1 /* keylist.c - Print information about OpenPGP keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2008, 2010, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2013, 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
27 #ifdef HAVE_DOSISH_SYSTEM
28 # include <fcntl.h> /* for setmode() */
34 #include "../common/status.h"
37 #include "../common/util.h"
38 #include "../common/ttyio.h"
41 #include "../common/i18n.h"
42 #include "../common/status.h"
43 #include "call-agent.h"
44 #include "../common/mbox-util.h"
45 #include "../common/zb32.h"
47 #include "../common/compliance.h"
50 static void list_all (ctrl_t, int, int);
51 static void list_one (ctrl_t ctrl,
52 strlist_t names, int secret, int mark_secret);
53 static void locate_one (ctrl_t ctrl, strlist_t names);
54 static void print_card_serialno (const char *serialno);
56 struct keylist_context
58 int check_sigs; /* If set signatures shall be verified. */
59 int good_sigs; /* Counter used if CHECK_SIGS is set. */
60 int inv_sigs; /* Counter used if CHECK_SIGS is set. */
61 int no_key; /* Counter used if CHECK_SIGS is set. */
62 int oth_err; /* Counter used if CHECK_SIGS is set. */
63 int no_validity; /* Do not show validity. */
67 static void list_keyblock (ctrl_t ctrl,
68 kbnode_t keyblock, int secret, int has_secret,
69 int fpr, struct keylist_context *listctx);
72 /* The stream used to write attribute packets to. */
73 static estream_t attrib_fp;
76 /* Release resources from a keylist context. */
78 keylist_context_release (struct keylist_context *listctx)
80 (void)listctx; /* Nothing to release. */
84 /* List the keys. If list is NULL, all available keys are listed.
85 With LOCATE_MODE set the locate algorithm is used to find a
88 public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
90 #ifndef NO_TRUST_MODELS
93 byte trust_model, marginals, completes, cert_depth, min_cert_level;
94 ulong created, nextcheck;
96 read_trust_options (ctrl, &trust_model, &created, &nextcheck,
97 &marginals, &completes, &cert_depth, &min_cert_level);
99 es_fprintf (es_stdout, "tru:");
101 if (nextcheck && nextcheck <= make_timestamp ())
102 es_fprintf (es_stdout, "o");
103 if (trust_model != opt.trust_model)
104 es_fprintf (es_stdout, "t");
105 if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
106 || opt.trust_model == TM_TOFU_PGP)
108 if (marginals != opt.marginals_needed)
109 es_fprintf (es_stdout, "m");
110 if (completes != opt.completes_needed)
111 es_fprintf (es_stdout, "c");
112 if (cert_depth != opt.max_cert_depth)
113 es_fprintf (es_stdout, "d");
114 if (min_cert_level != opt.min_cert_level)
115 es_fprintf (es_stdout, "l");
118 es_fprintf (es_stdout, ":%d:%lu:%lu", trust_model, created, nextcheck);
120 /* Only show marginals, completes, and cert_depth in the classic
121 or PGP trust models since they are not meaningful
124 if (trust_model == TM_PGP || trust_model == TM_CLASSIC)
125 es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth);
126 es_fprintf (es_stdout, "\n");
128 #endif /*!NO_TRUST_MODELS*/
130 /* We need to do the stale check right here because it might need to
131 update the keyring while we already have the keyring open. This
132 is very bad for W32 because of a sharing violation. For real OSes
133 it might lead to false results if we are later listing a keyring
134 which is associated with the inode of a deleted file. */
135 check_trustdb_stale (ctrl);
138 tofu_begin_batch_update (ctrl);
142 locate_one (ctrl, list);
144 list_all (ctrl, 0, opt.with_secret);
146 list_one (ctrl, list, 0, opt.with_secret);
149 tofu_end_batch_update (ctrl);
155 secret_key_list (ctrl_t ctrl, strlist_t list)
159 check_trustdb_stale (ctrl);
162 list_all (ctrl, 1, 0);
163 else /* List by user id */
164 list_one (ctrl, list, 1, 0);
168 format_seckey_info (ctrl_t ctrl, PKT_public_key *pk)
172 char pkstrbuf[PUBKEY_STRING_SIZE];
175 keyid_from_pk (pk, keyid);
176 p = get_user_id_native (ctrl, keyid);
178 info = xtryasprintf ("sec %s/%s %s %s",
179 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
180 keystr (keyid), datestr_from_pk (pk), p);
188 print_seckey_info (ctrl_t ctrl, PKT_public_key *pk)
190 char *p = format_seckey_info (ctrl, pk);
191 tty_printf ("\n%s\n", p);
195 /* Print information about the public key. With FP passed as NULL,
196 the tty output interface is used, otherwise output is directed to
199 print_pubkey_info (ctrl_t ctrl, estream_t fp, PKT_public_key *pk)
203 char pkstrbuf[PUBKEY_STRING_SIZE];
205 keyid_from_pk (pk, keyid);
207 /* If the pk was chosen by a particular user ID, that is the one to
210 p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
212 p = get_user_id_native (ctrl, keyid);
216 tty_fprintf (fp, "%s %s/%s %s %s\n",
217 pk->flags.primary? "pub":"sub",
218 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
219 keystr (keyid), datestr_from_pk (pk), p);
224 /* Print basic information of a secret key including the card serial
225 number information. */
226 #ifdef ENABLE_CARD_SUPPORT
228 print_card_key_info (estream_t fp, kbnode_t keyblock)
234 char pkstrbuf[PUBKEY_STRING_SIZE];
237 for (node = keyblock; node; node = node->next)
239 if (node->pkt->pkttype == PKT_PUBLIC_KEY
240 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
243 PKT_public_key *pk = node->pkt->pkt.public_key;
246 rc = hexkeygrip_from_pk (pk, &hexgrip);
249 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
252 else if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
253 s2k_char = serialno? '>':' ';
255 s2k_char = '#'; /* Key not found. */
257 tty_fprintf (fp, "%s%c %s/%s %n",
258 node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb",
260 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
263 tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
264 tty_fprintf (fp, " ");
265 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
268 tty_fprintf (fp, "\n%*s%s", indent, "", _("card-no: "));
269 if (strlen (serialno) == 32
270 && !strncmp (serialno, "D27600012401", 12))
272 /* This is an OpenPGP card. Print the relevant part. */
273 /* Example: D2760001240101010001000003470000 */
275 tty_fprintf (fp, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
278 tty_fprintf (fp, "%s", serialno);
280 tty_fprintf (fp, "\n");
286 #endif /*ENABLE_CARD_SUPPORT*/
289 /* Flags = 0x01 hashed 0x02 critical. */
291 status_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
296 /* Don't print these. */
300 snprintf (status, sizeof status,
301 "%d %u %u ", type, flags, (unsigned int) len);
303 write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0);
307 /* Print a policy URL. Allowed values for MODE are:
308 * -1 - print to the TTY
309 * 0 - print to stdout.
