1 /* keylist.c - Print information about OpenPGP keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2008, 2010, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2013, 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
27 #ifdef HAVE_DOSISH_SYSTEM
28 # include <fcntl.h> /* for setmode() */
34 #include "../common/status.h"
37 #include "../common/util.h"
38 #include "../common/ttyio.h"
41 #include "../common/i18n.h"
42 #include "../common/status.h"
43 #include "call-agent.h"
44 #include "../common/mbox-util.h"
45 #include "../common/zb32.h"
47 #include "../common/compliance.h"
48 #include "../common/pkscreening.h"
51 static void list_all (ctrl_t, int, int);
52 static void list_one (ctrl_t ctrl,
53 strlist_t names, int secret, int mark_secret);
54 static void locate_one (ctrl_t ctrl, strlist_t names, int no_local);
55 static void print_card_serialno (const char *serialno);
57 struct keylist_context
59 int check_sigs; /* If set signatures shall be verified. */
60 int good_sigs; /* Counter used if CHECK_SIGS is set. */
61 int inv_sigs; /* Counter used if CHECK_SIGS is set. */
62 int no_key; /* Counter used if CHECK_SIGS is set. */
63 int oth_err; /* Counter used if CHECK_SIGS is set. */
64 int no_validity; /* Do not show validity. */
68 static void list_keyblock (ctrl_t ctrl,
69 kbnode_t keyblock, int secret, int has_secret,
70 int fpr, struct keylist_context *listctx);
73 /* The stream used to write attribute packets to. */
74 static estream_t attrib_fp;
77 /* Release resources from a keylist context. */
79 keylist_context_release (struct keylist_context *listctx)
81 (void)listctx; /* Nothing to release. */
85 /* List the keys. If list is NULL, all available keys are listed.
86 * With LOCATE_MODE set the locate algorithm is used to find a key; if
87 * in addition NO_LOCAL is set the locate does not look into the local
90 public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode, int no_local)
92 #ifndef NO_TRUST_MODELS
95 byte trust_model, marginals, completes, cert_depth, min_cert_level;
96 ulong created, nextcheck;
98 read_trust_options (ctrl, &trust_model, &created, &nextcheck,
99 &marginals, &completes, &cert_depth, &min_cert_level);
101 es_fprintf (es_stdout, "tru:");
103 if (nextcheck && nextcheck <= make_timestamp ())
104 es_fprintf (es_stdout, "o");
105 if (trust_model != opt.trust_model)
106 es_fprintf (es_stdout, "t");
107 if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
108 || opt.trust_model == TM_TOFU_PGP)
110 if (marginals != opt.marginals_needed)
111 es_fprintf (es_stdout, "m");
112 if (completes != opt.completes_needed)
113 es_fprintf (es_stdout, "c");
114 if (cert_depth != opt.max_cert_depth)
115 es_fprintf (es_stdout, "d");
116 if (min_cert_level != opt.min_cert_level)
117 es_fprintf (es_stdout, "l");
120 es_fprintf (es_stdout, ":%d:%lu:%lu", trust_model, created, nextcheck);
122 /* Only show marginals, completes, and cert_depth in the classic
123 or PGP trust models since they are not meaningful
126 if (trust_model == TM_PGP || trust_model == TM_CLASSIC)
127 es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth);
128 es_fprintf (es_stdout, "\n");
130 #endif /*!NO_TRUST_MODELS*/
132 /* We need to do the stale check right here because it might need to
133 update the keyring while we already have the keyring open. This
134 is very bad for W32 because of a sharing violation. For real OSes
135 it might lead to false results if we are later listing a keyring
136 which is associated with the inode of a deleted file. */
137 check_trustdb_stale (ctrl);
140 tofu_begin_batch_update (ctrl);
144 locate_one (ctrl, list, no_local);
146 list_all (ctrl, 0, opt.with_secret);
148 list_one (ctrl, list, 0, opt.with_secret);
151 tofu_end_batch_update (ctrl);
157 secret_key_list (ctrl_t ctrl, strlist_t list)
161 check_trustdb_stale (ctrl);
164 list_all (ctrl, 1, 0);
165 else /* List by user id */
166 list_one (ctrl, list, 1, 0);
170 /* Helper for print_key_info and print_key_info_log. */
172 format_key_info (ctrl_t ctrl, PKT_public_key *pk, int secret)
176 char pkstrbuf[PUBKEY_STRING_SIZE];
179 keyid_from_pk (pk, keyid);
181 /* If the pk was chosen by a particular user ID, that is the one to
184 p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
186 p = get_user_id_native (ctrl, keyid);
188 result = xtryasprintf ("%s %s/%s %s %s",
189 secret? (pk->flags.primary? "sec":"ssb")
190 /* */ : (pk->flags.primary? "pub":"sub"),
191 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
192 keystr (keyid), datestr_from_pk (pk), p);
198 /* Print basic information about a public or secret key. With FP
199 * passed as NULL, the tty output interface is used, otherwise output
200 * is directed to the given stream. INDENT gives the requested
201 * indentation; if that is a negative value indentation is suppressed
202 * for the first line. SECRET tells that the PK has a secret part.
203 * FIXME: This is similar in use to print_key_line and thus both
204 * functions should eventually be united.
207 print_key_info (ctrl_t ctrl, estream_t fp,
208 int indent, PKT_public_key *pk, int secret)
210 int indentabs = indent >= 0? indent : -indent;
213 /* Note: Negative values for INDENT are not yet needed. */
215 info = format_key_info (ctrl, pk, secret);
217 if (!fp && indent >= 0)
218 tty_printf ("\n"); /* (Backward compatibility to old code) */
219 tty_fprintf (fp, "%*s%s\n", indentabs, "",
220 info? info : "[Ooops - out of core]");
226 /* Same as print_key_info put print using the log functions at
229 print_key_info_log (ctrl_t ctrl, int loglevel,
230 int indent, PKT_public_key *pk, int secret)
232 int indentabs = indent >= 0? indent : -indent;
235 info = format_key_info (ctrl, pk, secret);
237 log_log (loglevel, "%*s%s\n", indentabs, "",
238 info? info : "[Ooops - out of core]");
244 /* Print basic information of a secret key including the card serial
245 number information. */
246 #ifdef ENABLE_CARD_SUPPORT
248 print_card_key_info (estream_t fp, kbnode_t keyblock)
254 char pkstrbuf[PUBKEY_STRING_SIZE];
257 for (node = keyblock; node; node = node->next)
259 if (node->pkt->pkttype == PKT_PUBLIC_KEY
260 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
263 PKT_public_key *pk = node->pkt->pkt.public_key;
266 rc = hexkeygrip_from_pk (pk, &hexgrip);
269 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
272 else if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
273 s2k_char = serialno? '>':' ';
275 s2k_char = '#'; /* Key not found. */
277 tty_fprintf (fp, "%s%c %s/%s %n",
278 node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb",
280 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
283 tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
284 tty_fprintf (fp, " ");
285 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
288 tty_fprintf (fp, "\n%*s%s", indent, "", _("card-no: "));
289 if (strlen (serialno) == 32
290 && !strncmp (serialno, "D27600012401", 12))
292 /* This is an OpenPGP card. Print the relevant part. */
293 /* Example: D2760001240101010001000003470000 */
295 tty_fprintf (fp, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
298 tty_fprintf (fp, "%s", serialno);
300 tty_fprintf (fp, "\n");
306 #endif /*ENABLE_CARD_SUPPORT*/
309 /* Flags = 0x01 hashed 0x02 critical. */
311 status_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
316 /* Don't print these. */
320 snprintf (status, sizeof status,
321 "%d %u %u ", type, flags, (unsigned int) len);
323 write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0);
327 /* Print a policy URL. Allowed values for MODE are:
328 * -1 - print to the TTY
329 * 0 - print to stdout.
