1 /* keylist.c - Print information about OpenPGP keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2008, 2010, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2013, 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
28 #ifdef HAVE_DOSISH_SYSTEM
29 #include <fcntl.h> /* for setmode() */
44 #include "call-agent.h"
45 #include "mbox-util.h"
48 static void list_all (ctrl_t, int, int);
49 static void list_one (ctrl_t ctrl,
50 strlist_t names, int secret, int mark_secret);
51 static void locate_one (ctrl_t ctrl, strlist_t names);
52 static void print_card_serialno (const char *serialno);
54 struct keylist_context
56 int check_sigs; /* If set signatures shall be verified. */
57 int good_sigs; /* Counter used if CHECK_SIGS is set. */
58 int inv_sigs; /* Counter used if CHECK_SIGS is set. */
59 int no_key; /* Counter used if CHECK_SIGS is set. */
60 int oth_err; /* Counter used if CHECK_SIGS is set. */
64 static void list_keyblock (ctrl_t ctrl,
65 kbnode_t keyblock, int secret, int has_secret,
66 int fpr, struct keylist_context *listctx);
69 /* The stream used to write attribute packets to. */
70 static estream_t attrib_fp;
73 /* Release resources from a keylist context. */
75 keylist_context_release (struct keylist_context *listctx)
77 (void)listctx; /* Nothing to release. */
81 /* List the keys. If list is NULL, all available keys are listed.
82 With LOCATE_MODE set the locate algorithm is used to find a
85 public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
87 #ifndef NO_TRUST_MODELS
90 byte trust_model, marginals, completes, cert_depth, min_cert_level;
91 ulong created, nextcheck;
93 read_trust_options (&trust_model, &created, &nextcheck,
94 &marginals, &completes, &cert_depth, &min_cert_level);
96 es_fprintf (es_stdout, "tru:");
98 if (nextcheck && nextcheck <= make_timestamp ())
99 es_fprintf (es_stdout, "o");
100 if (trust_model != opt.trust_model)
101 es_fprintf (es_stdout, "t");
102 if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC)
104 if (marginals != opt.marginals_needed)
105 es_fprintf (es_stdout, "m");
106 if (completes != opt.completes_needed)
107 es_fprintf (es_stdout, "c");
108 if (cert_depth != opt.max_cert_depth)
109 es_fprintf (es_stdout, "d");
110 if (min_cert_level != opt.min_cert_level)
111 es_fprintf (es_stdout, "l");
114 es_fprintf (es_stdout, ":%d:%lu:%lu", trust_model, created, nextcheck);
116 /* Only show marginals, completes, and cert_depth in the classic
117 or PGP trust models since they are not meaningful
120 if (trust_model == TM_PGP || trust_model == TM_CLASSIC)
121 es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth);
122 es_fprintf (es_stdout, "\n");
124 #endif /*!NO_TRUST_MODELS*/
126 /* We need to do the stale check right here because it might need to
127 update the keyring while we already have the keyring open. This
128 is very bad for W32 because of a sharing violation. For real OSes
129 it might lead to false results if we are later listing a keyring
130 which is associated with the inode of a deleted file. */
131 check_trustdb_stale ();
134 locate_one (ctrl, list);
136 list_all (ctrl, 0, opt.with_secret);
138 list_one (ctrl, list, 0, opt.with_secret);
143 secret_key_list (ctrl_t ctrl, strlist_t list)
147 check_trustdb_stale ();
150 list_all (ctrl, 1, 0);
151 else /* List by user id */
152 list_one (ctrl, list, 1, 0);
156 print_seckey_info (PKT_public_key *pk)
160 char pkstrbuf[PUBKEY_STRING_SIZE];
162 keyid_from_pk (pk, keyid);
163 p = get_user_id_native (keyid);
165 tty_printf ("\nsec %s/%s %s %s\n",
166 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
167 keystr (keyid), datestr_from_pk (pk), p);
172 /* Print information about the public key. With FP passed as NULL,
173 the tty output interface is used, otherwise output is directted to
176 print_pubkey_info (estream_t fp, PKT_public_key *pk)
180 char pkstrbuf[PUBKEY_STRING_SIZE];
182 keyid_from_pk (pk, keyid);
184 /* If the pk was chosen by a particular user ID, that is the one to
187 p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
189 p = get_user_id_native (keyid);
193 tty_fprintf (fp, "%s %s/%s %s %s\n",
194 pk->flags.primary? "pub":"sub",
195 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
196 keystr (keyid), datestr_from_pk (pk), p);
201 /* Print basic information of a secret key including the card serial
202 number information. */
203 #ifdef ENABLE_CARD_SUPPORT
205 print_card_key_info (estream_t fp, kbnode_t keyblock)
211 char pkstrbuf[PUBKEY_STRING_SIZE];
214 for (node = keyblock; node; node = node->next)
216 if (node->pkt->pkttype == PKT_PUBLIC_KEY
217 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
220 PKT_public_key *pk = node->pkt->pkt.public_key;
223 rc = hexkeygrip_from_pk (pk, &hexgrip);
226 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
229 else if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
230 s2k_char = serialno? '>':' ';
232 s2k_char = '#'; /* Key not found. */
234 tty_fprintf (fp, "%s%c %s/%s %n",
235 node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb",
237 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
240 tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
241 tty_fprintf (fp, " ");
242 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
245 tty_fprintf (fp, "\n%*s%s", indent, "", _("card-no: "));
246 if (strlen (serialno) == 32
247 && !strncmp (serialno, "D27600012401", 12))
249 /* This is an OpenPGP card. Print the relevant part. */
250 /* Example: D2760001240101010001000003470000 */
252 tty_fprintf (fp, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
255 tty_fprintf (fp, "%s", serialno);
257 tty_fprintf (fp, "\n");
263 #endif /*ENABLE_CARD_SUPPORT*/
266 /* Flags = 0x01 hashed 0x02 critical. */
268 status_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
273 /* Don't print these. */
277 snprintf (status, sizeof status,
278 "%d %u %u ", type, flags, (unsigned int) len);
280 write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0);
284 /* Print a policy URL. Allowed values for MODE are:
285 * 0 - print to stdout.