310 * 1 - use log_info and emit status messages.
311 * 2 - emit only status messages.
314 show_policy_url (PKT_signature * sig, int indent, int mode)
319 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
322 enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit)))
328 tty_fprintf (fp, "%*s", indent, "");
331 str = _("Critical signature policy: ");
333 str = _("Signature policy: ");
335 log_info ("%s", str);
337 tty_fprintf (fp, "%s", str);
338 tty_print_utf8_string2 (fp, p, len, 0);
339 tty_fprintf (fp, "\n");
343 write_status_buffer (STATUS_POLICY_URL, p, len, 0);
348 /* Print a keyserver URL. Allowed values for MODE are:
349 * -1 - print to the TTY
350 * 0 - print to stdout.
351 * 1 - use log_info and emit status messages.
352 * 2 - emit only status messages.
355 show_keyserver_url (PKT_signature * sig, int indent, int mode)
360 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
363 enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq,
370 tty_fprintf (fp, "%*s", indent, "");
373 str = _("Critical preferred keyserver: ");
375 str = _("Preferred keyserver: ");
377 log_info ("%s", str);
379 tty_fprintf (fp, "%s", str);
380 tty_print_utf8_string2 (fp, p, len, 0);
381 tty_fprintf (fp, "\n");
385 status_one_subpacket (SIGSUBPKT_PREF_KS, len,
386 (crit ? 0x02 : 0) | 0x01, p);
391 /* Print notation data. Allowed values for MODE are:
392 * -1 - print to the TTY
393 * 0 - print to stdout.
394 * 1 - use log_info and emit status messages.
395 * 2 - emit only status messages.
397 * Defined bits in WHICH:
398 * 1 - standard notations
402 show_notation (PKT_signature * sig, int indent, int mode, int which)
404 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
405 notation_t nd, notations;
410 notations = sig_to_notation (sig);
412 /* There may be multiple notations in the same sig. */
413 for (nd = notations; nd; nd = nd->next)
417 int has_at = !!strchr (nd->name, '@');
419 if ((which & 1 && !has_at) || (which & 2 && has_at))
423 tty_fprintf (fp, "%*s", indent, "");
425 if (nd->flags.critical)
426 str = _("Critical signature notation: ");
428 str = _("Signature notation: ");
430 log_info ("%s", str);
432 tty_fprintf (fp, "%s", str);
433 /* This is all UTF8 */
434 tty_print_utf8_string2 (fp, nd->name, strlen (nd->name), 0);
435 tty_fprintf (fp, "=");
436 tty_print_utf8_string2 (fp, nd->value, strlen (nd->value), 0);
437 /* (We need to use log_printf so that the next call to a
438 log function does not insert an extra LF.) */
442 tty_fprintf (fp, "\n");
448 write_status_buffer (STATUS_NOTATION_NAME,
449 nd->name, strlen (nd->name), 0);
450 if (nd->flags.critical || nd->flags.human)
451 write_status_text (STATUS_NOTATION_FLAGS,
452 nd->flags.critical && nd->flags.human? "1 1" :
453 nd->flags.critical? "1 0" : "0 1");
454 write_status_buffer (STATUS_NOTATION_DATA,
455 nd->value, strlen (nd->value), 50);
459 free_notation (notations);
464 print_signature_stats (struct keylist_context *s)
467 return; /* Signature checking was not requested. */
469 /* Better flush stdout so that the stats are always printed after
471 es_fflush (es_stdout);
474 log_info (ngettext("%d good signature\n",
475 "%d good signatures\n", s->good_sigs), s->good_sigs);
478 log_info (ngettext("%d bad signature\n",
479 "%d bad signatures\n", s->inv_sigs), s->inv_sigs);
482 log_info (ngettext("%d signature not checked due to a missing key\n",
483 "%d signatures not checked due to missing keys\n",
484 s->no_key), s->no_key);
487 log_info (ngettext("%d signature not checked due to an error\n",
488 "%d signatures not checked due to errors\n",
489 s->oth_err), s->oth_err);
493 /* List all keys. If SECRET is true only secret keys are listed. If
494 MARK_SECRET is true secret keys are indicated in a public key
497 list_all (ctrl_t ctrl, int secret, int mark_secret)
500 KBNODE keyblock = NULL;
503 const char *lastresname, *resname;
504 struct keylist_context listctx;
506 memset (&listctx, 0, sizeof (listctx));
508 listctx.check_sigs = 1;
512 rc = gpg_error_from_syserror ();
514 rc = keydb_search_first (hd);
517 if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
518 log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc));
525 rc = keydb_get_keyblock (hd, &keyblock);
528 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
529 continue; /* Skip legacy keys. */
530 log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
534 if (secret || mark_secret)
535 any_secret = !agent_probe_any_secret_key (NULL, keyblock);
539 if (secret && !any_secret)
540 ; /* Secret key listing requested but this isn't one. */
543 if (!opt.with_colons)
545 resname = keydb_get_resource_name (hd);
546 if (lastresname != resname)
550 es_fprintf (es_stdout, "%s\n", resname);
551 for (i = strlen (resname); i; i--)
552 es_putc ('-', es_stdout);
553 es_putc ('\n', es_stdout);
554 lastresname = resname;
557 merge_keys_and_selfsig (ctrl, keyblock);
558 list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint,
561 release_kbnode (keyblock);
564 while (!(rc = keydb_search_next (hd)));
565 es_fflush (es_stdout);
566 if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
567 log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
568 if (keydb_get_skipped_counter (hd))
569 log_info (ngettext("Warning: %lu key skipped due to its large size\n",
570 "Warning: %lu keys skipped due to their large sizes\n",
571 keydb_get_skipped_counter (hd)),
572 keydb_get_skipped_counter (hd));
574 if (opt.check_sigs && !opt.with_colons)
575 print_signature_stats (&listctx);
578 keylist_context_release (&listctx);
579 release_kbnode (keyblock);
585 list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)
588 KBNODE keyblock = NULL;
591 const char *keyring_str = _("Keyring");
593 struct keylist_context listctx;
595 memset (&listctx, 0, sizeof (listctx));