330 * 1 - use log_info and emit status messages.
331 * 2 - emit only status messages.
334 show_policy_url (PKT_signature * sig, int indent, int mode)
339 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
341 while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_POLICY, &len, &seq, &crit)))
347 tty_fprintf (fp, "%*s", indent, "");
350 str = _("Critical signature policy: ");
352 str = _("Signature policy: ");
354 log_info ("%s", str);
356 tty_fprintf (fp, "%s", str);
357 tty_print_utf8_string2 (fp, p, len, 0);
358 tty_fprintf (fp, "\n");
362 write_status_buffer (STATUS_POLICY_URL, p, len, 0);
367 /* Print a keyserver URL. Allowed values for MODE are:
368 * -1 - print to the TTY
369 * 0 - print to stdout.
370 * 1 - use log_info and emit status messages.
371 * 2 - emit only status messages.
374 show_keyserver_url (PKT_signature * sig, int indent, int mode)
379 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
381 while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &len, &seq, &crit)))
387 tty_fprintf (fp, "%*s", indent, "");
390 str = _("Critical preferred keyserver: ");
392 str = _("Preferred keyserver: ");
394 log_info ("%s", str);
396 tty_fprintf (fp, "%s", str);
397 tty_print_utf8_string2 (fp, p, len, 0);
398 tty_fprintf (fp, "\n");
402 status_one_subpacket (SIGSUBPKT_PREF_KS, len,
403 (crit ? 0x02 : 0) | 0x01, p);
408 /* Print notation data. Allowed values for MODE are:
409 * -1 - print to the TTY
410 * 0 - print to stdout.
411 * 1 - use log_info and emit status messages.
412 * 2 - emit only status messages.
414 * Defined bits in WHICH:
415 * 1 - standard notations
419 show_notation (PKT_signature * sig, int indent, int mode, int which)
421 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
422 notation_t nd, notations;
427 notations = sig_to_notation (sig);
429 /* There may be multiple notations in the same sig. */
430 for (nd = notations; nd; nd = nd->next)
434 int has_at = !!strchr (nd->name, '@');
436 if ((which & 1 && !has_at) || (which & 2 && has_at))
440 tty_fprintf (fp, "%*s", indent, "");
442 if (nd->flags.critical)
443 str = _("Critical signature notation: ");
445 str = _("Signature notation: ");
447 log_info ("%s", str);
449 tty_fprintf (fp, "%s", str);
450 /* This is all UTF8 */
451 tty_print_utf8_string2 (fp, nd->name, strlen (nd->name), 0);
452 tty_fprintf (fp, "=");
453 tty_print_utf8_string2 (fp, nd->value, strlen (nd->value), 0);
454 /* (We need to use log_printf so that the next call to a
455 log function does not insert an extra LF.) */
459 tty_fprintf (fp, "\n");
465 write_status_buffer (STATUS_NOTATION_NAME,
466 nd->name, strlen (nd->name), 0);
467 if (nd->flags.critical || nd->flags.human)
468 write_status_text (STATUS_NOTATION_FLAGS,
469 nd->flags.critical && nd->flags.human? "1 1" :
470 nd->flags.critical? "1 0" : "0 1");
471 if (!nd->flags.human && nd->bdat && nd->blen)
472 write_status_buffer (STATUS_NOTATION_DATA,
473 nd->bdat, nd->blen, 250);
475 write_status_buffer (STATUS_NOTATION_DATA,
476 nd->value, strlen (nd->value), 50);
480 free_notation (notations);
485 print_signature_stats (struct keylist_context *s)
488 return; /* Signature checking was not requested. */
490 /* Better flush stdout so that the stats are always printed after
492 es_fflush (es_stdout);
495 log_info (ngettext("%d good signature\n",
496 "%d good signatures\n", s->good_sigs), s->good_sigs);
499 log_info (ngettext("%d bad signature\n",
500 "%d bad signatures\n", s->inv_sigs), s->inv_sigs);
503 log_info (ngettext("%d signature not checked due to a missing key\n",
504 "%d signatures not checked due to missing keys\n",
505 s->no_key), s->no_key);
508 log_info (ngettext("%d signature not checked due to an error\n",
509 "%d signatures not checked due to errors\n",
510 s->oth_err), s->oth_err);
514 /* List all keys. If SECRET is true only secret keys are listed. If
515 MARK_SECRET is true secret keys are indicated in a public key
518 list_all (ctrl_t ctrl, int secret, int mark_secret)
521 KBNODE keyblock = NULL;
524 const char *lastresname, *resname;
525 struct keylist_context listctx;
527 memset (&listctx, 0, sizeof (listctx));
529 listctx.check_sigs = 1;
531 hd = keydb_new (ctrl);
533 rc = gpg_error_from_syserror ();
535 rc = keydb_search_first (hd);
538 if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
539 log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc));
547 glo_ctrl.silence_parse_warnings++;
548 rc = keydb_get_keyblock (hd, &keyblock);
550 glo_ctrl.silence_parse_warnings--;
553 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
554 continue; /* Skip legacy keys. */
555 log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
559 if (secret || mark_secret)
560 any_secret = !agent_probe_any_secret_key (ctrl, keyblock);
564 if (secret && !any_secret)
565 ; /* Secret key listing requested but this isn't one. */
568 if (!opt.with_colons && !(opt.list_options & LIST_SHOW_ONLY_FPR_MBOX))
570 resname = keydb_get_resource_name (hd);
571 if (lastresname != resname)
575 es_fprintf (es_stdout, "%s\n", resname);
576 for (i = strlen (resname); i; i--)
577 es_putc ('-', es_stdout);
578 es_putc ('\n', es_stdout);
579 lastresname = resname;
582 merge_keys_and_selfsig (ctrl, keyblock);
583 list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint,
586 release_kbnode (keyblock);
589 while (!(rc = keydb_search_next (hd)));
590 es_fflush (es_stdout);
591 if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
592 log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
593 if (keydb_get_skipped_counter (hd))
594 log_info (ngettext("Warning: %lu key skipped due to its large size\n",
595 "Warning: %lu keys skipped due to their large sizes\n",
596 keydb_get_skipped_counter (hd)),
597 keydb_get_skipped_counter (hd));
599 if (opt.check_sigs && !opt.with_colons)
600 print_signature_stats (&listctx);
603 keylist_context_release (&listctx);
604 release_kbnode (keyblock);
610 list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)
613 KBNODE keyblock = NULL;
617 const char *keyring_str = _("Keyring");
619 struct keylist_context listctx;
