280 log_info ("error changing the passphrase for '%s': %s\n",
2281 username, gpg_strerror (err));
2282 write_status_error ("keyedit.passwd", err);
2285 write_status_text (STATUS_SUCCESS, "keyedit.passwd");
2289 /* Unattended adding of a new keyid. USERNAME specifies the
2290 key. NEWUID is the new user id to add to the key. */
2292 keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid)
2295 KEYDB_HANDLE kdbhd = NULL;
2296 KEYDB_SEARCH_DESC desc;
2297 kbnode_t keyblock = NULL;
2299 char *uidstring = NULL;
2301 uidstring = xstrdup (newuid);
2302 trim_spaces (uidstring);
2305 log_error ("%s\n", gpg_strerror (GPG_ERR_INV_USER_ID));
2309 #ifdef HAVE_W32_SYSTEM
2310 /* See keyedit_menu for why we need this. */
2311 check_trustdb_stale ();
2314 /* Search the key; we don't want the whole getkey stuff here. */
2315 kdbhd = keydb_new ();
2316 err = classify_user_id (username, &desc, 1);
2318 err = keydb_search (kdbhd, &desc, 1, NULL);
2321 err = keydb_get_keyblock (kdbhd, &keyblock);
2324 log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
2327 /* Now with the keyblock retrieved, search again to detect an
2328 ambiguous specification. We need to save the found state so
2329 that we can do an update later. */
2330 keydb_push_found_state (kdbhd);
2331 err = keydb_search (kdbhd, &desc, 1, NULL);
2333 err = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
2334 else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
2336 keydb_pop_found_state (kdbhd);
2340 /* We require the secret primary key to add a UID. */
2341 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
2344 err = agent_probe_secret_key (ctrl, node->pkt->pkt.public_key);
2349 log_error (_("secret key \"%s\" not found: %s\n"),
2350 username, gpg_strerror (err));
2354 fix_keyblock (&keyblock);
2356 if (menu_adduid (keyblock, 0, NULL, uidstring))
2358 err = keydb_update_keyblock (kdbhd, keyblock);
2361 log_error (_("update failed: %s\n"), gpg_strerror (err));
2366 revalidation_mark ();
2371 release_kbnode (keyblock);
2372 keydb_release (kdbhd);
2376 /* Unattended key signing function. If the key specifified by FPR is
2377 availabale and FPR is the primary fingerprint all user ids of the
2378 user ids of the key are signed using the default signing key. If
2379 UIDS is an empty list all usable UIDs are signed, if it is not
2380 empty, only those user ids matching one of the entries of the loist
2381 are signed. With LOCAL being true kthe signatures are marked as
2384 keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids,
2385 strlist_t locusr, int local)
2388 kbnode_t keyblock = NULL;
2389 KEYDB_HANDLE kdbhd = NULL;
2391 KEYDB_SEARCH_DESC desc;
2397 #ifdef HAVE_W32_SYSTEM
2398 /* See keyedit_menu for why we need this. */
2399 check_trustdb_stale ();
2402 /* We require a fingerprint because only this uniquely identifies a
2403 key and may thus be used to select a key for unattended key
2405 if (classify_user_id (fpr, &desc, 1)
2406 || !(desc.mode == KEYDB_SEARCH_MODE_FPR
2407 || desc.mode == KEYDB_SEARCH_MODE_FPR16
2408 || desc.mode == KEYDB_SEARCH_MODE_FPR20))
2410 log_error (_("\"%s\" is not a fingerprint\n"), fpr);
2413 err = get_pubkey_byname (ctrl, NULL, NULL, fpr, &keyblock, &kdbhd, 1, 1);
2416 log_error (_("key \"%s\" not found: %s\n"), fpr, gpg_strerror (err));
2420 /* Check that the primary fingerprint has been given. */
2422 byte fprbin[MAX_FINGERPRINT_LEN];
2425 fingerprint_from_pk (keyblock->pkt->pkt.public_key, fprbin, &fprlen);
2426 if (fprlen == 16 && desc.mode == KEYDB_SEARCH_MODE_FPR16
2427 && !memcmp (fprbin, desc.u.fpr, 16))
2429 else if (fprlen == 16 && desc.mode == KEYDB_SEARCH_MODE_FPR
2430 && !memcmp (fprbin, desc.u.fpr, 16)
2436 else if (fprlen == 20 && (desc.mode == KEYDB_SEARCH_MODE_FPR20
2437 || desc.mode == KEYDB_SEARCH_MODE_FPR)
2438 && !memcmp (fprbin, desc.u.fpr, 20))
2442 log_error (_("\"%s\" is not the primary fingerprint\n"), fpr);
2447 if (fix_keyblock (&keyblock))
2450 /* Give some info in verbose. */
2453 show_key_with_all_names (ctrl, es_stdout, keyblock, 0,
2454 1/*with_revoker*/, 1/*with_fingerprint*/,
2456 es_fflush (es_stdout);
2459 pk = keyblock->pkt->pkt.public_key;
2460 if (pk->flags.revoked)
2463 show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1);
2464 log_error ("%s%s", _("Key is revoked."), _(" Unable to sign.\n"));
2468 /* Set the flags according to the UIDS list. Fixme: We may want to
2469 use classify_user_id along with dedicated compare functions so
2470 that we match the same way as in the key lookup. */
2472 menu_select_uid (keyblock, 0); /* Better clear the flags first. */
2473 for (sl=uids; sl; sl = sl->next)
2475 for (node = keyblock; node; node = node->next)
2477 if (node->pkt->pkttype == PKT_USER_ID)
2479 PKT_user_id *uid = node->pkt->pkt.user_id;
2481 if (!uid->attrib_data
2482 && ascii_memistr (uid->name, uid->len, sl->d))
2484 node->flag |= NODFLG_SELUID;
2494 show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1);
2495 es_fflush (es_stdout);
2496 log_error ("%s %s", _("No matching user IDs."), _("Nothing to sign.\n"));
2501 sign_uids (ctrl, es_stdout, keyblock, locusr, &modified, local, 0, 0, 0, 1);
2502 es_fflush (es_stdout);
2506 err = keydb_update_keyblock (kdbhd, keyblock);
2509 log_error (_("update failed: %s\n"), gpg_strerror (err));
2514 log_info (_("Key not changed so no update needed.\n"));
2517 revalidation_mark ();
2521 release_kbnode (keyblock);
2522 keydb_release (kdbhd);
2528 tty_print_notations (int indent, PKT_signature * sig)
2531 struct notation *notation, *nd;
2539 notation = sig_to_notation (sig);
2541 for (nd = notation; nd; nd = nd->next)
2544 tty_printf ("%*s", indent, "");
2548 tty_print_utf8_string (nd->name, strlen (nd->name));
2550 tty_print_utf8_string (nd->value, strlen (nd->value));
2554 free_notation (notation);
2559 * Show preferences of a public keyblock.
