1 /* keylist.c - Print information about OpenPGP keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2008, 2010, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2013, 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
28 #ifdef HAVE_DOSISH_SYSTEM
29 #include <fcntl.h> /* for setmode() */
44 #include "call-agent.h"
46 static void list_all (int, int);
47 static void list_one (strlist_t names, int secret, int mark_secret);
48 static void locate_one (ctrl_t ctrl, strlist_t names);
49 static void print_card_serialno (const char *serialno);
58 /* The stream used to write attribute packets to. */
59 static estream_t attrib_fp;
62 /* List the keys. If list is NULL, all available keys are listed.
63 With LOCATE_MODE set the locate algorithm is used to find a
66 public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
68 #ifndef NO_TRUST_MODELS
71 byte trust_model, marginals, completes, cert_depth, min_cert_level;
72 ulong created, nextcheck;
74 read_trust_options (&trust_model, &created, &nextcheck,
75 &marginals, &completes, &cert_depth, &min_cert_level);
77 es_fprintf (es_stdout, "tru:");
79 if (nextcheck && nextcheck <= make_timestamp ())
80 es_fprintf (es_stdout, "o");
81 if (trust_model != opt.trust_model)
82 es_fprintf (es_stdout, "t");
83 if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC)
85 if (marginals != opt.marginals_needed)
86 es_fprintf (es_stdout, "m");
87 if (completes != opt.completes_needed)
88 es_fprintf (es_stdout, "c");
89 if (cert_depth != opt.max_cert_depth)
90 es_fprintf (es_stdout, "d");
91 if (min_cert_level != opt.min_cert_level)
92 es_fprintf (es_stdout, "l");
95 es_fprintf (es_stdout, ":%d:%lu:%lu", trust_model, created, nextcheck);
97 /* Only show marginals, completes, and cert_depth in the classic
98 or PGP trust models since they are not meaningful
101 if (trust_model == TM_PGP || trust_model == TM_CLASSIC)
102 es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth);
103 es_fprintf (es_stdout, "\n");
105 #endif /*!NO_TRUST_MODELS*/
107 /* We need to do the stale check right here because it might need to
108 update the keyring while we already have the keyring open. This
109 is very bad for W32 because of a sharing violation. For real OSes
110 it might lead to false results if we are later listing a keyring
111 which is associated with the inode of a deleted file. */
112 check_trustdb_stale ();
115 locate_one (ctrl, list);
117 list_all (0, opt.with_secret);
119 list_one (list, 0, opt.with_secret);
124 secret_key_list (ctrl_t ctrl, strlist_t list)
128 check_trustdb_stale ();
132 else /* List by user id */
133 list_one (list, 1, 0);
137 print_seckey_info (PKT_public_key *pk)
141 char pkstrbuf[PUBKEY_STRING_SIZE];
143 keyid_from_pk (pk, keyid);
144 p = get_user_id_native (keyid);
146 tty_printf ("\nsec %s/%s %s %s\n",
147 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
148 keystr (keyid), datestr_from_pk (pk), p);
153 /* Print information about the public key. With FP passed as NULL,
154 the tty output interface is used, otherwise output is directted to
157 print_pubkey_info (estream_t fp, PKT_public_key * pk)
161 char pkstrbuf[PUBKEY_STRING_SIZE];
163 keyid_from_pk (pk, keyid);
165 /* If the pk was chosen by a particular user ID, that is the one to
168 p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
170 p = get_user_id_native (keyid);
174 tty_fprintf (fp, "pub %s/%s %s %s\n",
175 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
176 keystr (keyid), datestr_from_pk (pk), p);
181 /* Print basic information of a secret key including the card serial
182 number information. */
183 #ifdef ENABLE_CARD_SUPPORT
185 print_card_key_info (estream_t fp, kbnode_t keyblock)
191 char pkstrbuf[PUBKEY_STRING_SIZE];
193 for (node = keyblock; node; node = node->next)
195 if (node->pkt->pkttype == PKT_PUBLIC_KEY
196 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
199 PKT_public_key *pk = node->pkt->pkt.public_key;
202 rc = hexkeygrip_from_pk (pk, &hexgrip);
205 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
208 else if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
209 s2k_char = serialno? '>':' ';
211 s2k_char = '#'; /* Key not found. */
213 tty_fprintf (fp, "%s%c %s/%s ",
214 node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb",
216 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
217 keystr_from_pk (pk));
218 tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
219 tty_fprintf (fp, " ");
220 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
223 tty_fprintf (fp, "\n ");
224 tty_fprintf (fp, _("card-no: "));
225 if (strlen (serialno) == 32
226 && !strncmp (serialno, "D27600012401", 12))
228 /* This is an OpenPGP card. Print the relevant part. */
229 /* Example: D2760001240101010001000003470000 */
231 tty_fprintf (fp, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
234 tty_fprintf (fp, "%s", serialno);
236 tty_fprintf (fp, "\n");
242 #endif /*ENABLE_CARD_SUPPORT*/
245 /* Flags = 0x01 hashed 0x02 critical. */
247 status_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
252 /* Don't print these. */
256 snprintf (status, sizeof status,
257 "%d %u %u ", type, flags, (unsigned int) len);
259 write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0);
263 /* Print a policy URL. Allowed values for MODE are:
264 * 0 - print to stdout.
