1 /* keylist.c - Print information about OpenPGP keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2008, 2010, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2013, 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
27 #ifdef HAVE_DOSISH_SYSTEM
28 # include <fcntl.h> /* for setmode() */
43 #include "call-agent.h"
44 #include "mbox-util.h"
49 static void list_all (ctrl_t, int, int);
50 static void list_one (ctrl_t ctrl,
51 strlist_t names, int secret, int mark_secret);
52 static void locate_one (ctrl_t ctrl, strlist_t names);
53 static void print_card_serialno (const char *serialno);
55 struct keylist_context
57 int check_sigs; /* If set signatures shall be verified. */
58 int good_sigs; /* Counter used if CHECK_SIGS is set. */
59 int inv_sigs; /* Counter used if CHECK_SIGS is set. */
60 int no_key; /* Counter used if CHECK_SIGS is set. */
61 int oth_err; /* Counter used if CHECK_SIGS is set. */
65 static void list_keyblock (ctrl_t ctrl,
66 kbnode_t keyblock, int secret, int has_secret,
67 int fpr, struct keylist_context *listctx);
70 /* The stream used to write attribute packets to. */
71 static estream_t attrib_fp;
74 /* Release resources from a keylist context. */
76 keylist_context_release (struct keylist_context *listctx)
78 (void)listctx; /* Nothing to release. */
82 /* List the keys. If list is NULL, all available keys are listed.
83 With LOCATE_MODE set the locate algorithm is used to find a
86 public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
88 #ifndef NO_TRUST_MODELS
91 byte trust_model, marginals, completes, cert_depth, min_cert_level;
92 ulong created, nextcheck;
94 read_trust_options (&trust_model, &created, &nextcheck,
95 &marginals, &completes, &cert_depth, &min_cert_level);
97 es_fprintf (es_stdout, "tru:");
99 if (nextcheck && nextcheck <= make_timestamp ())
100 es_fprintf (es_stdout, "o");
101 if (trust_model != opt.trust_model)
102 es_fprintf (es_stdout, "t");
103 if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
104 || opt.trust_model == TM_TOFU_PGP)
106 if (marginals != opt.marginals_needed)
107 es_fprintf (es_stdout, "m");
108 if (completes != opt.completes_needed)
109 es_fprintf (es_stdout, "c");
110 if (cert_depth != opt.max_cert_depth)
111 es_fprintf (es_stdout, "d");
112 if (min_cert_level != opt.min_cert_level)
113 es_fprintf (es_stdout, "l");
116 es_fprintf (es_stdout, ":%d:%lu:%lu", trust_model, created, nextcheck);
118 /* Only show marginals, completes, and cert_depth in the classic
119 or PGP trust models since they are not meaningful
122 if (trust_model == TM_PGP || trust_model == TM_CLASSIC)
123 es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth);
124 es_fprintf (es_stdout, "\n");
126 #endif /*!NO_TRUST_MODELS*/
128 /* We need to do the stale check right here because it might need to
129 update the keyring while we already have the keyring open. This
130 is very bad for W32 because of a sharing violation. For real OSes
131 it might lead to false results if we are later listing a keyring
132 which is associated with the inode of a deleted file. */
133 check_trustdb_stale (ctrl);
136 tofu_begin_batch_update ();
140 locate_one (ctrl, list);
142 list_all (ctrl, 0, opt.with_secret);
144 list_one (ctrl, list, 0, opt.with_secret);
147 tofu_end_batch_update ();
153 secret_key_list (ctrl_t ctrl, strlist_t list)
157 check_trustdb_stale (ctrl);
160 list_all (ctrl, 1, 0);
161 else /* List by user id */
162 list_one (ctrl, list, 1, 0);
166 format_seckey_info (PKT_public_key *pk)
170 char pkstrbuf[PUBKEY_STRING_SIZE];
173 keyid_from_pk (pk, keyid);
174 p = get_user_id_native (keyid);
176 info = xtryasprintf ("sec %s/%s %s %s",
177 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
178 keystr (keyid), datestr_from_pk (pk), p);
186 print_seckey_info (PKT_public_key *pk)
188 char *p = format_seckey_info (pk);
189 tty_printf ("\n%s\n", p);
193 /* Print information about the public key. With FP passed as NULL,
194 the tty output interface is used, otherwise output is directted to
197 print_pubkey_info (estream_t fp, PKT_public_key *pk)
201 char pkstrbuf[PUBKEY_STRING_SIZE];
203 keyid_from_pk (pk, keyid);
205 /* If the pk was chosen by a particular user ID, that is the one to
208 p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
210 p = get_user_id_native (keyid);
214 tty_fprintf (fp, "%s %s/%s %s %s\n",
215 pk->flags.primary? "pub":"sub",
216 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
217 keystr (keyid), datestr_from_pk (pk), p);
222 /* Print basic information of a secret key including the card serial
223 number information. */
224 #ifdef ENABLE_CARD_SUPPORT
226 print_card_key_info (estream_t fp, kbnode_t keyblock)
232 char pkstrbuf[PUBKEY_STRING_SIZE];
235 for (node = keyblock; node; node = node->next)
237 if (node->pkt->pkttype == PKT_PUBLIC_KEY
238 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
241 PKT_public_key *pk = node->pkt->pkt.public_key;
244 rc = hexkeygrip_from_pk (pk, &hexgrip);
247 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
250 else if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
251 s2k_char = serialno? '>':' ';
253 s2k_char = '#'; /* Key not found. */
255 tty_fprintf (fp, "%s%c %s/%s %n",
256 node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb",
258 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
261 tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
262 tty_fprintf (fp, " ");
263 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
266 tty_fprintf (fp, "\n%*s%s", indent, "", _("card-no: "));
267 if (strlen (serialno) == 32
268 && !strncmp (serialno, "D27600012401", 12))
270 /* This is an OpenPGP card. Print the relevant part. */
271 /* Example: D2760001240101010001000003470000 */
273 tty_fprintf (fp, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
276 tty_fprintf (fp, "%s", serialno);
278 tty_fprintf (fp, "\n");
284 #endif /*ENABLE_CARD_SUPPORT*/
287 /* Flags = 0x01 hashed 0x02 critical. */
289 status_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
294 /* Don't print these. */
298 snprintf (status, sizeof status,
299 "%d %u %u ", type, flags, (unsigned int) len);
301 write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0);
305 /* Print a policy URL. Allowed values for MODE are:
306 * 0 - print to stdout.
