1 /* keylist.c - Print information about OpenPGP keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2008, 2010, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2013, 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
27 #ifdef HAVE_DOSISH_SYSTEM
28 # include <fcntl.h> /* for setmode() */
34 #include "../common/status.h"
37 #include "../common/util.h"
38 #include "../common/ttyio.h"
41 #include "../common/i18n.h"
42 #include "../common/status.h"
43 #include "call-agent.h"
44 #include "../common/mbox-util.h"
45 #include "../common/zb32.h"
47 #include "../common/compliance.h"
50 static void list_all (ctrl_t, int, int);
51 static void list_one (ctrl_t ctrl,
52 strlist_t names, int secret, int mark_secret);
53 static void locate_one (ctrl_t ctrl, strlist_t names, int no_local);
54 static void print_card_serialno (const char *serialno);
56 struct keylist_context
58 int check_sigs; /* If set signatures shall be verified. */
59 int good_sigs; /* Counter used if CHECK_SIGS is set. */
60 int inv_sigs; /* Counter used if CHECK_SIGS is set. */
61 int no_key; /* Counter used if CHECK_SIGS is set. */
62 int oth_err; /* Counter used if CHECK_SIGS is set. */
63 int no_validity; /* Do not show validity. */
67 static void list_keyblock (ctrl_t ctrl,
68 kbnode_t keyblock, int secret, int has_secret,
69 int fpr, struct keylist_context *listctx);
72 /* The stream used to write attribute packets to. */
73 static estream_t attrib_fp;
76 /* Release resources from a keylist context. */
78 keylist_context_release (struct keylist_context *listctx)
80 (void)listctx; /* Nothing to release. */
84 /* List the keys. If list is NULL, all available keys are listed.
85 * With LOCATE_MODE set the locate algorithm is used to find a key; if
86 * in addition NO_LOCAL is set the locate does not look into the local
89 public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode, int no_local)
91 #ifndef NO_TRUST_MODELS
94 byte trust_model, marginals, completes, cert_depth, min_cert_level;
95 ulong created, nextcheck;
97 read_trust_options (ctrl, &trust_model, &created, &nextcheck,
98 &marginals, &completes, &cert_depth, &min_cert_level);
100 es_fprintf (es_stdout, "tru:");
102 if (nextcheck && nextcheck <= make_timestamp ())
103 es_fprintf (es_stdout, "o");
104 if (trust_model != opt.trust_model)
105 es_fprintf (es_stdout, "t");
106 if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
107 || opt.trust_model == TM_TOFU_PGP)
109 if (marginals != opt.marginals_needed)
110 es_fprintf (es_stdout, "m");
111 if (completes != opt.completes_needed)
112 es_fprintf (es_stdout, "c");
113 if (cert_depth != opt.max_cert_depth)
114 es_fprintf (es_stdout, "d");
115 if (min_cert_level != opt.min_cert_level)
116 es_fprintf (es_stdout, "l");
119 es_fprintf (es_stdout, ":%d:%lu:%lu", trust_model, created, nextcheck);
121 /* Only show marginals, completes, and cert_depth in the classic
122 or PGP trust models since they are not meaningful
125 if (trust_model == TM_PGP || trust_model == TM_CLASSIC)
126 es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth);
127 es_fprintf (es_stdout, "\n");
129 #endif /*!NO_TRUST_MODELS*/
131 /* We need to do the stale check right here because it might need to
132 update the keyring while we already have the keyring open. This
133 is very bad for W32 because of a sharing violation. For real OSes
134 it might lead to false results if we are later listing a keyring
135 which is associated with the inode of a deleted file. */
136 check_trustdb_stale (ctrl);
139 tofu_begin_batch_update (ctrl);
143 locate_one (ctrl, list, no_local);
145 list_all (ctrl, 0, opt.with_secret);
147 list_one (ctrl, list, 0, opt.with_secret);
150 tofu_end_batch_update (ctrl);
156 secret_key_list (ctrl_t ctrl, strlist_t list)
160 check_trustdb_stale (ctrl);
163 list_all (ctrl, 1, 0);
164 else /* List by user id */
165 list_one (ctrl, list, 1, 0);
169 format_seckey_info (ctrl_t ctrl, PKT_public_key *pk)
173 char pkstrbuf[PUBKEY_STRING_SIZE];
176 keyid_from_pk (pk, keyid);
177 p = get_user_id_native (ctrl, keyid);
179 info = xtryasprintf ("sec %s/%s %s %s",
180 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
181 keystr (keyid), datestr_from_pk (pk), p);
189 print_seckey_info (ctrl_t ctrl, PKT_public_key *pk)
191 char *p = format_seckey_info (ctrl, pk);
192 tty_printf ("\n%s\n", p);
196 /* Print information about the public key. With FP passed as NULL,
197 the tty output interface is used, otherwise output is directed to
200 print_pubkey_info (ctrl_t ctrl, estream_t fp, PKT_public_key *pk)
204 char pkstrbuf[PUBKEY_STRING_SIZE];
206 keyid_from_pk (pk, keyid);
208 /* If the pk was chosen by a particular user ID, that is the one to
211 p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
213 p = get_user_id_native (ctrl, keyid);
217 tty_fprintf (fp, "%s %s/%s %s %s\n",
218 pk->flags.primary? "pub":"sub",
219 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
220 keystr (keyid), datestr_from_pk (pk), p);
225 /* Print basic information of a secret key including the card serial
226 number information. */
227 #ifdef ENABLE_CARD_SUPPORT
229 print_card_key_info (estream_t fp, kbnode_t keyblock)
235 char pkstrbuf[PUBKEY_STRING_SIZE];
238 for (node = keyblock; node; node = node->next)
240 if (node->pkt->pkttype == PKT_PUBLIC_KEY
241 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
244 PKT_public_key *pk = node->pkt->pkt.public_key;
247 rc = hexkeygrip_from_pk (pk, &hexgrip);
250 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
253 else if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
254 s2k_char = serialno? '>':' ';
256 s2k_char = '#'; /* Key not found. */
258 tty_fprintf (fp, "%s%c %s/%s %n",
259 node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb",
261 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
264 tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
265 tty_fprintf (fp, " ");
266 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
269 tty_fprintf (fp, "\n%*s%s", indent, "", _("card-no: "));
270 if (strlen (serialno) == 32
271 && !strncmp (serialno, "D27600012401", 12))
273 /* This is an OpenPGP card. Print the relevant part. */
274 /* Example: D2760001240101010001000003470000 */
276 tty_fprintf (fp, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
279 tty_fprintf (fp, "%s", serialno);
281 tty_fprintf (fp, "\n");
287 #endif /*ENABLE_CARD_SUPPORT*/
290 /* Flags = 0x01 hashed 0x02 critical. */
292 status_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
297 /* Don't print these. */
301 snprintf (status, sizeof status,
302 "%d %u %u ", type, flags, (unsigned int) len);
304 write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0);
308 /* Print a policy URL. Allowed values for MODE are:
309 * -1 - print to the TTY
310 * 0 - print to stdout.