265 * 1 - use log_info and emit status messages.
266 * 2 - emit only status messages.
269 show_policy_url (PKT_signature * sig, int indent, int mode)
274 estream_t fp = mode ? log_get_stream () : es_stdout;
277 enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit)))
284 for (i = 0; i < indent; i++)
288 str = _("Critical signature policy: ");
290 str = _("Signature policy: ");
292 log_info ("%s", str);
294 es_fprintf (fp, "%s", str);
295 print_utf8_buffer (fp, p, len);
296 es_fprintf (fp, "\n");
300 write_status_buffer (STATUS_POLICY_URL, p, len, 0);
307 mode=1 for log_info + status messages
308 mode=2 for status messages only
312 show_keyserver_url (PKT_signature * sig, int indent, int mode)
317 estream_t fp = mode ? log_get_stream () : es_stdout;
320 enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq,
328 for (i = 0; i < indent; i++)
329 es_putc (' ', es_stdout);
332 str = _("Critical preferred keyserver: ");
334 str = _("Preferred keyserver: ");
336 log_info ("%s", str);
338 es_fprintf (es_stdout, "%s", str);
339 print_utf8_buffer (fp, p, len);
340 es_fprintf (fp, "\n");
344 status_one_subpacket (SIGSUBPKT_PREF_KS, len,
345 (crit ? 0x02 : 0) | 0x01, p);
351 mode=1 for log_info + status messages
352 mode=2 for status messages only
354 Defined bits in WHICH:
355 1 == standard notations
359 show_notation (PKT_signature * sig, int indent, int mode, int which)
361 estream_t fp = mode ? log_get_stream () : es_stdout;
362 struct notation *nd, *notations;
367 notations = sig_to_notation (sig);
369 /* There may be multiple notations in the same sig. */
370 for (nd = notations; nd; nd = nd->next)
374 int has_at = !!strchr (nd->name, '@');
376 if ((which & 1 && !has_at) || (which & 2 && has_at))
381 for (i = 0; i < indent; i++)
382 es_putc (' ', es_stdout);
384 if (nd->flags.critical)
385 str = _("Critical signature notation: ");
387 str = _("Signature notation: ");
389 log_info ("%s", str);
391 es_fprintf (es_stdout, "%s", str);
392 /* This is all UTF8 */
393 print_utf8_buffer (fp, nd->name, strlen (nd->name));
394 es_fprintf (fp, "=");
395 print_utf8_buffer (fp, nd->value, strlen (nd->value));
396 es_fprintf (fp, "\n");
402 write_status_buffer (STATUS_NOTATION_NAME,
403 nd->name, strlen (nd->name), 0);
404 write_status_buffer (STATUS_NOTATION_DATA,
405 nd->value, strlen (nd->value), 50);
409 free_notation (notations);
413 print_signature_stats (struct sig_stats *s)
415 if (s->inv_sigs == 1)
416 tty_printf (_("1 bad signature\n"));
417 else if (s->inv_sigs)
418 tty_printf (_("%d bad signatures\n"), s->inv_sigs);
420 tty_printf (_("1 signature not checked due to a missing key\n"));
422 tty_printf (_("%d signatures not checked due to missing keys\n"),
425 tty_printf (_("1 signature not checked due to an error\n"));
427 tty_printf (_("%d signatures not checked due to errors\n"), s->oth_err);
431 /* List all keys. If SECRET is true only secret keys are listed. If
432 MARK_SECRET is true secret keys are indicated in a public key
435 list_all (int secret, int mark_secret)
438 KBNODE keyblock = NULL;
441 const char *lastresname, *resname;
442 struct sig_stats stats;
444 memset (&stats, 0, sizeof (stats));
448 rc = gpg_error (GPG_ERR_GENERAL);
450 rc = keydb_search_first (hd);
453 if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
454 log_error ("keydb_search_first failed: %s\n", g10_errstr (rc));
461 rc = keydb_get_keyblock (hd, &keyblock);
464 log_error ("keydb_get_keyblock failed: %s\n", g10_errstr (rc));
468 if (secret || mark_secret)
469 any_secret = !agent_probe_any_secret_key (NULL, keyblock);