2562 show_prefs (PKT_user_id * uid, PKT_signature * selfsig, int verbose)
2564 const prefitem_t fake = { 0, 0 };
2565 const prefitem_t *prefs;
2580 int any, des_seen = 0, sha1_seen = 0, uncomp_seen = 0;
2583 tty_printf (_("Cipher: "));
2584 for (i = any = 0; prefs[i].type; i++)
2586 if (prefs[i].type == PREFTYPE_SYM)
2591 /* We don't want to display strings for experimental algos */
2592 if (!openpgp_cipher_test_algo (prefs[i].value)
2593 && prefs[i].value < 100)
2594 tty_printf ("%s", openpgp_cipher_algo_name (prefs[i].value));
2596 tty_printf ("[%d]", prefs[i].value);
2597 if (prefs[i].value == CIPHER_ALGO_3DES)
2605 tty_printf ("%s", openpgp_cipher_algo_name (CIPHER_ALGO_3DES));
2608 tty_printf (_("Digest: "));
2609 for (i = any = 0; prefs[i].type; i++)
2611 if (prefs[i].type == PREFTYPE_HASH)
2616 /* We don't want to display strings for experimental algos */
2617 if (!gcry_md_test_algo (prefs[i].value) && prefs[i].value < 100)
2618 tty_printf ("%s", gcry_md_algo_name (prefs[i].value));
2620 tty_printf ("[%d]", prefs[i].value);
2621 if (prefs[i].value == DIGEST_ALGO_SHA1)
2629 tty_printf ("%s", gcry_md_algo_name (DIGEST_ALGO_SHA1));
2632 tty_printf (_("Compression: "));
2633 for (i = any = 0; prefs[i].type; i++)
2635 if (prefs[i].type == PREFTYPE_ZIP)
2637 const char *s = compress_algo_to_string (prefs[i].value);
2642 /* We don't want to display strings for experimental algos */
2643 if (s && prefs[i].value < 100)
2644 tty_printf ("%s", s);
2646 tty_printf ("[%d]", prefs[i].value);
2647 if (prefs[i].value == COMPRESS_ALGO_NONE)
2657 tty_printf ("%s", compress_algo_to_string (COMPRESS_ALGO_ZIP));
2660 tty_printf ("%s", compress_algo_to_string (COMPRESS_ALGO_NONE));
2662 if (uid->flags.mdc || !uid->flags.ks_modify)
2665 tty_printf (_("Features: "));
2672 if (!uid->flags.ks_modify)
2676 tty_printf (_("Keyserver no-modify"));
2683 const byte *pref_ks;
2686 pref_ks = parse_sig_subpkt (selfsig->hashed,
2687 SIGSUBPKT_PREF_KS, &pref_ks_len);
2688 if (pref_ks && pref_ks_len)
2691 tty_printf (_("Preferred keyserver: "));
2692 tty_print_utf8_string (pref_ks, pref_ks_len);
2696 if (selfsig->flags.notation)
2699 tty_printf (_("Notations: "));
2700 tty_print_notations (5 + strlen (_("Notations: ")), selfsig);
2707 for (i = 0; prefs[i].type; i++)
2709 tty_printf (" %c%d", prefs[i].type == PREFTYPE_SYM ? 'S' :
2710 prefs[i].type == PREFTYPE_HASH ? 'H' :
2711 prefs[i].type == PREFTYPE_ZIP ? 'Z' : '?',
2715 tty_printf (" [mdc]");
2716 if (!uid->flags.ks_modify)
2717 tty_printf (" [no-ks-modify]");
2723 /* This is the version of show_key_with_all_names used when
2724 opt.with_colons is used. It prints all available data in a easy to
2725 parse format and does not translate utf8 */
2727 show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
2730 int i, j, ulti_hack = 0;
2731 byte pk_version = 0;
2732 PKT_public_key *primary = NULL;
2739 for (node = keyblock; node; node = node->next)
2741 if (node->pkt->pkttype == PKT_PUBLIC_KEY
2742 || (node->pkt->pkttype == PKT_PUBLIC_SUBKEY))
2744 PKT_public_key *pk = node->pkt->pkt.public_key;
2747 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
2749 pk_version = pk->version;
2753 keyid_from_pk (pk, keyid);
2754 have_seckey = !agent_probe_secret_key (ctrl, pk);
2756 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
2757 es_fputs (have_seckey? "sec:" : "pub:", fp);
2759 es_fputs (have_seckey? "ssb:" : "sub:", fp);
2761 if (!pk->flags.valid)
2763 else if (pk->flags.revoked)
2765 else if (pk->has_expired)
2767 else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks))
2769 int trust = get_validity_info (pk, NULL);
2772 es_putc (trust, fp);
2775 es_fprintf (fp, ":%u:%d:%08lX%08lX:%lu:%lu::",
2778 (ulong) keyid[0], (ulong) keyid[1],
2779 (ulong) pk->timestamp, (ulong) pk->expiredate);
2780 if (node->pkt->pkttype == PKT_PUBLIC_KEY
2781 && !(opt.fast_list_mode || opt.no_expensive_trust_checks))
2782 es_putc (get_ownertrust_info (pk), fp);
2786 /* Print capabilities. */
2787 if ((pk->pubkey_usage & PUBKEY_USAGE_ENC))
2789 if ((pk->pubkey_usage & PUBKEY_USAGE_SIG))
2791 if ((pk->pubkey_usage & PUBKEY_USAGE_CERT))
2793 if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
2797 print_fingerprint (fp, pk, 0);
2798 print_revokers (fp, pk);
2804 for (node = keyblock; node; node = node->next)
2806 if (node->pkt->pkttype == PKT_USER_ID)
2808 PKT_user_id *uid = node->pkt->pkt.user_id;
2812 if (uid->attrib_data)
2813 es_fputs ("uat:", fp);
2815 es_fputs ("uid:", fp);
2817 if (uid->is_revoked)
2818 es_fputs ("r::::::::", fp);
2819 else if (uid->is_expired)
2820 es_fputs ("e::::::::", fp);
2821 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
2822 es_fputs ("::::::::", fp);
2827 if (primary && !ulti_hack)
2828 uid_validity = get_validity_info (primary, uid);
2831 es_fprintf (fp, "%c::::::::", uid_validity);
2834 if (uid->attrib_data)
2835 es_fprintf (fp, "%u %lu", uid->numattribs, uid->attrib_len);
2837 es_write_sanitized (fp, uid->name, uid->len, ":", NULL);
2840 /* signature class */
2845 if (pk_version > 3 || uid->selfsigversion > 3)
2847 const prefitem_t *prefs = uid->prefs;
2849 for (j = 0; prefs && prefs[j].type; j++)
2854 "%c%d", prefs[j].type == PREFTYPE_SYM ? 'S' :
2855 prefs[j].type == PREFTYPE_HASH ? 'H' :
2856 prefs[j].type == PREFTYPE_ZIP ? 'Z' : '?',
2860 es_fputs (",mdc", fp);
2861 if (!uid->flags.ks_modify)
2862 es_fputs (",no-ks-modify", fp);
2866 es_fprintf (fp, "%d,", i);
2867 if (uid->is_primary)
2869 if (uid->is_revoked)
2871 if (uid->is_expired)
2873 if ((node->flag & NODFLG_SELUID))
2875 if ((node->flag & NODFLG_MARK_A))
2885 show_names (estream_t fp,
2886 KBNODE keyblock, PKT_public_key * pk, unsigned int flag,
2892 for (node = keyblock; node; node = node->next)
2894 if (node->pkt->pkttype == PKT_USER_ID && !is_deleted_kbnode (node))
2896 PKT_user_id *uid = node->pkt->pkt.user_id;
2898 if (!flag || (flag && (node->flag & flag)))
2900 if (!(flag & NODFLG_MARK_A) && pk)
2901 tty_fprintf (fp, "%s ", uid_trust_string_fixed (pk, uid));
2903 if (flag & NODFLG_MARK_A)
2904 tty_fprintf (fp, " ");
2905 else if (node->flag & NODFLG_SELUID)
2906 tty_fprintf (fp, "(%d)* ", i);
2907 else if (uid->is_primary)
2908 tty_fprintf (fp, "(%d). ", i);
2910 tty_fprintf (fp, "(%d) ", i);
2911 tty_print_utf8_string2 (fp, uid->name, uid->len, 0);
2912 tty_fprintf (fp, "\n");
2913 if (with_prefs && pk)
2915 if (pk->version > 3 || uid->selfsigversion > 3)
2917 PKT_signature *selfsig = NULL;
2920 for (signode = node->next;
2921 signode && signode->pkt->pkttype == PKT_SIGNATURE;
2922 signode = signode->next)
2924 if (signode->pkt->pkt.signature->
2925 flags.chosen_selfsig)
2927 selfsig = signode->pkt->pkt.signature;
2932 show_prefs (uid, selfsig, with_prefs == 2);
2935 tty_fprintf (fp, _("There are no preferences on a"
2936 " PGP 2.x-style user ID.\n"));
2945 * Display the key a the user ids, if only_marked is true, do only so
2946 * for user ids with mark A flag set and do not display the index
2947 * number. If FP is not NULL print to the given stream and not to the
2948 * tty (ignored in with-colons mode).
2951 show_key_with_all_names (ctrl_t ctrl, estream_t fp,
2952 KBNODE keyblock, int only_marked, int with_revoker,
2953 int with_fpr, int with_subkeys, int with_prefs,
2960 int have_seckey = 0;
2961 char *serialno = NULL;
2962 PKT_public_key *primary = NULL;
2963 char pkstrbuf[PUBKEY_STRING_SIZE];
2965 if (opt.with_colons)
2967 show_key_with_all_names_colon (ctrl, fp, keyblock);
2972 for (node = keyblock; node; node = node->next)
2974 if (node->pkt->pkttype == PKT_PUBLIC_KEY
2975 || (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY
2976 && !is_deleted_kbnode (node)))
2978 PKT_public_key *pk = node->pkt->pkt.public_key;
2979 const char *otrust = "err";
2980 const char *trust = "err";
2982 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
2984 /* do it here, so that debug messages don't clutter the
2986 static int did_warn = 0;
2988 trust = get_validity_string (pk, NULL);
2989 otrust = get_ownertrust_string (pk);
2991 /* Show a warning once */
2993 && (get_validity (pk, NULL) & TRUST_FLAG_PENDING_CHECK))
3002 if (pk->flags.revoked)
3004 char *user = get_user_id_string_native (pk->revoked.keyid);
3006 _("The following key was revoked on"
3007 " %s by %s key %s\n"),
3008 revokestr_from_pk (pk),
3009 gcry_pk_algo_name (pk->revoked.algo), user);
3015 if (!pk->revkey && pk->numrevkeys)
3018 for (i = 0; i < pk->numrevkeys; i++)
3024 algo = gcry_pk_algo_name (pk->revkey[i].algid);
3025 keyid_from_fingerprint (pk->revkey[i].fpr,
3026 MAX_FINGERPRINT_LEN, r_keyid);
3028 user = get_user_id_string_native (r_keyid);
3030 _("This key may be revoked by %s key %s"),
3031 algo ? algo : "?", user);
3033 if (pk->revkey[i].class & 0x40)
3035 tty_fprintf (fp, " ");
3036 tty_fprintf (fp, _("(sensitive)"));
3039 tty_fprintf (fp, "\n");
3044 keyid_from_pk (pk, NULL);
3051 err = hexkeygrip_from_pk (pk, &hexgrip);
3054 log_error ("error computing a keygrip: %s\n",
3055 gpg_strerror (err));
3059 have_seckey = !agent_get_keyinfo (ctrl, hexgrip, &serialno);
3065 node->pkt->pkttype == PKT_PUBLIC_KEY && have_seckey? "sec" :
3066 node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub" :
3067 have_seckey ? "ssb" :
3069 (node->flag & NODFLG_SELKEY) ? '*' : ' ',
3070 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
3071 keystr (pk->keyid));
3073 if (opt.legacy_list_mode)
3074 tty_fprintf (fp, " ");
3076 tty_fprintf (fp, "\n ");
3078 tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
3079 tty_fprintf (fp, " ");
3080 if (pk->flags.revoked)
3081 tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk));
3082 else if (pk->has_expired)
3083 tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk));
3085 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
3086 tty_fprintf (fp, " ");
3087 tty_fprintf (fp, _("usage: %s"), usagestr_from_pk (pk, 1));
3088 tty_fprintf (fp, "\n");
3092 /* The agent told us that a secret key is available and
3093 that it has been stored on a card. */
3094 tty_fprintf (fp, "%*s%s", opt.legacy_list_mode? 21:5, "",
3096 if (strlen (serialno) == 32
3097 && !strncmp (serialno, "D27600012401", 12))
3099 /* This is an OpenPGP card. Print the relevant part. */
3100 /* Example: D2760001240101010001000003470000 */
3102 tty_fprintf (fp, "%.*s %.*s\n",
3103 4, serialno+16, 8, serialno+20);
3106 tty_fprintf (fp, "%s\n", serialno);
3109 else if (pk->seckey_info
3110 && pk->seckey_info->is_protected
3111 && pk->seckey_info->s2k.mode == 1002)
3113 /* FIXME: Check wether this code path is still used. */
3114 tty_fprintf (fp, "%*s%s", opt.legacy_list_mode? 21:5, "",
3116 if (pk->seckey_info->ivlen == 16
3117 && !memcmp (pk->seckey_info->iv,
3118 "\xD2\x76\x00\x01\x24\x01", 6))
3120 /* This is an OpenPGP card. */
3121 for (i = 8; i < 14; i++)
3124 tty_fprintf (fp, " ");
3125 tty_fprintf (fp, "%02X", pk->seckey_info->iv[i]);
3130 /* Unknown card: Print all. */
3131 for (i = 0; i < pk->seckey_info->ivlen; i++)
3132 tty_fprintf (fp, "%02X", pk->seckey_info->iv[i]);
3134 tty_fprintf (fp, "\n");
3137 if (node->pkt->pkttype == PKT_PUBLIC_KEY
3138 || node->pkt->pkttype == PKT_SECRET_KEY)
3140 if (opt.trust_model != TM_ALWAYS)
3142 tty_fprintf (fp, "%*s",
3143 opt.legacy_list_mode?