307 * 1 - use log_info and emit status messages.
308 * 2 - emit only status messages.
311 show_policy_url (PKT_signature * sig, int indent, int mode)
316 estream_t fp = mode ? log_get_stream () : es_stdout;
319 enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit)))
326 for (i = 0; i < indent; i++)
330 str = _("Critical signature policy: ");
332 str = _("Signature policy: ");
334 log_info ("%s", str);
336 es_fprintf (fp, "%s", str);
337 print_utf8_buffer (fp, p, len);
338 es_fprintf (fp, "\n");
342 write_status_buffer (STATUS_POLICY_URL, p, len, 0);
349 mode=1 for log_info + status messages
350 mode=2 for status messages only
354 show_keyserver_url (PKT_signature * sig, int indent, int mode)
359 estream_t fp = mode ? log_get_stream () : es_stdout;
362 enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq,
370 for (i = 0; i < indent; i++)
371 es_putc (' ', es_stdout);
374 str = _("Critical preferred keyserver: ");
376 str = _("Preferred keyserver: ");
378 log_info ("%s", str);
380 es_fprintf (es_stdout, "%s", str);
381 print_utf8_buffer (fp, p, len);
382 es_fprintf (fp, "\n");
386 status_one_subpacket (SIGSUBPKT_PREF_KS, len,
387 (crit ? 0x02 : 0) | 0x01, p);
393 mode=1 for log_info + status messages
394 mode=2 for status messages only
396 Defined bits in WHICH:
397 1 == standard notations
401 show_notation (PKT_signature * sig, int indent, int mode, int which)
403 estream_t fp = mode ? log_get_stream () : es_stdout;
404 notation_t nd, notations;
409 notations = sig_to_notation (sig);
411 /* There may be multiple notations in the same sig. */
412 for (nd = notations; nd; nd = nd->next)
416 int has_at = !!strchr (nd->name, '@');
418 if ((which & 1 && !has_at) || (which & 2 && has_at))
423 for (i = 0; i < indent; i++)
424 es_putc (' ', es_stdout);
426 if (nd->flags.critical)
427 str = _("Critical signature notation: ");
429 str = _("Signature notation: ");
431 log_info ("%s", str);
433 es_fprintf (es_stdout, "%s", str);
434 /* This is all UTF8 */
435 print_utf8_buffer (fp, nd->name, strlen (nd->name));
436 es_fprintf (fp, "=");
437 print_utf8_buffer (fp, nd->value, strlen (nd->value));
438 /* (We need to use log_printf so that the next call to a
439 log function does not insert an extra LF.) */
449 write_status_buffer (STATUS_NOTATION_NAME,
450 nd->name, strlen (nd->name), 0);
451 if (nd->flags.critical || nd->flags.human)
452 write_status_text (STATUS_NOTATION_FLAGS,
453 nd->flags.critical && nd->flags.human? "1 1" :
454 nd->flags.critical? "1 0" : "0 1");
455 write_status_buffer (STATUS_NOTATION_DATA,
456 nd->value, strlen (nd->value), 50);
460 free_notation (notations);
465 print_signature_stats (struct keylist_context *s)
468 return; /* Signature checking was not requested. */
471 log_info (ngettext("%d good signature\n",
472 "%d good signatures\n", s->good_sigs), s->good_sigs);
475 log_info (ngettext("%d bad signature\n",
476 "%d bad signatures\n", s->inv_sigs), s->inv_sigs);
479 log_info (ngettext("%d signature not checked due to a missing key\n",
480 "%d signatures not checked due to missing keys\n",
481 s->no_key), s->no_key);
484 log_info (ngettext("%d signature not checked due to an error\n",
485 "%d signatures not checked due to errors\n",
486 s->oth_err), s->oth_err);
490 /* List all keys. If SECRET is true only secret keys are listed. If
491 MARK_SECRET is true secret keys are indicated in a public key
494 list_all (ctrl_t ctrl, int secret, int mark_secret)
497 KBNODE keyblock = NULL;
500 const char *lastresname, *resname;
501 struct keylist_context listctx;
503 memset (&listctx, 0, sizeof (listctx));
505 listctx.check_sigs = 1;
509 rc = gpg_error_from_syserror ();
511 rc = keydb_search_first (hd);
514 if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
515 log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc));
522 rc = keydb_get_keyblock (hd, &keyblock);
525 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
526 continue; /* Skip legacy keys. */
527 log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
531 if (secret || mark_secret)
532 any_secret = !agent_probe_any_secret_key (NULL, keyblock);
536 if (secret && !any_secret)
537 ; /* Secret key listing requested but this isn't one. */
540 if (!opt.with_colons)
542 resname = keydb_get_resource_name (hd);
543 if (lastresname != resname)
547 es_fprintf (es_stdout, "%s\n", resname);
548 for (i = strlen (resname); i; i--)
549 es_putc ('-', es_stdout);
550 es_putc ('\n', es_stdout);
551 lastresname = resname;
554 merge_keys_and_selfsig (keyblock);
555 list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint,
558 release_kbnode (keyblock);
561 while (!(rc = keydb_search_next (hd)));
562 es_fflush (es_stdout);
563 if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
564 log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
565 if (keydb_get_skipped_counter (hd))
566 log_info (ngettext("Warning: %lu key skipped due to its large size\n",
567 "Warning: %lu keys skipped due to their large sizes\n",
568 keydb_get_skipped_counter (hd)),
569 keydb_get_skipped_counter (hd));
571 if (opt.check_sigs && !opt.with_colons)
572 print_signature_stats (&listctx);
575 keylist_context_release (&listctx);
576 release_kbnode (keyblock);
582 list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)
585 KBNODE keyblock = NULL;
588 const char *keyring_str = _("Keyring");
590 struct keylist_context listctx;
592 memset (&listctx, 0, sizeof (listctx));
593 if (!secret && opt.check_sigs)
594 listctx.check_sigs = 1;
596 /* fixme: using the bynames function has the disadvantage that we
597 * don't know wether one of the names given was not found. OTOH,
598 * this function has the advantage to list the names in the