473 if (secret && !any_secret)
474 ; /* Secret key listing requested but this isn't one. */
477 if (!opt.with_colons)
479 resname = keydb_get_resource_name (hd);
480 if (lastresname != resname)
484 es_fprintf (es_stdout, "%s\n", resname);
485 for (i = strlen (resname); i; i--)
486 es_putc ('-', es_stdout);
487 es_putc ('\n', es_stdout);
488 lastresname = resname;
491 merge_keys_and_selfsig (keyblock);
492 list_keyblock (keyblock, secret, any_secret, opt.fingerprint,
493 opt.check_sigs ? &stats : NULL);
495 release_kbnode (keyblock);
498 while (!(rc = keydb_search_next (hd)));
499 es_fflush (es_stdout);
500 if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
501 log_error ("keydb_search_next failed: %s\n", g10_errstr (rc));
502 if (keydb_get_skipped_counter (hd))
503 log_info (_("Warning: %lu key(s) skipped due to their large size\n"),
504 keydb_get_skipped_counter (hd));
506 if (opt.check_sigs && !opt.with_colons)
507 print_signature_stats (&stats);
510 release_kbnode (keyblock);
516 list_one (strlist_t names, int secret, int mark_secret)
519 KBNODE keyblock = NULL;
522 const char *keyring_str = _("Keyring");
524 struct sig_stats stats;
526 memset (&stats, 0, sizeof (stats));
528 /* fixme: using the bynames function has the disadvantage that we
529 * don't know wether one of the names given was not found. OTOH,
530 * this function has the advantage to list the names in the
531 * sequence as defined by the keyDB and does not duplicate
532 * outputs. A solution could be do test whether all given have
533 * been listed (this needs a way to use the keyDB search
534 * functions) or to have the search function return indicators for
535 * found names. Yet another way is to use the keydb search
536 * facilities directly. */
537 rc = getkey_bynames (&ctx, NULL, names, secret, &keyblock);
540 log_error ("error reading key: %s\n", g10_errstr (rc));
541 get_pubkey_end (ctx);
547 if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
549 resname = keydb_get_resource_name (get_ctx_handle (ctx));
550 es_fprintf (es_stdout, "%s: %s\n", keyring_str, resname);
551 for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
552 es_putc ('-', es_stdout);
553 es_putc ('\n', es_stdout);
555 list_keyblock (keyblock, secret, mark_secret, opt.fingerprint,
556 (!secret && opt.check_sigs)? &stats : NULL);
557 release_kbnode (keyblock);
559 while (!getkey_next (ctx, NULL, &keyblock));
562 if (opt.check_sigs && !opt.with_colons)
563 print_signature_stats (&stats);
568 locate_one (ctrl_t ctrl, strlist_t names)
572 GETKEY_CTX ctx = NULL;
573 KBNODE keyblock = NULL;
574 struct sig_stats stats;
576 memset (&stats, 0, sizeof (stats));
578 for (sl = names; sl; sl = sl->next)
580 rc = get_pubkey_byname (ctrl, &ctx, NULL, sl->d, &keyblock, NULL, 1, 0);
583 if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
584 log_error ("error reading key: %s\n", g10_errstr (rc));
590 list_keyblock (keyblock, 0, 0, opt.fingerprint,
591 opt.check_sigs ? &stats : NULL);
592 release_kbnode (keyblock);
594 while (ctx && !get_pubkey_next (ctx, NULL, &keyblock));
595 get_pubkey_end (ctx);
600 if (opt.check_sigs && !opt.with_colons)
601 print_signature_stats (&stats);
606 print_key_data (PKT_public_key * pk)
608 int n = pk ? pubkey_get_npkey (pk->pubkey_algo) : 0;
611 for (i = 0; i < n; i++)
613 es_fprintf (es_stdout, "pkd:%d:%u:", i, mpi_get_nbits (pk->pkey[i]));
614 mpi_print (es_stdout, pk->pkey[i], 1);
615 es_putc (':', es_stdout);
616 es_putc ('\n', es_stdout);
621 print_capabilities (PKT_public_key *pk, KBNODE keyblock)