3144 ((int) keystrlen () + 13):5, "");
3145 /* Ownertrust is only meaningful for the PGP or
3146 classic trust models */
3147 if (opt.trust_model == TM_PGP
3148 || opt.trust_model == TM_CLASSIC)
3150 int width = 14 - strlen (otrust);
3153 tty_fprintf (fp, _("trust: %s"), otrust);
3154 tty_fprintf (fp, "%*s", width, "");
3157 tty_fprintf (fp, _("validity: %s"), trust);
3158 tty_fprintf (fp, "\n");
3160 if (node->pkt->pkttype == PKT_PUBLIC_KEY
3161 && (get_ownertrust (pk) & TRUST_FLAG_DISABLED))
3163 tty_fprintf (fp, "*** ");
3164 tty_fprintf (fp, _("This key has been disabled"));
3165 tty_fprintf (fp, "\n");
3169 if ((node->pkt->pkttype == PKT_PUBLIC_KEY
3170 || node->pkt->pkttype == PKT_SECRET_KEY) && with_fpr)
3172 print_fingerprint (fp, pk, 2);
3173 tty_fprintf (fp, "\n");
3179 keyblock, primary, only_marked ? NODFLG_MARK_A : 0, with_prefs);
3181 if (do_warn && !nowarn)
3182 tty_fprintf (fp, _("Please note that the shown key validity"
3183 " is not necessarily correct\n"
3184 "unless you restart the program.\n"));
3190 /* Display basic key information. This function is suitable to show
3191 information on the key without any dependencies on the trustdb or
3192 any other internal GnuPG stuff. KEYBLOCK may either be a public or
3193 a secret key. This function may be called with KEYBLOCK containing
3194 secret keys and thus the printing of "pub" vs. "sec" does only
3195 depend on the packet type and not by checking with gpg-agent. */
3197 show_basic_key_info (KBNODE keyblock)
3201 char pkstrbuf[PUBKEY_STRING_SIZE];
3203 /* The primary key */
3204 for (node = keyblock; node; node = node->next)
3206 if (node->pkt->pkttype == PKT_PUBLIC_KEY
3207 || node->pkt->pkttype == PKT_SECRET_KEY)
3209 PKT_public_key *pk = node->pkt->pkt.public_key;
3211 /* Note, we use the same format string as in other show
3212 functions to make the translation job easier. */
3213 tty_printf ("%s %s/%s ",
3214 node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub" :
3215 node->pkt->pkttype == PKT_PUBLIC_SUBKEY ? "sub" :
3216 node->pkt->pkttype == PKT_SECRET_KEY ? "sec" :"ssb",
3217 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
3218 keystr_from_pk (pk));
3219 tty_printf (_("created: %s"), datestr_from_pk (pk));
3221 tty_printf (_("expires: %s"), expirestr_from_pk (pk));
3223 print_fingerprint (NULL, pk, 3);
3229 for (i = 0, node = keyblock; node; node = node->next)
3231 if (node->pkt->pkttype == PKT_USER_ID)
3233 PKT_user_id *uid = node->pkt->pkt.user_id;
3237 if (uid->is_revoked)
3238 tty_printf ("[%s] ", _("revoked"));
3239 else if (uid->is_expired)
3240 tty_printf ("[%s] ", _("expired"));
3241 tty_print_utf8_string (uid->name, uid->len);
3249 show_key_and_fingerprint (kbnode_t keyblock, int with_subkeys)
3252 PKT_public_key *pk = NULL;
3253 char pkstrbuf[PUBKEY_STRING_SIZE];
3255 for (node = keyblock; node; node = node->next)
3257 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
3259 pk = node->pkt->pkt.public_key;
3260 tty_printf ("pub %s/%s %s ",
3261 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
3263 datestr_from_pk (pk));
3265 else if (node->pkt->pkttype == PKT_USER_ID)
3267 PKT_user_id *uid = node->pkt->pkt.user_id;
3268 tty_print_utf8_string (uid->name, uid->len);
3274 print_fingerprint (NULL, pk, 2);
3277 for (node = keyblock; node; node = node->next)
3279 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
3281 pk = node->pkt->pkt.public_key;
3282 tty_printf ("sub %s/%s %s [%s]\n",
3283 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
3285 datestr_from_pk (pk),
3286 usagestr_from_pk (pk, 0));
3288 print_fingerprint (NULL, pk, 4);
3295 /* Show a listing of the primary and its subkeys along with their
3298 show_key_and_grip (kbnode_t keyblock)
3301 PKT_public_key *pk = NULL;
3302 char pkstrbuf[PUBKEY_STRING_SIZE];
3305 for (node = keyblock; node; node = node->next)
3307 if (node->pkt->pkttype == PKT_PUBLIC_KEY
3308 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
3310 pk = node->pkt->pkt.public_key;
3311 tty_printf ("%s %s/%s %s [%s]\n",
3312 node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
3313 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
3315 datestr_from_pk (pk),
3316 usagestr_from_pk (pk, 0));
3318 if (!hexkeygrip_from_pk (pk, &hexgrip))
3320 tty_printf (" Keygrip: %s\n", hexgrip);
3328 /* Show a warning if no uids on the key have the primary uid flag
3331 no_primary_warning (KBNODE keyblock)
3334 int have_primary = 0, uid_count = 0;
3336 /* TODO: if we ever start behaving differently with a primary or
3337 non-primary attribute ID, we will need to check for attributes
3340 for (node = keyblock; node; node = node->next)
3342 if (node->pkt->pkttype == PKT_USER_ID
3343 && node->pkt->pkt.user_id->attrib_data == NULL)
3347 if (node->pkt->pkt.user_id->is_primary == 2)
3355 if (uid_count > 1 && !have_primary)
3357 ("WARNING: no user ID has been marked as primary. This command"
3358 " may\n cause a different user ID to become"
3359 " the assumed primary.\n"));
3363 /* Print a warning if the latest encryption subkey expires soon. This
3364 function is called after the expire data of the primary key has
3367 subkey_expire_warning (kbnode_t keyblock)
3369 u32 curtime = make_timestamp ();
3372 /* u32 mainexpire = 0; */
3374 u32 latest_date = 0;
3376 for (node = keyblock; node; node = node->next)
3378 /* if (node->pkt->pkttype == PKT_PUBLIC_KEY) */
3380 /* pk = node->pkt->pkt.public_key; */
3381 /* mainexpire = pk->expiredate; */
3384 if (node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
3386 pk = node->pkt->pkt.public_key;
3388 if (!pk->flags.valid)
3390 if (pk->flags.revoked)
3392 if (pk->timestamp > curtime)
3393 continue; /* Ignore future keys. */
3394 if (!(pk->pubkey_usage & PUBKEY_USAGE_ENC))
3395 continue; /* Not an encryption key. */
3397 if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date))
3399 latest_date = pk->timestamp;
3400 subexpire = pk->expiredate;
3405 return; /* No valid subkey with an expiration time. */
3407 if (curtime + (10*86400) > subexpire)
3409 log_info (_("WARNING: Your encryption subkey expires soon.\n"));
3410 log_info (_("You may want to change its expiration date too.\n"));
3416 * Ask for a new user id, add the self-signature, and update the
3417 * keyblock. If UIDSTRING is not NULL the user ID is generated
3418 * unattended using that string. UIDSTRING is expected to be utf-8
3419 * encoded and white space trimmed. Returns true if there is a new
3423 menu_adduid (kbnode_t pub_keyblock, int photo, const char *photo_name,
3424 const char *uidstring)
3427 PKT_public_key *pk = NULL;
3428 PKT_signature *sig = NULL;
3431 KBNODE pub_where = NULL;
3434 if (photo && uidstring)
3435 return 0; /* Not allowed. */
3437 for (node = pub_keyblock; node; pub_where = node, node = node->next)
3439 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
3440 pk = node->pkt->pkt.public_key;
3441 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
3444 if (!node) /* No subkey. */
3452 for (node = pub_keyblock; node; node = node->next)
3453 if (node->pkt->pkttype == PKT_USER_ID &&
3454 node->pkt->pkt.user_id->attrib_data != NULL)
3460 /* It is legal but bad for compatibility to add a photo ID to a
3461 v3 key as it means that PGP2 will not be able to use that key
3462 anymore. Also, PGP may not expect a photo on a v3 key.