599 * sequence as defined by the keyDB and does not duplicate
600 * outputs. A solution could be do test whether all given have
601 * been listed (this needs a way to use the keyDB search
602 * functions) or to have the search function return indicators for
603 * found names. Yet another way is to use the keydb search
604 * facilities directly. */
605 rc = getkey_bynames (&ctx, NULL, names, secret, &keyblock);
608 log_error ("error reading key: %s\n", gpg_strerror (rc));
615 if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
617 resname = keydb_get_resource_name (get_ctx_handle (ctx));
618 es_fprintf (es_stdout, "%s: %s\n", keyring_str, resname);
619 for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
620 es_putc ('-', es_stdout);
621 es_putc ('\n', es_stdout);
624 keyblock, secret, mark_secret, opt.fingerprint, &listctx);
625 release_kbnode (keyblock);
627 while (!getkey_next (ctx, NULL, &keyblock));
630 if (opt.check_sigs && !opt.with_colons)
631 print_signature_stats (&listctx);
633 keylist_context_release (&listctx);
638 locate_one (ctrl_t ctrl, strlist_t names)
642 GETKEY_CTX ctx = NULL;
643 KBNODE keyblock = NULL;
644 struct keylist_context listctx;
646 memset (&listctx, 0, sizeof (listctx));
648 listctx.check_sigs = 1;
650 for (sl = names; sl; sl = sl->next)
652 rc = get_pubkey_byname (ctrl, &ctx, NULL, sl->d, &keyblock, NULL, 1, 0);
655 if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
656 log_error ("error reading key: %s\n", gpg_strerror (rc));
657 else if (opt.verbose)
658 log_info (_("key \"%s\" not found: %s\n"),
659 sl->d, gpg_strerror (rc));
665 list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx);
666 release_kbnode (keyblock);
668 while (ctx && !getkey_next (ctx, NULL, &keyblock));
674 if (opt.check_sigs && !opt.with_colons)
675 print_signature_stats (&listctx);
677 keylist_context_release (&listctx);
682 print_key_data (PKT_public_key * pk)
684 int n = pk ? pubkey_get_npkey (pk->pubkey_algo) : 0;
687 for (i = 0; i < n; i++)
689 es_fprintf (es_stdout, "pkd:%d:%u:", i, mpi_get_nbits (pk->pkey[i]));
690 mpi_print (es_stdout, pk->pkey[i], 1);
691 es_putc (':', es_stdout);
692 es_putc ('\n', es_stdout);
697 print_capabilities (PKT_public_key *pk, KBNODE keyblock)
699 unsigned int use = pk->pubkey_usage;
702 if (use & PUBKEY_USAGE_ENC)
703 es_putc ('e', es_stdout);
705 if (use & PUBKEY_USAGE_SIG)
707 es_putc ('s', es_stdout);
708 if (pk->flags.primary)
710 es_putc ('c', es_stdout);
711 /* The PUBKEY_USAGE_CERT flag was introduced later and we
712 used to always print 'c' for a primary key. To avoid any
713 regression here we better track whether we printed 'c'
719 if ((use & PUBKEY_USAGE_CERT) && !c_printed)
720 es_putc ('c', es_stdout);
722 if ((use & PUBKEY_USAGE_AUTH))
723 es_putc ('a', es_stdout);
725 if ((use & PUBKEY_USAGE_UNKNOWN))
726 es_putc ('?', es_stdout);
730 /* Figure out the usable capabilities. */
732 int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0;
734 for (k = keyblock; k; k = k->next)
736 if (k->pkt->pkttype == PKT_PUBLIC_KEY
737 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
739 pk = k->pkt->pkt.public_key;
741 if (pk->flags.primary)
742 disabled = pk_is_disabled (pk);
744 if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired)
746 if (pk->pubkey_usage & PUBKEY_USAGE_ENC)
748 if (pk->pubkey_usage & PUBKEY_USAGE_SIG)
751 if (pk->flags.primary)
754 if (pk->pubkey_usage & PUBKEY_USAGE_CERT)
756 if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
762 es_putc ('E', es_stdout);
764 es_putc ('S', es_stdout);
766 es_putc ('C', es_stdout);
768 es_putc ('A', es_stdout);
770 es_putc ('D', es_stdout);
773 es_putc (':', es_stdout);
777 /* FLAGS: 0x01 hashed
780 print_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
785 es_fprintf (es_stdout, "spk:%d:%u:%u:", type, flags, (unsigned int) len);
787 for (i = 0; i < len; i++)
789 /* printable ascii other than : and % */
790 if (buf[i] >= 32 && buf[i] <= 126 && buf[i] != ':' && buf[i] != '%')
791 es_fprintf (es_stdout, "%c", buf[i]);
793 es_fprintf (es_stdout, "%%%02X", buf[i]);
796 es_fprintf (es_stdout, "\n");
801 print_subpackets_colon (PKT_signature * sig)
805 log_assert (opt.show_subpackets);
807 for (i = opt.show_subpackets; *i; i++)
815 while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit)))
816 print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
820 while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit)))
821 print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
827 dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
834 for (i = 0; i < uid->numattribs; i++)
836 if (is_status_enabled ())
838 byte array[MAX_FINGERPRINT_LEN], *p;
839 char buf[(MAX_FINGERPRINT_LEN * 2) + 90];
844 fingerprint_from_pk (pk, array, &n);
847 for (j = 0; j < n; j++, p++)
848 sprintf (buf + 2 * j, "%02X", *p);
850 sprintf (buf + strlen (buf), " %lu %u %u %u %lu %lu %u",
851 (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1,
852 uid->numattribs, (ulong) uid->created,
853 (ulong) uid->expiredate,
854 ((uid->is_primary ? 0x01 : 0) | (uid->
855 is_revoked ? 0x02 : 0) |
856 (uid->is_expired ? 0x04 : 0)));
857 write_status_text (STATUS_ATTRIBUTE, buf);
860 es_fwrite (uid->attribs[i].data, uid->attribs[i].len, 1, attrib_fp);
861 es_fflush (attrib_fp);
866 /* Print IPGP cert records instead of a standard key listing. */
868 list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock)
873 char pkstrbuf[PUBKEY_STRING_SIZE];
875 char *hexkeyblock = NULL;
876 unsigned int hexkeyblocklen = 0; /* Init to avoid -Wmaybe-uninitialized. */
879 /* Get the keyid from the keyblock. */
880 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