596 if (!secret && opt.check_sigs)
597 listctx.check_sigs = 1;
599 /* fixme: using the bynames function has the disadvantage that we
600 * don't know whether one of the names given was not found. OTOH,
601 * this function has the advantage to list the names in the
602 * sequence as defined by the keyDB and does not duplicate
603 * outputs. A solution could be do test whether all given have
604 * been listed (this needs a way to use the keyDB search
605 * functions) or to have the search function return indicators for
606 * found names. Yet another way is to use the keydb search
607 * facilities directly. */
608 rc = getkey_bynames (ctrl, &ctx, NULL, names, secret, &keyblock);
611 log_error ("error reading key: %s\n", gpg_strerror (rc));
612 getkey_end (ctrl, ctx);
618 if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
620 resname = keydb_get_resource_name (get_ctx_handle (ctx));
621 es_fprintf (es_stdout, "%s: %s\n", keyring_str, resname);
622 for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
623 es_putc ('-', es_stdout);
624 es_putc ('\n', es_stdout);
627 keyblock, secret, mark_secret, opt.fingerprint, &listctx);
628 release_kbnode (keyblock);
630 while (!getkey_next (ctrl, ctx, NULL, &keyblock));
631 getkey_end (ctrl, ctx);
633 if (opt.check_sigs && !opt.with_colons)
634 print_signature_stats (&listctx);
636 keylist_context_release (&listctx);
641 locate_one (ctrl_t ctrl, strlist_t names)
645 GETKEY_CTX ctx = NULL;
646 KBNODE keyblock = NULL;
647 struct keylist_context listctx;
649 memset (&listctx, 0, sizeof (listctx));
651 listctx.check_sigs = 1;
653 for (sl = names; sl; sl = sl->next)
655 rc = get_best_pubkey_byname (ctrl, &ctx, NULL, sl->d, &keyblock, 1, 0);
658 if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
659 log_error ("error reading key: %s\n", gpg_strerror (rc));
660 else if (opt.verbose)
661 log_info (_("key \"%s\" not found: %s\n"),
662 sl->d, gpg_strerror (rc));
668 list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx);
669 release_kbnode (keyblock);
671 while (ctx && !getkey_next (ctrl, ctx, NULL, &keyblock));
672 getkey_end (ctrl, ctx);
677 if (opt.check_sigs && !opt.with_colons)
678 print_signature_stats (&listctx);
680 keylist_context_release (&listctx);
685 print_key_data (PKT_public_key * pk)
687 int n = pk ? pubkey_get_npkey (pk->pubkey_algo) : 0;
690 for (i = 0; i < n; i++)
692 es_fprintf (es_stdout, "pkd:%d:%u:", i, mpi_get_nbits (pk->pkey[i]));
693 mpi_print (es_stdout, pk->pkey[i], 1);
694 es_putc (':', es_stdout);
695 es_putc ('\n', es_stdout);
700 print_capabilities (ctrl_t ctrl, PKT_public_key *pk, KBNODE keyblock)
702 unsigned int use = pk->pubkey_usage;
705 if (use & PUBKEY_USAGE_ENC)
706 es_putc ('e', es_stdout);
708 if (use & PUBKEY_USAGE_SIG)
710 es_putc ('s', es_stdout);
711 if (pk->flags.primary)
713 es_putc ('c', es_stdout);
714 /* The PUBKEY_USAGE_CERT flag was introduced later and we
715 used to always print 'c' for a primary key. To avoid any
716 regression here we better track whether we printed 'c'
722 if ((use & PUBKEY_USAGE_CERT) && !c_printed)
723 es_putc ('c', es_stdout);
725 if ((use & PUBKEY_USAGE_AUTH))
726 es_putc ('a', es_stdout);
728 if ((use & PUBKEY_USAGE_UNKNOWN))
729 es_putc ('?', es_stdout);
733 /* Figure out the usable capabilities. */
735 int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0;
737 for (k = keyblock; k; k = k->next)
739 if (k->pkt->pkttype == PKT_PUBLIC_KEY
740 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
742 pk = k->pkt->pkt.public_key;
744 if (pk->flags.primary)
745 disabled = pk_is_disabled (pk);
747 if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired)
749 if (pk->pubkey_usage & PUBKEY_USAGE_ENC)
751 if (pk->pubkey_usage & PUBKEY_USAGE_SIG)
754 if (pk->flags.primary)
757 if (pk->pubkey_usage & PUBKEY_USAGE_CERT)
759 if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
765 es_putc ('E', es_stdout);
767 es_putc ('S', es_stdout);
769 es_putc ('C', es_stdout);
771 es_putc ('A', es_stdout);
773 es_putc ('D', es_stdout);
776 es_putc (':', es_stdout);
780 /* FLAGS: 0x01 hashed
783 print_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
788 es_fprintf (es_stdout, "spk:%d:%u:%u:", type, flags, (unsigned int) len);
790 for (i = 0; i < len; i++)
792 /* printable ascii other than : and % */
793 if (buf[i] >= 32 && buf[i] <= 126 && buf[i] != ':' && buf[i] != '%')
794 es_fprintf (es_stdout, "%c", buf[i]);
796 es_fprintf (es_stdout, "%%%02X", buf[i]);
799 es_fprintf (es_stdout, "\n");
804 print_subpackets_colon (PKT_signature * sig)
808 log_assert (opt.show_subpackets);
810 for (i = opt.show_subpackets; *i; i++)
818 while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit)))
819 print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
823 while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit)))
824 print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
830 dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
837 for (i = 0; i < uid->numattribs; i++)
839 if (is_status_enabled ())
841 byte array[MAX_FINGERPRINT_LEN], *p;
842 char buf[(MAX_FINGERPRINT_LEN * 2) + 90];
847 fingerprint_from_pk (pk, array, &n);
850 for (j = 0; j < n; j++, p++)
851 sprintf (buf + 2 * j, "%02X", *p);
853 sprintf (buf + strlen (buf), " %lu %u %u %u %lu %lu %u",
854 (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1,
855 uid->numattribs, (ulong) uid->created,
856 (ulong) uid->expiredate,
857 ((uid->flags.primary ? 0x01 : 0) | (uid->flags.revoked ? 0x02 : 0) |
858 (uid->flags.expired ? 0x04 : 0)));
859 write_status_text (STATUS_ATTRIBUTE, buf);
862 es_fwrite (uid->attribs[i].data, uid->attribs[i].len, 1, attrib_fp);
863 es_fflush (attrib_fp);
869 list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
870 struct keylist_context *listctx)