3463 Don't bother to ask this if the key already has a photo - any
3464 damage has already been done at that point. -dms */
3465 if (pk->version == 3 && !hasattrib)
3469 tty_printf (_("WARNING: This is a PGP2-style key. "
3470 "Adding a photo ID may cause some versions\n"
3471 " of PGP to reject this key.\n"));
3473 if (!cpr_get_answer_is_yes ("keyedit.v3_photo.okay",
3474 _("Are you sure you still want "
3475 "to add it? (y/N) ")))
3480 tty_printf (_("You may not add a photo ID to "
3481 "a PGP2-style key.\n"));
3486 uid = generate_photo_id (pk, photo_name);
3489 uid = generate_user_id (pub_keyblock, uidstring);
3493 log_error ("%s", _("Such a user ID already exists on this key!\n"));
3497 err = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x13, 0, 0, 0,
3498 keygen_add_std_prefs, pk, NULL);
3501 write_status_error ("keysig", err);
3502 log_error ("signing failed: %s\n", gpg_strerror (err));
3507 /* Insert/append to public keyblock */
3508 pkt = xmalloc_clear (sizeof *pkt);
3509 pkt->pkttype = PKT_USER_ID;
3510 pkt->pkt.user_id = uid;
3511 node = new_kbnode (pkt);
3513 insert_kbnode (pub_where, node, 0);
3515 add_kbnode (pub_keyblock, node);
3516 pkt = xmalloc_clear (sizeof *pkt);
3517 pkt->pkttype = PKT_SIGNATURE;
3518 pkt->pkt.signature = copy_signature (NULL, sig);
3520 insert_kbnode (node, new_kbnode (pkt), 0);
3522 add_kbnode (pub_keyblock, new_kbnode (pkt));
3528 * Remove all selected userids from the keyring
3531 menu_deluid (KBNODE pub_keyblock)
3536 for (node = pub_keyblock; node; node = node->next)
3538 if (node->pkt->pkttype == PKT_USER_ID)
3540 selected = node->flag & NODFLG_SELUID;
3543 /* Only cause a trust update if we delete a
3544 non-revoked user id */
3545 if (!node->pkt->pkt.user_id->is_revoked)
3547 delete_kbnode (node);
3550 else if (selected && node->pkt->pkttype == PKT_SIGNATURE)
3551 delete_kbnode (node);
3552 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
3555 commit_kbnode (&pub_keyblock);
3560 menu_delsig (KBNODE pub_keyblock)
3563 PKT_user_id *uid = NULL;
3566 for (node = pub_keyblock; node; node = node->next)
3568 if (node->pkt->pkttype == PKT_USER_ID)
3570 uid = (node->flag & NODFLG_SELUID) ? node->pkt->pkt.user_id : NULL;
3572 else if (uid && node->pkt->pkttype == PKT_SIGNATURE)
3574 int okay, valid, selfsig, inv_sig, no_key, other_err;
3576 tty_printf ("uid ");
3577 tty_print_utf8_string (uid->name, uid->len);
3580 okay = inv_sig = no_key = other_err = 0;
3581 if (opt.with_colons)
3582 valid = print_and_check_one_sig_colon (pub_keyblock, node,
3584 &other_err, &selfsig, 1);
3586 valid = print_and_check_one_sig (pub_keyblock, node,
3587 &inv_sig, &no_key, &other_err,
3592 okay = cpr_get_answer_yes_no_quit
3593 ("keyedit.delsig.valid",
3594 _("Delete this good signature? (y/N/q)"));
3596 /* Only update trust if we delete a good signature.
3597 The other two cases do not affect trust. */
3601 else if (inv_sig || other_err)
3602 okay = cpr_get_answer_yes_no_quit
3603 ("keyedit.delsig.invalid",
3604 _("Delete this invalid signature? (y/N/q)"));
3606 okay = cpr_get_answer_yes_no_quit
3607 ("keyedit.delsig.unknown",
3608 _("Delete this unknown signature? (y/N/q)"));
3613 && !cpr_get_answer_is_yes
3614 ("keyedit.delsig.selfsig",
3615 _("Really delete this self-signature? (y/N)")))
3619 delete_kbnode (node);
3624 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
3630 commit_kbnode (&pub_keyblock);
3631 tty_printf (changed == 1 ? _("Deleted %d signature.\n")
3632 : _("Deleted %d signatures.\n"), changed);
3635 tty_printf (_("Nothing deleted.\n"));
3642 menu_clean (KBNODE keyblock, int self_only)
3645 int modified = 0, select_all = !count_selected_uids (keyblock);
3647 for (uidnode = keyblock->next;
3648 uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
3649 uidnode = uidnode->next)
3651 if (uidnode->pkt->pkttype == PKT_USER_ID
3652 && (uidnode->flag & NODFLG_SELUID || select_all))
3654 int uids = 0, sigs = 0;
3655 char *user = utf8_to_native (uidnode->pkt->pkt.user_id->name,
3656 uidnode->pkt->pkt.user_id->len,
3659 clean_one_uid (keyblock, uidnode, opt.verbose, self_only, &uids,
3665 if (uidnode->pkt->pkt.user_id->is_revoked)
3666 reason = _("revoked");
3667 else if (uidnode->pkt->pkt.user_id->is_expired)
3668 reason = _("expired");
3670 reason = _("invalid");
3672 tty_printf (_("User ID \"%s\" compacted: %s\n"), user, reason);
3678 tty_printf (sigs == 1 ?
3679 _("User ID \"%s\": %d signature removed\n") :
3680 _("User ID \"%s\": %d signatures removed\n"),
3687 tty_printf (self_only == 1 ?
3688 _("User ID \"%s\": already minimized\n") :
3689 _("User ID \"%s\": already clean\n"), user);
3701 * Remove some of the secondary keys
3704 menu_delkey (KBNODE pub_keyblock)
3709 for (node = pub_keyblock; node; node = node->next)
3711 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
3713 selected = node->flag & NODFLG_SELKEY;
3715 delete_kbnode (node);
3717 else if (selected && node->pkt->pkttype == PKT_SIGNATURE)
3718 delete_kbnode (node);
3722 commit_kbnode (&pub_keyblock);
3724 /* No need to set update_trust here since signing keys are no
3725 longer used to certify other keys, so there is no change in
3726 trust when revoking/removing them. */
3731 * Ask for a new revoker, create the self-signature and put it into
3732 * the keyblock. Returns true if there is a new revoker.
3735 menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
3737 PKT_public_key *pk = NULL;
3738 PKT_public_key *revoker_pk = NULL;
3739 PKT_signature *sig = NULL;
3741 struct revocation_key revkey;
3745 assert (pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
3747 pk = pub_keyblock->pkt->pkt.public_key;
3749 if (pk->numrevkeys == 0 && pk->version == 3)
3751 /* It is legal but bad for compatibility to add a revoker to a
3752 v3 key as it means that PGP2 will not be able to use that key
3753 anymore. Also, PGP may not expect a revoker on a v3 key.