883 log_error ("Oops; key lost!\n");
884 dump_kbnode (keyblock);
888 pk = node->pkt->pkt.public_key;
890 /* First print an overview of the key with all userids. */
891 es_fprintf (es_stdout, ";; pub %s/%s %s\n;;",
892 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
893 keystr_from_pk (pk), datestr_from_pk (pk));
894 print_fingerprint (NULL, pk, 10);
895 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
897 if (node->pkt->pkttype == PKT_USER_ID)
899 PKT_user_id *uid = node->pkt->pkt.user_id;
901 if (pk && (uid->is_expired || uid->is_revoked)
902 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
905 es_fputs (";; uid ", es_stdout);
906 print_utf8_buffer (es_stdout, uid->name, uid->len);
907 es_putc ('\n', es_stdout);
912 hexfpr = hexfingerprint (pk, NULL, 0);
913 if (opt.print_dane_records)
915 kbnode_t dummy_keyblock;
920 /* We do not have an export function which allows to pass a
921 keyblock, thus we need to search the key again. */
922 err = export_pubkey_buffer (ctrl, hexfpr,
923 EXPORT_DANE_FORMAT, NULL,
924 &dummy_keyblock, &data, &datalen);
925 release_kbnode (dummy_keyblock);
928 hexkeyblocklen = datalen;
929 hexkeyblock = bin2hex (data, datalen, NULL);
931 err = gpg_error_from_syserror ();
933 ascii_strlwr (hexkeyblock);
936 log_error (_("skipped \"%s\": %s\n"), hexfpr, gpg_strerror (err));
940 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
942 if (node->pkt->pkttype == PKT_USER_ID)
944 PKT_user_id *uid = node->pkt->pkt.user_id;
948 if (pk && (uid->is_expired || uid->is_revoked)
949 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
952 mbox = mailbox_from_userid (uid->name);
953 if (mbox && (p = strchr (mbox, '@')))
960 if (opt.print_pka_records)
962 es_fprintf (es_stdout, "$ORIGIN _pka.%s.\n; %s\n; ",
964 print_utf8_buffer (es_stdout, uid->name, uid->len);
965 es_putc ('\n', es_stdout);
966 gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
967 mbox, strlen (mbox));
968 hash = zb32_encode (hashbuf, 8*20);
971 len = strlen (hexfpr)/2;
972 es_fprintf (es_stdout,
973 "%s TYPE37 \\# %u 0006 0000 00 %02X %s\n",
974 hash, 6 + len, len, hexfpr);
978 if (opt.print_dane_records && hexkeyblock)
980 es_fprintf (es_stdout, "$ORIGIN _openpgpkey.%s.\n; %s\n; ",
982 print_utf8_buffer (es_stdout, uid->name, uid->len);
983 es_putc ('\n', es_stdout);
984 gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf,
985 mbox, strlen (mbox));
986 hash = bin2hex (hashbuf, 28, NULL);
990 es_fprintf (es_stdout, "%s TYPE61 \\# %u (\n",
991 hash, hexkeyblocklen);
996 es_fprintf (es_stdout, "\t%.64s\n", s);
1001 es_fputs ("\t)\n", es_stdout);
1009 es_putc ('\n', es_stdout);
1011 xfree (hexkeyblock);
1017 list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
1018 struct keylist_context *listctx)
1025 char *hexgrip = NULL;
1026 char *serialno = NULL;
1028 /* Get the keyid from the keyblock. */
1029 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1032 log_error ("Oops; key lost!\n");
1033 dump_kbnode (keyblock);
1037 pk = node->pkt->pkt.public_key;
1039 if (secret || opt.with_keygrip)
1041 rc = hexkeygrip_from_pk (pk, &hexgrip);
1043 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1048 /* Encode some info about the secret key in SECRET. */
1049 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1050 secret = serialno? 3 : 1;
1052 secret = 2; /* Key not found. */
1055 check_trustdb_stale (ctrl);
1057 /* Print the "pub" line and in KF_NONE mode the fingerprint. */
1058 print_key_line (es_stdout, pk, secret);
1060 if (fpr && opt.keyid_format != KF_NONE)
1061 print_fingerprint (NULL, pk, 0);
1063 if (opt.with_keygrip && hexgrip)
1064 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1067 print_card_serialno (serialno);
1069 if (opt.with_key_data)
1070 print_key_data (pk);
1072 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1074 if (node->pkt->pkttype == PKT_USER_ID)
1076 PKT_user_id *uid = node->pkt->pkt.user_id;
1078 int kl = opt.keyid_format == KF_NONE? 10 : keystrlen ();
1080 if ((uid->is_expired || uid->is_revoked)
1081 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
1089 if (attrib_fp && uid->attrib_data != NULL)
1090 dump_attribs (uid, pk);
1092 if ((uid->is_revoked || uid->is_expired)
1093 || (opt.list_options & LIST_SHOW_UID_VALIDITY))
1095 const char *validity;
1097 validity = uid_trust_string_fixed (ctrl, pk, uid);
1098 indent = ((kl + (opt.legacy_list_mode? 9:11))
1099 - atoi (uid_trust_string_fixed (ctrl, NULL, NULL)));
1100 if (indent < 0 || indent > 40)
1103 es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity);
1107 indent = kl + (opt.legacy_list_mode? 10:12);
1108 es_fprintf (es_stdout, "uid%*s", indent, "");
1111 print_utf8_buffer (es_stdout, uid->name, uid->len);
1112 es_putc ('\n', es_stdout);
1114 if (opt.with_wkd_hash)
1116 char *mbox, *hash, *p;
1119 mbox = mailbox_from_userid (uid->name);
1120 if (mbox && (p = strchr (mbox, '@')))
1123 gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
1124 mbox, strlen (mbox));
1125 hash = zb32_encode (hashbuf, 8*20);
1128 es_fprintf (es_stdout, " %*s%s@%s\n",
1129 indent, "", hash, p);
1136 if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
1137 show_photos (ctrl, uid->attribs, uid->numattribs, pk, uid);
1139 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1141 PKT_public_key *pk2 = node->pkt->pkt.public_key;
1143 if ((pk2->flags.revoked || pk2->has_expired)
1144 && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS))
1152 xfree (serialno); serialno = NULL;
1153 xfree (hexgrip); hexgrip = NULL;
1154 if (secret || opt.with_keygrip)
1156 rc = hexkeygrip_from_pk (pk2, &hexgrip);
1158 log_error ("error computing a keygrip: %s\n",