311 * 1 - use log_info and emit status messages.
312 * 2 - emit only status messages.
315 show_policy_url (PKT_signature * sig, int indent, int mode)
320 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
323 enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit)))
329 tty_fprintf (fp, "%*s", indent, "");
332 str = _("Critical signature policy: ");
334 str = _("Signature policy: ");
336 log_info ("%s", str);
338 tty_fprintf (fp, "%s", str);
339 tty_print_utf8_string2 (fp, p, len, 0);
340 tty_fprintf (fp, "\n");
344 write_status_buffer (STATUS_POLICY_URL, p, len, 0);
349 /* Print a keyserver URL. Allowed values for MODE are:
350 * -1 - print to the TTY
351 * 0 - print to stdout.
352 * 1 - use log_info and emit status messages.
353 * 2 - emit only status messages.
356 show_keyserver_url (PKT_signature * sig, int indent, int mode)
361 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
364 enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq,
371 tty_fprintf (fp, "%*s", indent, "");
374 str = _("Critical preferred keyserver: ");
376 str = _("Preferred keyserver: ");
378 log_info ("%s", str);
380 tty_fprintf (fp, "%s", str);
381 tty_print_utf8_string2 (fp, p, len, 0);
382 tty_fprintf (fp, "\n");
386 status_one_subpacket (SIGSUBPKT_PREF_KS, len,
387 (crit ? 0x02 : 0) | 0x01, p);
392 /* Print notation data. Allowed values for MODE are:
393 * -1 - print to the TTY
394 * 0 - print to stdout.
395 * 1 - use log_info and emit status messages.
396 * 2 - emit only status messages.
398 * Defined bits in WHICH:
399 * 1 - standard notations
403 show_notation (PKT_signature * sig, int indent, int mode, int which)
405 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
406 notation_t nd, notations;
411 notations = sig_to_notation (sig);
413 /* There may be multiple notations in the same sig. */
414 for (nd = notations; nd; nd = nd->next)
418 int has_at = !!strchr (nd->name, '@');
420 if ((which & 1 && !has_at) || (which & 2 && has_at))
424 tty_fprintf (fp, "%*s", indent, "");
426 if (nd->flags.critical)
427 str = _("Critical signature notation: ");
429 str = _("Signature notation: ");
431 log_info ("%s", str);
433 tty_fprintf (fp, "%s", str);
434 /* This is all UTF8 */
435 tty_print_utf8_string2 (fp, nd->name, strlen (nd->name), 0);
436 tty_fprintf (fp, "=");
437 tty_print_utf8_string2 (fp, nd->value, strlen (nd->value), 0);
438 /* (We need to use log_printf so that the next call to a
439 log function does not insert an extra LF.) */
443 tty_fprintf (fp, "\n");
449 write_status_buffer (STATUS_NOTATION_NAME,
450 nd->name, strlen (nd->name), 0);
451 if (nd->flags.critical || nd->flags.human)
452 write_status_text (STATUS_NOTATION_FLAGS,
453 nd->flags.critical && nd->flags.human? "1 1" :
454 nd->flags.critical? "1 0" : "0 1");
455 write_status_buffer (STATUS_NOTATION_DATA,
456 nd->value, strlen (nd->value), 50);
460 free_notation (notations);
465 print_signature_stats (struct keylist_context *s)
468 return; /* Signature checking was not requested. */
470 /* Better flush stdout so that the stats are always printed after
472 es_fflush (es_stdout);
475 log_info (ngettext("%d good signature\n",
476 "%d good signatures\n", s->good_sigs), s->good_sigs);
479 log_info (ngettext("%d bad signature\n",
480 "%d bad signatures\n", s->inv_sigs), s->inv_sigs);
483 log_info (ngettext("%d signature not checked due to a missing key\n",
484 "%d signatures not checked due to missing keys\n",
485 s->no_key), s->no_key);
488 log_info (ngettext("%d signature not checked due to an error\n",
489 "%d signatures not checked due to errors\n",
490 s->oth_err), s->oth_err);
494 /* List all keys. If SECRET is true only secret keys are listed. If
495 MARK_SECRET is true secret keys are indicated in a public key
498 list_all (ctrl_t ctrl, int secret, int mark_secret)
501 KBNODE keyblock = NULL;
504 const char *lastresname, *resname;
505 struct keylist_context listctx;
507 memset (&listctx, 0, sizeof (listctx));
509 listctx.check_sigs = 1;
513 rc = gpg_error_from_syserror ();
515 rc = keydb_search_first (hd);
518 if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
519 log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc));
527 glo_ctrl.silence_parse_warnings++;
528 rc = keydb_get_keyblock (hd, &keyblock);
530 glo_ctrl.silence_parse_warnings--;
533 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
534 continue; /* Skip legacy keys. */
535 if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION)
536 continue; /* Skip keys with unknown versions. */
537 log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
541 if (secret || mark_secret)
542 any_secret = !agent_probe_any_secret_key (NULL, keyblock);
546 if (secret && !any_secret)
547 ; /* Secret key listing requested but this isn't one. */
550 if (!opt.with_colons && !(opt.list_options & LIST_SHOW_ONLY_FPR_MBOX))
552 resname = keydb_get_resource_name (hd);
553 if (lastresname != resname)
557 es_fprintf (es_stdout, "%s\n", resname);
558 for (i = strlen (resname); i; i--)
559 es_putc ('-', es_stdout);
560 es_putc ('\n', es_stdout);
561 lastresname = resname;
564 merge_keys_and_selfsig (ctrl, keyblock);
565 list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint,
568 release_kbnode (keyblock);
571 while (!(rc = keydb_search_next (hd)));
572 es_fflush (es_stdout);
573 if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
574 log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
575 if (keydb_get_skipped_counter (hd))
576 log_info (ngettext("Warning: %lu key skipped due to its large size\n",
577 "Warning: %lu keys skipped due to their large sizes\n",
578 keydb_get_skipped_counter (hd)),
579 keydb_get_skipped_counter (hd));
581 if (opt.check_sigs && !opt.with_colons)
582 print_signature_stats (&listctx);
585 keylist_context_release (&listctx);
586 release_kbnode (keyblock);
592 list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)
595 KBNODE keyblock = NULL;
599 const char *keyring_str = _("Keyring");
601 struct keylist_context listctx;
603 memset (&listctx, 0, sizeof (listctx));
604 if (!secret && opt.check_sigs)
605 listctx.check_sigs = 1;