877 char *hexgrip = NULL;
878 char *serialno = NULL;
880 /* Get the keyid from the keyblock. */
881 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
884 log_error ("Oops; key lost!\n");
885 dump_kbnode (keyblock);
889 pk = node->pkt->pkt.public_key;
891 if (secret || opt.with_keygrip)
893 rc = hexkeygrip_from_pk (pk, &hexgrip);
895 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
900 /* Encode some info about the secret key in SECRET. */
901 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
902 secret = serialno? 3 : 1;
904 secret = 2; /* Key not found. */
907 if (!listctx->no_validity)
908 check_trustdb_stale (ctrl);
910 /* Print the "pub" line and in KF_NONE mode the fingerprint. */
911 print_key_line (ctrl, es_stdout, pk, secret);
914 print_fingerprint (ctrl, NULL, pk, 0);
916 if (opt.with_keygrip && hexgrip)
917 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
920 print_card_serialno (serialno);
922 if (opt.with_key_data)
925 if (opt.with_key_origin
926 && (pk->keyorg || pk->keyupdate || pk->updateurl))
928 char updatestr[MK_DATESTR_SIZE];
930 es_fprintf (es_stdout, " origin=%s last=%s %s",
931 key_origin_string (pk->keyorg),
932 mk_datestr (updatestr, sizeof updatestr, pk->keyupdate),
933 pk->updateurl? "url=":"");
935 print_utf8_string (es_stdout, pk->updateurl);
936 es_putc ('\n', es_stdout);
940 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
942 if (node->pkt->pkttype == PKT_USER_ID)
944 PKT_user_id *uid = node->pkt->pkt.user_id;
946 int kl = opt.keyid_format == KF_NONE? 10 : keystrlen ();
948 if ((uid->flags.expired || uid->flags.revoked)
949 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
957 if (attrib_fp && uid->attrib_data != NULL)
958 dump_attribs (uid, pk);
960 if ((uid->flags.revoked || uid->flags.expired)
961 || ((opt.list_options & LIST_SHOW_UID_VALIDITY)
962 && !listctx->no_validity))
964 const char *validity;
966 validity = uid_trust_string_fixed (ctrl, pk, uid);
967 indent = ((kl + (opt.legacy_list_mode? 9:11))
968 - atoi (uid_trust_string_fixed (ctrl, NULL, NULL)));
969 if (indent < 0 || indent > 40)
972 es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity);
976 indent = kl + (opt.legacy_list_mode? 10:12);
977 es_fprintf (es_stdout, "uid%*s", indent, "");
980 print_utf8_buffer (es_stdout, uid->name, uid->len);
981 es_putc ('\n', es_stdout);
983 if (opt.with_wkd_hash)
985 char *mbox, *hash, *p;
988 mbox = mailbox_from_userid (uid->name);
989 if (mbox && (p = strchr (mbox, '@')))
992 gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
993 mbox, strlen (mbox));
994 hash = zb32_encode (hashbuf, 8*20);
997 es_fprintf (es_stdout, " %*s%s@%s\n",
998 indent, "", hash, p);
1005 if (opt.with_key_origin
1006 && (uid->keyorg || uid->keyupdate || uid->updateurl))
1008 char updatestr[MK_DATESTR_SIZE];
1010 es_fprintf (es_stdout, " %*sorigin=%s last=%s %s",
1012 key_origin_string (uid->keyorg),
1013 mk_datestr (updatestr, sizeof updatestr,
1015 uid->updateurl? "url=":"");
1017 print_utf8_string (es_stdout, uid->updateurl);
1018 es_putc ('\n', es_stdout);
1021 if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
1022 show_photos (ctrl, uid->attribs, uid->numattribs, pk, uid);
1024 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1026 PKT_public_key *pk2 = node->pkt->pkt.public_key;
1028 if ((pk2->flags.revoked || pk2->has_expired)
1029 && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS))
1037 xfree (serialno); serialno = NULL;
1038 xfree (hexgrip); hexgrip = NULL;
1039 if (secret || opt.with_keygrip)
1041 rc = hexkeygrip_from_pk (pk2, &hexgrip);
1043 log_error ("error computing a keygrip: %s\n",
1048 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1049 secret = serialno? 3 : 1;
1051 secret = 2; /* Key not found. */
1054 /* Print the "sub" line. */
1055 print_key_line (ctrl, es_stdout, pk2, secret);
1056 if (fpr > 1 || opt.with_subkey_fingerprint)
1058 print_fingerprint (ctrl, NULL, pk2, 0);
1060 print_card_serialno (serialno);
1062 if (opt.with_keygrip && hexgrip)
1063 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1064 if (opt.with_key_data)
1065 print_key_data (pk2);
1067 else if (opt.list_sigs
1068 && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
1070 PKT_signature *sig = node->pkt->pkt.signature;
1074 if (listctx->check_sigs)
1076 rc = check_key_signature (ctrl, keyblock, node, NULL);
1077 switch (gpg_err_code (rc))
1080 listctx->good_sigs++;
1083 case GPG_ERR_BAD_SIGNATURE:
1084 listctx->inv_sigs++;
1087 case GPG_ERR_NO_PUBKEY:
1088 case GPG_ERR_UNUSABLE_PUBKEY:
1097 /* TODO: Make sure a cached sig record here still has
1098 the pk that issued it. See also
1099 keyedit.c:print_and_check_one_sig */
1107 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1108 || sig->sig_class == 0x30)
1110 else if ((sig->sig_class & ~3) == 0x10)
1112 else if (sig->sig_class == 0x18)
1114 else if (sig->sig_class == 0x1F)
1118 es_fprintf (es_stdout, "sig "
1119 "[unexpected signature class 0x%02x]\n",
1124 es_fputs (sigstr, es_stdout);
1125 es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s",
1126 sigrc, (sig->sig_class - 0x10 > 0 &&
1127 sig->sig_class - 0x10 <
1128 4) ? '0' + sig->sig_class - 0x10 : ' ',
1129 sig->flags.exportable ? ' ' : 'L',
1130 sig->flags.revocable ? ' ' : 'R',
1131 sig->flags.policy_url ? 'P' : ' ',
1132 sig->flags.notation ? 'N' : ' ',
1133 sig->flags.expired ? 'X' : ' ',
1134 (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
1136 sig->trust_depth : ' ', keystr (sig->keyid),
1137 datestr_from_sig (sig));
1138 if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
1139 es_fprintf (es_stdout, " %s", expirestr_from_sig (sig));
1140 es_fprintf (es_stdout, " ");
1142 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1143 else if (sigrc == '?')