286 * 1 - use log_info and emit status messages.
287 * 2 - emit only status messages.
290 show_policy_url (PKT_signature * sig, int indent, int mode)
295 estream_t fp = mode ? log_get_stream () : es_stdout;
298 enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit)))
305 for (i = 0; i < indent; i++)
309 str = _("Critical signature policy: ");
311 str = _("Signature policy: ");
313 log_info ("%s", str);
315 es_fprintf (fp, "%s", str);
316 print_utf8_buffer (fp, p, len);
317 es_fprintf (fp, "\n");
321 write_status_buffer (STATUS_POLICY_URL, p, len, 0);
328 mode=1 for log_info + status messages
329 mode=2 for status messages only
333 show_keyserver_url (PKT_signature * sig, int indent, int mode)
338 estream_t fp = mode ? log_get_stream () : es_stdout;
341 enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq,
349 for (i = 0; i < indent; i++)
350 es_putc (' ', es_stdout);
353 str = _("Critical preferred keyserver: ");
355 str = _("Preferred keyserver: ");
357 log_info ("%s", str);
359 es_fprintf (es_stdout, "%s", str);
360 print_utf8_buffer (fp, p, len);
361 es_fprintf (fp, "\n");
365 status_one_subpacket (SIGSUBPKT_PREF_KS, len,
366 (crit ? 0x02 : 0) | 0x01, p);
372 mode=1 for log_info + status messages
373 mode=2 for status messages only
375 Defined bits in WHICH:
376 1 == standard notations
380 show_notation (PKT_signature * sig, int indent, int mode, int which)
382 estream_t fp = mode ? log_get_stream () : es_stdout;
383 struct notation *nd, *notations;
388 notations = sig_to_notation (sig);
390 /* There may be multiple notations in the same sig. */
391 for (nd = notations; nd; nd = nd->next)
395 int has_at = !!strchr (nd->name, '@');
397 if ((which & 1 && !has_at) || (which & 2 && has_at))
402 for (i = 0; i < indent; i++)
403 es_putc (' ', es_stdout);
405 if (nd->flags.critical)
406 str = _("Critical signature notation: ");
408 str = _("Signature notation: ");
410 log_info ("%s", str);
412 es_fprintf (es_stdout, "%s", str);
413 /* This is all UTF8 */
414 print_utf8_buffer (fp, nd->name, strlen (nd->name));
415 es_fprintf (fp, "=");
416 print_utf8_buffer (fp, nd->value, strlen (nd->value));
417 /* (We need to use log_printf so that the next call to a
418 log function does not insert an extra LF.) */
428 write_status_buffer (STATUS_NOTATION_NAME,
429 nd->name, strlen (nd->name), 0);
430 write_status_buffer (STATUS_NOTATION_DATA,
431 nd->value, strlen (nd->value), 50);
435 free_notation (notations);
440 print_signature_stats (struct keylist_context *s)
443 return; /* Signature checking was not requested. */
445 if (s->good_sigs == 1)
446 log_info (_("1 good signature\n"));
447 else if (s->good_sigs)
448 log_info (_("%d good signatures\n"), s->good_sigs);
450 if (s->inv_sigs == 1)
451 log_info (_("1 bad signature\n"));
452 else if (s->inv_sigs)
453 log_info (_("%d bad signatures\n"), s->inv_sigs);
456 log_info (_("1 signature not checked due to a missing key\n"));
458 log_info (_("%d signatures not checked due to missing keys\n"), s->no_key);
461 log_info (_("1 signature not checked due to an error\n"));
463 log_info (_("%d signatures not checked due to errors\n"), s->oth_err);
467 /* List all keys. If SECRET is true only secret keys are listed. If
468 MARK_SECRET is true secret keys are indicated in a public key
471 list_all (ctrl_t ctrl, int secret, int mark_secret)
474 KBNODE keyblock = NULL;
477 const char *lastresname, *resname;
478 struct keylist_context listctx;
480 memset (&listctx, 0, sizeof (listctx));
482 listctx.check_sigs = 1;
486 rc = gpg_error (GPG_ERR_GENERAL);
488 rc = keydb_search_first (hd);
491 if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
492 log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc));
499 rc = keydb_get_keyblock (hd, &keyblock);
502 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
503 continue; /* Skip legacy keys. */
504 log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
508 if (secret || mark_secret)
509 any_secret = !agent_probe_any_secret_key (NULL, keyblock);
513 if (secret && !any_secret)
514 ; /* Secret key listing requested but this isn't one. */
517 if (!opt.with_colons)
519 resname = keydb_get_resource_name (hd);
520 if (lastresname != resname)
524 es_fprintf (es_stdout, "%s\n", resname);
525 for (i = strlen (resname); i; i--)
526 es_putc ('-', es_stdout);
527 es_putc ('\n', es_stdout);
528 lastresname = resname;
531 merge_keys_and_selfsig (keyblock);
532 list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint,
535 release_kbnode (keyblock);
538 while (!(rc = keydb_search_next (hd)));
539 es_fflush (es_stdout);
540 if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
541 log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
542 if (keydb_get_skipped_counter (hd))
543 log_info (_("Warning: %lu key(s) skipped due to their large size\n"),
544 keydb_get_skipped_counter (hd));
546 if (opt.check_sigs && !opt.with_colons)
547 print_signature_stats (&listctx);
550 keylist_context_release (&listctx);
551 release_kbnode (keyblock);
557 list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)