607 /* fixme: using the bynames function has the disadvantage that we
608 * don't know whether one of the names given was not found. OTOH,
609 * this function has the advantage to list the names in the
610 * sequence as defined by the keyDB and does not duplicate
611 * outputs. A solution could be do test whether all given have
612 * been listed (this needs a way to use the keyDB search
613 * functions) or to have the search function return indicators for
614 * found names. Yet another way is to use the keydb search
615 * facilities directly. */
616 rc = getkey_bynames (ctrl, &ctx, NULL, names, secret, &keyblock);
619 log_error ("error reading key: %s\n", gpg_strerror (rc));
620 getkey_end (ctrl, ctx);
621 write_status_error ("keylist.getkey", rc);
627 /* getkey_bynames makes sure that only secret keys are returned
628 * if requested, thus we do not need to test again. With
629 * MARK_SECRET set (ie. option --with-secret) we have to test
630 * for a secret key, though. */
633 else if (mark_secret)
634 any_secret = !agent_probe_any_secret_key (NULL, keyblock);
638 if (secret && !any_secret)
639 ;/* Secret key listing requested but getkey_bynames failed. */
642 if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
644 resname = keydb_get_resource_name (get_ctx_handle (ctx));
645 es_fprintf (es_stdout, "%s: %s\n", keyring_str, resname);
646 for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
647 es_putc ('-', es_stdout);
648 es_putc ('\n', es_stdout);
650 list_keyblock (ctrl, keyblock, secret, any_secret,
651 opt.fingerprint, &listctx);
653 release_kbnode (keyblock);
655 while (!getkey_next (ctrl, ctx, NULL, &keyblock));
656 getkey_end (ctrl, ctx);
658 if (opt.check_sigs && !opt.with_colons)
659 print_signature_stats (&listctx);
661 keylist_context_release (&listctx);
666 locate_one (ctrl_t ctrl, strlist_t names, int no_local)
670 GETKEY_CTX ctx = NULL;
671 KBNODE keyblock = NULL;
672 struct keylist_context listctx;
674 memset (&listctx, 0, sizeof (listctx));
676 listctx.check_sigs = 1;
678 for (sl = names; sl; sl = sl->next)
680 rc = get_best_pubkey_byname (ctrl,
681 no_local? GET_PUBKEY_NO_LOCAL
682 /* */: GET_PUBKEY_NORMAL,
683 &ctx, NULL, sl->d, &keyblock, 1);
686 if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
687 log_error ("error reading key: %s\n", gpg_strerror (rc));
688 else if (opt.verbose)
689 log_info (_("key \"%s\" not found: %s\n"),
690 sl->d, gpg_strerror (rc));
696 list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx);
697 release_kbnode (keyblock);
699 while (ctx && !getkey_next (ctrl, ctx, NULL, &keyblock));
700 getkey_end (ctrl, ctx);
705 if (opt.check_sigs && !opt.with_colons)
706 print_signature_stats (&listctx);
708 keylist_context_release (&listctx);
713 print_key_data (PKT_public_key * pk)
715 int n = pk ? pubkey_get_npkey (pk->pubkey_algo) : 0;
718 for (i = 0; i < n; i++)
720 es_fprintf (es_stdout, "pkd:%d:%u:", i, mpi_get_nbits (pk->pkey[i]));
721 mpi_print (es_stdout, pk->pkey[i], 1);
722 es_putc (':', es_stdout);
723 es_putc ('\n', es_stdout);
728 print_capabilities (ctrl_t ctrl, PKT_public_key *pk, KBNODE keyblock)
730 unsigned int use = pk->pubkey_usage;
733 if (use & PUBKEY_USAGE_ENC)
734 es_putc ('e', es_stdout);
736 if (use & PUBKEY_USAGE_SIG)
738 es_putc ('s', es_stdout);
739 if (pk->flags.primary)
741 es_putc ('c', es_stdout);
742 /* The PUBKEY_USAGE_CERT flag was introduced later and we
743 used to always print 'c' for a primary key. To avoid any
744 regression here we better track whether we printed 'c'
750 if ((use & PUBKEY_USAGE_CERT) && !c_printed)
751 es_putc ('c', es_stdout);
753 if ((use & PUBKEY_USAGE_AUTH))
754 es_putc ('a', es_stdout);
756 if ((use & PUBKEY_USAGE_UNKNOWN))
757 es_putc ('?', es_stdout);
761 /* Figure out the usable capabilities. */
763 int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0;
765 for (k = keyblock; k; k = k->next)
767 if (k->pkt->pkttype == PKT_PUBLIC_KEY
768 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
770 pk = k->pkt->pkt.public_key;
772 if (pk->flags.primary)
773 disabled = pk_is_disabled (pk);
775 if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired)
777 if (pk->pubkey_usage & PUBKEY_USAGE_ENC)
779 if (pk->pubkey_usage & PUBKEY_USAGE_SIG)
782 if (pk->flags.primary)
785 if (pk->pubkey_usage & PUBKEY_USAGE_CERT)
787 if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
793 es_putc ('E', es_stdout);
795 es_putc ('S', es_stdout);
797 es_putc ('C', es_stdout);
799 es_putc ('A', es_stdout);
801 es_putc ('D', es_stdout);
804 es_putc (':', es_stdout);
808 /* FLAGS: 0x01 hashed
811 print_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
816 es_fprintf (es_stdout, "spk:%d:%u:%u:", type, flags, (unsigned int) len);
818 for (i = 0; i < len; i++)
820 /* printable ascii other than : and % */
821 if (buf[i] >= 32 && buf[i] <= 126 && buf[i] != ':' && buf[i] != '%')
822 es_fprintf (es_stdout, "%c", buf[i]);
824 es_fprintf (es_stdout, "%%%02X", buf[i]);
827 es_fprintf (es_stdout, "\n");
832 print_subpackets_colon (PKT_signature * sig)
836 log_assert (opt.show_subpackets);
838 for (i = opt.show_subpackets; *i; i++)
846 while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit)))
847 print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
851 while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit)))
852 print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
858 dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
865 for (i = 0; i < uid->numattribs; i++)
867 if (is_status_enabled ())
869 byte array[MAX_FINGERPRINT_LEN], *p;
870 char buf[(MAX_FINGERPRINT_LEN * 2) + 90];
875 fingerprint_from_pk (pk, array, &n);
878 for (j = 0; j < n; j++, p++)
879 sprintf (buf + 2 * j, "%02X", *p);
881 sprintf (buf + strlen (buf), " %lu %u %u %u %lu %lu %u",
882 (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1,
883 uid->numattribs, (ulong) uid->created,
884 (ulong) uid->expiredate,
885 ((uid->flags.primary ? 0x01 : 0) | (uid->flags.revoked ? 0x02 : 0) |
886 (uid->flags.expired ? 0x04 : 0)));
887 write_status_text (STATUS_ATTRIBUTE, buf);
890 es_fwrite (uid->attribs[i].data, uid->attribs[i].len, 1, attrib_fp);