1163 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1164 secret = serialno? 3 : 1;
1166 secret = '2'; /* Key not found. */
1169 /* Print the "sub" line. */
1170 print_key_line (es_stdout, pk2, secret);
1171 if (fpr > 1 || opt.with_subkey_fingerprint)
1173 print_fingerprint (NULL, pk2, 0);
1175 print_card_serialno (serialno);
1177 if (opt.with_keygrip && hexgrip)
1178 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1179 if (opt.with_key_data)
1180 print_key_data (pk2);
1182 else if (opt.list_sigs
1183 && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
1185 PKT_signature *sig = node->pkt->pkt.signature;
1189 if (listctx->check_sigs)
1191 rc = check_key_signature (keyblock, node, NULL);
1192 switch (gpg_err_code (rc))
1195 listctx->good_sigs++;
1198 case GPG_ERR_BAD_SIGNATURE:
1199 listctx->inv_sigs++;
1202 case GPG_ERR_NO_PUBKEY:
1203 case GPG_ERR_UNUSABLE_PUBKEY:
1212 /* TODO: Make sure a cached sig record here still has
1213 the pk that issued it. See also
1214 keyedit.c:print_and_check_one_sig */
1222 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1223 || sig->sig_class == 0x30)
1225 else if ((sig->sig_class & ~3) == 0x10)
1227 else if (sig->sig_class == 0x18)
1229 else if (sig->sig_class == 0x1F)
1233 es_fprintf (es_stdout, "sig "
1234 "[unexpected signature class 0x%02x]\n",
1239 es_fputs (sigstr, es_stdout);
1240 es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s",
1241 sigrc, (sig->sig_class - 0x10 > 0 &&
1242 sig->sig_class - 0x10 <
1243 4) ? '0' + sig->sig_class - 0x10 : ' ',
1244 sig->flags.exportable ? ' ' : 'L',
1245 sig->flags.revocable ? ' ' : 'R',
1246 sig->flags.policy_url ? 'P' : ' ',
1247 sig->flags.notation ? 'N' : ' ',
1248 sig->flags.expired ? 'X' : ' ',
1249 (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
1251 sig->trust_depth : ' ', keystr (sig->keyid),
1252 datestr_from_sig (sig));
1253 if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
1254 es_fprintf (es_stdout, " %s", expirestr_from_sig (sig));
1255 es_fprintf (es_stdout, " ");
1257 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1258 else if (sigrc == '?')
1260 else if (!opt.fast_list_mode)
1263 char *p = get_user_id (sig->keyid, &n);
1264 print_utf8_buffer (es_stdout, p, n);
1267 es_putc ('\n', es_stdout);
1269 if (sig->flags.policy_url
1270 && (opt.list_options & LIST_SHOW_POLICY_URLS))
1271 show_policy_url (sig, 3, 0);
1273 if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
1274 show_notation (sig, 3, 0,
1276 list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
1279 list_options & LIST_SHOW_USER_NOTATIONS) ? 2 :
1282 if (sig->flags.pref_ks
1283 && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
1284 show_keyserver_url (sig, 3, 0);
1286 /* fixme: check or list other sigs here */
1289 es_putc ('\n', es_stdout);
1295 print_revokers (estream_t fp, PKT_public_key * pk)
1297 /* print the revoker record */
1298 if (!pk->revkey && pk->numrevkeys)
1304 for (i = 0; i < pk->numrevkeys; i++)
1308 es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid);
1309 p = pk->revkey[i].fpr;
1310 for (j = 0; j < 20; j++, p++)
1311 es_fprintf (fp, "%02X", *p);
1312 es_fprintf (fp, ":%02x%s:\n",
1313 pk->revkey[i].class,
1314 (pk->revkey[i].class & 0x40) ? "s" : "");
1320 /* List a key in colon mode. If SECRET is true this is a secret key
1321 record (i.e. requested via --list-secret-key). If HAS_SECRET a
1322 secret key is available even if SECRET is not set. */
1324 list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
1325 int secret, int has_secret, int fpr)
1332 int trustletter = 0;
1336 char *hexgrip = NULL;
1337 char *serialno = NULL;
1340 /* Get the keyid from the keyblock. */
1341 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1344 log_error ("Oops; key lost!\n");
1345 dump_kbnode (keyblock);
1349 pk = node->pkt->pkt.public_key;
1350 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1352 rc = hexkeygrip_from_pk (pk, &hexgrip);
1354 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1357 if ((secret || has_secret)
1358 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1359 stubkey = 1; /* Key not found. */
1361 keyid_from_pk (pk, keyid);
1362 es_fputs (secret? "sec:":"pub:", es_stdout);
1363 if (!pk->flags.valid)
1364 es_putc ('i', es_stdout);
1365 else if (pk->flags.revoked)
1366 es_putc ('r', es_stdout);
1367 else if (pk->has_expired)
1368 es_putc ('e', es_stdout);
1369 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1373 trustletter = get_validity_info (ctrl, pk, NULL);
1374 if (trustletter == 'u')
1376 es_putc (trustletter, es_stdout);
1379 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::",
1382 (ulong) keyid[0], (ulong) keyid[1],
1383 colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
1385 if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
1386 es_putc (get_ownertrust_info (pk), es_stdout);
1387 es_putc (':', es_stdout);
1389 es_putc (':', es_stdout);
1390 es_putc (':', es_stdout);
1391 print_capabilities (pk, keyblock);
1392 es_putc (':', es_stdout); /* End of field 13. */
1393 es_putc (':', es_stdout); /* End of field 14. */
1394 if (secret || has_secret)
1397 es_putc ('#', es_stdout);
1399 es_fputs (serialno, es_stdout);
1400 else if (has_secret)
1401 es_putc ('+', es_stdout);
1403 es_putc (':', es_stdout); /* End of field 15. */
1404 es_putc (':', es_stdout); /* End of field 16. */
1405 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1406 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1407 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1409 char *curve = openpgp_oid_to_str (pk->pkey[0]);
1410 const char *name = openpgp_oid_to_curve (curve, 0);
1413 es_fputs (name, es_stdout);