560 KBNODE keyblock = NULL;
563 const char *keyring_str = _("Keyring");
565 struct keylist_context listctx;
567 memset (&listctx, 0, sizeof (listctx));
568 if (!secret && opt.check_sigs)
569 listctx.check_sigs = 1;
571 /* fixme: using the bynames function has the disadvantage that we
572 * don't know wether one of the names given was not found. OTOH,
573 * this function has the advantage to list the names in the
574 * sequence as defined by the keyDB and does not duplicate
575 * outputs. A solution could be do test whether all given have
576 * been listed (this needs a way to use the keyDB search
577 * functions) or to have the search function return indicators for
578 * found names. Yet another way is to use the keydb search
579 * facilities directly. */
580 rc = getkey_bynames (&ctx, NULL, names, secret, &keyblock);
583 log_error ("error reading key: %s\n", gpg_strerror (rc));
590 if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
592 resname = keydb_get_resource_name (get_ctx_handle (ctx));
593 es_fprintf (es_stdout, "%s: %s\n", keyring_str, resname);
594 for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
595 es_putc ('-', es_stdout);
596 es_putc ('\n', es_stdout);
599 keyblock, secret, mark_secret, opt.fingerprint, &listctx);
600 release_kbnode (keyblock);
602 while (!getkey_next (ctx, NULL, &keyblock));
605 if (opt.check_sigs && !opt.with_colons)
606 print_signature_stats (&listctx);
608 keylist_context_release (&listctx);
613 locate_one (ctrl_t ctrl, strlist_t names)
617 GETKEY_CTX ctx = NULL;
618 KBNODE keyblock = NULL;
619 struct keylist_context listctx;
621 memset (&listctx, 0, sizeof (listctx));
623 listctx.check_sigs = 1;
625 for (sl = names; sl; sl = sl->next)
627 rc = get_pubkey_byname (ctrl, &ctx, NULL, sl->d, &keyblock, NULL, 1, 0);
630 if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
631 log_error ("error reading key: %s\n", gpg_strerror (rc));
632 else if (opt.verbose)
633 log_info (_("key \"%s\" not found: %s\n"),
634 sl->d, gpg_strerror (rc));
640 list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx);
641 release_kbnode (keyblock);
643 while (ctx && !getkey_next (ctx, NULL, &keyblock));
649 if (opt.check_sigs && !opt.with_colons)
650 print_signature_stats (&listctx);
652 keylist_context_release (&listctx);
657 print_key_data (PKT_public_key * pk)
659 int n = pk ? pubkey_get_npkey (pk->pubkey_algo) : 0;
662 for (i = 0; i < n; i++)
664 es_fprintf (es_stdout, "pkd:%d:%u:", i, mpi_get_nbits (pk->pkey[i]));
665 mpi_print (es_stdout, pk->pkey[i], 1);
666 es_putc (':', es_stdout);
667 es_putc ('\n', es_stdout);
672 print_capabilities (PKT_public_key *pk, KBNODE keyblock)
674 unsigned int use = pk->pubkey_usage;
677 if (use & PUBKEY_USAGE_ENC)
678 es_putc ('e', es_stdout);
680 if (use & PUBKEY_USAGE_SIG)
682 es_putc ('s', es_stdout);
683 if (pk->flags.primary)
685 es_putc ('c', es_stdout);
686 /* The PUBKEY_USAGE_CERT flag was introduced later and we
687 used to always print 'c' for a primary key. To avoid any
688 regression here we better track whether we printed 'c'
694 if ((use & PUBKEY_USAGE_CERT) && !c_printed)
695 es_putc ('c', es_stdout);
697 if ((use & PUBKEY_USAGE_AUTH))
698 es_putc ('a', es_stdout);
700 if ((use & PUBKEY_USAGE_UNKNOWN))
701 es_putc ('?', es_stdout);
705 /* Figure out the usable capabilities. */
707 int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0;
709 for (k = keyblock; k; k = k->next)
711 if (k->pkt->pkttype == PKT_PUBLIC_KEY
712 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
714 pk = k->pkt->pkt.public_key;
716 if (pk->flags.primary)
717 disabled = pk_is_disabled (pk);
719 if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired)
721 if (pk->pubkey_usage & PUBKEY_USAGE_ENC)
723 if (pk->pubkey_usage & PUBKEY_USAGE_SIG)
726 if (pk->flags.primary)
729 if (pk->pubkey_usage & PUBKEY_USAGE_CERT)
731 if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
737 es_putc ('E', es_stdout);
739 es_putc ('S', es_stdout);
741 es_putc ('C', es_stdout);
743 es_putc ('A', es_stdout);
745 es_putc ('D', es_stdout);
748 es_putc (':', es_stdout);
752 /* FLAGS: 0x01 hashed
755 print_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
760 es_fprintf (es_stdout, "spk:%d:%u:%u:", type, flags, (unsigned int) len);
762 for (i = 0; i < len; i++)
764 /* printable ascii other than : and % */
765 if (buf[i] >= 32 && buf[i] <= 126 && buf[i] != ':' && buf[i] != '%')
766 es_fprintf (es_stdout, "%c", buf[i]);
768 es_fprintf (es_stdout, "%%%02X", buf[i]);
771 es_fprintf (es_stdout, "\n");
776 print_subpackets_colon (PKT_signature * sig)
780 assert (opt.show_subpackets);
782 for (i = opt.show_subpackets; *i; i++)
790 while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit)))
791 print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
795 while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit)))
796 print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
802 dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
809 for (i = 0; i < uid->numattribs; i++)