891 es_fflush (attrib_fp);
897 list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
898 struct keylist_context *listctx)
905 char *hexgrip = NULL;
906 char *serialno = NULL;
908 /* Get the keyid from the keyblock. */
909 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
912 log_error ("Oops; key lost!\n");
913 dump_kbnode (keyblock);
917 pk = node->pkt->pkt.public_key;
919 if (secret || opt.with_keygrip)
921 rc = hexkeygrip_from_pk (pk, &hexgrip);
923 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
928 /* Encode some info about the secret key in SECRET. */
929 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
930 secret = serialno? 3 : 1;
932 secret = 2; /* Key not found. */
935 if (!listctx->no_validity)
936 check_trustdb_stale (ctrl);
938 /* Print the "pub" line and in KF_NONE mode the fingerprint. */
939 print_key_line (ctrl, es_stdout, pk, secret);
942 print_fingerprint (ctrl, NULL, pk, 0);
944 if (opt.with_keygrip && hexgrip)
945 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
948 print_card_serialno (serialno);
950 if (opt.with_key_data)
953 if (opt.with_key_origin
954 && (pk->keyorg || pk->keyupdate || pk->updateurl))
956 char updatestr[MK_DATESTR_SIZE];
958 es_fprintf (es_stdout, " origin=%s last=%s %s",
959 key_origin_string (pk->keyorg),
960 mk_datestr (updatestr, sizeof updatestr, pk->keyupdate),
961 pk->updateurl? "url=":"");
963 print_utf8_string (es_stdout, pk->updateurl);
964 es_putc ('\n', es_stdout);
968 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
970 if (node->pkt->pkttype == PKT_USER_ID)
972 PKT_user_id *uid = node->pkt->pkt.user_id;
974 int kl = opt.keyid_format == KF_NONE? 10 : keystrlen ();
976 if ((uid->flags.expired || uid->flags.revoked)
977 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
985 if (attrib_fp && uid->attrib_data != NULL)
986 dump_attribs (uid, pk);
988 if ((uid->flags.revoked || uid->flags.expired)
989 || ((opt.list_options & LIST_SHOW_UID_VALIDITY)
990 && !listctx->no_validity))
992 const char *validity;
994 validity = uid_trust_string_fixed (ctrl, pk, uid);
995 indent = ((kl + (opt.legacy_list_mode? 9:11))
996 - atoi (uid_trust_string_fixed (ctrl, NULL, NULL)));
997 if (indent < 0 || indent > 40)
1000 es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity);
1004 indent = kl + (opt.legacy_list_mode? 10:12);
1005 es_fprintf (es_stdout, "uid%*s", indent, "");
1008 print_utf8_buffer (es_stdout, uid->name, uid->len);
1009 es_putc ('\n', es_stdout);
1011 if (opt.with_wkd_hash)
1013 char *mbox, *hash, *p;
1016 mbox = mailbox_from_userid (uid->name);
1017 if (mbox && (p = strchr (mbox, '@')))
1020 gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
1021 mbox, strlen (mbox));
1022 hash = zb32_encode (hashbuf, 8*20);
1025 es_fprintf (es_stdout, " %*s%s@%s\n",
1026 indent, "", hash, p);
1033 if (opt.with_key_origin
1034 && (uid->keyorg || uid->keyupdate || uid->updateurl))
1036 char updatestr[MK_DATESTR_SIZE];
1038 es_fprintf (es_stdout, " %*sorigin=%s last=%s %s",
1040 key_origin_string (uid->keyorg),
1041 mk_datestr (updatestr, sizeof updatestr,
1043 uid->updateurl? "url=":"");
1045 print_utf8_string (es_stdout, uid->updateurl);
1046 es_putc ('\n', es_stdout);
1049 if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
1050 show_photos (ctrl, uid->attribs, uid->numattribs, pk, uid);
1052 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1054 PKT_public_key *pk2 = node->pkt->pkt.public_key;
1056 if ((pk2->flags.revoked || pk2->has_expired)
1057 && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS))
1065 xfree (serialno); serialno = NULL;
1066 xfree (hexgrip); hexgrip = NULL;
1067 if (secret || opt.with_keygrip)
1069 rc = hexkeygrip_from_pk (pk2, &hexgrip);
1071 log_error ("error computing a keygrip: %s\n",
1076 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1077 secret = serialno? 3 : 1;
1079 secret = 2; /* Key not found. */
1082 /* Print the "sub" line. */
1083 print_key_line (ctrl, es_stdout, pk2, secret);
1084 if (fpr > 1 || opt.with_subkey_fingerprint)
1086 print_fingerprint (ctrl, NULL, pk2, 0);
1088 print_card_serialno (serialno);
1090 if (opt.with_keygrip && hexgrip)
1091 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1092 if (opt.with_key_data)
1093 print_key_data (pk2);
1095 else if (opt.list_sigs
1096 && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
1098 PKT_signature *sig = node->pkt->pkt.signature;
1101 char *reason_text = NULL;
1102 char *reason_comment = NULL;
1103 size_t reason_commentlen;
1105 if (listctx->check_sigs)
1107 rc = check_key_signature (ctrl, keyblock, node, NULL);
1108 switch (gpg_err_code (rc))
1111 listctx->good_sigs++;
1114 case GPG_ERR_BAD_SIGNATURE:
1115 listctx->inv_sigs++;
1118 case GPG_ERR_NO_PUBKEY:
1119 case GPG_ERR_UNUSABLE_PUBKEY:
1128 /* TODO: Make sure a cached sig record here still has
1129 the pk that issued it. See also
1130 keyedit.c:print_and_check_one_sig */
1138 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1139 || sig->sig_class == 0x30)
1142 get_revocation_reason (sig, &reason_text,
1143 &reason_comment, &reason_commentlen);
1145 else if ((sig->sig_class & ~3) == 0x10)
1147 else if (sig->sig_class == 0x18)
1149 else if (sig->sig_class == 0x1F)
1153 es_fprintf (es_stdout, "sig "
1154 "[unexpected signature class 0x%02x]\n",
1159 es_fputs (sigstr, es_stdout);
1160 es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s",
1161 sigrc, (sig->sig_class - 0x10 > 0 &&
1162 sig->sig_class - 0x10 <
1163 4) ? '0' + sig->sig_class - 0x10 : ' ',
1164 sig->flags.exportable ? ' ' : 'L',
1165 sig->flags.revocable ? ' ' : 'R',
1166 sig->flags.policy_url ? 'P' : ' ',
1167 sig->flags.notation ? 'N' : ' ',
1168 sig->flags.expired ? 'X' : ' ',
1169 (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
1171 sig->trust_depth : ' ', keystr (sig->keyid),
1172 datestr_from_sig (sig));
1173 if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
1174 es_fprintf (es_stdout, " %s", expirestr_from_sig (sig));
1175 es_fprintf (es_stdout, " ");
1177 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1178 else if (sigrc == '?')