1416 es_putc (':', es_stdout); /* End of field 17. */
1417 es_putc (':', es_stdout); /* End of field 18. */
1418 es_putc ('\n', es_stdout);
1420 print_revokers (es_stdout, pk);
1422 print_fingerprint (NULL, pk, 0);
1423 if (opt.with_key_data || opt.with_keygrip)
1426 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1427 if (opt.with_key_data)
1428 print_key_data (pk);
1431 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1433 if (node->pkt->pkttype == PKT_USER_ID)
1436 PKT_user_id *uid = node->pkt->pkt.user_id;
1438 if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
1439 dump_attribs (node->pkt->pkt.user_id, pk);
1441 * Fixme: We need a valid flag here too
1443 str = uid->attrib_data ? "uat" : "uid";
1444 if (uid->is_revoked)
1445 es_fprintf (es_stdout, "%s:r::::", str);
1446 else if (uid->is_expired)
1447 es_fprintf (es_stdout, "%s:e::::", str);
1448 else if (opt.no_expensive_trust_checks)
1449 es_fprintf (es_stdout, "%s:::::", str);
1455 uid_validity = get_validity_info (ctrl, pk, uid);
1458 es_fprintf (es_stdout, "%s:%c::::", str, uid_validity);
1461 es_fprintf (es_stdout, "%s:", colon_strtime (uid->created));
1462 es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate));
1464 namehash_from_uid (uid);
1466 for (i = 0; i < 20; i++)
1467 es_fprintf (es_stdout, "%02X", uid->namehash[i]);
1469 es_fprintf (es_stdout, "::");
1471 if (uid->attrib_data)
1472 es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len);
1474 es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
1475 es_fprintf (es_stdout, "::::::::");
1476 if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
1479 enum tofu_policy policy;
1480 if (! tofu_get_policy (ctrl, pk, uid, &policy)
1481 && policy != TOFU_POLICY_NONE)
1482 es_fprintf (es_stdout, "%s", tofu_policy_str (policy));
1485 es_putc (':', es_stdout);
1486 es_putc ('\n', es_stdout);
1488 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1491 PKT_public_key *pk2;
1493 pk2 = node->pkt->pkt.public_key;
1494 xfree (hexgrip); hexgrip = NULL;
1495 xfree (serialno); serialno = NULL;
1496 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1498 rc = hexkeygrip_from_pk (pk2, &hexgrip);
1500 log_error ("error computing a keygrip: %s\n",
1504 if ((secret||has_secret)
1505 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1506 stubkey = 1; /* Key not found. */
1508 keyid_from_pk (pk2, keyid2);
1509 es_fputs (secret? "ssb:":"sub:", es_stdout);
1510 if (!pk2->flags.valid)
1511 es_putc ('i', es_stdout);
1512 else if (pk2->flags.revoked)
1513 es_putc ('r', es_stdout);
1514 else if (pk2->has_expired)
1515 es_putc ('e', es_stdout);
1516 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1520 /* TRUSTLETTER should always be defined here. */
1522 es_fprintf (es_stdout, "%c", trustletter);
1524 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s:::::",
1525 nbits_from_pk (pk2),
1527 (ulong) keyid2[0], (ulong) keyid2[1],
1528 colon_datestr_from_pk (pk2), colon_strtime (pk2->expiredate)
1529 /* fixme: add LID and ownertrust here */
1531 print_capabilities (pk2, NULL);
1532 es_putc (':', es_stdout); /* End of field 13. */
1533 es_putc (':', es_stdout); /* End of field 14. */
1534 if (secret || has_secret)
1537 es_putc ('#', es_stdout);
1539 es_fputs (serialno, es_stdout);
1540 else if (has_secret)
1541 es_putc ('+', es_stdout);
1543 es_putc (':', es_stdout); /* End of field 15. */
1544 es_putc (':', es_stdout); /* End of field 16. */
1545 if (pk2->pubkey_algo == PUBKEY_ALGO_ECDSA
1546 || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA
1547 || pk2->pubkey_algo == PUBKEY_ALGO_ECDH)
1549 char *curve = openpgp_oid_to_str (pk2->pkey[0]);
1550 const char *name = openpgp_oid_to_curve (curve, 0);
1553 es_fputs (name, es_stdout);
1556 es_putc (':', es_stdout); /* End of field 17. */
1557 es_putc ('\n', es_stdout);
1559 print_fingerprint (NULL, pk2, 0);
1560 if (opt.with_key_data || opt.with_keygrip)
1563 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1564 if (opt.with_key_data)
1565 print_key_data (pk2);
1568 else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE)
1570 PKT_signature *sig = node->pkt->pkt.signature;
1571 int sigrc, fprokay = 0;
1574 byte fparray[MAX_FINGERPRINT_LEN];
1576 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1577 || sig->sig_class == 0x30)
1579 else if ((sig->sig_class & ~3) == 0x10)
1581 else if (sig->sig_class == 0x18)
1583 else if (sig->sig_class == 0x1F)
1587 es_fprintf (es_stdout, "sig::::::::::%02x%c:\n",
1588 sig->sig_class, sig->flags.exportable ? 'x' : 'l');
1594 PKT_public_key *signer_pk = NULL;
1597 if (opt.no_sig_cache)
1598 signer_pk = xmalloc_clear (sizeof (PKT_public_key));
1600 rc = check_key_signature2 (keyblock, node, NULL, signer_pk,
1602 switch (gpg_err_code (rc))
1607 case GPG_ERR_BAD_SIGNATURE:
1610 case GPG_ERR_NO_PUBKEY:
1611 case GPG_ERR_UNUSABLE_PUBKEY:
1619 if (opt.no_sig_cache)
1623 fingerprint_from_pk (signer_pk, fparray, &fplen);
1626 free_public_key (signer_pk);
1634 es_fputs (sigstr, es_stdout);
1635 es_putc (':', es_stdout);
1637 es_putc (sigrc, es_stdout);
1638 es_fprintf (es_stdout, "::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1639 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1640 colon_datestr_from_sig (sig),
1641 colon_expirestr_from_sig (sig));
1643 if (sig->trust_depth || sig->trust_value)
1644 es_fprintf (es_stdout, "%d %d", sig->trust_depth, sig->trust_value);
1645 es_fprintf (es_stdout, ":");
1647 if (sig->trust_regexp)
1648 es_write_sanitized (es_stdout, sig->trust_regexp,
1649 strlen (sig->trust_regexp), ":", NULL);
1650 es_fprintf (es_stdout, ":");
1653 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1654 else if (sigrc == '?')