621 memset (&listctx, 0, sizeof (listctx));
622 if (!secret && opt.check_sigs)
623 listctx.check_sigs = 1;
625 /* fixme: using the bynames function has the disadvantage that we
626 * don't know whether one of the names given was not found. OTOH,
627 * this function has the advantage to list the names in the
628 * sequence as defined by the keyDB and does not duplicate
629 * outputs. A solution could be do test whether all given have
630 * been listed (this needs a way to use the keyDB search
631 * functions) or to have the search function return indicators for
632 * found names. Yet another way is to use the keydb search
633 * facilities directly. */
634 rc = getkey_bynames (ctrl, &ctx, NULL, names, secret, &keyblock);
637 log_error ("error reading key: %s\n", gpg_strerror (rc));
638 getkey_end (ctrl, ctx);
639 write_status_error ("keylist.getkey", rc);
645 /* getkey_bynames makes sure that only secret keys are returned
646 * if requested, thus we do not need to test again. With
647 * MARK_SECRET set (ie. option --with-secret) we have to test
648 * for a secret key, though. */
651 else if (mark_secret)
652 any_secret = !agent_probe_any_secret_key (ctrl, keyblock);
656 if (secret && !any_secret)
657 ;/* Secret key listing requested but getkey_bynames failed. */
660 if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
662 resname = keydb_get_resource_name (get_ctx_handle (ctx));
663 es_fprintf (es_stdout, "%s: %s\n", keyring_str, resname);
664 for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
665 es_putc ('-', es_stdout);
666 es_putc ('\n', es_stdout);
668 list_keyblock (ctrl, keyblock, secret, any_secret,
669 opt.fingerprint, &listctx);
671 release_kbnode (keyblock);
673 while (!getkey_next (ctrl, ctx, NULL, &keyblock));
674 getkey_end (ctrl, ctx);
676 if (opt.check_sigs && !opt.with_colons)
677 print_signature_stats (&listctx);
679 keylist_context_release (&listctx);
684 locate_one (ctrl_t ctrl, strlist_t names, int no_local)
688 GETKEY_CTX ctx = NULL;
689 KBNODE keyblock = NULL;
690 struct keylist_context listctx;
692 memset (&listctx, 0, sizeof (listctx));
694 listctx.check_sigs = 1;
696 for (sl = names; sl; sl = sl->next)
698 rc = get_best_pubkey_byname (ctrl,
699 no_local? GET_PUBKEY_NO_LOCAL
700 /* */: GET_PUBKEY_NORMAL,
701 &ctx, NULL, sl->d, &keyblock, 1);
704 if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
705 log_error ("error reading key: %s\n", gpg_strerror (rc));
706 else if (opt.verbose)
707 log_info (_("key \"%s\" not found: %s\n"),
708 sl->d, gpg_strerror (rc));
714 list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx);
715 release_kbnode (keyblock);
717 while (ctx && !getkey_next (ctrl, ctx, NULL, &keyblock));
718 getkey_end (ctrl, ctx);
723 if (opt.check_sigs && !opt.with_colons)
724 print_signature_stats (&listctx);
726 keylist_context_release (&listctx);
731 print_key_data (PKT_public_key * pk)
733 int n = pk ? pubkey_get_npkey (pk->pubkey_algo) : 0;
736 for (i = 0; i < n; i++)
738 es_fprintf (es_stdout, "pkd:%d:%u:", i, mpi_get_nbits (pk->pkey[i]));
739 mpi_print (es_stdout, pk->pkey[i], 1);
740 es_putc (':', es_stdout);
741 es_putc ('\n', es_stdout);
746 /* Various public key screenings. (Right now just ROCA). With
747 * COLON_MODE set the output is formatted for use in the compliance
748 * field of a colon listing.
751 print_pk_screening (PKT_public_key *pk, int colon_mode)
755 if (is_RSA (pk->pubkey_algo) && pubkey_get_npkey (pk->pubkey_algo))
757 err = screen_key_for_roca (pk->pkey[0]);
760 else if (gpg_err_code (err) == GPG_ERR_TRUE)
763 es_fprintf (es_stdout, colon_mode > 1? " %d":"%d", 6001);
765 es_fprintf (es_stdout,
766 " Screening: ROCA vulnerability detected\n");
768 else if (!colon_mode)
769 es_fprintf (es_stdout, " Screening: [ROCA check failed: %s]\n",
777 print_capabilities (ctrl_t ctrl, PKT_public_key *pk, KBNODE keyblock)
779 unsigned int use = pk->pubkey_usage;
782 if (use & PUBKEY_USAGE_ENC)
783 es_putc ('e', es_stdout);
785 if (use & PUBKEY_USAGE_SIG)
787 es_putc ('s', es_stdout);
788 if (pk->flags.primary)
790 es_putc ('c', es_stdout);
791 /* The PUBKEY_USAGE_CERT flag was introduced later and we
792 used to always print 'c' for a primary key. To avoid any
793 regression here we better track whether we printed 'c'
799 if ((use & PUBKEY_USAGE_CERT) && !c_printed)
800 es_putc ('c', es_stdout);
802 if ((use & PUBKEY_USAGE_AUTH))
803 es_putc ('a', es_stdout);
805 if (use & PUBKEY_USAGE_RENC)
806 es_putc ('r', es_stdout);
807 if ((use & PUBKEY_USAGE_TIME))
808 es_putc ('t', es_stdout);
809 if ((use & PUBKEY_USAGE_GROUP))
810 es_putc ('g', es_stdout);
812 if ((use & PUBKEY_USAGE_UNKNOWN))
813 es_putc ('?', es_stdout);
817 /* Figure out the usable capabilities. */
819 int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0;
821 for (k = keyblock; k; k = k->next)
823 if (k->pkt->pkttype == PKT_PUBLIC_KEY
824 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
826 pk = k->pkt->pkt.public_key;
828 if (pk->flags.primary)
829 disabled = pk_is_disabled (pk);
831 if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired)
833 if (pk->pubkey_usage & PUBKEY_USAGE_ENC)
835 if (pk->pubkey_usage & PUBKEY_USAGE_SIG)
838 if (pk->flags.primary)
841 if (pk->pubkey_usage & PUBKEY_USAGE_CERT)
843 if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
849 es_putc ('E', es_stdout);
851 es_putc ('S', es_stdout);
853 es_putc ('C', es_stdout);
855 es_putc ('A', es_stdout);
857 es_putc ('D', es_stdout);
860 es_putc (':', es_stdout);
864 /* FLAGS: 0x01 hashed
867 print_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
872 es_fprintf (es_stdout, "spk:%d:%u:%u:", type, flags, (unsigned int) len);
874 for (i = 0; i < len; i++)
876 /* printable ascii other than : and % */
877 if (buf[i] >= 32 && buf[i] <= 126 && buf[i] != ':' && buf[i] != '%')
878 es_fprintf (es_stdout, "%c", buf[i]);
880 es_fprintf (es_stdout, "%%%02X", buf[i]);
883 es_fprintf (es_stdout, "\n");
888 print_subpackets_colon (PKT_signature * sig)
892 log_assert (opt.show_subpackets);
894 for (i = opt.show_subpackets; *i; i++)