811 if (is_status_enabled ())
813 byte array[MAX_FINGERPRINT_LEN], *p;
814 char buf[(MAX_FINGERPRINT_LEN * 2) + 90];
819 fingerprint_from_pk (pk, array, &n);
822 for (j = 0; j < n; j++, p++)
823 sprintf (buf + 2 * j, "%02X", *p);
825 sprintf (buf + strlen (buf), " %lu %u %u %u %lu %lu %u",
826 (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1,
827 uid->numattribs, (ulong) uid->created,
828 (ulong) uid->expiredate,
829 ((uid->is_primary ? 0x01 : 0) | (uid->
830 is_revoked ? 0x02 : 0) |
831 (uid->is_expired ? 0x04 : 0)));
832 write_status_text (STATUS_ATTRIBUTE, buf);
835 es_fwrite (uid->attribs[i].data, uid->attribs[i].len, 1, attrib_fp);
836 es_fflush (attrib_fp);
841 /* Print IPGP cert records instead of a standard key listing. */
843 list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock)
848 char pkstrbuf[PUBKEY_STRING_SIZE];
850 char *hexkeyblock = NULL;
851 unsigned int hexkeyblocklen;
854 /* Get the keyid from the keyblock. */
855 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
858 log_error ("Oops; key lost!\n");
859 dump_kbnode (keyblock);
863 pk = node->pkt->pkt.public_key;
865 /* First print an overview of the key with all userids. */
866 es_fprintf (es_stdout, ";; pub %s/%s %s\n;;",
867 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
868 keystr_from_pk (pk), datestr_from_pk (pk));
869 print_fingerprint (NULL, pk, 10);
870 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
872 if (node->pkt->pkttype == PKT_USER_ID)
874 PKT_user_id *uid = node->pkt->pkt.user_id;
876 if (pk && (uid->is_expired || uid->is_revoked)
877 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
880 es_fputs (";; uid ", es_stdout);
881 print_utf8_buffer (es_stdout, uid->name, uid->len);
882 es_putc ('\n', es_stdout);
887 hexfpr = hexfingerprint (pk);
888 if (opt.print_dane_records)
890 kbnode_t dummy_keyblock;
895 /* We do not have an export fucntion which allows to pass a
896 keyblock, thus we need to search the key again. */
897 err = export_pubkey_buffer (ctrl, hexfpr,
899 &dummy_keyblock, &data, &datalen);
900 release_kbnode (dummy_keyblock);
903 hexkeyblocklen = datalen;
904 hexkeyblock = bin2hex (data, datalen, NULL);
906 err = gpg_error_from_syserror ();
908 ascii_strlwr (hexkeyblock);
911 log_error (_("skipped \"%s\": %s\n"), hexfpr, gpg_strerror (err));
915 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
917 if (node->pkt->pkttype == PKT_USER_ID)
919 PKT_user_id *uid = node->pkt->pkt.user_id;
923 if (pk && (uid->is_expired || uid->is_revoked)
924 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
927 mbox = mailbox_from_userid (uid->name);
928 if (mbox && (p = strchr (mbox, '@')))
935 if (opt.print_pka_records)
937 es_fprintf (es_stdout, "$ORIGIN _pka.%s.\n; %s\n; ",
939 print_utf8_buffer (es_stdout, uid->name, uid->len);
940 es_putc ('\n', es_stdout);
941 gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
942 mbox, strlen (mbox));
943 hash = zb32_encode (hashbuf, 8*20);
946 len = strlen (hexfpr)/2;
947 es_fprintf (es_stdout,
948 "%s TYPE37 \\# %u 0006 0000 00 %02X %s\n",
949 hash, 6 + len, len, hexfpr);
953 if (opt.print_dane_records && hexkeyblock)
955 es_fprintf (es_stdout, "$ORIGIN _openpgpkey.%s.\n; %s\n; ",
957 print_utf8_buffer (es_stdout, uid->name, uid->len);
958 es_putc ('\n', es_stdout);
959 gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf,
960 mbox, strlen (mbox));
961 hash = bin2hex (hashbuf, 28, NULL);
965 es_fprintf (es_stdout, "%s TYPE61 \\# %u (\n",
966 hash, hexkeyblocklen);
971 es_fprintf (es_stdout, "\t%.64s\n", s);
976 es_fputs ("\t)\n", es_stdout);
984 es_putc ('\n', es_stdout);
992 list_keyblock_print (KBNODE keyblock, int secret, int fpr,
993 struct keylist_context *listctx)
1001 char *hexgrip = NULL;
1002 char *serialno = NULL;
1003 char pkstrbuf[PUBKEY_STRING_SIZE];
1005 /* Get the keyid from the keyblock. */
1006 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1009 log_error ("Oops; key lost!\n");
1010 dump_kbnode (keyblock);
1014 pk = node->pkt->pkt.public_key;
1016 if (secret || opt.with_keygrip)
1018 rc = hexkeygrip_from_pk (pk, &hexgrip);
1020 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1025 if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
1026 s2k_char = serialno? '>':' ';
1028 s2k_char = '#'; /* Key not found. */
1033 check_trustdb_stale ();
1036 es_fprintf (es_stdout, "%s%c %s/%s %s",
1037 secret? "sec":"pub",
1039 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
1040 keystr_from_pk (pk), datestr_from_pk (pk));
1042 if ((opt.list_options & LIST_SHOW_USAGE))
1044 es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk, 0));
1046 if (pk->flags.revoked)
1048 es_fprintf (es_stdout, " [");
1049 es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk));
1050 es_fprintf (es_stdout, "]");
1052 else if (pk->has_expired)
1054 es_fprintf (es_stdout, " [");
1055 es_fprintf (es_stdout, _("expired: %s"), expirestr_from_pk (pk));
1056 es_fprintf (es_stdout, "]");
1058 else if (pk->expiredate)
1060 es_fprintf (es_stdout, " [");