3754 Don't bother to ask this if the key already has a revoker -
3755 any damage has already been done at that point. -dms */
3758 tty_printf (_("WARNING: This is a PGP 2.x-style key. "
3759 "Adding a designated revoker may cause\n"
3760 " some versions of PGP to reject this key.\n"));
3762 if (!cpr_get_answer_is_yes ("keyedit.v3_revoker.okay",
3763 _("Are you sure you still want "
3764 "to add it? (y/N) ")))
3769 tty_printf (_("You may not add a designated revoker to "
3770 "a PGP 2.x-style key.\n"));
3779 free_public_key (revoker_pk);
3780 revoker_pk = xmalloc_clear (sizeof (*revoker_pk));
3784 answer = cpr_get_utf8
3785 ("keyedit.add_revoker",
3786 _("Enter the user ID of the designated revoker: "));
3787 if (answer[0] == '\0' || answer[0] == CONTROL_D)
3793 /* Note that I'm requesting CERT here, which usually implies
3794 primary keys only, but some casual testing shows that PGP and
3795 GnuPG both can handle a designated revocation from a subkey. */
3796 revoker_pk->req_usage = PUBKEY_USAGE_CERT;
3797 rc = get_pubkey_byname (ctrl, NULL, revoker_pk, answer, NULL, NULL, 1, 1);
3800 log_error (_("key \"%s\" not found: %s\n"), answer,
3808 fingerprint_from_pk (revoker_pk, revkey.fpr, &fprlen);
3811 log_error (_("cannot appoint a PGP 2.x style key as a "
3812 "designated revoker\n"));
3816 revkey.class = 0x80;
3818 revkey.class |= 0x40;
3819 revkey.algid = revoker_pk->pubkey_algo;
3821 if (cmp_public_keys (revoker_pk, pk) == 0)
3823 /* This actually causes no harm (after all, a key that
3824 designates itself as a revoker is the same as a
3825 regular key), but it's easy enough to check. */
3826 log_error (_("you cannot appoint a key as its own "
3827 "designated revoker\n"));
3832 keyid_from_pk (pk, NULL);
3834 /* Does this revkey already exist? */
3835 if (!pk->revkey && pk->numrevkeys)
3841 for (i = 0; i < pk->numrevkeys; i++)
3843 if (memcmp (&pk->revkey[i], &revkey,
3844 sizeof (struct revocation_key)) == 0)
3848 log_error (_("this key has already been designated "
3851 sprintf (buf, "%08lX%08lX",
3852 (ulong) pk->keyid[0], (ulong) pk->keyid[1]);
3853 write_status_text (STATUS_ALREADY_SIGNED, buf);
3859 if (i < pk->numrevkeys)
3863 print_pubkey_info (NULL, revoker_pk);
3864 print_fingerprint (NULL, revoker_pk, 2);
3867 tty_printf (_("WARNING: appointing a key as a designated revoker "
3868 "cannot be undone!\n"));
3872 if (!cpr_get_answer_is_yes ("keyedit.add_revoker.okay",
3873 _("Are you sure you want to appoint this "
3874 "key as a designated revoker? (y/N) ")))
3877 free_public_key (revoker_pk);
3882 rc = make_keysig_packet (&sig, pk, NULL, NULL, pk, 0x1F, 0, 0, 0,
3883 keygen_add_revkey, &revkey, NULL);
3886 write_status_error ("keysig", rc);
3887 log_error ("signing failed: %s\n", gpg_strerror (rc));
3891 /* Insert into public keyblock. */
3892 pkt = xmalloc_clear (sizeof *pkt);
3893 pkt->pkttype = PKT_SIGNATURE;
3894 pkt->pkt.signature = sig;
3895 insert_kbnode (pub_keyblock, new_kbnode (pkt), PKT_SIGNATURE);
3901 free_seckey_enc (sig);
3902 free_public_key (revoker_pk);
3909 menu_expire (KBNODE pub_keyblock)
3911 int n1, signumber, rc;
3914 PKT_public_key *main_pk, *sub_pk;
3919 n1 = count_selected_keys (pub_keyblock);
3922 tty_printf (_("Please select at most one subkey.\n"));
3926 tty_printf (_("Changing expiration time for a subkey.\n"));
3929 tty_printf (_("Changing expiration time for the primary key.\n"));
3931 no_primary_warning (pub_keyblock);
3934 expiredate = ask_expiredate ();
3936 /* Now we can actually change the self-signature(s) */
3937 main_pk = sub_pk = NULL;
3940 for (node = pub_keyblock; node; node = node->next)
3942 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
3944 main_pk = node->pkt->pkt.public_key;
3945 keyid_from_pk (main_pk, keyid);
3946 main_pk->expiredate = expiredate;
3948 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
3949 && (node->flag & NODFLG_SELKEY))
3951 sub_pk = node->pkt->pkt.public_key;
3952 sub_pk->expiredate = expiredate;
3954 else if (node->pkt->pkttype == PKT_USER_ID)
3955 uid = node->pkt->pkt.user_id;
3956 else if (main_pk && node->pkt->pkttype == PKT_SIGNATURE
3957 && (mainkey || sub_pk))
3959 PKT_signature *sig = node->pkt->pkt.signature;
3960 if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
3962 && uid->created && (sig->sig_class & ~3) == 0x10)
3963 || (!mainkey && sig->sig_class == 0x18))
3964 && sig->flags.chosen_selfsig)
3966 /* This is a self-signature which is to be replaced. */
3967 PKT_signature *newsig;
3972 if ((mainkey && main_pk->version < 4)
3973 || (!mainkey && sub_pk->version < 4))
3976 (_("You can't change the expiration date of a v3 key\n"));
3981 rc = update_keysig_packet (&newsig, sig, main_pk, uid, NULL,
3982 main_pk, keygen_add_key_expire,
3986 update_keysig_packet (&newsig, sig, main_pk, NULL, sub_pk,
3987 main_pk, keygen_add_key_expire, sub_pk);
3990 log_error ("make_keysig_packet failed: %s\n",
3995 /* Replace the packet. */
3996 newpkt = xmalloc_clear (sizeof *newpkt);
3997 newpkt->pkttype = PKT_SIGNATURE;
3998 newpkt->pkt.signature = newsig;
3999 free_packet (node->pkt);
4013 menu_backsign (KBNODE pub_keyblock)
4015 int rc, modified = 0;
4016 PKT_public_key *main_pk;
4020 assert (pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
4022 merge_keys_and_selfsig (pub_keyblock);
4023 main_pk = pub_keyblock->pkt->pkt.public_key;
4024 keyid_from_pk (main_pk, NULL);
4026 /* We use the same timestamp for all backsigs so that we don't
4027 reveal information about the used machine. */
4028 timestamp = make_timestamp ();
4030 for (node = pub_keyblock; node; node = node->next)
4032 PKT_public_key *sub_pk = NULL;
4033 KBNODE node2, sig_pk = NULL /*,sig_sk = NULL*/;
4034 /* char *passphrase; */
4036 /* Find a signing subkey with no backsig */
4037 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4039 if (node->pkt->pkt.public_key->pubkey_usage & PUBKEY_USAGE_SIG)
4041 if (node->pkt->pkt.public_key->flags.backsig)
4043 ("signing subkey %s is already cross-certified\n"),
4044 keystr_from_pk (node->pkt->pkt.public_key));
4046 sub_pk = node->pkt->pkt.public_key;
4049 tty_printf (_("subkey %s does not sign and so does"
4050 " not need to be cross-certified\n"),
4051 keystr_from_pk (node->pkt->pkt.public_key));
4057 /* Find the selected selfsig on this subkey */
4058 for (node2 = node->next;
4059 node2 && node2->pkt->pkttype == PKT_SIGNATURE; node2 = node2->next)
4060 if (node2->pkt->pkt.signature->version >= 4
4061 && node2->pkt->pkt.signature->flags.chosen_selfsig)
4070 /* Find the secret subkey that matches the public subkey */
4071 log_debug ("FIXME: Check whether a secret subkey is available.\n");
4074 /* tty_printf (_("no secret subkey for public subkey %s - ignoring\n"), */
4075 /* keystr_from_pk (sub_pk)); */
4080 /* Now we can get to work. */
4082 rc = make_backsig (sig_pk->pkt->pkt.signature, main_pk, sub_pk, sub_pk,
4086 PKT_signature *newsig;
4089 rc = update_keysig_packet (&newsig, sig_pk->pkt->pkt.signature,
4090 main_pk, NULL, sub_pk, main_pk,
4094 /* Put the new sig into place on the pubkey */
4095 newpkt = xmalloc_clear (sizeof (*newpkt));
4096 newpkt->pkttype = PKT_SIGNATURE;
4097 newpkt->pkt.signature = newsig;
4098 free_packet (sig_pk->pkt);
4099 xfree (sig_pk->pkt);
4100 sig_pk->pkt = newpkt;
4106 log_error ("update_keysig_packet failed: %s\n",
4113 log_error ("make_backsig failed: %s\n", gpg_strerror (rc));
4123 change_primary_uid_cb (PKT_signature * sig, void *opaque)
4127 /* first clear all primary uid flags so that we are sure none are
4128 * lingering around */
4129 delete_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID);
4130 delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PRIMARY_UID);
4132 /* if opaque is set,we want to set the primary id */
4136 build_sig_subpkt (sig, SIGSUBPKT_PRIMARY_UID, buf, 1);
4144 * Set the primary uid flag for the selected UID. We will also reset
4145 * all other primary uid flags. For this to work with have to update
4146 * all the signature timestamps. If we would do this with the current
4147 * time, we lose quite a lot of information, so we use a a kludge to
4148 * do this: Just increment the timestamp by one second which is
4149 * sufficient to updated a signature during import.
4152 menu_set_primary_uid (KBNODE pub_keyblock)
4154 PKT_public_key *main_pk;
4162 if (count_selected_uids (pub_keyblock) != 1)
4164 tty_printf (_("Please select exactly one user ID.\n"));
4172 /* Is our selected uid an attribute packet? */
4173 for (node = pub_keyblock; node; node = node->next)
4174 if (node->pkt->pkttype == PKT_USER_ID && node->flag & NODFLG_SELUID)
4175 attribute = (node->pkt->pkt.user_id->attrib_data != NULL);
4177 for (node = pub_keyblock; node; node = node->next)
4179 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4180 break; /* No more user ids expected - ready. */
4182 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
4184 main_pk = node->pkt->pkt.public_key;
4185 keyid_from_pk (main_pk, keyid);
4187 else if (node->pkt->pkttype == PKT_USER_ID)
4189 uid = node->pkt->pkt.user_id;
4190 selected = node->flag & NODFLG_SELUID;
4192 else if (main_pk && uid && node->pkt->pkttype == PKT_SIGNATURE)
4194 PKT_signature *sig = node->pkt->pkt.signature;
4195 if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
4196 && (uid && (sig->sig_class & ~3) == 0x10)
4197 && attribute == (uid->attrib_data != NULL)
4198 && sig->flags.chosen_selfsig)
4200 if (sig->version < 4)
4203 utf8_to_native (uid->name, strlen (uid->name), 0);
4205 log_info (_("skipping v3 self-signature on user ID \"%s\"\n"),
4211 /* This is a selfsignature which is to be replaced.
4212 We can just ignore v3 signatures because they are
4213 not able to carry the primary ID flag. We also
4214 ignore self-sigs on user IDs that are not of the
4215 same type that we are making primary. That is, if
4216 we are making a user ID primary, we alter user IDs.