902 while ((p = enum_sig_subpkt (sig, 1, *i, &len, &seq, &crit)))
903 print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
907 while ((p = enum_sig_subpkt (sig, 0, *i, &len, &seq, &crit)))
908 print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
914 dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
921 for (i = 0; i < uid->numattribs; i++)
923 if (is_status_enabled ())
925 byte array[MAX_FINGERPRINT_LEN], *p;
926 char buf[(MAX_FINGERPRINT_LEN * 2) + 90];
931 fingerprint_from_pk (pk, array, &n);
934 for (j = 0; j < n; j++, p++)
935 sprintf (buf + 2 * j, "%02X", *p);
937 sprintf (buf + strlen (buf), " %lu %u %u %u %lu %lu %u",
938 (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1,
939 uid->numattribs, (ulong) uid->created,
940 (ulong) uid->expiredate,
941 ((uid->flags.primary ? 0x01 : 0) | (uid->flags.revoked ? 0x02 : 0) |
942 (uid->flags.expired ? 0x04 : 0)));
943 write_status_text (STATUS_ATTRIBUTE, buf);
946 es_fwrite (uid->attribs[i].data, uid->attribs[i].len, 1, attrib_fp);
947 es_fflush (attrib_fp);
952 /* Order two signatures. We first order by keyid and then by creation
955 cmp_signodes (const void *av, const void *bv)
957 const kbnode_t an = *(const kbnode_t *)av;
958 const kbnode_t bn = *(const kbnode_t *)bv;
959 const PKT_signature *a;
960 const PKT_signature *b;
963 /* log_assert (an->pkt->pkttype == PKT_SIGNATURE); */
964 /* log_assert (bn->pkt->pkttype == PKT_SIGNATURE); */
966 a = an->pkt->pkt.signature;
967 b = bn->pkt->pkt.signature;
969 /* Self-signatures are ordered first. */
970 if ((an->flag & NODFLG_MARK_B) && !(bn->flag & NODFLG_MARK_B))
972 if (!(an->flag & NODFLG_MARK_B) && (bn->flag & NODFLG_MARK_B))
975 /* then the keyids. (which are or course the same for self-sigs). */
976 i = keyid_cmp (a->keyid, b->keyid);
980 /* Followed by creation time */
981 if (a->timestamp > b->timestamp)
983 if (a->timestamp < b->timestamp)
986 /* followed by the class in a way that a rev comes first. */
987 if (a->sig_class > b->sig_class)
989 if (a->sig_class < b->sig_class)
992 /* To make the sort stable we compare the entire structure as last resort. */
993 return memcmp (a, b, sizeof *a);
997 /* Helper for list_keyblock_print. */
999 list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
1000 struct keylist_context *listctx)
1002 /* (extra indentation to keep the diff history short) */
1003 PKT_signature *sig = node->pkt->pkt.signature;
1006 char *reason_text = NULL;
1007 char *reason_comment = NULL;
1008 size_t reason_commentlen;
1009 int reason_code = 0;
1011 if (listctx->check_sigs)
1013 rc = check_key_signature (ctrl, keyblock, node, NULL);
1014 switch (gpg_err_code (rc))
1017 listctx->good_sigs++;
1020 case GPG_ERR_BAD_SIGNATURE:
1021 listctx->inv_sigs++;
1024 case GPG_ERR_NO_PUBKEY:
1025 case GPG_ERR_UNUSABLE_PUBKEY:
1034 /* TODO: Make sure a cached sig record here still has
1035 the pk that issued it. See also
1036 keyedit.c:print_and_check_one_sig */
1044 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1045 || sig->sig_class == 0x30)
1048 reason_code = get_revocation_reason (sig, &reason_text,
1050 &reason_commentlen);
1052 else if ((sig->sig_class & ~3) == 0x10)
1054 else if (sig->sig_class == 0x18)
1056 else if (sig->sig_class == 0x1F)
1060 es_fprintf (es_stdout, "sig "
1061 "[unexpected signature class 0x%02x]\n",
1066 es_fputs (sigstr, es_stdout);
1067 es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s",
1068 sigrc, (sig->sig_class - 0x10 > 0 &&
1069 sig->sig_class - 0x10 <
1070 4) ? '0' + sig->sig_class - 0x10 : ' ',
1071 sig->flags.exportable ? ' ' : 'L',
1072 sig->flags.revocable ? ' ' : 'R',
1073 sig->flags.policy_url ? 'P' : ' ',
1074 sig->flags.notation ? 'N' : ' ',
1075 sig->flags.expired ? 'X' : ' ',
1076 (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
1078 sig->trust_depth : ' ', keystr (sig->keyid),
1079 datestr_from_sig (sig));
1080 if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
1081 es_fprintf (es_stdout, " %s", expirestr_from_sig (sig));
1082 es_fprintf (es_stdout, " ");
1084 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1085 else if (sigrc == '?')
1087 else if (!opt.fast_list_mode)
1090 char *p = get_user_id (ctrl, sig->keyid, &n, NULL);
1091 print_utf8_buffer (es_stdout, p, n);
1094 es_putc ('\n', es_stdout);
1096 if (sig->flags.policy_url
1097 && (opt.list_options & LIST_SHOW_POLICY_URLS))
1098 show_policy_url (sig, 3, 0);
1100 if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
1101 show_notation (sig, 3, 0,
1103 list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
1106 list_options & LIST_SHOW_USER_NOTATIONS) ? 2 :
1109 if (sig->flags.pref_ks
1110 && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
1111 show_keyserver_url (sig, 3, 0);
1113 if (reason_text && (reason_code || reason_comment))
1115 es_fprintf (es_stdout, " %s%s\n",
1116 _("reason for revocation: "), reason_text);
1119 const byte *s, *s_lf;
1123 n = reason_commentlen;
1127 /* We don't want any empty lines, so we skip them. */
1128 for (;n && *s == '\n'; s++, n--)
1132 s_lf = memchr (s, '\n', n);
1133 n_lf = s_lf? s_lf - s : n;
1134 es_fprintf (es_stdout, " %s",
1135 _("revocation comment: "));
1136 es_write_sanitized (es_stdout, s, n_lf, NULL, NULL);
1137 es_putc ('\n', es_stdout);
1138 s += n_lf; n -= n_lf;
1144 xfree (reason_text);
1145 xfree (reason_comment);
1147 /* fixme: check or list other sigs here */
1152 list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
1153 struct keylist_context *listctx)
1160 char *hexgrip = NULL;
1161 char *serialno = NULL;
1163 /* Get the keyid from the keyblock. */
1164 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1167 log_error ("Oops; key lost!\n");
1168 dump_kbnode (keyblock);
1172 pk = node->pkt->pkt.public_key;
1173 mainkid = pk_keyid (pk);
1175 if (secret || opt.with_keygrip)
1177 rc = hexkeygrip_from_pk (pk, &hexgrip);
1179 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1184 /* Encode some info about the secret key in SECRET. */
1185 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1186 secret = serialno? 3 : 1;