1180 else if (!opt.fast_list_mode)
1183 char *p = get_user_id (ctrl, sig->keyid, &n, NULL);
1184 print_utf8_buffer (es_stdout, p, n);
1187 es_putc ('\n', es_stdout);
1189 if (sig->flags.policy_url
1190 && (opt.list_options & LIST_SHOW_POLICY_URLS))
1191 show_policy_url (sig, 3, 0);
1193 if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
1194 show_notation (sig, 3, 0,
1196 list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
1199 list_options & LIST_SHOW_USER_NOTATIONS) ? 2 :
1202 if (sig->flags.pref_ks
1203 && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
1204 show_keyserver_url (sig, 3, 0);
1208 es_fprintf (es_stdout, " %s%s\n",
1209 _("reason for revocation: "), reason_text);
1212 const byte *s, *s_lf;
1216 n = reason_commentlen;
1220 /* We don't want any empty lines, so we skip them. */
1221 for (;n && *s == '\n'; s++, n--)
1225 s_lf = memchr (s, '\n', n);
1226 n_lf = s_lf? s_lf - s : n;
1227 es_fprintf (es_stdout, " %s",
1228 _("revocation comment: "));
1229 es_write_sanitized (es_stdout, s, n_lf, NULL, NULL);
1230 es_putc ('\n', es_stdout);
1231 s += n_lf; n -= n_lf;
1237 xfree (reason_text);
1238 xfree (reason_comment);
1240 /* fixme: check or list other sigs here */
1243 es_putc ('\n', es_stdout);
1249 /* Do a simple key listing printing only the fingerprint and the mail
1250 * address of valid keys. */
1252 list_keyblock_simple (ctrl_t ctrl, kbnode_t keyblock)
1257 char hexfpr[2*MAX_FINGERPRINT_LEN+1];
1262 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1265 log_error ("Oops; key lost!\n");
1266 dump_kbnode (keyblock);
1269 hexfingerprint (node->pkt->pkt.public_key, hexfpr, sizeof hexfpr);
1271 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1273 if (node->pkt->pkttype == PKT_USER_ID)
1275 PKT_user_id *uid = node->pkt->pkt.user_id;
1277 if (uid->attrib_data)
1280 if (uid->flags.expired || uid->flags.revoked)
1283 mbox = mailbox_from_userid (uid->name);
1286 ec = gpg_err_code_from_syserror ();
1287 if (ec != GPG_ERR_EINVAL)
1288 log_error ("error getting mailbox from user-id: %s\n",
1292 es_fprintf (es_stdout, "%s %s\n", hexfpr, mbox);
1300 print_revokers (estream_t fp, PKT_public_key * pk)
1302 /* print the revoker record */
1303 if (!pk->revkey && pk->numrevkeys)
1309 for (i = 0; i < pk->numrevkeys; i++)
1313 es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid);
1314 p = pk->revkey[i].fpr;
1315 for (j = 0; j < 20; j++, p++)
1316 es_fprintf (fp, "%02X", *p);
1317 es_fprintf (fp, ":%02x%s:\n",
1318 pk->revkey[i].class,
1319 (pk->revkey[i].class & 0x40) ? "s" : "");
1325 /* Print the compliance flags to field 18. PK is the public key.
1326 * KEYLENGTH is the length of the key in bits and CURVENAME is either
1327 * NULL or the name of the curve. The latter two args are here
1328 * merely because the caller has already computed them. */
1330 print_compliance_flags (PKT_public_key *pk,
1331 unsigned int keylength, const char *curvename)
1336 keylength = nbits_from_pk (pk);
1338 if (pk->version == 5)
1340 es_fputs (gnupg_status_compliance_flag (CO_GNUPG), es_stdout);
1343 if (gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0, pk->pkey,
1344 keylength, curvename))
1346 es_fprintf (es_stdout, any ? " %s" : "%s",
1347 gnupg_status_compliance_flag (CO_DE_VS));
1353 /* List a key in colon mode. If SECRET is true this is a secret key
1354 record (i.e. requested via --list-secret-key). If HAS_SECRET a
1355 secret key is available even if SECRET is not set. */
1357 list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
1358 int secret, int has_secret)
1365 int trustletter = 0;
1366 int trustletter_print;
1367 int ownertrust_print;
1370 char *hexgrip_buffer = NULL;
1371 const char *hexgrip = NULL;
1372 char *serialno = NULL;
1374 unsigned int keylength;
1376 const char *curvename = NULL;
1378 /* Get the keyid from the keyblock. */
1379 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1382 log_error ("Oops; key lost!\n");
1383 dump_kbnode (keyblock);
1387 pk = node->pkt->pkt.public_key;
1388 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1390 rc = hexkeygrip_from_pk (pk, &hexgrip_buffer);
1392 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1393 /* In the error case we print an empty string so that we have a
1394 * "grp" record for each and subkey - even if it is empty. This
1395 * may help to prevent sync problems. */
1396 hexgrip = hexgrip_buffer? hexgrip_buffer : "";
1399 if ((secret || has_secret)
1400 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1401 stubkey = 1; /* Key not found. */
1403 keyid_from_pk (pk, keyid);
1404 if (!pk->flags.valid)
1405 trustletter_print = 'i';
1406 else if (pk->flags.revoked)
1407 trustletter_print = 'r';
1408 else if (pk->has_expired)
1409 trustletter_print = 'e';
1410 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1411 trustletter_print = 0;
1414 trustletter = get_validity_info (ctrl, keyblock, pk, NULL);
1415 if (trustletter == 'u')
1417 trustletter_print = trustletter;
1420 if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
1421 ownertrust_print = get_ownertrust_info (ctrl, pk, 0);
1423 ownertrust_print = 0;
1425 keylength = nbits_from_pk (pk);
1427 es_fputs (secret? "sec:":"pub:", es_stdout);
1428 if (trustletter_print)
1429 es_putc (trustletter_print, es_stdout);
1430 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::",
1433 (ulong) keyid[0], (ulong) keyid[1],
1434 colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
1436 if (ownertrust_print)
1437 es_putc (ownertrust_print, es_stdout);
1438 es_putc (':', es_stdout);
1440 es_putc (':', es_stdout);
1441 es_putc (':', es_stdout);
1442 print_capabilities (ctrl, pk, keyblock);
1443 es_putc (':', es_stdout); /* End of field 13. */
1444 es_putc (':', es_stdout); /* End of field 14. */
1445 if (secret || has_secret)