1061 es_fprintf (es_stdout, _("expires: %s"), expirestr_from_pk (pk));
1062 es_fprintf (es_stdout, "]");
1066 /* I need to think about this some more. It's easy enough to
1067 include, but it looks sort of confusing in the listing... */
1068 if (opt.list_options & LIST_SHOW_VALIDITY)
1070 int validity = get_validity (pk, NULL);
1071 es_fprintf (es_stdout, " [%s]", trust_value_to_string (validity));
1075 if (pk->pubkey_algo >= 100)
1076 es_fprintf (es_stdout, " [experimental algorithm %d]", pk->pubkey_algo);
1078 es_fprintf (es_stdout, "\n");
1081 print_fingerprint (NULL, pk, 0);
1083 if (opt.with_keygrip && hexgrip)
1084 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1087 print_card_serialno (serialno);
1089 if (opt.with_key_data)
1090 print_key_data (pk);
1092 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1094 if (node->pkt->pkttype == PKT_USER_ID)
1096 PKT_user_id *uid = node->pkt->pkt.user_id;
1098 if ((uid->is_expired || uid->is_revoked)
1099 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
1107 if (attrib_fp && uid->attrib_data != NULL)
1108 dump_attribs (uid, pk);
1110 if ((uid->is_revoked || uid->is_expired)
1111 || (opt.list_options & LIST_SHOW_UID_VALIDITY))
1113 const char *validity;
1116 validity = uid_trust_string_fixed (pk, uid);
1118 (keystrlen () + (opt.legacy_list_mode? 9:11)) -
1119 atoi (uid_trust_string_fixed (NULL, NULL));
1121 if (indent < 0 || indent > 40)
1124 es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity);
1127 es_fprintf (es_stdout, "uid%*s",
1128 (int) keystrlen () + (opt.legacy_list_mode? 10:12), "");
1130 print_utf8_buffer (es_stdout, uid->name, uid->len);
1131 es_putc ('\n', es_stdout);
1133 if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
1134 show_photos (uid->attribs, uid->numattribs, pk, uid);
1136 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1138 PKT_public_key *pk2 = node->pkt->pkt.public_key;
1140 if ((pk2->flags.revoked || pk2->has_expired)
1141 && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS))
1149 xfree (serialno); serialno = NULL;
1150 xfree (hexgrip); hexgrip = NULL;
1151 if (secret || opt.with_keygrip)
1153 rc = hexkeygrip_from_pk (pk2, &hexgrip);
1155 log_error ("error computing a keygrip: %s\n",
1160 if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
1161 s2k_char = serialno? '>':' ';
1163 s2k_char = '#'; /* Key not found. */
1168 es_fprintf (es_stdout, "%s%c %s/%s %s",
1169 secret? "ssb":"sub",
1171 pubkey_string (pk2, pkstrbuf, sizeof pkstrbuf),
1172 keystr_from_pk (pk2), datestr_from_pk (pk2));
1174 if ((opt.list_options & LIST_SHOW_USAGE))
1176 es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk2, 0));
1178 if (pk2->flags.revoked)
1180 es_fprintf (es_stdout, " [");
1181 es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk2));
1182 es_fprintf (es_stdout, "]");
1184 else if (pk2->has_expired)
1186 es_fprintf (es_stdout, " [");
1187 es_fprintf (es_stdout, _("expired: %s"), expirestr_from_pk (pk2));
1188 es_fprintf (es_stdout, "]");
1190 else if (pk2->expiredate)
1192 es_fprintf (es_stdout, " [");
1193 es_fprintf (es_stdout, _("expires: %s"), expirestr_from_pk (pk2));
1194 es_fprintf (es_stdout, "]");
1196 es_putc ('\n', es_stdout);
1199 print_fingerprint (NULL, pk2, 0);
1201 print_card_serialno (serialno);
1203 if (opt.with_keygrip && hexgrip)
1204 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1205 if (opt.with_key_data)
1206 print_key_data (pk2);
1208 else if (opt.list_sigs
1209 && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
1211 PKT_signature *sig = node->pkt->pkt.signature;
1215 if (listctx->check_sigs)
1217 rc = check_key_signature (keyblock, node, NULL);
1218 switch (gpg_err_code (rc))
1221 listctx->good_sigs++;
1224 case GPG_ERR_BAD_SIGNATURE:
1225 listctx->inv_sigs++;
1228 case GPG_ERR_NO_PUBKEY:
1229 case GPG_ERR_UNUSABLE_PUBKEY:
1238 /* TODO: Make sure a cached sig record here still has
1239 the pk that issued it. See also
1240 keyedit.c:print_and_check_one_sig */
1248 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1249 || sig->sig_class == 0x30)
1251 else if ((sig->sig_class & ~3) == 0x10)
1253 else if (sig->sig_class == 0x18)
1255 else if (sig->sig_class == 0x1F)
1259 es_fprintf (es_stdout, "sig "
1260 "[unexpected signature class 0x%02x]\n",
1265 es_fputs (sigstr, es_stdout);
1266 es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s",
1267 sigrc, (sig->sig_class - 0x10 > 0 &&
1268 sig->sig_class - 0x10 <
1269 4) ? '0' + sig->sig_class - 0x10 : ' ',
1270 sig->flags.exportable ? ' ' : 'L',
1271 sig->flags.revocable ? ' ' : 'R',
1272 sig->flags.policy_url ? 'P' : ' ',
1273 sig->flags.notation ? 'N' : ' ',
1274 sig->flags.expired ? 'X' : ' ',
1275 (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
1277 sig->trust_depth : ' ', keystr (sig->keyid),
1278 datestr_from_sig (sig));
1279 if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
1280 es_fprintf (es_stdout, " %s", expirestr_from_sig (sig));
1281 es_fprintf (es_stdout, " ");
1283 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1284 else if (sigrc == '?')