1188 secret = 2; /* Key not found. */
1191 if (!listctx->no_validity)
1192 check_trustdb_stale (ctrl);
1194 /* Print the "pub" line and in KF_NONE mode the fingerprint. */
1195 print_key_line (ctrl, es_stdout, pk, secret);
1198 print_fingerprint (ctrl, NULL, pk, 0);
1200 if (opt.with_keygrip && hexgrip)
1201 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1204 print_card_serialno (serialno);
1206 if (opt.with_key_data)
1207 print_key_data (pk);
1209 if (opt.with_key_screening)
1210 print_pk_screening (pk, 0);
1212 if (opt.with_key_origin
1213 && (pk->keyorg || pk->keyupdate || pk->updateurl))
1215 char updatestr[MK_DATESTR_SIZE];
1217 es_fprintf (es_stdout, " origin=%s last=%s %s",
1218 key_origin_string (pk->keyorg),
1219 mk_datestr (updatestr, sizeof updatestr, pk->keyupdate),
1220 pk->updateurl? "url=":"");
1222 print_utf8_string (es_stdout, pk->updateurl);
1223 es_putc ('\n', es_stdout);
1226 for (node = keyblock; node; node = node->next)
1228 if (is_deleted_kbnode (node))
1231 if (node->pkt->pkttype == PKT_USER_ID)
1233 PKT_user_id *uid = node->pkt->pkt.user_id;
1235 int kl = opt.keyid_format == KF_NONE? 10 : keystrlen ();
1237 if ((uid->flags.expired || uid->flags.revoked)
1238 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
1246 if (attrib_fp && uid->attrib_data != NULL)
1247 dump_attribs (uid, pk);
1249 if ((uid->flags.revoked || uid->flags.expired)
1250 || ((opt.list_options & LIST_SHOW_UID_VALIDITY)
1251 && !listctx->no_validity))
1253 const char *validity;
1255 validity = uid_trust_string_fixed (ctrl, pk, uid);
1256 indent = ((kl + (opt.legacy_list_mode? 9:11))
1257 - atoi (uid_trust_string_fixed (ctrl, NULL, NULL)));
1258 if (indent < 0 || indent > 40)
1261 es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity);
1265 indent = kl + (opt.legacy_list_mode? 10:12);
1266 es_fprintf (es_stdout, "uid%*s", indent, "");
1269 print_utf8_buffer (es_stdout, uid->name, uid->len);
1270 es_putc ('\n', es_stdout);
1272 if (opt.with_wkd_hash)
1274 char *mbox, *hash, *p;
1277 mbox = mailbox_from_userid (uid->name, 0);
1278 if (mbox && (p = strchr (mbox, '@')))
1281 gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
1282 mbox, strlen (mbox));
1283 hash = zb32_encode (hashbuf, 8*20);
1286 es_fprintf (es_stdout, " %*s%s@%s\n",
1287 indent, "", hash, p);
1294 if (opt.with_key_origin
1295 && (uid->keyorg || uid->keyupdate || uid->updateurl))
1297 char updatestr[MK_DATESTR_SIZE];
1299 es_fprintf (es_stdout, " %*sorigin=%s last=%s %s",
1301 key_origin_string (uid->keyorg),
1302 mk_datestr (updatestr, sizeof updatestr,
1304 uid->updateurl? "url=":"");
1306 print_utf8_string (es_stdout, uid->updateurl);
1307 es_putc ('\n', es_stdout);
1310 if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
1311 show_photos (ctrl, uid->attribs, uid->numattribs, pk, uid);
1313 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1315 PKT_public_key *pk2 = node->pkt->pkt.public_key;
1317 if ((pk2->flags.revoked || pk2->has_expired)
1318 && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS))
1326 xfree (serialno); serialno = NULL;
1327 xfree (hexgrip); hexgrip = NULL;
1328 if (secret || opt.with_keygrip)
1330 rc = hexkeygrip_from_pk (pk2, &hexgrip);
1332 log_error ("error computing a keygrip: %s\n",
1337 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1338 secret = serialno? 3 : 1;
1340 secret = 2; /* Key not found. */
1343 /* Print the "sub" line. */
1344 print_key_line (ctrl, es_stdout, pk2, secret);
1345 if (fpr > 1 || opt.with_subkey_fingerprint)
1347 print_fingerprint (ctrl, NULL, pk2, 0);
1349 print_card_serialno (serialno);
1351 if (opt.with_keygrip && hexgrip)
1352 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1353 if (opt.with_key_data)
1354 print_key_data (pk2);
1355 if (opt.with_key_screening)
1356 print_pk_screening (pk2, 0);
1358 else if (opt.list_sigs
1359 && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
1361 if ((opt.list_options & LIST_SORT_SIGS))
1364 unsigned int sigcount = 0;
1368 for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1370 sigarray = xcalloc (sigcount, sizeof *sigarray);
1373 for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1375 if (!keyid_cmp (mainkid, n->pkt->pkt.signature->keyid))
1376 n->flag |= NODFLG_MARK_B; /* Is a self-sig. */
1378 n->flag &= ~NODFLG_MARK_B;
1380 sigarray[sigcount++] = node = n;
1382 /* Note that NODE is now at the last signature. */
1384 qsort (sigarray, sigcount, sizeof *sigarray, cmp_signodes);
1386 for (idx=0; idx < sigcount; idx++)
1387 list_signature_print (ctrl, keyblock, sigarray[idx], listctx);
1391 list_signature_print (ctrl, keyblock, node, listctx);
1394 es_putc ('\n', es_stdout);
1400 /* Do a simple key listing printing only the fingerprint and the mail
1401 * address of valid keys. */
1403 list_keyblock_simple (ctrl_t ctrl, kbnode_t keyblock)
1408 char hexfpr[2*MAX_FINGERPRINT_LEN+1];
1413 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1416 log_error ("Oops; key lost!\n");
1417 dump_kbnode (keyblock);
1420 hexfingerprint (node->pkt->pkt.public_key, hexfpr, sizeof hexfpr);
1422 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1424 if (node->pkt->pkttype == PKT_USER_ID)
1426 PKT_user_id *uid = node->pkt->pkt.user_id;
1428 if (uid->attrib_data)
1431 if (uid->flags.expired || uid->flags.revoked)
1434 mbox = mailbox_from_userid (uid->name, 0);
1437 ec = gpg_err_code_from_syserror ();
1438 if (ec != GPG_ERR_EINVAL)
1439 log_error ("error getting mailbox from user-id: %s\n",
1443 es_fprintf (es_stdout, "%s %s\n", hexfpr, mbox);
1451 print_revokers (estream_t fp, PKT_public_key * pk)
1453 /* print the revoker record */
1454 if (!pk->revkey && pk->numrevkeys)
1460 for (i = 0; i < pk->numrevkeys; i++)
1464 es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid);
1465 p = pk->revkey[i].fpr;
1466 for (j = 0; j < pk->revkey[i].fprlen; j++, p++)
1467 es_fprintf (fp, "%02X", *p);
1468 es_fprintf (fp, ":%02x%s:\n",
1469 pk->revkey[i].class,
1470 (pk->revkey[i].class & 0x40) ? "s" : "");
1476 /* Print the compliance flags to field 18. PK is the public key.