4217 If we are making an attribute packet primary, we
4218 alter attribute packets. */
4220 /* FIXME: We must make sure that we only have one
4221 self-signature per user ID here (not counting
4223 PKT_signature *newsig;
4228 /* See whether this signature has the primary UID flag. */
4229 p = parse_sig_subpkt (sig->hashed,
4230 SIGSUBPKT_PRIMARY_UID, NULL);
4232 p = parse_sig_subpkt (sig->unhashed,
4233 SIGSUBPKT_PRIMARY_UID, NULL);
4234 if (p && *p) /* yes */
4235 action = selected ? 0 : -1;
4237 action = selected ? 1 : 0;
4241 int rc = update_keysig_packet (&newsig, sig,
4244 change_primary_uid_cb,
4245 action > 0 ? "x" : NULL);
4248 log_error ("update_keysig_packet failed: %s\n",
4252 /* replace the packet */
4253 newpkt = xmalloc_clear (sizeof *newpkt);
4254 newpkt->pkttype = PKT_SIGNATURE;
4255 newpkt->pkt.signature = newsig;
4256 free_packet (node->pkt);
4271 * Set preferences to new values for the selected user IDs
4274 menu_set_preferences (KBNODE pub_keyblock)
4276 PKT_public_key *main_pk;
4280 int selected, select_all;
4283 no_primary_warning (pub_keyblock);
4285 select_all = !count_selected_uids (pub_keyblock);
4287 /* Now we can actually change the self signature(s) */
4291 for (node = pub_keyblock; node; node = node->next)
4293 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4294 break; /* No more user-ids expected - ready. */
4296 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
4298 main_pk = node->pkt->pkt.public_key;
4299 keyid_from_pk (main_pk, keyid);
4301 else if (node->pkt->pkttype == PKT_USER_ID)
4303 uid = node->pkt->pkt.user_id;
4304 selected = select_all || (node->flag & NODFLG_SELUID);
4306 else if (main_pk && uid && selected
4307 && node->pkt->pkttype == PKT_SIGNATURE)
4309 PKT_signature *sig = node->pkt->pkt.signature;
4310 if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
4311 && (uid && (sig->sig_class & ~3) == 0x10)
4312 && sig->flags.chosen_selfsig)
4314 if (sig->version < 4)
4317 utf8_to_native (uid->name, strlen (uid->name), 0);
4319 log_info (_("skipping v3 self-signature on user ID \"%s\"\n"),
4325 /* This is a selfsignature which is to be replaced
4326 * We have to ignore v3 signatures because they are
4327 * not able to carry the preferences. */
4328 PKT_signature *newsig;
4332 rc = update_keysig_packet (&newsig, sig,
4333 main_pk, uid, NULL, main_pk,
4334 keygen_upd_std_prefs, NULL);
4337 log_error ("update_keysig_packet failed: %s\n",
4341 /* replace the packet */
4342 newpkt = xmalloc_clear (sizeof *newpkt);
4343 newpkt->pkttype = PKT_SIGNATURE;
4344 newpkt->pkt.signature = newsig;
4345 free_packet (node->pkt);
4359 menu_set_keyserver_url (const char *url, KBNODE pub_keyblock)
4361 PKT_public_key *main_pk;
4365 int selected, select_all;
4369 no_primary_warning (pub_keyblock);
4372 answer = xstrdup (url);
4375 answer = cpr_get_utf8 ("keyedit.add_keyserver",
4376 _("Enter your preferred keyserver URL: "));
4377 if (answer[0] == '\0' || answer[0] == CONTROL_D)
4384 if (ascii_strcasecmp (answer, "none") == 0)
4388 struct keyserver_spec *keyserver = NULL;
4389 /* Sanity check the format */
4390 keyserver = parse_keyserver_uri (answer, 1);
4394 log_info (_("could not parse keyserver URL\n"));
4397 uri = xstrdup (keyserver->uri);
4398 free_keyserver_spec (keyserver);
4401 select_all = !count_selected_uids (pub_keyblock);
4403 /* Now we can actually change the self signature(s) */
4407 for (node = pub_keyblock; node; node = node->next)
4409 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4412 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
4414 main_pk = node->pkt->pkt.public_key;
4415 keyid_from_pk (main_pk, keyid);
4417 else if (node->pkt->pkttype == PKT_USER_ID)
4419 uid = node->pkt->pkt.user_id;
4420 selected = select_all || (node->flag & NODFLG_SELUID);
4422 else if (main_pk && uid && selected
4423 && node->pkt->pkttype == PKT_SIGNATURE)
4425 PKT_signature *sig = node->pkt->pkt.signature;
4426 if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
4427 && (uid && (sig->sig_class & ~3) == 0x10)
4428 && sig->flags.chosen_selfsig)
4430 char *user = utf8_to_native (uid->name, strlen (uid->name), 0);
4431 if (sig->version < 4)
4432 log_info (_("skipping v3 self-signature on user ID \"%s\"\n"),
4436 /* This is a selfsignature which is to be replaced
4437 * We have to ignore v3 signatures because they are
4438 * not able to carry the subpacket. */
4439 PKT_signature *newsig;
4445 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &plen);
4448 tty_printf ("Current preferred keyserver for user"
4449 " ID \"%s\": ", user);
4450 tty_print_utf8_string (p, plen);
4452 if (!cpr_get_answer_is_yes
4453 ("keyedit.confirm_keyserver",
4455 ? _("Are you sure you want to replace it? (y/N) ")
4456 : _("Are you sure you want to delete it? (y/N) ")))
4459 else if (uri == NULL)
4461 /* There is no current keyserver URL, so there
4462 is no point in trying to un-set it. */
4466 rc = update_keysig_packet (&newsig, sig,
4469 keygen_add_keyserver_url, uri);
4472 log_error ("update_keysig_packet failed: %s\n",
4477 /* replace the packet */
4478 newpkt = xmalloc_clear (sizeof *newpkt);
4479 newpkt->pkttype = PKT_SIGNATURE;
4480 newpkt->pkt.signature = newsig;
4481 free_packet (node->pkt);
4497 menu_set_notation (const char *string, KBNODE pub_keyblock)
4499 PKT_public_key *main_pk;
4503 int selected, select_all;
4506 struct notation *notation;
4508 no_primary_warning (pub_keyblock);
4511 answer = xstrdup (string);
4514 answer = cpr_get_utf8 ("keyedit.add_notation",
4515 _("Enter the notation: "));
4516 if (answer[0] == '\0' || answer[0] == CONTROL_D)
4523 if (!ascii_strcasecmp (answer, "none")
4524 || !ascii_strcasecmp (answer, "-"))
4525 notation = NULL; /* Delete them all. */
4528 notation = string_to_notation (answer, 0);
4538 select_all = !count_selected_uids (pub_keyblock);
4540 /* Now we can actually change the self signature(s) */
4544 for (node = pub_keyblock; node; node = node->next)
4546 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
4549 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
4551 main_pk = node->pkt->pkt.public_key;
4552 keyid_from_pk (main_pk, keyid);
4554 else if (node->pkt->pkttype == PKT_USER_ID)
4556 uid = node->pkt->pkt.user_id;
4557 selected = select_all || (node->flag & NODFLG_SELUID);
4559 else if (main_pk && uid && selected
4560 && node->pkt->pkttype == PKT_SIGNATURE)
4562 PKT_signature *sig = node->pkt->pkt.signature;
4563 if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
4564 && (uid && (sig->sig_class & ~3) == 0x10)
4565 && sig->flags.chosen_selfsig)
4567 char *user = utf8_to_native (uid->name, strlen (uid->name), 0);
4568 if (sig->version < 4)
4569 log_info (_("skipping v3 self-signature on user ID \"%s\"\n"),
4573 PKT_signature *newsig;
4575 int rc, skip = 0, addonly = 1;
4577 if (sig->flags.notation)
4579 tty_printf ("Current notations for user ID \"%s\":\n",
4581 tty_print_notations (-9, sig);
4585 tty_printf ("No notations on user ID \"%s\"\n", user);
4586 if (notation == NULL)
4588 /* There are no current notations, so there
4589 is no point in trying to un-set them. */
4599 notation->next = sig_to_notation (sig);
4601 for (n = notation->next; n; n = n->next)
4602 if (strcmp (n->name, notation->name) == 0)
4604 if (notation->value)
4606 if (strcmp (n->value, notation->value) == 0)
4608 if (notation->flags.ignore)
4610 /* Value match with a delete
4612 n->flags.ignore = 1;
4617 /* Adding the same notation
4618 twice, so don't add it at
4621 tty_printf ("Skipping notation:"
4631 /* No value, so it means delete. */
4632 n->flags.ignore = 1;
4636 if (n->flags.ignore)
4638 tty_printf ("Removing notation: %s=%s\n",
4644 if (!notation->flags.ignore && !skip)
4645 tty_printf ("Adding notation: %s=%s\n",
4646 notation->name, notation->value);
4648 /* We tried to delete, but had no matches. */
4649 if (notation->flags.ignore && !deleting)
4654 tty_printf ("Removing all notations\n");
4661 !cpr_get_answer_is_yes ("keyedit.confirm_notation",
4662 _("Proceed? (y/N) "))))
4665 rc = update_keysig_packet (&newsig, sig,
4668 keygen_add_notations, notation);
4671 log_error ("update_keysig_packet failed: %s\n",
4673 free_notation (notation);
4678 /* replace the packet */
4679 newpkt = xmalloc_clear (sizeof *newpkt);
4680 newpkt->pkttype = PKT_SIGNATURE;
4681 newpkt->pkt.signature = newsig;
4682 free_packet (node->pkt);
4689 /* Snip off the notation list from the sig */
4690 free_notation (notation->next);
4691 notation->next = NULL;
4700 free_notation (notation);
4706 * Select one user id or remove all selection if IDX is 0 or select
4707 * all if IDX is -1. Returns: True if the selection changed.