623 unsigned int use = pk->pubkey_usage;
626 if (use & PUBKEY_USAGE_ENC)
627 es_putc ('e', es_stdout);
629 if (use & PUBKEY_USAGE_SIG)
631 es_putc ('s', es_stdout);
632 if (pk->flags.primary)
634 es_putc ('c', es_stdout);
635 /* The PUBKEY_USAGE_CERT flag was introduced later and we
636 used to always print 'c' for a primary key. To avoid any
637 regression here we better track whether we printed 'c'
643 if ((use & PUBKEY_USAGE_CERT) && !c_printed)
644 es_putc ('c', es_stdout);
646 if ((use & PUBKEY_USAGE_AUTH))
647 es_putc ('a', es_stdout);
649 if ((use & PUBKEY_USAGE_UNKNOWN))
650 es_putc ('?', es_stdout);
654 /* Figure out the usable capabilities. */
656 int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0;
658 for (k = keyblock; k; k = k->next)
660 if (k->pkt->pkttype == PKT_PUBLIC_KEY
661 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
663 pk = k->pkt->pkt.public_key;
665 if (pk->flags.primary)
666 disabled = pk_is_disabled (pk);
668 if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired)
670 if (pk->pubkey_usage & PUBKEY_USAGE_ENC)
672 if (pk->pubkey_usage & PUBKEY_USAGE_SIG)
675 if (pk->flags.primary)
678 if (pk->pubkey_usage & PUBKEY_USAGE_CERT)
680 if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
686 es_putc ('E', es_stdout);
688 es_putc ('S', es_stdout);
690 es_putc ('C', es_stdout);
692 es_putc ('A', es_stdout);
694 es_putc ('D', es_stdout);
697 es_putc (':', es_stdout);
701 /* FLAGS: 0x01 hashed
704 print_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
709 es_fprintf (es_stdout, "spk:%d:%u:%u:", type, flags, (unsigned int) len);
711 for (i = 0; i < len; i++)
713 /* printable ascii other than : and % */
714 if (buf[i] >= 32 && buf[i] <= 126 && buf[i] != ':' && buf[i] != '%')
715 es_fprintf (es_stdout, "%c", buf[i]);
717 es_fprintf (es_stdout, "%%%02X", buf[i]);
720 es_fprintf (es_stdout, "\n");
725 print_subpackets_colon (PKT_signature * sig)
729 assert (opt.show_subpackets);
731 for (i = opt.show_subpackets; *i; i++)
739 while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit)))
740 print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
744 while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit)))
745 print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
751 dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
758 for (i = 0; i < uid->numattribs; i++)
760 if (is_status_enabled ())
762 byte array[MAX_FINGERPRINT_LEN], *p;
763 char buf[(MAX_FINGERPRINT_LEN * 2) + 90];
768 fingerprint_from_pk (pk, array, &n);
771 for (j = 0; j < n; j++, p++)
772 sprintf (buf + 2 * j, "%02X", *p);
774 sprintf (buf + strlen (buf), " %lu %u %u %u %lu %lu %u",
775 (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1,
776 uid->numattribs, (ulong) uid->created,
777 (ulong) uid->expiredate,
778 ((uid->is_primary ? 0x01 : 0) | (uid->
779 is_revoked ? 0x02 : 0) |
780 (uid->is_expired ? 0x04 : 0)));
781 write_status_text (STATUS_ATTRIBUTE, buf);
784 es_fwrite (uid->attribs[i].data, uid->attribs[i].len, 1, attrib_fp);
785 es_fflush (attrib_fp);
791 list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
797 struct sig_stats *stats = opaque;
800 char *hexgrip = NULL;
801 char *serialno = NULL;
802 char pkstrbuf[PUBKEY_STRING_SIZE];
804 /* Get the keyid from the keyblock. */
805 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
808 log_error ("Oops; key lost!\n");
809 dump_kbnode (keyblock);
813 pk = node->pkt->pkt.public_key;
815 if (secret || opt.with_keygrip)
817 rc = hexkeygrip_from_pk (pk, &hexgrip);