1477 * KEYLENGTH is the length of the key in bits and CURVENAME is either
1478 * NULL or the name of the curve. The latter two args are here
1479 * merely because the caller has already computed them. */
1481 print_compliance_flags (PKT_public_key *pk,
1482 unsigned int keylength, const char *curvename)
1487 keylength = nbits_from_pk (pk);
1489 if (pk->version == 5)
1491 es_fputs (gnupg_status_compliance_flag (CO_GNUPG), es_stdout);
1494 if (gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0, pk->pkey,
1495 keylength, curvename))
1497 es_fprintf (es_stdout, any ? " %s" : "%s",
1498 gnupg_status_compliance_flag (CO_DE_VS));
1502 if (opt.with_key_screening)
1503 print_pk_screening (pk, 1+any);
1507 /* List a key in colon mode. If SECRET is true this is a secret key
1508 record (i.e. requested via --list-secret-key). If HAS_SECRET a
1509 secret key is available even if SECRET is not set. */
1511 list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
1512 int secret, int has_secret)
1519 int trustletter = 0;
1520 int trustletter_print;
1521 int ownertrust_print;
1524 char *hexgrip_buffer = NULL;
1525 const char *hexgrip = NULL;
1526 char *serialno = NULL;
1528 unsigned int keylength;
1530 const char *curvename = NULL;
1532 /* Get the keyid from the keyblock. */
1533 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1536 log_error ("Oops; key lost!\n");
1537 dump_kbnode (keyblock);
1541 pk = node->pkt->pkt.public_key;
1542 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1544 rc = hexkeygrip_from_pk (pk, &hexgrip_buffer);
1546 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1547 /* In the error case we print an empty string so that we have a
1548 * "grp" record for each primary and subkey - even if it is
1549 * empty. This may help to prevent sync problems. */
1550 hexgrip = hexgrip_buffer? hexgrip_buffer : "";
1553 if ((secret || has_secret)
1554 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1555 stubkey = 1; /* Key not found. */
1557 keyid_from_pk (pk, keyid);
1558 if (!pk->flags.valid)
1559 trustletter_print = 'i';
1560 else if (pk->flags.revoked)
1561 trustletter_print = 'r';
1562 else if (pk->has_expired)
1563 trustletter_print = 'e';
1564 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1565 trustletter_print = 0;
1568 trustletter = get_validity_info (ctrl, keyblock, pk, NULL);
1569 if (trustletter == 'u')
1571 trustletter_print = trustletter;
1574 if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
1575 ownertrust_print = get_ownertrust_info (ctrl, pk, 0);
1577 ownertrust_print = 0;
1579 keylength = nbits_from_pk (pk);
1581 es_fputs (secret? "sec:":"pub:", es_stdout);
1582 if (trustletter_print)
1583 es_putc (trustletter_print, es_stdout);
1584 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::",
1587 (ulong) keyid[0], (ulong) keyid[1],
1588 colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
1590 if (ownertrust_print)
1591 es_putc (ownertrust_print, es_stdout);
1592 es_putc (':', es_stdout);
1594 es_putc (':', es_stdout);
1595 es_putc (':', es_stdout);
1596 print_capabilities (ctrl, pk, keyblock);
1597 es_putc (':', es_stdout); /* End of field 13. */
1598 es_putc (':', es_stdout); /* End of field 14. */
1599 if (secret || has_secret)
1602 es_putc ('#', es_stdout);
1604 es_fputs (serialno, es_stdout);
1605 else if (has_secret)
1606 es_putc ('+', es_stdout);
1608 es_putc (':', es_stdout); /* End of field 15. */
1609 es_putc (':', es_stdout); /* End of field 16. */
1610 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1611 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1612 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1614 curve = openpgp_oid_to_str (pk->pkey[0]);
1615 curvename = openpgp_oid_to_curve (curve, 0);
1618 es_fputs (curvename, es_stdout);
1620 es_putc (':', es_stdout); /* End of field 17. */
1621 print_compliance_flags (pk, keylength, curvename);
1622 es_putc (':', es_stdout); /* End of field 18 (compliance). */
1624 es_fputs (colon_strtime (pk->keyupdate), es_stdout);
1625 es_putc (':', es_stdout); /* End of field 19 (last_update). */
1626 es_fprintf (es_stdout, "%d%s", pk->keyorg, pk->updateurl? " ":"");
1628 es_write_sanitized (es_stdout, pk->updateurl, strlen (pk->updateurl),
1630 es_putc (':', es_stdout); /* End of field 20 (origin). */
1631 es_putc ('\n', es_stdout);
1633 print_revokers (es_stdout, pk);
1634 print_fingerprint (ctrl, NULL, pk, 0);
1636 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1637 if (opt.with_key_data)
1638 print_key_data (pk);
1640 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1642 if (node->pkt->pkttype == PKT_USER_ID)
1644 PKT_user_id *uid = node->pkt->pkt.user_id;
1647 if (attrib_fp && uid->attrib_data != NULL)
1648 dump_attribs (uid, pk);
1650 if (uid->flags.revoked)
1652 else if (uid->flags.expired)
1654 else if (opt.no_expensive_trust_checks)
1659 uid_validity = get_validity_info (ctrl, keyblock, pk, uid);
1661 es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout);
1663 es_putc (uid_validity, es_stdout);
1664 es_fputs ("::::", es_stdout);
1666 es_fprintf (es_stdout, "%s:", colon_strtime (uid->created));
1667 es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate));
1669 namehash_from_uid (uid);
1671 for (i = 0; i < 20; i++)
1672 es_fprintf (es_stdout, "%02X", uid->namehash[i]);
1674 es_fprintf (es_stdout, "::");
1676 if (uid->attrib_data)
1677 es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len);
1679 es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
1680 es_fputs (":::::::::", es_stdout);
1682 es_fputs (colon_strtime (uid->keyupdate), es_stdout);
1683 es_putc (':', es_stdout); /* End of field 19 (last_update). */
1684 es_fprintf (es_stdout, "%d%s", uid->keyorg, uid->updateurl? " ":"");
1686 es_write_sanitized (es_stdout,
1687 uid->updateurl, strlen (uid->updateurl),
1689 es_putc (':', es_stdout); /* End of field 20 (origin). */
1690 es_putc ('\n', es_stdout);
1692 if (!uid->attrib_data && opt.with_tofu_info
1693 && (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP))
1695 /* Print a "tfs" record. */
1696 tofu_write_tfs_record (ctrl, es_stdout, pk, uid->name);
1700 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1703 PKT_public_key *pk2;
1704 int need_hexgrip = !!hexgrip;
1706 pk2 = node->pkt->pkt.public_key;
1707 xfree (hexgrip_buffer); hexgrip_buffer = NULL; hexgrip = NULL;
1708 xfree (serialno); serialno = NULL;
1710 || secret || has_secret || opt.with_keygrip || opt.with_key_data)
1712 rc = hexkeygrip_from_pk (pk2, &hexgrip_buffer);
1714 log_error ("error computing a keygrip: %s\n",
1716 hexgrip = hexgrip_buffer? hexgrip_buffer : "";
1719 if ((secret||has_secret)
1720 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1721 stubkey = 1; /* Key not found. */
1723 keyid_from_pk (pk2, keyid2);
1724 es_fputs (secret? "ssb:":"sub:", es_stdout);
1725 if (!pk2->flags.valid)
1726 es_putc ('i', es_stdout);
1727 else if (pk2->flags.revoked)
1728 es_putc ('r', es_stdout);
1729 else if (pk2->has_expired)
1730 es_putc ('e', es_stdout);
1731 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1735 /* TRUSTLETTER should always be defined here. */
1737 es_fprintf (es_stdout, "%c", trustletter);
1739 keylength = nbits_from_pk (pk2);
1740 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s:::::",
1743 (ulong) keyid2[0], (ulong) keyid2[1],