4710 menu_select_uid (KBNODE keyblock, int idx)
4715 if (idx == -1) /* Select all. */
4717 for (node = keyblock; node; node = node->next)
4718 if (node->pkt->pkttype == PKT_USER_ID)
4719 node->flag |= NODFLG_SELUID;
4722 else if (idx) /* Toggle. */
4724 for (i = 0, node = keyblock; node; node = node->next)
4726 if (node->pkt->pkttype == PKT_USER_ID)
4732 tty_printf (_("No user ID with index %d\n"), idx);
4736 for (i = 0, node = keyblock; node; node = node->next)
4738 if (node->pkt->pkttype == PKT_USER_ID)
4742 if ((node->flag & NODFLG_SELUID))
4743 node->flag &= ~NODFLG_SELUID;
4745 node->flag |= NODFLG_SELUID;
4750 else /* Unselect all */
4752 for (node = keyblock; node; node = node->next)
4753 if (node->pkt->pkttype == PKT_USER_ID)
4754 node->flag &= ~NODFLG_SELUID;
4761 /* Search in the keyblock for a uid that matches namehash */
4763 menu_select_uid_namehash (KBNODE keyblock, const char *namehash)
4765 byte hash[NAMEHASH_LEN];
4769 assert (strlen (namehash) == NAMEHASH_LEN * 2);
4771 for (i = 0; i < NAMEHASH_LEN; i++)
4772 hash[i] = hextobyte (&namehash[i * 2]);
4774 for (node = keyblock->next; node; node = node->next)
4776 if (node->pkt->pkttype == PKT_USER_ID)
4778 namehash_from_uid (node->pkt->pkt.user_id);
4779 if (memcmp (node->pkt->pkt.user_id->namehash, hash, NAMEHASH_LEN) ==
4782 if (node->flag & NODFLG_SELUID)
4783 node->flag &= ~NODFLG_SELUID;
4785 node->flag |= NODFLG_SELUID;
4794 tty_printf (_("No user ID with hash %s\n"), namehash);
4803 * Select secondary keys
4804 * Returns: True if the selection changed.
4807 menu_select_key (KBNODE keyblock, int idx)
4812 if (idx == -1) /* Select all. */
4814 for (node = keyblock; node; node = node->next)
4815 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
4816 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
4817 node->flag |= NODFLG_SELKEY;
4819 else if (idx) /* Toggle selection. */
4821 for (i = 0, node = keyblock; node; node = node->next)
4823 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
4824 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
4830 tty_printf (_("No subkey with index %d\n"), idx);
4834 for (i = 0, node = keyblock; node; node = node->next)
4836 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
4837 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
4840 if ((node->flag & NODFLG_SELKEY))
4841 node->flag &= ~NODFLG_SELKEY;
4843 node->flag |= NODFLG_SELKEY;
4847 else /* Unselect all. */
4849 for (node = keyblock; node; node = node->next)
4850 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
4851 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
4852 node->flag &= ~NODFLG_SELKEY;
4860 count_uids_with_flag (KBNODE keyblock, unsigned flag)
4865 for (node = keyblock; node; node = node->next)
4866 if (node->pkt->pkttype == PKT_USER_ID && (node->flag & flag))
4873 count_keys_with_flag (KBNODE keyblock, unsigned flag)
4878 for (node = keyblock; node; node = node->next)
4879 if ((node->pkt->pkttype == PKT_PUBLIC_SUBKEY
4880 || node->pkt->pkttype == PKT_SECRET_SUBKEY) && (node->flag & flag))
4887 count_uids (KBNODE keyblock)
4892 for (node = keyblock; node; node = node->next)
4893 if (node->pkt->pkttype == PKT_USER_ID)
4900 * Returns true if there is at least one selected user id
4903 count_selected_uids (KBNODE keyblock)
4905 return count_uids_with_flag (keyblock, NODFLG_SELUID);
4910 count_selected_keys (KBNODE keyblock)
4912 return count_keys_with_flag (keyblock, NODFLG_SELKEY);
4916 /* Returns how many real (i.e. not attribute) uids are unmarked. */
4918 real_uids_left (KBNODE keyblock)
4923 for (node = keyblock; node; node = node->next)
4924 if (node->pkt->pkttype == PKT_USER_ID && !(node->flag & NODFLG_SELUID) &&
4925 !node->pkt->pkt.user_id->attrib_data)
4933 * Ask whether the signature should be revoked. If the user commits this,
4934 * flag bit MARK_A is set on the signature and the user ID.
4937 ask_revoke_sig (KBNODE keyblock, KBNODE node)
4941 PKT_signature *sig = node->pkt->pkt.signature;
4942 KBNODE unode = find_prev_kbnode (keyblock, node, PKT_USER_ID);
4946 log_error ("Oops: no user ID for signature\n");
4950 uid = unode->pkt->pkt.user_id;
4952 if (opt.with_colons)
4954 if (uid->attrib_data)
4955 printf ("uat:::::::::%u %lu", uid->numattribs, uid->attrib_len);
4958 es_printf ("uid:::::::::");
4959 es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
4964 print_and_check_one_sig_colon (keyblock, node, NULL, NULL, NULL, NULL,
4969 char *p = utf8_to_native (unode->pkt->pkt.user_id->name,
4970 unode->pkt->pkt.user_id->len, 0);
4971 tty_printf (_("user ID: \"%s\"\n"), p);
4974 tty_printf (_("signed by your key %s on %s%s%s\n"),
4975 keystr (sig->keyid), datestr_from_sig (sig),
4976 sig->flags.exportable ? "" : _(" (non-exportable)"), "");
4978 if (sig->flags.expired)
4980 tty_printf (_("This signature expired on %s.\n"),
4981 expirestr_from_sig (sig));
4982 /* Use a different question so we can have different help text */
4983 doit = cpr_get_answer_is_yes
4984 ("ask_revoke_sig.expired",
4985 _("Are you sure you still want to revoke it? (y/N) "));
4988 doit = cpr_get_answer_is_yes
4989 ("ask_revoke_sig.one",
4990 _("Create a revocation certificate for this signature? (y/N) "));
4994 node->flag |= NODFLG_MARK_A;
4995 unode->flag |= NODFLG_MARK_A;
5001 * Display all user ids of the current public key together with signatures
5002 * done by one of our keys. Then walk over all this sigs and ask the user
5003 * whether he wants to revoke this signature.
5004 * Return: True when the keyblock has changed.
5007 menu_revsig (KBNODE keyblock)
5010 PKT_public_key *primary_pk;
5013 int rc, any, skip = 1, all = !count_selected_uids (keyblock);
5014 struct revocation_reason_info *reason = NULL;
5016 assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
5018 /* First check whether we have any signatures at all. */
5020 for (node = keyblock; node; node = node->next)
5022 node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A);
5023 if (node->pkt->pkttype == PKT_USER_ID)
5025 if (node->flag & NODFLG_SELUID || all)
5030 else if (!skip && node->pkt->pkttype == PKT_SIGNATURE
5031 && ((sig = node->pkt->pkt.signature),
5032 have_secret_key_with_kid (sig->keyid)))
5034 if ((sig->sig_class & ~3) == 0x10)
5044 tty_printf (_("Not signed by you.\n"));
5049 /* FIXME: detect duplicates here */
5050 tty_printf (_("You have signed these user IDs on key %s:\n"),
5051 keystr_from_pk (keyblock->pkt->pkt.public_key));
5052 for (node = keyblock; node; node = node->next)
5054 node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A);
5055 if (node->pkt->pkttype == PKT_USER_ID)
5057 if (node->flag & NODFLG_SELUID || all)
5059 PKT_user_id *uid = node->pkt->pkt.user_id;
5060 /* Hmmm: Should we show only UIDs with a signature? */
5062 tty_print_utf8_string (uid->name, uid->len);
5069 else if (!skip && node->pkt->pkttype == PKT_SIGNATURE
5070 && ((sig = node->pkt->pkt.signature),
5071 have_secret_key_with_kid (sig->keyid)))
5073 if ((sig->sig_class & ~3) == 0x10)
5076 tty_printf (_("signed by your key %s on %s%s%s\n"),
5077 keystr (sig->keyid), datestr_from_sig (sig),
5078 sig->flags.exportable ? "" : _(" (non-exportable)"),
5079 sig->flags.revocable ? "" : _(" (non-revocable)"));
5080 if (sig->flags.revocable)
5081 node->flag |= NODFLG_SELSIG;
5083 else if (sig->sig_class == 0x30)
5086 tty_printf (_("revoked by your key %s on %s\n"),
5087 keystr (sig->keyid), datestr_from_sig (sig));
5095 for (node = keyblock; node; node = node->next)
5097 if (!(node->flag & NODFLG_SELSIG))
5099 ask_revoke_sig (keyblock, node);
5102 /* present selected */
5104 for (node = keyblock; node; node = node->next)
5106 if (!(node->flag & NODFLG_MARK_A))
5111 tty_printf (_("You are about to revoke these signatures:\n"));
5113 if (node->pkt->pkttype == PKT_USER_ID)
5115 PKT_user_id *uid = node->pkt->pkt.user_id;
5117 tty_print_utf8_string (uid->name, uid->len);
5120 else if (node->pkt->pkttype == PKT_SIGNATURE)
5122 sig = node->pkt->pkt.signature;
5124 tty_printf (_("signed by your key %s on %s%s%s\n"),
5125 keystr (sig->keyid), datestr_from_sig (sig), "",
5126 sig->flags.exportable ? "" : _(" (non-exportable)"));
5130 return 0; /* none selected */
5132 if (!cpr_get_answer_is_yes
5133 ("ask_revoke_sig.okay",
5134 _("Really create the revocation certificates? (y/N) ")))