1448 es_putc ('#', es_stdout);
1450 es_fputs (serialno, es_stdout);
1451 else if (has_secret)
1452 es_putc ('+', es_stdout);
1454 es_putc (':', es_stdout); /* End of field 15. */
1455 es_putc (':', es_stdout); /* End of field 16. */
1456 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1457 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1458 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1460 curve = openpgp_oid_to_str (pk->pkey[0]);
1461 curvename = openpgp_oid_to_curve (curve, 0);
1464 es_fputs (curvename, es_stdout);
1466 es_putc (':', es_stdout); /* End of field 17. */
1467 print_compliance_flags (pk, keylength, curvename);
1468 es_putc (':', es_stdout); /* End of field 18 (compliance). */
1470 es_fputs (colon_strtime (pk->keyupdate), es_stdout);
1471 es_putc (':', es_stdout); /* End of field 19 (last_update). */
1472 es_fprintf (es_stdout, "%d%s", pk->keyorg, pk->updateurl? " ":"");
1474 es_write_sanitized (es_stdout, pk->updateurl, strlen (pk->updateurl),
1476 es_putc (':', es_stdout); /* End of field 20 (origin). */
1477 es_putc ('\n', es_stdout);
1479 print_revokers (es_stdout, pk);
1480 print_fingerprint (ctrl, NULL, pk, 0);
1482 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1483 if (opt.with_key_data)
1484 print_key_data (pk);
1486 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1488 if (node->pkt->pkttype == PKT_USER_ID)
1490 PKT_user_id *uid = node->pkt->pkt.user_id;
1493 if (attrib_fp && uid->attrib_data != NULL)
1494 dump_attribs (uid, pk);
1496 if (uid->flags.revoked)
1498 else if (uid->flags.expired)
1500 else if (opt.no_expensive_trust_checks)
1505 uid_validity = get_validity_info (ctrl, keyblock, pk, uid);
1507 es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout);
1509 es_putc (uid_validity, es_stdout);
1510 es_fputs ("::::", es_stdout);
1512 es_fprintf (es_stdout, "%s:", colon_strtime (uid->created));
1513 es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate));
1515 namehash_from_uid (uid);
1517 for (i = 0; i < 20; i++)
1518 es_fprintf (es_stdout, "%02X", uid->namehash[i]);
1520 es_fprintf (es_stdout, "::");
1522 if (uid->attrib_data)
1523 es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len);
1525 es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
1526 es_fputs (":::::::::", es_stdout);
1528 es_fputs (colon_strtime (uid->keyupdate), es_stdout);
1529 es_putc (':', es_stdout); /* End of field 19 (last_update). */
1530 es_fprintf (es_stdout, "%d%s", uid->keyorg, uid->updateurl? " ":"");
1532 es_write_sanitized (es_stdout,
1533 uid->updateurl, strlen (uid->updateurl),
1535 es_putc (':', es_stdout); /* End of field 20 (origin). */
1536 es_putc ('\n', es_stdout);
1538 if (!uid->attrib_data && opt.with_tofu_info
1539 && (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP))
1541 /* Print a "tfs" record. */
1542 tofu_write_tfs_record (ctrl, es_stdout, pk, uid->name);
1546 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1549 PKT_public_key *pk2;
1550 int need_hexgrip = !!hexgrip;
1552 pk2 = node->pkt->pkt.public_key;
1553 xfree (hexgrip_buffer); hexgrip_buffer = NULL; hexgrip = NULL;
1554 xfree (serialno); serialno = NULL;
1556 || secret || has_secret || opt.with_keygrip || opt.with_key_data)
1558 rc = hexkeygrip_from_pk (pk2, &hexgrip_buffer);
1560 log_error ("error computing a keygrip: %s\n",
1562 hexgrip = hexgrip_buffer? hexgrip_buffer : "";
1565 if ((secret||has_secret)
1566 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1567 stubkey = 1; /* Key not found. */
1569 keyid_from_pk (pk2, keyid2);
1570 es_fputs (secret? "ssb:":"sub:", es_stdout);
1571 if (!pk2->flags.valid)
1572 es_putc ('i', es_stdout);
1573 else if (pk2->flags.revoked)
1574 es_putc ('r', es_stdout);
1575 else if (pk2->has_expired)
1576 es_putc ('e', es_stdout);
1577 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1581 /* TRUSTLETTER should always be defined here. */
1583 es_fprintf (es_stdout, "%c", trustletter);
1585 keylength = nbits_from_pk (pk2);
1586 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s:::::",
1589 (ulong) keyid2[0], (ulong) keyid2[1],
1590 colon_datestr_from_pk (pk2),
1591 colon_strtime (pk2->expiredate));
1592 print_capabilities (ctrl, pk2, NULL);
1593 es_putc (':', es_stdout); /* End of field 13. */
1594 es_putc (':', es_stdout); /* End of field 14. */
1595 if (secret || has_secret)
1598 es_putc ('#', es_stdout);
1600 es_fputs (serialno, es_stdout);
1601 else if (has_secret)
1602 es_putc ('+', es_stdout);
1604 es_putc (':', es_stdout); /* End of field 15. */
1605 es_putc (':', es_stdout); /* End of field 16. */
1606 if (pk2->pubkey_algo == PUBKEY_ALGO_ECDSA
1607 || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA
1608 || pk2->pubkey_algo == PUBKEY_ALGO_ECDH)
1611 curve = openpgp_oid_to_str (pk2->pkey[0]);
1612 curvename = openpgp_oid_to_curve (curve, 0);
1615 es_fputs (curvename, es_stdout);
1617 es_putc (':', es_stdout); /* End of field 17. */
1618 print_compliance_flags (pk2, keylength, curvename);
1619 es_putc (':', es_stdout); /* End of field 18. */
1620 es_putc ('\n', es_stdout);
1621 print_fingerprint (ctrl, NULL, pk2, 0);
1623 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1624 if (opt.with_key_data)
1625 print_key_data (pk2);
1627 else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE)
1629 PKT_signature *sig = node->pkt->pkt.signature;
1630 int sigrc, fprokay = 0;
1633 byte fparray[MAX_FINGERPRINT_LEN];
1636 char *issuer_fpr = NULL;
1637 char *reason_text = NULL;
1638 char *reason_comment = NULL;
1639 size_t reason_commentlen;
1642 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1643 || sig->sig_class == 0x30)
1646 reason_code = get_revocation_reason (sig, &reason_text,
1648 &reason_commentlen);
1650 else if ((sig->sig_class & ~3) == 0x10)
1652 else if (sig->sig_class == 0x18)
1654 else if (sig->sig_class == 0x1F)