819 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
824 if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
825 s2k_char = serialno? '>':' ';
827 s2k_char = '#'; /* Key not found. */
832 check_trustdb_stale ();
835 es_fprintf (es_stdout, "%s%c %s/%s %s",
838 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
839 keystr_from_pk (pk), datestr_from_pk (pk));
841 if ((opt.list_options & LIST_SHOW_USAGE))
843 es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk, 0));
845 if (pk->flags.revoked)
847 es_fprintf (es_stdout, " [");
848 es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk));
849 es_fprintf (es_stdout, "]");
851 else if (pk->has_expired)
853 es_fprintf (es_stdout, " [");
854 es_fprintf (es_stdout, _("expired: %s"), expirestr_from_pk (pk));
855 es_fprintf (es_stdout, "]");
857 else if (pk->expiredate)
859 es_fprintf (es_stdout, " [");
860 es_fprintf (es_stdout, _("expires: %s"), expirestr_from_pk (pk));
861 es_fprintf (es_stdout, "]");
865 /* I need to think about this some more. It's easy enough to
866 include, but it looks sort of confusing in the listing... */
867 if (opt.list_options & LIST_SHOW_VALIDITY)
869 int validity = get_validity (pk, NULL);
870 es_fprintf (es_stdout, " [%s]", trust_value_to_string (validity));
874 if (pk->pubkey_algo >= 100)
875 es_fprintf (es_stdout, " [experimental algorithm %d]", pk->pubkey_algo);
877 es_fprintf (es_stdout, "\n");
880 print_fingerprint (NULL, pk, 0);
882 if (opt.with_keygrip && hexgrip)
883 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
886 print_card_serialno (serialno);
888 if (opt.with_key_data)
891 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
893 if (node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode)
895 PKT_user_id *uid = node->pkt->pkt.user_id;
897 if (pk && (uid->is_expired || uid->is_revoked)
898 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
906 if (attrib_fp && uid->attrib_data != NULL)
907 dump_attribs (uid, pk);
909 if ((uid->is_revoked || uid->is_expired)
910 || ((opt.list_options & LIST_SHOW_UID_VALIDITY) && pk))
912 const char *validity;
915 validity = uid_trust_string_fixed (pk, uid);
918 atoi (uid_trust_string_fixed (NULL, NULL));
920 if (indent < 0 || indent > 40)
923 es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity);
926 es_fprintf (es_stdout, "uid%*s", (int) keystrlen () + 10, "");
928 print_utf8_buffer (es_stdout, uid->name, uid->len);
929 es_putc ('\n', es_stdout);
931 if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
932 show_photos (uid->attribs, uid->numattribs, pk, uid);
934 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
936 PKT_public_key *pk2 = node->pkt->pkt.public_key;
938 if ((pk2->flags.revoked || pk2->has_expired)
939 && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS))
947 xfree (serialno); serialno = NULL;
948 xfree (hexgrip); hexgrip = NULL;
949 if (secret || opt.with_keygrip)
951 rc = hexkeygrip_from_pk (pk2, &hexgrip);
953 log_error ("error computing a keygrip: %s\n",
958 if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
959 s2k_char = serialno? '>':' ';
961 s2k_char = '#'; /* Key not found. */
966 es_fprintf (es_stdout, "%s%c %s/%s %s",
969 pubkey_string (pk2, pkstrbuf, sizeof pkstrbuf),
970 keystr_from_pk (pk2), datestr_from_pk (pk2));
972 if (pk2->pubkey_algo == PUBKEY_ALGO_ECDSA
973 || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA
974 || pk2->pubkey_algo == PUBKEY_ALGO_ECDH)
976 char *curve = openpgp_oid_to_str (pk2->pkey[0]);
977 const char *name = openpgp_oid_to_curve (curve);
978 if (!*name || *name == '?')