1744 colon_datestr_from_pk (pk2),
1745 colon_strtime (pk2->expiredate));
1746 print_capabilities (ctrl, pk2, NULL);
1747 es_putc (':', es_stdout); /* End of field 13. */
1748 es_putc (':', es_stdout); /* End of field 14. */
1749 if (secret || has_secret)
1752 es_putc ('#', es_stdout);
1754 es_fputs (serialno, es_stdout);
1755 else if (has_secret)
1756 es_putc ('+', es_stdout);
1758 es_putc (':', es_stdout); /* End of field 15. */
1759 es_putc (':', es_stdout); /* End of field 16. */
1760 if (pk2->pubkey_algo == PUBKEY_ALGO_ECDSA
1761 || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA
1762 || pk2->pubkey_algo == PUBKEY_ALGO_ECDH)
1765 curve = openpgp_oid_to_str (pk2->pkey[0]);
1766 curvename = openpgp_oid_to_curve (curve, 0);
1769 es_fputs (curvename, es_stdout);
1771 es_putc (':', es_stdout); /* End of field 17. */
1772 print_compliance_flags (pk2, keylength, curvename);
1773 es_putc (':', es_stdout); /* End of field 18. */
1774 es_putc ('\n', es_stdout);
1775 print_fingerprint (ctrl, NULL, pk2, 0);
1777 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1778 if (opt.with_key_data)
1779 print_key_data (pk2);
1781 else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE)
1783 PKT_signature *sig = node->pkt->pkt.signature;
1784 int sigrc, fprokay = 0;
1787 byte fparray[MAX_FINGERPRINT_LEN];
1790 char *issuer_fpr = NULL;
1791 char *reason_text = NULL;
1792 char *reason_comment = NULL;
1793 size_t reason_commentlen;
1794 int reason_code = 0; /* Init to silence compiler warning. */
1796 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1797 || sig->sig_class == 0x30)
1800 reason_code = get_revocation_reason (sig, &reason_text,
1802 &reason_commentlen);
1804 else if ((sig->sig_class & ~3) == 0x10)
1806 else if (sig->sig_class == 0x18)
1808 else if (sig->sig_class == 0x1F)
1812 es_fprintf (es_stdout, "sig::::::::::%02x%c:\n",
1813 sig->sig_class, sig->flags.exportable ? 'x' : 'l');
1819 PKT_public_key *signer_pk = NULL;
1821 es_fflush (es_stdout);
1822 if (opt.no_sig_cache)
1823 signer_pk = xmalloc_clear (sizeof (PKT_public_key));
1825 rc = check_key_signature2 (ctrl, keyblock, node, NULL, signer_pk,
1827 switch (gpg_err_code (rc))
1832 case GPG_ERR_BAD_SIGNATURE:
1835 case GPG_ERR_NO_PUBKEY:
1836 case GPG_ERR_UNUSABLE_PUBKEY:
1844 if (opt.no_sig_cache)
1848 fingerprint_from_pk (signer_pk, fparray, &fplen);
1851 free_public_key (signer_pk);
1857 sigrc = ' '; /* Note the fix-up below in --list-sigs mode. */
1860 if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode)
1863 siguid = get_user_id (ctrl, sig->keyid, &siguidlen, &nouid);
1864 if (!opt.check_sigs && nouid)
1865 sigrc = '?'; /* No key in local keyring. */
1874 es_fputs (sigstr, es_stdout);
1875 es_putc (':', es_stdout);
1877 es_putc (sigrc, es_stdout);
1878 es_fprintf (es_stdout, "::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1879 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1880 colon_datestr_from_sig (sig),
1881 colon_expirestr_from_sig (sig));
1883 if (sig->trust_depth || sig->trust_value)
1884 es_fprintf (es_stdout, "%d %d", sig->trust_depth, sig->trust_value);
1885 es_fprintf (es_stdout, ":");
1887 if (sig->trust_regexp)
1888 es_write_sanitized (es_stdout, sig->trust_regexp,
1889 strlen (sig->trust_regexp), ":", NULL);
1890 es_fprintf (es_stdout, ":");
1893 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1895 es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL);
1897 es_fprintf (es_stdout, ":%02x%c", sig->sig_class,
1898 sig->flags.exportable ? 'x' : 'l');
1900 es_fprintf (es_stdout, ",%02x", reason_code);
1901 es_fputs ("::", es_stdout);
1903 if (opt.no_sig_cache && opt.check_sigs && fprokay)
1905 for (i = 0; i < fplen; i++)
1906 es_fprintf (es_stdout, "%02X", fparray[i]);
1908 else if ((issuer_fpr = issuer_fpr_string (sig)))
1909 es_fputs (issuer_fpr, es_stdout);
1911 es_fprintf (es_stdout, ":::%d:", sig->digest_algo);
1915 es_fputs ("::::", es_stdout);
1916 es_write_sanitized (es_stdout, reason_comment, reason_commentlen,
1918 es_putc (':', es_stdout);
1920 es_putc ('\n', es_stdout);
1922 if (opt.show_subpackets)
1923 print_subpackets_colon (sig);
1925 /* fixme: check or list other sigs here */
1926 xfree (reason_text);
1927 xfree (reason_comment);
1934 xfree (hexgrip_buffer);
1939 * Reorder the keyblock so that the primary user ID (and not attribute
1940 * packet) comes first. Fixme: Replace this by a generic sort
1943 do_reorder_keyblock (KBNODE keyblock, int attr)
1945 KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
1948 for (node = keyblock; node; primary0 = node, node = node->next)
1950 if (node->pkt->pkttype == PKT_USER_ID &&
1951 ((attr && node->pkt->pkt.user_id->attrib_data) ||
1952 (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
1953 node->pkt->pkt.user_id->flags.primary)
1955 primary = primary2 = node;
1956 for (node = node->next; node; primary2 = node, node = node->next)
1958 if (node->pkt->pkttype == PKT_USER_ID
1959 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1960 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1969 return; /* No primary key flag found (should not happen). */
1971 for (last = NULL, node = keyblock; node; last = node, node = node->next)
1973 if (node->pkt->pkttype == PKT_USER_ID)
1977 log_assert (last); /* The user ID is never the first packet. */
1978 log_assert (primary0); /* Ditto (this is the node before primary). */
1979 if (node == primary)
1980 return; /* Already the first one. */
1982 last->next = primary;
1983 primary0->next = primary2->next;
1984 primary2->next = node;
1988 reorder_keyblock (KBNODE keyblock)
1990 do_reorder_keyblock (keyblock, 1);
1991 do_reorder_keyblock (keyblock, 0);
1995 list_keyblock (ctrl_t ctrl,
1996 KBNODE keyblock, int secret, int has_secret, int fpr,
1997 struct keylist_context *listctx)
1999 reorder_keyblock (keyblock);
2001 if (opt.with_colons)
2002 list_keyblock_colon (ctrl, keyblock, secret, has_secret);
2003 else if ((opt.list_options & LIST_SHOW_ONLY_FPR_MBOX))
2005 if (!listctx->no_validity)
2006 check_trustdb_stale (ctrl);
2007 list_keyblock_simple (ctrl, keyblock);
2010 list_keyblock_print (ctrl, keyblock, secret, fpr, listctx);
2013 es_fflush (es_stdout);
2017 /* Public function used by keygen to list a keyblock. If NO_VALIDITY
2018 * is set the validity of a key is never shown. */
2020 list_keyblock_direct (ctrl_t ctrl,
2021 kbnode_t keyblock, int secret, int has_secret, int fpr,
2024 struct keylist_context listctx;
2026 memset (&listctx, 0, sizeof (listctx));
2027 listctx.no_validity = !!no_validity;
2028 list_keyblock (ctrl, keyblock, secret, has_secret, fpr, &listctx);
2029 keylist_context_release (&listctx);
2033 /* Print an hex digit in ICAO spelling. */
2035 print_icao_hexdigit (estream_t fp, int c)
2037 static const char *list[16] = {
2038 "Zero", "One", "Two", "Three", "Four", "Five", "Six", "Seven",
2039 "Eight", "Niner", "Alfa", "Bravo", "Charlie", "Delta", "Echo", "Foxtrot"
2042 tty_fprintf (fp, "%s", list[c&15]);
2047 * Function to print the finperprint.
2048 * mode 0: as used in key listings, opt.with_colons is honored
2049 * 1: print using log_info ()
2050 * 2: direct use of tty
2051 * 3: direct use of tty but only primary key.
2052 * 4: direct use of tty but only subkey.
2053 * 10: Same as 0 but with_colons etc is ignored.