1658 es_fprintf (es_stdout, "sig::::::::::%02x%c:\n",
1659 sig->sig_class, sig->flags.exportable ? 'x' : 'l');
1665 PKT_public_key *signer_pk = NULL;
1667 es_fflush (es_stdout);
1668 if (opt.no_sig_cache)
1669 signer_pk = xmalloc_clear (sizeof (PKT_public_key));
1671 rc = check_key_signature2 (ctrl, keyblock, node, NULL, signer_pk,
1673 switch (gpg_err_code (rc))
1678 case GPG_ERR_BAD_SIGNATURE:
1681 case GPG_ERR_NO_PUBKEY:
1682 case GPG_ERR_UNUSABLE_PUBKEY:
1690 if (opt.no_sig_cache)
1694 fingerprint_from_pk (signer_pk, fparray, &fplen);
1697 free_public_key (signer_pk);
1703 sigrc = ' '; /* Note the fix-up below in --list-sigs mode. */
1706 if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode)
1709 siguid = get_user_id (ctrl, sig->keyid, &siguidlen, &nouid);
1710 if (!opt.check_sigs && nouid)
1711 sigrc = '?'; /* No key in local keyring. */
1720 es_fputs (sigstr, es_stdout);
1721 es_putc (':', es_stdout);
1723 es_putc (sigrc, es_stdout);
1724 es_fprintf (es_stdout, "::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1725 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1726 colon_datestr_from_sig (sig),
1727 colon_expirestr_from_sig (sig));
1729 if (sig->trust_depth || sig->trust_value)
1730 es_fprintf (es_stdout, "%d %d", sig->trust_depth, sig->trust_value);
1731 es_fprintf (es_stdout, ":");
1733 if (sig->trust_regexp)
1734 es_write_sanitized (es_stdout, sig->trust_regexp,
1735 strlen (sig->trust_regexp), ":", NULL);
1736 es_fprintf (es_stdout, ":");
1739 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1741 es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL);
1743 es_fprintf (es_stdout, ":%02x%c", sig->sig_class,
1744 sig->flags.exportable ? 'x' : 'l');
1746 es_fprintf (es_stdout, ",%02x", reason_code);
1747 es_fputs ("::", es_stdout);
1749 if (opt.no_sig_cache && opt.check_sigs && fprokay)
1751 for (i = 0; i < fplen; i++)
1752 es_fprintf (es_stdout, "%02X", fparray[i]);
1754 else if ((issuer_fpr = issuer_fpr_string (sig)))
1755 es_fputs (issuer_fpr, es_stdout);
1757 es_fprintf (es_stdout, ":::%d:", sig->digest_algo);
1761 es_fputs ("::::", es_stdout);
1762 es_write_sanitized (es_stdout, reason_comment, reason_commentlen,
1764 es_putc (':', es_stdout);
1766 es_putc ('\n', es_stdout);
1768 if (opt.show_subpackets)
1769 print_subpackets_colon (sig);
1771 /* fixme: check or list other sigs here */
1772 xfree (reason_text);
1773 xfree (reason_comment);
1780 xfree (hexgrip_buffer);
1785 * Reorder the keyblock so that the primary user ID (and not attribute
1786 * packet) comes first. Fixme: Replace this by a generic sort
1789 do_reorder_keyblock (KBNODE keyblock, int attr)
1791 KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
1794 for (node = keyblock; node; primary0 = node, node = node->next)
1796 if (node->pkt->pkttype == PKT_USER_ID &&
1797 ((attr && node->pkt->pkt.user_id->attrib_data) ||
1798 (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
1799 node->pkt->pkt.user_id->flags.primary)
1801 primary = primary2 = node;
1802 for (node = node->next; node; primary2 = node, node = node->next)
1804 if (node->pkt->pkttype == PKT_USER_ID
1805 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1806 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1815 return; /* No primary key flag found (should not happen). */
1817 for (last = NULL, node = keyblock; node; last = node, node = node->next)
1819 if (node->pkt->pkttype == PKT_USER_ID)
1823 log_assert (last); /* The user ID is never the first packet. */
1824 log_assert (primary0); /* Ditto (this is the node before primary). */
1825 if (node == primary)
1826 return; /* Already the first one. */
1828 last->next = primary;
1829 primary0->next = primary2->next;
1830 primary2->next = node;
1834 reorder_keyblock (KBNODE keyblock)
1836 do_reorder_keyblock (keyblock, 1);
1837 do_reorder_keyblock (keyblock, 0);
1841 list_keyblock (ctrl_t ctrl,
1842 KBNODE keyblock, int secret, int has_secret, int fpr,
1843 struct keylist_context *listctx)
1845 reorder_keyblock (keyblock);
1847 if (opt.with_colons)
1848 list_keyblock_colon (ctrl, keyblock, secret, has_secret);
1849 else if ((opt.list_options & LIST_SHOW_ONLY_FPR_MBOX))
1851 if (!listctx->no_validity)
1852 check_trustdb_stale (ctrl);
1853 list_keyblock_simple (ctrl, keyblock);
1856 list_keyblock_print (ctrl, keyblock, secret, fpr, listctx);
1859 es_fflush (es_stdout);
1863 /* Public function used by keygen to list a keyblock. If NO_VALIDITY
1864 * is set the validity of a key is never shown. */
1866 list_keyblock_direct (ctrl_t ctrl,
1867 kbnode_t keyblock, int secret, int has_secret, int fpr,
1870 struct keylist_context listctx;
1872 memset (&listctx, 0, sizeof (listctx));
1873 listctx.no_validity = !!no_validity;
1874 list_keyblock (ctrl, keyblock, secret, has_secret, fpr, &listctx);
1875 keylist_context_release (&listctx);
1879 /* Print an hex digit in ICAO spelling. */
1881 print_icao_hexdigit (estream_t fp, int c)
1883 static const char *list[16] = {
1884 "Zero", "One", "Two", "Three", "Four", "Five", "Six", "Seven",
1885 "Eight", "Niner", "Alfa", "Bravo", "Charlie", "Delta", "Echo", "Foxtrot"
1888 tty_fprintf (fp, "%s", list[c&15]);
1893 * Function to print the finperprint.
1894 * mode 0: as used in key listings, opt.with_colons is honored
1895 * 1: print using log_info ()
1896 * 2: direct use of tty
1897 * 3: direct use of tty but only primary key.
1898 * 4: direct use of tty but only subkey.
1899 * 10: Same as 0 but with_colons etc is ignored.
1900 * 20: Same as 0 but using a compact format.
1902 * Modes 1 and 2 will try and print both subkey and primary key
1903 * fingerprints. A MODE with bit 7 set is used internally. If
1904 * OVERRIDE_FP is not NULL that stream will be used in 0 instead
1905 * of es_stdout or instead of the TTY in modes 2 and 3.