1656 else if (!opt.fast_list_mode)
1659 p = get_user_id (sig->keyid, &n);
1660 es_write_sanitized (es_stdout, p, n, ":", NULL);
1663 es_fprintf (es_stdout, ":%02x%c::", sig->sig_class,
1664 sig->flags.exportable ? 'x' : 'l');
1666 if (opt.no_sig_cache && opt.check_sigs && fprokay)
1668 for (i = 0; i < fplen; i++)
1669 es_fprintf (es_stdout, "%02X", fparray[i]);
1672 es_fprintf (es_stdout, ":::%d:\n", sig->digest_algo);
1674 if (opt.show_subpackets)
1675 print_subpackets_colon (sig);
1677 /* fixme: check or list other sigs here */
1686 * Reorder the keyblock so that the primary user ID (and not attribute
1687 * packet) comes first. Fixme: Replace this by a generic sort
1690 do_reorder_keyblock (KBNODE keyblock, int attr)
1692 KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
1695 for (node = keyblock; node; primary0 = node, node = node->next)
1697 if (node->pkt->pkttype == PKT_USER_ID &&
1698 ((attr && node->pkt->pkt.user_id->attrib_data) ||
1699 (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
1700 node->pkt->pkt.user_id->is_primary)
1702 primary = primary2 = node;
1703 for (node = node->next; node; primary2 = node, node = node->next)
1705 if (node->pkt->pkttype == PKT_USER_ID
1706 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1707 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1716 return; /* No primary key flag found (should not happen). */
1718 for (last = NULL, node = keyblock; node; last = node, node = node->next)
1720 if (node->pkt->pkttype == PKT_USER_ID)
1724 log_assert (last); /* The user ID is never the first packet. */
1725 log_assert (primary0); /* Ditto (this is the node before primary). */
1726 if (node == primary)
1727 return; /* Already the first one. */
1729 last->next = primary;
1730 primary0->next = primary2->next;
1731 primary2->next = node;
1735 reorder_keyblock (KBNODE keyblock)
1737 do_reorder_keyblock (keyblock, 1);
1738 do_reorder_keyblock (keyblock, 0);
1742 list_keyblock (ctrl_t ctrl,
1743 KBNODE keyblock, int secret, int has_secret, int fpr,
1744 struct keylist_context *listctx)
1746 reorder_keyblock (keyblock);
1747 if (opt.print_pka_records || opt.print_dane_records)
1748 list_keyblock_pka (ctrl, keyblock);
1749 else if (opt.with_colons)
1750 list_keyblock_colon (ctrl, keyblock, secret, has_secret, fpr);
1752 list_keyblock_print (ctrl, keyblock, secret, fpr, listctx);
1754 es_fflush (es_stdout);
1758 /* Public function used by keygen to list a keyblock. */
1760 list_keyblock_direct (ctrl_t ctrl,
1761 kbnode_t keyblock, int secret, int has_secret, int fpr)
1763 struct keylist_context listctx;
1765 memset (&listctx, 0, sizeof (listctx));
1766 list_keyblock (ctrl, keyblock, secret, has_secret, fpr, &listctx);
1767 keylist_context_release (&listctx);
1771 /* Print an hex digit in ICAO spelling. */
1773 print_icao_hexdigit (estream_t fp, int c)
1775 static const char *list[16] = {
1776 "Zero", "One", "Two", "Three", "Four", "Five", "Six", "Seven",
1777 "Eight", "Niner", "Alfa", "Bravo", "Charlie", "Delta", "Echo", "Foxtrot"
1780 tty_fprintf (fp, "%s", list[c&15]);
1785 * Function to print the finperprint.
1786 * mode 0: as used in key listings, opt.with_colons is honored
1787 * 1: print using log_info ()
1788 * 2: direct use of tty
1789 * 3: direct use of tty but only primary key.
1790 * 4: direct use of tty but only subkey.
1791 * 10: Same as 0 but with_colons etc is ignored.
1792 * 20: Same as 0 but using a compact format.
1794 * Modes 1 and 2 will try and print both subkey and primary key
1795 * fingerprints. A MODE with bit 7 set is used internally. If
1796 * OVERRIDE_FP is not NULL that stream will be used in 0 instead
1797 * of es_stdout or instead of the TTY in modes 2 and 3.