1286 else if (!opt.fast_list_mode)
1289 char *p = get_user_id (sig->keyid, &n);
1290 print_utf8_buffer (es_stdout, p, n);
1293 es_putc ('\n', es_stdout);
1295 if (sig->flags.policy_url
1296 && (opt.list_options & LIST_SHOW_POLICY_URLS))
1297 show_policy_url (sig, 3, 0);
1299 if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
1300 show_notation (sig, 3, 0,
1302 list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
1305 list_options & LIST_SHOW_USER_NOTATIONS) ? 2 :
1308 if (sig->flags.pref_ks
1309 && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
1310 show_keyserver_url (sig, 3, 0);
1312 /* fixme: check or list other sigs here */
1315 es_putc ('\n', es_stdout);
1321 print_revokers (estream_t fp, PKT_public_key * pk)
1323 /* print the revoker record */
1324 if (!pk->revkey && pk->numrevkeys)
1330 for (i = 0; i < pk->numrevkeys; i++)
1334 es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid);
1335 p = pk->revkey[i].fpr;
1336 for (j = 0; j < 20; j++, p++)
1337 es_fprintf (fp, "%02X", *p);
1338 es_fprintf (fp, ":%02x%s:\n",
1339 pk->revkey[i].class,
1340 (pk->revkey[i].class & 0x40) ? "s" : "");
1346 /* List a key in colon mode. If SECRET is true this is a secret key
1347 record (i.e. requested via --list-secret-key). If HAS_SECRET a
1348 secret key is available even if SECRET is not set. */
1350 list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr)
1357 int trustletter = 0;
1361 char *hexgrip = NULL;
1362 char *serialno = NULL;
1365 /* Get the keyid from the keyblock. */
1366 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1369 log_error ("Oops; key lost!\n");
1370 dump_kbnode (keyblock);
1374 pk = node->pkt->pkt.public_key;
1375 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1377 rc = hexkeygrip_from_pk (pk, &hexgrip);
1379 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1382 if ((secret||has_secret) && agent_get_keyinfo (NULL, hexgrip, &serialno))
1383 stubkey = 1; /* Key not found. */
1385 keyid_from_pk (pk, keyid);
1386 es_fputs (secret? "sec:":"pub:", es_stdout);
1387 if (!pk->flags.valid)
1388 es_putc ('i', es_stdout);
1389 else if (pk->flags.revoked)
1390 es_putc ('r', es_stdout);
1391 else if (pk->has_expired)
1392 es_putc ('e', es_stdout);
1393 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1397 trustletter = get_validity_info (pk, NULL);
1398 if (trustletter == 'u')
1400 es_putc (trustletter, es_stdout);
1403 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::",
1406 (ulong) keyid[0], (ulong) keyid[1],
1407 colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
1409 if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
1410 es_putc (get_ownertrust_info (pk), es_stdout);
1411 es_putc (':', es_stdout);
1413 es_putc (':', es_stdout);
1414 es_putc (':', es_stdout);
1415 print_capabilities (pk, keyblock);
1416 es_putc (':', es_stdout); /* End of field 13. */
1417 es_putc (':', es_stdout); /* End of field 14. */
1418 if (secret || has_secret)
1421 es_putc ('#', es_stdout);
1423 es_fputs (serialno, es_stdout);
1424 else if (has_secret)
1425 es_putc ('+', es_stdout);
1427 es_putc (':', es_stdout); /* End of field 15. */
1428 es_putc (':', es_stdout); /* End of field 16. */
1429 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1430 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1431 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1433 char *curve = openpgp_oid_to_str (pk->pkey[0]);
1434 const char *name = openpgp_oid_to_curve (curve, 0);
1437 es_fputs (name, es_stdout);
1440 es_putc (':', es_stdout); /* End of field 17. */
1441 es_putc ('\n', es_stdout);
1443 print_revokers (es_stdout, pk);
1445 print_fingerprint (NULL, pk, 0);
1446 if (opt.with_key_data || opt.with_keygrip)
1449 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1450 if (opt.with_key_data)
1451 print_key_data (pk);
1454 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1456 if (node->pkt->pkttype == PKT_USER_ID)
1459 PKT_user_id *uid = node->pkt->pkt.user_id;
1461 if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
1462 dump_attribs (node->pkt->pkt.user_id, pk);
1464 * Fixme: We need a valid flag here too
1466 str = uid->attrib_data ? "uat" : "uid";
1467 if (uid->is_revoked)
1468 es_fprintf (es_stdout, "%s:r::::", str);
1469 else if (uid->is_expired)
1470 es_fprintf (es_stdout, "%s:e::::", str);
1471 else if (opt.no_expensive_trust_checks)
1472 es_fprintf (es_stdout, "%s:::::", str);
1478 uid_validity = get_validity_info (pk, uid);
1481 es_fprintf (es_stdout, "%s:%c::::", str, uid_validity);
1484 es_fprintf (es_stdout, "%s:", colon_strtime (uid->created));
1485 es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate));
1487 namehash_from_uid (uid);
1489 for (i = 0; i < 20; i++)
1490 es_fprintf (es_stdout, "%02X", uid->namehash[i]);
1492 es_fprintf (es_stdout, "::");
1494 if (uid->attrib_data)
1495 es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len);
1497 es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
1498 es_putc (':', es_stdout);
1499 es_putc ('\n', es_stdout);
1501 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1504 PKT_public_key *pk2;
1506 pk2 = node->pkt->pkt.public_key;
1507 xfree (hexgrip); hexgrip = NULL;
1508 xfree (serialno); serialno = NULL;
1509 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1511 rc = hexkeygrip_from_pk (pk2, &hexgrip);
1513 log_error ("error computing a keygrip: %s\n",
1517 if ((secret||has_secret)
1518 && agent_get_keyinfo (NULL, hexgrip, &serialno))
1519 stubkey = 1; /* Key not found. */
1521 keyid_from_pk (pk2, keyid2);
1522 es_fputs (secret? "ssb:":"sub:", es_stdout);
1523 if (!pk2->flags.valid)
1524 es_putc ('i', es_stdout);
1525 else if (pk2->flags.revoked)
1526 es_putc ('r', es_stdout);
1527 else if (pk2->has_expired)
1528 es_putc ('e', es_stdout);
1529 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1533 /* TRUSTLETTER should always be defined here. */
1535 es_fprintf (es_stdout, "%c", trustletter);
1537 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s:::::",