1908 print_fingerprint (ctrl_t ctrl, estream_t override_fp,
1909 PKT_public_key *pk, int mode)
1911 char hexfpr[2*MAX_FINGERPRINT_LEN+1];
1917 int with_colons = opt.with_colons;
1918 int with_icao = opt.with_icao_spelling;
1927 else if (mode == 20)
1934 if (!opt.fingerprint && !opt.with_fingerprint
1935 && opt.with_subkey_fingerprint)
1938 if (pk->main_keyid[0] == pk->keyid[0]
1939 && pk->main_keyid[1] == pk->keyid[1])
1942 /* Just to be safe */
1943 if ((mode & 0x80) && !primary)
1945 log_error ("primary key is not really primary!\n");
1951 if (!primary && (mode == 1 || mode == 2))
1953 PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
1954 get_pubkey (ctrl, primary_pk, pk->main_keyid);
1955 print_fingerprint (ctrl, override_fp, primary_pk, (mode | 0x80));
1956 free_public_key (primary_pk);
1961 fp = log_get_stream ();
1963 text = _("Primary key fingerprint:");
1965 text = _(" Subkey fingerprint:");
1969 fp = override_fp; /* Use tty or given stream. */
1971 /* TRANSLATORS: this should fit into 24 bytes so that the
1972 * fingerprint data is properly aligned with the user ID */
1973 text = _(" Primary key fingerprint:");
1975 text = _(" Subkey fingerprint:");
1979 fp = override_fp; /* Use tty or given stream. */
1980 text = _(" Key fingerprint =");
1984 fp = override_fp; /* Use tty or given stream. */
1985 text = _(" Subkey fingerprint:");
1989 fp = override_fp? override_fp : es_stdout;
1990 if (opt.keyid_format == KF_NONE)
1992 text = " "; /* To indent ICAO spelling. */
1996 text = _(" Key fingerprint =");
1999 hexfingerprint (pk, hexfpr, sizeof hexfpr);
2000 if (with_colons && !mode)
2002 es_fprintf (fp, "fpr:::::::::%s:", hexfpr);
2004 else if (compact && !opt.fingerprint && !opt.with_fingerprint)
2006 tty_fprintf (fp, "%*s%s", 6, "", hexfpr);
2010 char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1];
2011 format_hexfingerprint (hexfpr, fmtfpr, sizeof fmtfpr);
2013 tty_fprintf (fp, "%*s%s", 6, "", fmtfpr);
2015 tty_fprintf (fp, "%s %s", text, fmtfpr);
2017 tty_fprintf (fp, "\n");
2018 if (!with_colons && with_icao)
2021 tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, "");
2022 for (i = 0, p = hexfpr; *p; i++, p++)
2027 tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, "");
2029 tty_fprintf (fp, " ");
2031 tty_fprintf (fp, " ");
2032 print_icao_hexdigit (fp, xtoi_1 (p));
2034 tty_fprintf (fp, "\"\n");
2038 /* Print the serial number of an OpenPGP card if available. */
2040 print_card_serialno (const char *serialno)
2044 if (opt.with_colons)
2045 return; /* Handled elsewhere. */
2047 es_fputs (_(" Card serial no. ="), es_stdout);
2048 es_putc (' ', es_stdout);
2049 if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12))
2051 /* This is an OpenPGP card. Print the relevant part. */
2052 /* Example: D2760001240101010001000003470000 */
2054 es_fprintf (es_stdout, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
2057 es_fputs (serialno, es_stdout);
2058 es_putc ('\n', es_stdout);
2062 /* Print a public or secret (sub)key line. Example:
2064 * pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31]
2065 * 80615870F5BAD690333686D0F2AD85AC1E42B367
2067 * Some global options may result in a different output format. If
2068 * SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and
2069 * depending on the value a flag character is shown:
2071 * 1 := ' ' Regular secret key
2072 * 2 := '#' Stub secret key
2073 * 3 := '>' Secret key is on a token.
2076 print_key_line (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, int secret)
2078 char pkstrbuf[PUBKEY_STRING_SIZE];
2080 tty_fprintf (fp, "%s%c %s",
2081 pk->flags.primary? (secret? "sec":"pub")
2082 /**/ : (secret? "ssb":"sub"),
2083 secret == 2? '#' : secret == 3? '>' : ' ',
2084 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf));
2085 if (opt.keyid_format != KF_NONE)
2086 tty_fprintf (fp, "/%s", keystr_from_pk (pk));
2087 tty_fprintf (fp, " %s", datestr_from_pk (pk));
2089 if (pk->flags.primary
2090 && !(openpgp_pk_algo_usage (pk->pubkey_algo)
2091 & (PUBKEY_USAGE_CERT| PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)))
2093 /* A primary key which is really not capable to sign. */
2094 tty_fprintf (fp, " [INVALID_ALGO]");
2096 else if ((opt.list_options & LIST_SHOW_USAGE))
2098 tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0));
2101 if (pk->flags.revoked)
2103 tty_fprintf (fp, " [");
2104 tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk));
2105 tty_fprintf (fp, "]");
2107 else if (pk->has_expired)
2109 tty_fprintf (fp, " [");
2110 tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk));
2111 tty_fprintf (fp, "]");
2113 else if (pk->expiredate)
2115 tty_fprintf (fp, " [");
2116 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
2117 tty_fprintf (fp, "]");
2121 /* I need to think about this some more. It's easy enough to
2122 include, but it looks sort of confusing in the listing... */
2123 if (opt.list_options & LIST_SHOW_VALIDITY)
2125 int validity = get_validity (ctrl, pk, NULL, NULL, 0);
2126 tty_fprintf (fp, " [%s]", trust_value_to_string (validity));
2130 if (pk->pubkey_algo >= 100)
2131 tty_fprintf (fp, " [experimental algorithm %d]", pk->pubkey_algo);
2133 tty_fprintf (fp, "\n");
2135 /* if the user hasn't explicitly asked for human-readable
2136 fingerprints, show compact fpr of primary key: */
2137 if (pk->flags.primary &&
2138 !opt.fingerprint && !opt.with_fingerprint)
2139 print_fingerprint (ctrl, fp, pk, 20);
2144 set_attrib_fd (int fd)
2146 static int last_fd = -1;
2148 if (fd != -1 && last_fd == fd)
2151 /* Fixme: Do we need to check for the log stream here? */
2152 if (attrib_fp && attrib_fp != log_get_stream ())
2153 es_fclose (attrib_fp);
2158 if (! gnupg_fd_valid (fd))
2159 log_fatal ("attribute-fd is invalid: %s\n", strerror (errno));
2161 #ifdef HAVE_DOSISH_SYSTEM
2162 setmode (fd, O_BINARY);
2165 attrib_fp = es_stdout;
2167 attrib_fp = es_stderr;
2169 attrib_fp = es_fdopen (fd, "wb");
2172 log_fatal ("can't open fd %d for attribute output: %s\n",
2173 fd, strerror (errno));