1145 else if (!opt.fast_list_mode)
1148 char *p = get_user_id (ctrl, sig->keyid, &n);
1149 print_utf8_buffer (es_stdout, p, n);
1152 es_putc ('\n', es_stdout);
1154 if (sig->flags.policy_url
1155 && (opt.list_options & LIST_SHOW_POLICY_URLS))
1156 show_policy_url (sig, 3, 0);
1158 if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
1159 show_notation (sig, 3, 0,
1161 list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
1164 list_options & LIST_SHOW_USER_NOTATIONS) ? 2 :
1167 if (sig->flags.pref_ks
1168 && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
1169 show_keyserver_url (sig, 3, 0);
1171 /* fixme: check or list other sigs here */
1174 es_putc ('\n', es_stdout);
1180 print_revokers (estream_t fp, PKT_public_key * pk)
1182 /* print the revoker record */
1183 if (!pk->revkey && pk->numrevkeys)
1189 for (i = 0; i < pk->numrevkeys; i++)
1193 es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid);
1194 p = pk->revkey[i].fpr;
1195 for (j = 0; j < 20; j++, p++)
1196 es_fprintf (fp, "%02X", *p);
1197 es_fprintf (fp, ":%02x%s:\n",
1198 pk->revkey[i].class,
1199 (pk->revkey[i].class & 0x40) ? "s" : "");
1205 /* Print the compliance flags to field 18. PK is the public key.
1206 * KEYLENGTH is the length of the key in bits and CURVENAME is either
1207 * NULL or the name of the curve. The latter two args are here
1208 * merely because the caller has already computed them. */
1210 print_compliance_flags (PKT_public_key *pk,
1211 unsigned int keylength, const char *curvename)
1216 keylength = nbits_from_pk (pk);
1218 if (pk->version == 5)
1220 es_fputs (gnupg_status_compliance_flag (CO_GNUPG), es_stdout);
1223 if (gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey,
1224 keylength, curvename))
1226 es_fprintf (es_stdout, any ? " %s" : "%s",
1227 gnupg_status_compliance_flag (CO_DE_VS));
1233 /* List a key in colon mode. If SECRET is true this is a secret key
1234 record (i.e. requested via --list-secret-key). If HAS_SECRET a
1235 secret key is available even if SECRET is not set. */
1237 list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
1238 int secret, int has_secret)
1245 int trustletter = 0;
1246 int trustletter_print;
1247 int ownertrust_print;
1250 char *hexgrip_buffer = NULL;
1251 const char *hexgrip = NULL;
1252 char *serialno = NULL;
1254 unsigned int keylength;
1256 const char *curvename = NULL;
1258 /* Get the keyid from the keyblock. */
1259 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1262 log_error ("Oops; key lost!\n");
1263 dump_kbnode (keyblock);
1267 pk = node->pkt->pkt.public_key;
1268 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1270 rc = hexkeygrip_from_pk (pk, &hexgrip_buffer);
1272 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1273 /* In the error case we print an empty string so that we have a
1274 * "grp" record for each and subkey - even if it is empty. This
1275 * may help to prevent sync problems. */
1276 hexgrip = hexgrip_buffer? hexgrip_buffer : "";
1279 if ((secret || has_secret)
1280 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1281 stubkey = 1; /* Key not found. */
1283 keyid_from_pk (pk, keyid);
1284 if (!pk->flags.valid)
1285 trustletter_print = 'i';
1286 else if (pk->flags.revoked)
1287 trustletter_print = 'r';
1288 else if (pk->has_expired)
1289 trustletter_print = 'e';
1290 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1291 trustletter_print = 0;
1294 trustletter = get_validity_info (ctrl, keyblock, pk, NULL);
1295 if (trustletter == 'u')
1297 trustletter_print = trustletter;
1300 if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
1301 ownertrust_print = get_ownertrust_info (ctrl, pk, 0);
1303 ownertrust_print = 0;
1305 keylength = nbits_from_pk (pk);
1307 es_fputs (secret? "sec:":"pub:", es_stdout);
1308 if (trustletter_print)
1309 es_putc (trustletter_print, es_stdout);
1310 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::",
1313 (ulong) keyid[0], (ulong) keyid[1],
1314 colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
1316 if (ownertrust_print)
1317 es_putc (ownertrust_print, es_stdout);
1318 es_putc (':', es_stdout);
1320 es_putc (':', es_stdout);
1321 es_putc (':', es_stdout);
1322 print_capabilities (ctrl, pk, keyblock);
1323 es_putc (':', es_stdout); /* End of field 13. */
1324 es_putc (':', es_stdout); /* End of field 14. */
1325 if (secret || has_secret)
1328 es_putc ('#', es_stdout);
1330 es_fputs (serialno, es_stdout);
1331 else if (has_secret)
1332 es_putc ('+', es_stdout);
1334 es_putc (':', es_stdout); /* End of field 15. */
1335 es_putc (':', es_stdout); /* End of field 16. */
1336 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1337 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1338 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1340 curve = openpgp_oid_to_str (pk->pkey[0]);
1341 curvename = openpgp_oid_to_curve (curve, 0);
1344 es_fputs (curvename, es_stdout);
1346 es_putc (':', es_stdout); /* End of field 17. */
1347 print_compliance_flags (pk, keylength, curvename);