980 es_fprintf (es_stdout, " %s", name);
984 if ((opt.list_options & LIST_SHOW_USAGE))
986 es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk2, 0));
988 if (pk2->flags.revoked)
990 es_fprintf (es_stdout, " [");
991 es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk2));
992 es_fprintf (es_stdout, "]");
994 else if (pk2->has_expired)
996 es_fprintf (es_stdout, " [");
997 es_fprintf (es_stdout, _("expired: %s"), expirestr_from_pk (pk2));
998 es_fprintf (es_stdout, "]");
1000 else if (pk2->expiredate)
1002 es_fprintf (es_stdout, " [");
1003 es_fprintf (es_stdout, _("expires: %s"), expirestr_from_pk (pk2));
1004 es_fprintf (es_stdout, "]");
1006 es_putc ('\n', es_stdout);
1009 print_fingerprint (NULL, pk2, 0);
1011 print_card_serialno (serialno);
1013 if (opt.with_keygrip && hexgrip)
1014 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1015 if (opt.with_key_data)
1016 print_key_data (pk2);
1018 else if (opt.list_sigs
1019 && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
1021 PKT_signature *sig = node->pkt->pkt.signature;
1027 rc = check_key_signature (keyblock, node, NULL);
1028 switch (gpg_err_code (rc))
1033 case GPG_ERR_BAD_SIGNATURE:
1037 case GPG_ERR_NO_PUBKEY:
1038 case GPG_ERR_UNUSABLE_PUBKEY:
1047 /* TODO: Make sure a cached sig record here still has
1048 the pk that issued it. See also
1049 keyedit.c:print_and_check_one_sig */
1057 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1058 || sig->sig_class == 0x30)
1060 else if ((sig->sig_class & ~3) == 0x10)
1062 else if (sig->sig_class == 0x18)
1064 else if (sig->sig_class == 0x1F)
1068 es_fprintf (es_stdout, "sig "
1069 "[unexpected signature class 0x%02x]\n",
1074 es_fputs (sigstr, es_stdout);
1075 es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s",
1076 sigrc, (sig->sig_class - 0x10 > 0 &&
1077 sig->sig_class - 0x10 <
1078 4) ? '0' + sig->sig_class - 0x10 : ' ',
1079 sig->flags.exportable ? ' ' : 'L',
1080 sig->flags.revocable ? ' ' : 'R',
1081 sig->flags.policy_url ? 'P' : ' ',
1082 sig->flags.notation ? 'N' : ' ',
1083 sig->flags.expired ? 'X' : ' ',
1084 (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
1086 sig->trust_depth : ' ', keystr (sig->keyid),
1087 datestr_from_sig (sig));
1088 if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
1089 es_fprintf (es_stdout, " %s", expirestr_from_sig (sig));
1090 es_fprintf (es_stdout, " ");
1092 es_fprintf (es_stdout, "[%s] ", g10_errstr (rc));
1093 else if (sigrc == '?')
1095 else if (!opt.fast_list_mode)
1098 char *p = get_user_id (sig->keyid, &n);
1099 print_utf8_buffer (es_stdout, p, n);
1102 es_putc ('\n', es_stdout);
1104 if (sig->flags.policy_url
1105 && (opt.list_options & LIST_SHOW_POLICY_URLS))
1106 show_policy_url (sig, 3, 0);
1108 if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
1109 show_notation (sig, 3, 0,
1111 list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
1114 list_options & LIST_SHOW_USER_NOTATIONS) ? 2 :
1117 if (sig->flags.pref_ks
1118 && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
1119 show_keyserver_url (sig, 3, 0);
1121 /* fixme: check or list other sigs here */
1124 es_putc ('\n', es_stdout);
1130 print_revokers (estream_t fp, PKT_public_key * pk)
1132 /* print the revoker record */
1133 if (!pk->revkey && pk->numrevkeys)
1139 for (i = 0; i < pk->numrevkeys; i++)
1143 es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid);
1144 p = pk->revkey[i].fpr;
1145 for (j = 0; j < 20; j++, p++)
1146 es_fprintf (fp, "%02X", *p);
1147 es_fprintf (fp, ":%02x%s:\n",
1148 pk->revkey[i].class,
1149 (pk->revkey[i].class & 0x40) ? "s" : "");
1155 /* List a key in colon mode. If SECRET is true this is a secret key
1156 record (i.e. requested via --list-secret-key). If HAS_SECRET a
1157 secret key is available even if SECRET is not set. */
1159 list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr)
1166 int trustletter = 0;
1170 char *hexgrip = NULL;
1171 char *serialno = NULL;
1174 /* Get the keyid from the keyblock. */
1175 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1178 log_error ("Oops; key lost!\n");
1179 dump_kbnode (keyblock);
1183 pk = node->pkt->pkt.public_key;