1538 nbits_from_pk (pk2),
1540 (ulong) keyid2[0], (ulong) keyid2[1],
1541 colon_datestr_from_pk (pk2), colon_strtime (pk2->expiredate)
1542 /* fixme: add LID and ownertrust here */
1544 print_capabilities (pk2, NULL);
1545 es_putc (':', es_stdout); /* End of field 13. */
1546 es_putc (':', es_stdout); /* End of field 14. */
1547 if (secret || has_secret)
1550 es_putc ('#', es_stdout);
1552 es_fputs (serialno, es_stdout);
1553 else if (has_secret)
1554 es_putc ('+', es_stdout);
1556 es_putc (':', es_stdout); /* End of field 15. */
1557 es_putc (':', es_stdout); /* End of field 16. */
1558 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1559 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1560 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1562 char *curve = openpgp_oid_to_str (pk->pkey[0]);
1563 const char *name = openpgp_oid_to_curve (curve, 0);
1566 es_fputs (name, es_stdout);
1569 es_putc (':', es_stdout); /* End of field 17. */
1570 es_putc ('\n', es_stdout);
1572 print_fingerprint (NULL, pk2, 0);
1573 if (opt.with_key_data || opt.with_keygrip)
1576 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1577 if (opt.with_key_data)
1578 print_key_data (pk2);
1581 else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE)
1583 PKT_signature *sig = node->pkt->pkt.signature;
1584 int sigrc, fprokay = 0;
1587 byte fparray[MAX_FINGERPRINT_LEN];
1589 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1590 || sig->sig_class == 0x30)
1592 else if ((sig->sig_class & ~3) == 0x10)
1594 else if (sig->sig_class == 0x18)
1596 else if (sig->sig_class == 0x1F)
1600 es_fprintf (es_stdout, "sig::::::::::%02x%c:\n",
1601 sig->sig_class, sig->flags.exportable ? 'x' : 'l');
1607 PKT_public_key *signer_pk = NULL;
1610 if (opt.no_sig_cache)
1611 signer_pk = xmalloc_clear (sizeof (PKT_public_key));
1613 rc = check_key_signature2 (keyblock, node, NULL, signer_pk,
1615 switch (gpg_err_code (rc))
1620 case GPG_ERR_BAD_SIGNATURE:
1623 case GPG_ERR_NO_PUBKEY:
1624 case GPG_ERR_UNUSABLE_PUBKEY:
1632 if (opt.no_sig_cache)
1636 fingerprint_from_pk (signer_pk, fparray, &fplen);
1639 free_public_key (signer_pk);
1647 es_fputs (sigstr, es_stdout);
1648 es_putc (':', es_stdout);
1650 es_putc (sigrc, es_stdout);
1651 es_fprintf (es_stdout, "::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1652 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1653 colon_datestr_from_sig (sig),
1654 colon_expirestr_from_sig (sig));
1656 if (sig->trust_depth || sig->trust_value)
1657 es_fprintf (es_stdout, "%d %d", sig->trust_depth, sig->trust_value);
1658 es_fprintf (es_stdout, ":");
1660 if (sig->trust_regexp)
1661 es_write_sanitized (es_stdout, sig->trust_regexp,
1662 strlen (sig->trust_regexp), ":", NULL);
1663 es_fprintf (es_stdout, ":");
1666 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1667 else if (sigrc == '?')
1669 else if (!opt.fast_list_mode)
1672 p = get_user_id (sig->keyid, &n);
1673 es_write_sanitized (es_stdout, p, n, ":", NULL);
1676 es_fprintf (es_stdout, ":%02x%c::", sig->sig_class,
1677 sig->flags.exportable ? 'x' : 'l');
1679 if (opt.no_sig_cache && opt.check_sigs && fprokay)
1681 for (i = 0; i < fplen; i++)
1682 es_fprintf (es_stdout, "%02X", fparray[i]);
1685 es_fprintf (es_stdout, ":::%d:\n", sig->digest_algo);
1687 if (opt.show_subpackets)
1688 print_subpackets_colon (sig);
1690 /* fixme: check or list other sigs here */
1699 * Reorder the keyblock so that the primary user ID (and not attribute
1700 * packet) comes first. Fixme: Replace this by a generic sort
1703 do_reorder_keyblock (KBNODE keyblock, int attr)
1705 KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
1708 for (node = keyblock; node; primary0 = node, node = node->next)
1710 if (node->pkt->pkttype == PKT_USER_ID &&
1711 ((attr && node->pkt->pkt.user_id->attrib_data) ||
1712 (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
1713 node->pkt->pkt.user_id->is_primary)
1715 primary = primary2 = node;
1716 for (node = node->next; node; primary2 = node, node = node->next)
1718 if (node->pkt->pkttype == PKT_USER_ID
1719 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1720 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1729 return; /* No primary key flag found (should not happen). */
1731 for (last = NULL, node = keyblock; node; last = node, node = node->next)
1733 if (node->pkt->pkttype == PKT_USER_ID)
1737 assert (last); /* The user ID is never the first packet. */
1738 assert (primary0); /* Ditto (this is the node before primary). */
1739 if (node == primary)
1740 return; /* Already the first one. */
1742 last->next = primary;
1743 primary0->next = primary2->next;
1744 primary2->next = node;
1748 reorder_keyblock (KBNODE keyblock)
1750 do_reorder_keyblock (keyblock, 1);
1751 do_reorder_keyblock (keyblock, 0);
1755 list_keyblock (ctrl_t ctrl,
1756 KBNODE keyblock, int secret, int has_secret, int fpr,
1757 struct keylist_context *listctx)
1759 reorder_keyblock (keyblock);
1760 if (opt.print_pka_records || opt.print_dane_records)
1761 list_keyblock_pka (ctrl, keyblock);
1762 else if (opt.with_colons)
1763 list_keyblock_colon (keyblock, secret, has_secret, fpr);
1765 list_keyblock_print (keyblock, secret, fpr, listctx);
1767 es_fflush (es_stdout);
1771 /* Public function used by keygen to list a keyblock. */
1773 list_keyblock_direct (ctrl_t ctrl,
1774 kbnode_t keyblock, int secret, int has_secret, int fpr)
1776 struct keylist_context listctx;
1778 memset (&listctx, 0, sizeof (listctx));
1779 list_keyblock (ctrl, keyblock, secret, has_secret, fpr, &listctx);
1780 keylist_context_release (&listctx);
1784 /* Print an hex digit in ICAO spelling. */
1786 print_icao_hexdigit (estream_t fp, int c)
1788 static const char *list[16] = {
1789 "Zero", "One", "Two", "Three", "Four", "Five", "Six", "Seven",
1790 "Eight", "Niner", "Alfa", "Bravo", "Charlie", "Delta", "Echo", "Foxtrot"
1793 tty_fprintf (fp, "%s", list[c&15]);
1798 * Function to print the finperprint.