1348 es_putc (':', es_stdout); /* End of field 18 (compliance). */
1350 es_fputs (colon_strtime (pk->keyupdate), es_stdout);
1351 es_putc (':', es_stdout); /* End of field 19 (last_update). */
1352 es_fprintf (es_stdout, "%d%s", pk->keyorg, pk->updateurl? " ":"");
1354 es_write_sanitized (es_stdout, pk->updateurl, strlen (pk->updateurl),
1356 es_putc (':', es_stdout); /* End of field 20 (origin). */
1357 es_putc ('\n', es_stdout);
1359 print_revokers (es_stdout, pk);
1360 print_fingerprint (ctrl, NULL, pk, 0);
1362 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1363 if (opt.with_key_data)
1364 print_key_data (pk);
1366 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1368 if (node->pkt->pkttype == PKT_USER_ID)
1370 PKT_user_id *uid = node->pkt->pkt.user_id;
1373 if (attrib_fp && uid->attrib_data != NULL)
1374 dump_attribs (uid, pk);
1376 if (uid->flags.revoked)
1378 else if (uid->flags.expired)
1380 else if (opt.no_expensive_trust_checks)
1385 uid_validity = get_validity_info (ctrl, keyblock, pk, uid);
1387 es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout);
1389 es_putc (uid_validity, es_stdout);
1390 es_fputs ("::::", es_stdout);
1392 es_fprintf (es_stdout, "%s:", colon_strtime (uid->created));
1393 es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate));
1395 namehash_from_uid (uid);
1397 for (i = 0; i < 20; i++)
1398 es_fprintf (es_stdout, "%02X", uid->namehash[i]);
1400 es_fprintf (es_stdout, "::");
1402 if (uid->attrib_data)
1403 es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len);
1405 es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
1406 es_fputs (":::::::::", es_stdout);
1408 es_fputs (colon_strtime (uid->keyupdate), es_stdout);
1409 es_putc (':', es_stdout); /* End of field 19 (last_update). */
1410 es_fprintf (es_stdout, "%d%s", uid->keyorg, uid->updateurl? " ":"");
1412 es_write_sanitized (es_stdout,
1413 uid->updateurl, strlen (uid->updateurl),
1415 es_putc (':', es_stdout); /* End of field 20 (origin). */
1416 es_putc ('\n', es_stdout);
1418 if (!uid->attrib_data && opt.with_tofu_info
1419 && (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP))
1421 /* Print a "tfs" record. */
1422 tofu_write_tfs_record (ctrl, es_stdout, pk, uid->name);
1426 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1429 PKT_public_key *pk2;
1430 int need_hexgrip = !!hexgrip;
1432 pk2 = node->pkt->pkt.public_key;
1433 xfree (hexgrip_buffer); hexgrip_buffer = NULL; hexgrip = NULL;
1434 xfree (serialno); serialno = NULL;
1436 || secret || has_secret || opt.with_keygrip || opt.with_key_data)
1438 rc = hexkeygrip_from_pk (pk2, &hexgrip_buffer);
1440 log_error ("error computing a keygrip: %s\n",
1442 hexgrip = hexgrip_buffer? hexgrip_buffer : "";
1445 if ((secret||has_secret)
1446 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1447 stubkey = 1; /* Key not found. */
1449 keyid_from_pk (pk2, keyid2);
1450 es_fputs (secret? "ssb:":"sub:", es_stdout);
1451 if (!pk2->flags.valid)
1452 es_putc ('i', es_stdout);
1453 else if (pk2->flags.revoked)
1454 es_putc ('r', es_stdout);
1455 else if (pk2->has_expired)
1456 es_putc ('e', es_stdout);
1457 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1461 /* TRUSTLETTER should always be defined here. */
1463 es_fprintf (es_stdout, "%c", trustletter);
1465 keylength = nbits_from_pk (pk2);
1466 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s:::::",
1469 (ulong) keyid2[0], (ulong) keyid2[1],
1470 colon_datestr_from_pk (pk2),
1471 colon_strtime (pk2->expiredate));
1472 print_capabilities (ctrl, pk2, NULL);
1473 es_putc (':', es_stdout); /* End of field 13. */
1474 es_putc (':', es_stdout); /* End of field 14. */
1475 if (secret || has_secret)
1478 es_putc ('#', es_stdout);
1480 es_fputs (serialno, es_stdout);
1481 else if (has_secret)
1482 es_putc ('+', es_stdout);
1484 es_putc (':', es_stdout); /* End of field 15. */
1485 es_putc (':', es_stdout); /* End of field 16. */
1486 if (pk2->pubkey_algo == PUBKEY_ALGO_ECDSA
1487 || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA
1488 || pk2->pubkey_algo == PUBKEY_ALGO_ECDH)
1491 curve = openpgp_oid_to_str (pk2->pkey[0]);
1492 curvename = openpgp_oid_to_curve (curve, 0);
1495 es_fputs (curvename, es_stdout);
1497 es_putc (':', es_stdout); /* End of field 17. */
1498 print_compliance_flags (pk2, keylength, curvename);
1499 es_putc (':', es_stdout); /* End of field 18. */
1500 es_putc ('\n', es_stdout);
1501 print_fingerprint (ctrl, NULL, pk2, 0);
1503 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1504 if (opt.with_key_data)
1505 print_key_data (pk2);
1507 else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE)
1509 PKT_signature *sig = node->pkt->pkt.signature;
1510 int sigrc, fprokay = 0;
1513 byte fparray[MAX_FINGERPRINT_LEN];
1517 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1518 || sig->sig_class == 0x30)
1520 else if ((sig->sig_class & ~3) == 0x10)
1522 else if (sig->sig_class == 0x18)
1524 else if (sig->sig_class == 0x1F)
1528 es_fprintf (es_stdout, "sig::::::::::%02x%c:\n",