5135 return 0; /* forget it */
5137 reason = ask_revocation_reason (0, 1, 0);
5139 { /* user decided to cancel */
5143 /* now we can sign the user ids */
5144 reloop: /* (must use this, because we are modifing the list) */
5145 primary_pk = keyblock->pkt->pkt.public_key;
5146 for (node = keyblock; node; node = node->next)
5150 struct sign_attrib attrib;
5151 PKT_public_key *signerkey;
5153 if (!(node->flag & NODFLG_MARK_A)
5154 || node->pkt->pkttype != PKT_SIGNATURE)
5156 unode = find_prev_kbnode (keyblock, node, PKT_USER_ID);
5157 assert (unode); /* we already checked this */
5159 memset (&attrib, 0, sizeof attrib);
5160 attrib.reason = reason;
5161 attrib.non_exportable = !node->pkt->pkt.signature->flags.exportable;
5163 node->flag &= ~NODFLG_MARK_A;
5164 signerkey = xmalloc_secure_clear (sizeof *signerkey);
5165 if (get_seckey (signerkey, node->pkt->pkt.signature->keyid))
5167 log_info (_("no secret key\n"));
5168 free_public_key (signerkey);
5171 rc = make_keysig_packet (&sig, primary_pk,
5172 unode->pkt->pkt.user_id,
5173 NULL, signerkey, 0x30, 0, 0, 0,
5174 sign_mk_attrib, &attrib, NULL);
5175 free_public_key (signerkey);
5178 write_status_error ("keysig", rc);
5179 log_error (_("signing failed: %s\n"), gpg_strerror (rc));
5180 release_revocation_reason_info (reason);
5183 changed = 1; /* we changed the keyblock */
5185 /* Are we revoking our own uid? */
5186 if (primary_pk->keyid[0] == sig->keyid[0] &&
5187 primary_pk->keyid[1] == sig->keyid[1])
5188 unode->pkt->pkt.user_id->is_revoked = 1;
5189 pkt = xmalloc_clear (sizeof *pkt);
5190 pkt->pkttype = PKT_SIGNATURE;
5191 pkt->pkt.signature = sig;
5192 insert_kbnode (unode, new_kbnode (pkt), 0);
5196 release_revocation_reason_info (reason);
5201 /* Revoke a user ID (i.e. revoke a user ID selfsig). Return true if
5202 keyblock changed. */
5204 menu_revuid (KBNODE pub_keyblock)
5206 PKT_public_key *pk = pub_keyblock->pkt->pkt.public_key;
5210 struct revocation_reason_info *reason = NULL;
5212 /* Note that this is correct as per the RFCs, but nevertheless
5213 somewhat meaningless in the real world. 1991 did define the 0x30
5214 sig class, but PGP 2.x did not actually implement it, so it would
5215 probably be safe to use v4 revocations everywhere. -ds */
5217 for (node = pub_keyblock; node; node = node->next)
5218 if (pk->version > 3 || (node->pkt->pkttype == PKT_USER_ID &&
5219 node->pkt->pkt.user_id->selfsigversion > 3))
5221 if ((reason = ask_revocation_reason (0, 1, 4)))
5227 reloop: /* (better this way because we are modifing the keyring) */
5228 for (node = pub_keyblock; node; node = node->next)
5229 if (node->pkt->pkttype == PKT_USER_ID && (node->flag & NODFLG_SELUID))
5231 PKT_user_id *uid = node->pkt->pkt.user_id;
5233 if (uid->is_revoked)
5235 char *user = utf8_to_native (uid->name, uid->len, 0);
5236 log_info (_("user ID \"%s\" is already revoked\n"), user);
5243 struct sign_attrib attrib;
5244 u32 timestamp = make_timestamp ();
5246 if (uid->created >= timestamp)
5248 /* Okay, this is a problem. The user ID selfsig was
5249 created in the future, so we need to warn the user and
5250 set our revocation timestamp one second after that so
5251 everything comes out clean. */
5253 log_info (_("WARNING: a user ID signature is dated %d"
5254 " seconds in the future\n"),
5255 uid->created - timestamp);
5257 timestamp = uid->created + 1;
5260 memset (&attrib, 0, sizeof attrib);
5261 attrib.reason = reason;
5263 node->flag &= ~NODFLG_SELUID;
5265 rc = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x30, 0,
5267 sign_mk_attrib, &attrib, NULL);
5270 write_status_error ("keysig", rc);
5271 log_error (_("signing failed: %s\n"), gpg_strerror (rc));
5276 pkt = xmalloc_clear (sizeof *pkt);
5277 pkt->pkttype = PKT_SIGNATURE;
5278 pkt->pkt.signature = sig;
5279 insert_kbnode (node, new_kbnode (pkt), 0);
5281 #ifndef NO_TRUST_MODELS
5282 /* If the trustdb has an entry for this key+uid then the
5283 trustdb needs an update. */
5285 && (get_validity (pk, uid) & TRUST_MASK) >=
5288 #endif /*!NO_TRUST_MODELS*/
5291 node->pkt->pkt.user_id->is_revoked = 1;
5299 commit_kbnode (&pub_keyblock);
5302 release_revocation_reason_info (reason);
5308 * Revoke the whole key.
5311 menu_revkey (KBNODE pub_keyblock)
5313 PKT_public_key *pk = pub_keyblock->pkt->pkt.public_key;
5314 int rc, changed = 0;
5315 struct revocation_reason_info *reason;
5319 if (pk->flags.revoked)
5321 tty_printf (_("Key %s is already revoked.\n"), keystr_from_pk (pk));
5325 reason = ask_revocation_reason (1, 0, 0);
5326 /* user decided to cancel */
5330 rc = make_keysig_packet (&sig, pk, NULL, NULL, pk,
5332 revocation_reason_build_cb, reason, NULL);
5335 write_status_error ("keysig", rc);
5336 log_error (_("signing failed: %s\n"), gpg_strerror (rc));
5340 changed = 1; /* we changed the keyblock */
5342 pkt = xmalloc_clear (sizeof *pkt);
5343 pkt->pkttype = PKT_SIGNATURE;
5344 pkt->pkt.signature = sig;
5345 insert_kbnode (pub_keyblock, new_kbnode (pkt), 0);
5346 commit_kbnode (&pub_keyblock);
5351 release_revocation_reason_info (reason);
5357 menu_revsubkey (KBNODE pub_keyblock)
5359 PKT_public_key *mainpk;
5363 struct revocation_reason_info *reason = NULL;
5365 reason = ask_revocation_reason (1, 0, 0);
5367 return 0; /* User decided to cancel. */
5369 reloop: /* (better this way because we are modifing the keyring) */
5370 mainpk = pub_keyblock->pkt->pkt.public_key;
5371 for (node = pub_keyblock; node; node = node->next)
5373 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
5374 && (node->flag & NODFLG_SELKEY))
5378 PKT_public_key *subpk = node->pkt->pkt.public_key;
5379 struct sign_attrib attrib;
5381 if (subpk->flags.revoked)
5383 tty_printf (_("Subkey %s is already revoked.\n"),
5384 keystr_from_pk (subpk));
5388 memset (&attrib, 0, sizeof attrib);
5389 attrib.reason = reason;
5391 node->flag &= ~NODFLG_SELKEY;
5392 rc = make_keysig_packet (&sig, mainpk, NULL, subpk, mainpk,
5393 0x28, 0, 0, 0, sign_mk_attrib, &attrib,
5397 write_status_error ("keysig", rc);
5398 log_error (_("signing failed: %s\n"), gpg_strerror (rc));
5399 release_revocation_reason_info (reason);
5402 changed = 1; /* we changed the keyblock */
5404 pkt = xmalloc_clear (sizeof *pkt);
5405 pkt->pkttype = PKT_SIGNATURE;
5406 pkt->pkt.signature = sig;
5407 insert_kbnode (node, new_kbnode (pkt), 0);
5411 commit_kbnode (&pub_keyblock);
5413 /* No need to set update_trust here since signing keys no longer
5414 are used to certify other keys, so there is no change in trust
5415 when revoking/removing them */
5417 release_revocation_reason_info (reason);
5422 /* Note that update_ownertrust is going to mark the trustdb dirty when
5423 enabling or disabling a key. This is arguably sub-optimal as
5424 disabled keys are still counted in the web of trust, but perhaps
5425 not worth adding extra complexity to change. -ds */
5426 #ifndef NO_TRUST_MODELS
5428 enable_disable_key (KBNODE keyblock, int disable)
5430 PKT_public_key *pk =
5431 find_kbnode (keyblock, PKT_PUBLIC_KEY)->pkt->pkt.public_key;
5432 unsigned int trust, newtrust;
5434 trust = newtrust = get_ownertrust (pk);
5435 newtrust &= ~TRUST_FLAG_DISABLED;
5437 newtrust |= TRUST_FLAG_DISABLED;
5438 if (trust == newtrust)
5439 return 0; /* already in that state */
5440 update_ownertrust (pk, newtrust);
5443 #endif /*!NO_TRUST_MODELS*/
5447 menu_showphoto (KBNODE keyblock)
5450 int select_all = !count_selected_uids (keyblock);
5452 PKT_public_key *pk = NULL;
5454 /* Look for the public key first. We have to be really, really,
5455 explicit as to which photo this is, and what key it is a UID on
5456 since people may want to sign it. */
5458 for (node = keyblock; node; node = node->next)
5460 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
5461 pk = node->pkt->pkt.public_key;
5462 else if (node->pkt->pkttype == PKT_USER_ID)
5464 PKT_user_id *uid = node->pkt->pkt.user_id;
5467 if ((select_all || (node->flag & NODFLG_SELUID)) &&
5468 uid->attribs != NULL)
5472 for (i = 0; i < uid->numattribs; i++)
5477 if (uid->attribs[i].type == ATTRIB_IMAGE &&
5478 parse_image_header (&uid->attribs[i], &type, &size))
5480 tty_printf (_("Displaying %s photo ID of size %ld for "
5481 "key %s (uid %d)\n"),
5482 image_type_to_string (type, 1),
5483 (ulong) size, keystr_from_pk (pk), count);
5484 show_photos (&uid->attribs[i], 1, pk, uid);