2054 * 20: Same as 0 but using a compact format.
2056 * Modes 1 and 2 will try and print both subkey and primary key
2057 * fingerprints. A MODE with bit 7 set is used internally. If
2058 * OVERRIDE_FP is not NULL that stream will be used in 0 instead
2059 * of es_stdout or instead of the TTY in modes 2 and 3.
2062 print_fingerprint (ctrl_t ctrl, estream_t override_fp,
2063 PKT_public_key *pk, int mode)
2065 char hexfpr[2*MAX_FINGERPRINT_LEN+1];
2071 int with_colons = opt.with_colons;
2072 int with_icao = opt.with_icao_spelling;
2081 else if (mode == 20)
2088 if (!opt.fingerprint && !opt.with_fingerprint
2089 && opt.with_subkey_fingerprint)
2092 if (pk->main_keyid[0] == pk->keyid[0]
2093 && pk->main_keyid[1] == pk->keyid[1])
2096 /* Just to be safe */
2097 if ((mode & 0x80) && !primary)
2099 log_error ("primary key is not really primary!\n");
2105 if (!primary && (mode == 1 || mode == 2))
2107 PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
2108 get_pubkey (ctrl, primary_pk, pk->main_keyid);
2109 print_fingerprint (ctrl, override_fp, primary_pk, (mode | 0x80));
2110 free_public_key (primary_pk);
2115 fp = log_get_stream ();
2117 text = _("Primary key fingerprint:");
2119 text = _(" Subkey fingerprint:");
2123 fp = override_fp; /* Use tty or given stream. */
2125 /* TRANSLATORS: this should fit into 24 bytes so that the
2126 * fingerprint data is properly aligned with the user ID */
2127 text = _(" Primary key fingerprint:");
2129 text = _(" Subkey fingerprint:");
2133 fp = override_fp; /* Use tty or given stream. */
2134 text = _(" Key fingerprint =");
2138 fp = override_fp; /* Use tty or given stream. */
2139 text = _(" Subkey fingerprint:");
2143 fp = override_fp? override_fp : es_stdout;
2144 if (opt.keyid_format == KF_NONE)
2146 text = " "; /* To indent ICAO spelling. */
2150 text = _(" Key fingerprint =");
2153 hexfingerprint (pk, hexfpr, sizeof hexfpr);
2154 if (with_colons && !mode)
2156 es_fprintf (fp, "fpr:::::::::%s:", hexfpr);
2158 else if (compact && !opt.fingerprint && !opt.with_fingerprint)
2160 tty_fprintf (fp, "%*s%s", 6, "", hexfpr);
2164 char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1];
2165 format_hexfingerprint (hexfpr, fmtfpr, sizeof fmtfpr);
2167 tty_fprintf (fp, "%*s%s", 6, "", fmtfpr);
2169 tty_fprintf (fp, "%s %s", text, fmtfpr);
2171 tty_fprintf (fp, "\n");
2172 if (!with_colons && with_icao)
2175 tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, "");
2176 for (i = 0, p = hexfpr; *p; i++, p++)
2181 tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, "");
2183 tty_fprintf (fp, " ");
2185 tty_fprintf (fp, " ");
2186 print_icao_hexdigit (fp, xtoi_1 (p));
2188 tty_fprintf (fp, "\"\n");
2192 /* Print the serial number of an OpenPGP card if available. */
2194 print_card_serialno (const char *serialno)
2198 if (opt.with_colons)
2199 return; /* Handled elsewhere. */
2201 es_fputs (_(" Card serial no. ="), es_stdout);
2202 es_putc (' ', es_stdout);
2203 if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12))
2205 /* This is an OpenPGP card. Print the relevant part. */
2206 /* Example: D2760001240101010001000003470000 */
2208 es_fprintf (es_stdout, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
2211 es_fputs (serialno, es_stdout);
2212 es_putc ('\n', es_stdout);
2216 /* Print a public or secret (sub)key line. Example:
2218 * pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31]
2219 * 80615870F5BAD690333686D0F2AD85AC1E42B367
2221 * pub rsa2048 2017-12-31 [SC] [expires: 2028-12-31]
2222 * 80615870F5BAD690333686D0F2AD85AC1E42B3671122334455
2224 * Some global options may result in a different output format. If
2225 * SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and
2226 * depending on the value a flag character is shown:
2228 * 1 := ' ' Regular secret key
2229 * 2 := '#' Stub secret key
2230 * 3 := '>' Secret key is on a token.
2233 print_key_line (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, int secret)
2235 char pkstrbuf[PUBKEY_STRING_SIZE];
2237 tty_fprintf (fp, "%s%c %s",
2238 pk->flags.primary? (secret? "sec":"pub")
2239 /**/ : (secret? "ssb":"sub"),
2240 secret == 2? '#' : secret == 3? '>' : ' ',
2241 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf));
2242 if (opt.keyid_format != KF_NONE)
2243 tty_fprintf (fp, "/%s", keystr_from_pk (pk));
2244 tty_fprintf (fp, " %s", datestr_from_pk (pk));
2246 if (pk->flags.primary
2247 && !(openpgp_pk_algo_usage (pk->pubkey_algo)
2248 & (PUBKEY_USAGE_CERT| PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)))
2250 /* A primary key which is really not capable to sign. */
2251 tty_fprintf (fp, " [INVALID_ALGO]");
2253 else if ((opt.list_options & LIST_SHOW_USAGE))
2255 tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0));
2258 if (pk->flags.revoked)
2260 tty_fprintf (fp, " [");
2261 tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk));
2262 tty_fprintf (fp, "]");
2264 else if (pk->has_expired)
2266 tty_fprintf (fp, " [");
2267 tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk));
2268 tty_fprintf (fp, "]");
2270 else if (pk->expiredate)
2272 tty_fprintf (fp, " [");
2273 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
2274 tty_fprintf (fp, "]");
2278 /* I need to think about this some more. It's easy enough to
2279 include, but it looks sort of confusing in the listing... */
2280 if (opt.list_options & LIST_SHOW_VALIDITY)
2282 int validity = get_validity (ctrl, pk, NULL, NULL, 0);
2283 tty_fprintf (fp, " [%s]", trust_value_to_string (validity));
2287 if (pk->pubkey_algo >= 100)
2288 tty_fprintf (fp, " [experimental algorithm %d]", pk->pubkey_algo);
2290 tty_fprintf (fp, "\n");
2292 /* if the user hasn't explicitly asked for human-readable
2293 fingerprints, show compact fpr of primary key: */
2294 if (pk->flags.primary &&
2295 !opt.fingerprint && !opt.with_fingerprint)
2296 print_fingerprint (ctrl, fp, pk, 20);
2301 set_attrib_fd (int fd)
2303 static int last_fd = -1;
2305 if (fd != -1 && last_fd == fd)
2308 /* Fixme: Do we need to check for the log stream here? */
2309 if (attrib_fp && attrib_fp != log_get_stream ())
2310 es_fclose (attrib_fp);
2315 if (! gnupg_fd_valid (fd))
2316 log_fatal ("attribute-fd is invalid: %s\n", strerror (errno));
2318 #ifdef HAVE_DOSISH_SYSTEM
2319 setmode (fd, O_BINARY);
2322 attrib_fp = es_stdout;
2324 attrib_fp = es_stderr;
2326 attrib_fp = es_fdopen (fd, "wb");
2329 log_fatal ("can't open fd %d for attribute output: %s\n",
2330 fd, strerror (errno));