1529 sig->sig_class, sig->flags.exportable ? 'x' : 'l');
1535 PKT_public_key *signer_pk = NULL;
1537 es_fflush (es_stdout);
1538 if (opt.no_sig_cache)
1539 signer_pk = xmalloc_clear (sizeof (PKT_public_key));
1541 rc = check_key_signature2 (ctrl, keyblock, node, NULL, signer_pk,
1543 switch (gpg_err_code (rc))
1548 case GPG_ERR_BAD_SIGNATURE:
1551 case GPG_ERR_NO_PUBKEY:
1552 case GPG_ERR_UNUSABLE_PUBKEY:
1560 if (opt.no_sig_cache)
1564 fingerprint_from_pk (signer_pk, fparray, &fplen);
1567 free_public_key (signer_pk);
1576 if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode)
1577 siguid = get_user_id (ctrl, sig->keyid, &siguidlen);
1585 es_fputs (sigstr, es_stdout);
1586 es_putc (':', es_stdout);
1588 es_putc (sigrc, es_stdout);
1589 es_fprintf (es_stdout, "::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1590 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1591 colon_datestr_from_sig (sig),
1592 colon_expirestr_from_sig (sig));
1594 if (sig->trust_depth || sig->trust_value)
1595 es_fprintf (es_stdout, "%d %d", sig->trust_depth, sig->trust_value);
1596 es_fprintf (es_stdout, ":");
1598 if (sig->trust_regexp)
1599 es_write_sanitized (es_stdout, sig->trust_regexp,
1600 strlen (sig->trust_regexp), ":", NULL);
1601 es_fprintf (es_stdout, ":");
1604 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1606 es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL);
1608 es_fprintf (es_stdout, ":%02x%c::", sig->sig_class,
1609 sig->flags.exportable ? 'x' : 'l');
1611 if (opt.no_sig_cache && opt.check_sigs && fprokay)
1613 for (i = 0; i < fplen; i++)
1614 es_fprintf (es_stdout, "%02X", fparray[i]);
1617 es_fprintf (es_stdout, ":::%d:\n", sig->digest_algo);
1619 if (opt.show_subpackets)
1620 print_subpackets_colon (sig);
1622 /* fixme: check or list other sigs here */
1628 xfree (hexgrip_buffer);
1633 * Reorder the keyblock so that the primary user ID (and not attribute
1634 * packet) comes first. Fixme: Replace this by a generic sort
1637 do_reorder_keyblock (KBNODE keyblock, int attr)
1639 KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
1642 for (node = keyblock; node; primary0 = node, node = node->next)
1644 if (node->pkt->pkttype == PKT_USER_ID &&
1645 ((attr && node->pkt->pkt.user_id->attrib_data) ||
1646 (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
1647 node->pkt->pkt.user_id->flags.primary)
1649 primary = primary2 = node;
1650 for (node = node->next; node; primary2 = node, node = node->next)
1652 if (node->pkt->pkttype == PKT_USER_ID
1653 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1654 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1663 return; /* No primary key flag found (should not happen). */
1665 for (last = NULL, node = keyblock; node; last = node, node = node->next)
1667 if (node->pkt->pkttype == PKT_USER_ID)
1671 log_assert (last); /* The user ID is never the first packet. */
1672 log_assert (primary0); /* Ditto (this is the node before primary). */
1673 if (node == primary)
1674 return; /* Already the first one. */
1676 last->next = primary;
1677 primary0->next = primary2->next;
1678 primary2->next = node;
1682 reorder_keyblock (KBNODE keyblock)
1684 do_reorder_keyblock (keyblock, 1);
1685 do_reorder_keyblock (keyblock, 0);
1689 list_keyblock (ctrl_t ctrl,
1690 KBNODE keyblock, int secret, int has_secret, int fpr,
1691 struct keylist_context *listctx)
1693 reorder_keyblock (keyblock);
1695 if (opt.with_colons)
1696 list_keyblock_colon (ctrl, keyblock, secret, has_secret);
1698 list_keyblock_print (ctrl, keyblock, secret, fpr, listctx);
1701 es_fflush (es_stdout);
1705 /* Public function used by keygen to list a keyblock. If NO_VALIDITY
1706 * is set the validity of a key is never shown. */
1708 list_keyblock_direct (ctrl_t ctrl,
1709 kbnode_t keyblock, int secret, int has_secret, int fpr,
1712 struct keylist_context listctx;
1714 memset (&listctx, 0, sizeof (listctx));
1715 listctx.no_validity = !!no_validity;
1716 list_keyblock (ctrl, keyblock, secret, has_secret, fpr, &listctx);
1717 keylist_context_release (&listctx);
1721 /* Print an hex digit in ICAO spelling. */
1723 print_icao_hexdigit (estream_t fp, int c)
1725 static const char *list[16] = {
1726 "Zero", "One", "Two", "Three", "Four", "Five", "Six", "Seven",
1727 "Eight", "Niner", "Alfa", "Bravo", "Charlie", "Delta", "Echo", "Foxtrot"
1730 tty_fprintf (fp, "%s", list[c&15]);
1735 * Function to print the finperprint.
1736 * mode 0: as used in key listings, opt.with_colons is honored
1737 * 1: print using log_info ()
1738 * 2: direct use of tty
1739 * 3: direct use of tty but only primary key.
1740 * 4: direct use of tty but only subkey.
1741 * 10: Same as 0 but with_colons etc is ignored.
1742 * 20: Same as 0 but using a compact format.
1744 * Modes 1 and 2 will try and print both subkey and primary key
1745 * fingerprints. A MODE with bit 7 set is used internally. If
1746 * OVERRIDE_FP is not NULL that stream will be used in 0 instead
1747 * of es_stdout or instead of the TTY in modes 2 and 3.