1799 * mode 0: as used in key listings, opt.with_colons is honored
1800 * 1: print using log_info ()
1801 * 2: direct use of tty
1802 * 3: direct use of tty but only primary key.
1803 * 4: direct use of tty but only subkey.
1804 * 10: Same as 0 but with_colons etc is ignored.
1806 * Modes 1 and 2 will try and print both subkey and primary key
1807 * fingerprints. A MODE with bit 7 set is used internally. If
1808 * OVERRIDE_FP is not NULL that stream will be used in 0 instead
1809 * of es_stdout or instead of the TTY in modes 2 and 3.
1812 print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode)
1814 byte array[MAX_FINGERPRINT_LEN], *p;
1819 int with_colons = opt.with_colons;
1820 int with_icao = opt.with_icao_spelling;
1829 if (pk->main_keyid[0] == pk->keyid[0]
1830 && pk->main_keyid[1] == pk->keyid[1])
1833 /* Just to be safe */
1834 if ((mode & 0x80) && !primary)
1836 log_error ("primary key is not really primary!\n");
1842 if (!primary && (mode == 1 || mode == 2))
1844 PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
1845 get_pubkey (primary_pk, pk->main_keyid);
1846 print_fingerprint (override_fp, primary_pk, (mode | 0x80));
1847 free_public_key (primary_pk);
1852 fp = log_get_stream ();
1854 text = _("Primary key fingerprint:");
1856 text = _(" Subkey fingerprint:");
1860 fp = override_fp; /* Use tty or given stream. */
1862 /* TRANSLATORS: this should fit into 24 bytes so that the
1863 * fingerprint data is properly aligned with the user ID */
1864 text = _(" Primary key fingerprint:");
1866 text = _(" Subkey fingerprint:");
1870 fp = override_fp; /* Use tty or given stream. */
1871 text = _(" Key fingerprint =");
1875 fp = override_fp; /* Use tty or given stream. */
1876 text = _(" Subkey fingerprint:");
1880 fp = override_fp? override_fp : es_stdout;
1881 text = _(" Key fingerprint =");
1884 fingerprint_from_pk (pk, array, &n);
1886 if (with_colons && !mode)
1888 es_fprintf (fp, "fpr:::::::::");
1889 for (i = 0; i < n; i++, p++)
1890 es_fprintf (fp, "%02X", *p);
1895 tty_fprintf (fp, "%s", text);
1898 for (i = 0; i < n; i++, i++, p += 2)
1899 tty_fprintf (fp, "%s %02X%02X", i==10? " ":"", *p, p[1]);
1903 for (i = 0; i < n; i++, p++)
1904 tty_fprintf (fp, "%s %02X", (i && !(i % 8))? " ":"", *p);
1907 tty_fprintf (fp, "\n");
1908 if (!with_colons && with_icao)
1911 tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, "");
1912 for (i = 0; i < n; i++, p++)
1917 tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, "");
1919 tty_fprintf (fp, " ");
1921 tty_fprintf (fp, " ");
1922 print_icao_hexdigit (fp, *p >> 4);
1923 tty_fprintf (fp, " ");
1924 print_icao_hexdigit (fp, *p & 15);
1926 tty_fprintf (fp, "\"\n");
1930 /* Print the serial number of an OpenPGP card if available. */
1932 print_card_serialno (const char *serialno)
1936 if (opt.with_colons)
1937 return; /* Handled elsewhere. */
1939 es_fputs (_(" Card serial no. ="), es_stdout);
1940 es_putc (' ', es_stdout);
1941 if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12))
1943 /* This is an OpenPGP card. Print the relevant part. */
1944 /* Example: D2760001240101010001000003470000 */
1946 es_fprintf (es_stdout, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
1949 es_fputs (serialno, es_stdout);
1950 es_putc ('\n', es_stdout);
1956 set_attrib_fd (int fd)
1958 static int last_fd = -1;
1960 if (fd != -1 && last_fd == fd)
1963 /* Fixme: Do we need to check for the log stream here? */
1964 if (attrib_fp && attrib_fp != log_get_stream ())
1965 es_fclose (attrib_fp);
1970 #ifdef HAVE_DOSISH_SYSTEM
1971 setmode (fd, O_BINARY);
1974 attrib_fp = es_stdout;
1976 attrib_fp = es_stderr;
1978 attrib_fp = es_fdopen (fd, "wb");
1981 log_fatal ("can't open fd %d for attribute output: %s\n",
1982 fd, strerror (errno));