1800 print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode)
1802 char hexfpr[2*MAX_FINGERPRINT_LEN+1];
1808 int with_colons = opt.with_colons;
1809 int with_icao = opt.with_icao_spelling;
1818 else if (mode == 20)
1825 if (!opt.fingerprint && !opt.with_fingerprint
1826 && opt.with_subkey_fingerprint && opt.keyid_format == KF_NONE)
1829 if (pk->main_keyid[0] == pk->keyid[0]
1830 && pk->main_keyid[1] == pk->keyid[1])
1833 /* Just to be safe */
1834 if ((mode & 0x80) && !primary)
1836 log_error ("primary key is not really primary!\n");
1842 if (!primary && (mode == 1 || mode == 2))
1844 PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
1845 get_pubkey (primary_pk, pk->main_keyid);
1846 print_fingerprint (override_fp, primary_pk, (mode | 0x80));
1847 free_public_key (primary_pk);
1852 fp = log_get_stream ();
1854 text = _("Primary key fingerprint:");
1856 text = _(" Subkey fingerprint:");
1860 fp = override_fp; /* Use tty or given stream. */
1862 /* TRANSLATORS: this should fit into 24 bytes so that the
1863 * fingerprint data is properly aligned with the user ID */
1864 text = _(" Primary key fingerprint:");
1866 text = _(" Subkey fingerprint:");
1870 fp = override_fp; /* Use tty or given stream. */
1871 text = _(" Key fingerprint =");
1875 fp = override_fp; /* Use tty or given stream. */
1876 text = _(" Subkey fingerprint:");
1880 fp = override_fp? override_fp : es_stdout;
1881 if (opt.keyid_format == KF_NONE)
1883 text = " "; /* To indent ICAO spelling. */
1887 text = _(" Key fingerprint =");
1890 hexfingerprint (pk, hexfpr, sizeof hexfpr);
1891 if (with_colons && !mode)
1893 es_fprintf (fp, "fpr:::::::::%s:", hexfpr);
1895 else if (compact && !opt.fingerprint && !opt.with_fingerprint)
1897 tty_fprintf (fp, "%*s%s", 6, "", hexfpr);
1901 char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1];
1902 format_hexfingerprint (hexfpr, fmtfpr, sizeof fmtfpr);
1904 tty_fprintf (fp, "%*s%s", 6, "", fmtfpr);
1906 tty_fprintf (fp, "%s %s", text, fmtfpr);
1908 tty_fprintf (fp, "\n");
1909 if (!with_colons && with_icao)
1912 tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, "");
1913 for (i = 0, p = hexfpr; *p; i++, p++)
1918 tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, "");
1920 tty_fprintf (fp, " ");
1922 tty_fprintf (fp, " ");
1923 print_icao_hexdigit (fp, xtoi_1 (p));
1925 tty_fprintf (fp, "\"\n");
1929 /* Print the serial number of an OpenPGP card if available. */
1931 print_card_serialno (const char *serialno)
1935 if (opt.with_colons)
1936 return; /* Handled elsewhere. */
1938 es_fputs (_(" Card serial no. ="), es_stdout);
1939 es_putc (' ', es_stdout);
1940 if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12))
1942 /* This is an OpenPGP card. Print the relevant part. */
1943 /* Example: D2760001240101010001000003470000 */
1945 es_fprintf (es_stdout, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
1948 es_fputs (serialno, es_stdout);
1949 es_putc ('\n', es_stdout);
1953 /* Print a public or secret (sub)key line. Example:
1955 * pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31]
1956 * 80615870F5BAD690333686D0F2AD85AC1E42B367
1958 * Some global options may result in a different output format. If
1959 * SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and
1960 * depending on the value a flag character is shown:
1962 * 1 := ' ' Regular secret key
1963 * 2 := '#' Stub secret key
1964 * 3 := '>' Secret key is on a token.
1967 print_key_line (estream_t fp, PKT_public_key *pk, int secret)
1969 char pkstrbuf[PUBKEY_STRING_SIZE];
1971 tty_fprintf (fp, "%s%c %s",
1972 pk->flags.primary? (secret? "sec":"pub")
1973 /**/ : (secret? "ssb":"sub"),
1974 secret == 2? '#' : secret == 3? '>' : ' ',
1975 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf));
1976 if (opt.keyid_format != KF_NONE)
1977 tty_fprintf (fp, "/%s", keystr_from_pk (pk));
1978 tty_fprintf (fp, " %s", datestr_from_pk (pk));
1980 if ((opt.list_options & LIST_SHOW_USAGE))
1982 tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0));
1984 if (pk->flags.revoked)
1986 tty_fprintf (fp, " [");
1987 tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk));
1988 tty_fprintf (fp, "]");
1990 else if (pk->has_expired)
1992 tty_fprintf (fp, " [");
1993 tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk));
1994 tty_fprintf (fp, "]");
1996 else if (pk->expiredate)
1998 tty_fprintf (fp, " [");
1999 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
2000 tty_fprintf (fp, "]");
2004 /* I need to think about this some more. It's easy enough to
2005 include, but it looks sort of confusing in the listing... */
2006 if (opt.list_options & LIST_SHOW_VALIDITY)
2008 int validity = get_validity (ctrl, pk, NULL, NULL, 0);
2009 tty_fprintf (fp, " [%s]", trust_value_to_string (validity));
2013 if (pk->pubkey_algo >= 100)
2014 tty_fprintf (fp, " [experimental algorithm %d]", pk->pubkey_algo);
2016 tty_fprintf (fp, "\n");
2018 if (pk->flags.primary && opt.keyid_format == KF_NONE)
2019 print_fingerprint (fp, pk, 20);
2024 set_attrib_fd (int fd)
2026 static int last_fd = -1;
2028 if (fd != -1 && last_fd == fd)
2031 /* Fixme: Do we need to check for the log stream here? */
2032 if (attrib_fp && attrib_fp != log_get_stream ())
2033 es_fclose (attrib_fp);
2038 #ifdef HAVE_DOSISH_SYSTEM
2039 setmode (fd, O_BINARY);
2042 attrib_fp = es_stdout;
2044 attrib_fp = es_stderr;
2046 attrib_fp = es_fdopen (fd, "wb");
2049 log_fatal ("can't open fd %d for attribute output: %s\n",
2050 fd, strerror (errno));