1750 print_fingerprint (ctrl_t ctrl, estream_t override_fp,
1751 PKT_public_key *pk, int mode)
1753 char hexfpr[2*MAX_FINGERPRINT_LEN+1];
1759 int with_colons = opt.with_colons;
1760 int with_icao = opt.with_icao_spelling;
1769 else if (mode == 20)
1776 if (!opt.fingerprint && !opt.with_fingerprint
1777 && opt.with_subkey_fingerprint)
1780 if (pk->main_keyid[0] == pk->keyid[0]
1781 && pk->main_keyid[1] == pk->keyid[1])
1784 /* Just to be safe */
1785 if ((mode & 0x80) && !primary)
1787 log_error ("primary key is not really primary!\n");
1793 if (!primary && (mode == 1 || mode == 2))
1795 PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
1796 get_pubkey (ctrl, primary_pk, pk->main_keyid);
1797 print_fingerprint (ctrl, override_fp, primary_pk, (mode | 0x80));
1798 free_public_key (primary_pk);
1803 fp = log_get_stream ();
1805 text = _("Primary key fingerprint:");
1807 text = _(" Subkey fingerprint:");
1811 fp = override_fp; /* Use tty or given stream. */
1813 /* TRANSLATORS: this should fit into 24 bytes so that the
1814 * fingerprint data is properly aligned with the user ID */
1815 text = _(" Primary key fingerprint:");
1817 text = _(" Subkey fingerprint:");
1821 fp = override_fp; /* Use tty or given stream. */
1822 text = _(" Key fingerprint =");
1826 fp = override_fp; /* Use tty or given stream. */
1827 text = _(" Subkey fingerprint:");
1831 fp = override_fp? override_fp : es_stdout;
1832 if (opt.keyid_format == KF_NONE)
1834 text = " "; /* To indent ICAO spelling. */
1838 text = _(" Key fingerprint =");
1841 hexfingerprint (pk, hexfpr, sizeof hexfpr);
1842 if (with_colons && !mode)
1844 es_fprintf (fp, "fpr:::::::::%s:", hexfpr);
1846 else if (compact && !opt.fingerprint && !opt.with_fingerprint)
1848 tty_fprintf (fp, "%*s%s", 6, "", hexfpr);
1852 char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1];
1853 format_hexfingerprint (hexfpr, fmtfpr, sizeof fmtfpr);
1855 tty_fprintf (fp, "%*s%s", 6, "", fmtfpr);
1857 tty_fprintf (fp, "%s %s", text, fmtfpr);
1859 tty_fprintf (fp, "\n");
1860 if (!with_colons && with_icao)
1863 tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, "");
1864 for (i = 0, p = hexfpr; *p; i++, p++)
1869 tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, "");
1871 tty_fprintf (fp, " ");
1873 tty_fprintf (fp, " ");
1874 print_icao_hexdigit (fp, xtoi_1 (p));
1876 tty_fprintf (fp, "\"\n");
1880 /* Print the serial number of an OpenPGP card if available. */
1882 print_card_serialno (const char *serialno)
1886 if (opt.with_colons)
1887 return; /* Handled elsewhere. */
1889 es_fputs (_(" Card serial no. ="), es_stdout);
1890 es_putc (' ', es_stdout);
1891 if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12))
1893 /* This is an OpenPGP card. Print the relevant part. */
1894 /* Example: D2760001240101010001000003470000 */
1896 es_fprintf (es_stdout, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
1899 es_fputs (serialno, es_stdout);
1900 es_putc ('\n', es_stdout);
1904 /* Print a public or secret (sub)key line. Example:
1906 * pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31]
1907 * 80615870F5BAD690333686D0F2AD85AC1E42B367
1909 * Some global options may result in a different output format. If
1910 * SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and
1911 * depending on the value a flag character is shown:
1913 * 1 := ' ' Regular secret key
1914 * 2 := '#' Stub secret key
1915 * 3 := '>' Secret key is on a token.
1918 print_key_line (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, int secret)
1920 char pkstrbuf[PUBKEY_STRING_SIZE];
1922 tty_fprintf (fp, "%s%c %s",
1923 pk->flags.primary? (secret? "sec":"pub")
1924 /**/ : (secret? "ssb":"sub"),
1925 secret == 2? '#' : secret == 3? '>' : ' ',
1926 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf));
1927 if (opt.keyid_format != KF_NONE)
1928 tty_fprintf (fp, "/%s", keystr_from_pk (pk));
1929 tty_fprintf (fp, " %s", datestr_from_pk (pk));
1931 if ((opt.list_options & LIST_SHOW_USAGE))
1933 tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0));
1935 if (pk->flags.revoked)
1937 tty_fprintf (fp, " [");
1938 tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk));
1939 tty_fprintf (fp, "]");
1941 else if (pk->has_expired)
1943 tty_fprintf (fp, " [");
1944 tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk));
1945 tty_fprintf (fp, "]");
1947 else if (pk->expiredate)
1949 tty_fprintf (fp, " [");
1950 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
1951 tty_fprintf (fp, "]");
1955 /* I need to think about this some more. It's easy enough to
1956 include, but it looks sort of confusing in the listing... */
1957 if (opt.list_options & LIST_SHOW_VALIDITY)
1959 int validity = get_validity (ctrl, pk, NULL, NULL, 0);
1960 tty_fprintf (fp, " [%s]", trust_value_to_string (validity));
1964 if (pk->pubkey_algo >= 100)
1965 tty_fprintf (fp, " [experimental algorithm %d]", pk->pubkey_algo);
1967 tty_fprintf (fp, "\n");
1969 /* if the user hasn't explicitly asked for human-readable
1970 fingerprints, show compact fpr of primary key: */
1971 if (pk->flags.primary &&
1972 !opt.fingerprint && !opt.with_fingerprint)
1973 print_fingerprint (ctrl, fp, pk, 20);
1978 set_attrib_fd (int fd)
1980 static int last_fd = -1;
1982 if (fd != -1 && last_fd == fd)
1985 /* Fixme: Do we need to check for the log stream here? */
1986 if (attrib_fp && attrib_fp != log_get_stream ())
1987 es_fclose (attrib_fp);
1992 if (! gnupg_fd_valid (fd))
1993 log_fatal ("attribute-fd is invalid: %s\n", strerror (errno));
1995 #ifdef HAVE_DOSISH_SYSTEM
1996 setmode (fd, O_BINARY);
1999 attrib_fp = es_stdout;
2001 attrib_fp = es_stderr;
2003 attrib_fp = es_fdopen (fd, "wb");
2006 log_fatal ("can't open fd %d for attribute output: %s\n",
2007 fd, strerror (errno));