1184 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1186 rc = hexkeygrip_from_pk (pk, &hexgrip);
1188 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1191 if ((secret||has_secret) && agent_get_keyinfo (NULL, hexgrip, &serialno))
1192 stubkey = 1; /* Key not found. */
1194 keyid_from_pk (pk, keyid);
1195 es_fputs (secret? "sec:":"pub:", es_stdout);
1196 if (!pk->flags.valid)
1197 es_putc ('i', es_stdout);
1198 else if (pk->flags.revoked)
1199 es_putc ('r', es_stdout);
1200 else if (pk->has_expired)
1201 es_putc ('e', es_stdout);
1202 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1206 trustletter = get_validity_info (pk, NULL);
1207 if (trustletter == 'u')
1209 es_putc (trustletter, es_stdout);
1212 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::",
1215 (ulong) keyid[0], (ulong) keyid[1],
1216 colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
1218 if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
1219 es_putc (get_ownertrust_info (pk), es_stdout);
1220 es_putc (':', es_stdout);
1222 es_putc (':', es_stdout);
1223 es_putc (':', es_stdout);
1224 print_capabilities (pk, keyblock);
1225 es_putc (':', es_stdout); /* End of field 13. */
1226 es_putc (':', es_stdout); /* End of field 14. */
1227 if (secret || has_secret)
1230 es_putc ('#', es_stdout);
1232 es_fputs (serialno, es_stdout);
1233 else if (has_secret)
1234 es_putc ('+', es_stdout);
1236 es_putc (':', es_stdout); /* End of field 15. */
1237 es_putc (':', es_stdout); /* End of field 16. */
1238 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1239 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1240 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1242 char *curve = openpgp_oid_to_str (pk->pkey[0]);
1243 const char *name = openpgp_oid_to_curve (curve);
1244 if (!*name || *name == '?')
1246 es_fputs (name, es_stdout);
1249 es_putc (':', es_stdout); /* End of field 17. */
1250 es_putc ('\n', es_stdout);
1252 print_revokers (es_stdout, pk);
1254 print_fingerprint (NULL, pk, 0);
1255 if (opt.with_key_data || opt.with_keygrip)
1258 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1259 if (opt.with_key_data)
1260 print_key_data (pk);
1263 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1265 if (node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode)
1268 PKT_user_id *uid = node->pkt->pkt.user_id;
1270 if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
1271 dump_attribs (node->pkt->pkt.user_id, pk);
1273 * Fixme: We need a valid flag here too
1275 str = uid->attrib_data ? "uat" : "uid";
1276 if (uid->is_revoked)
1277 es_fprintf (es_stdout, "%s:r::::", str);
1278 else if (uid->is_expired)
1279 es_fprintf (es_stdout, "%s:e::::", str);
1280 else if (opt.no_expensive_trust_checks)
1281 es_fprintf (es_stdout, "%s:::::", str);
1286 if (pk && !ulti_hack)
1287 uid_validity = get_validity_info (pk, uid);
1290 es_fprintf (es_stdout, "%s:%c::::", str, uid_validity);
1293 es_fprintf (es_stdout, "%s:", colon_strtime (uid->created));
1294 es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate));
1296 namehash_from_uid (uid);
1298 for (i = 0; i < 20; i++)
1299 es_fprintf (es_stdout, "%02X", uid->namehash[i]);
1301 es_fprintf (es_stdout, "::");
1303 if (uid->attrib_data)
1304 es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len);
1306 es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
1307 es_putc (':', es_stdout);
1308 es_putc ('\n', es_stdout);
1310 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1313 PKT_public_key *pk2;
1315 pk2 = node->pkt->pkt.public_key;
1316 xfree (hexgrip); hexgrip = NULL;
1317 xfree (serialno); serialno = NULL;
1318 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1320 rc = hexkeygrip_from_pk (pk2, &hexgrip);
1322 log_error ("error computing a keygrip: %s\n",
1326 if ((secret||has_secret)
1327 && agent_get_keyinfo (NULL, hexgrip, &serialno))
1328 stubkey = 1; /* Key not found. */
1330 keyid_from_pk (pk2, keyid2);
1331 es_fputs (secret? "ssb:":"sub:", es_stdout);
1332 if (!pk2->flags.valid)
1333 es_putc ('i', es_stdout);
1334 else if (pk2->flags.revoked)
1335 es_putc ('r', es_stdout);
1336 else if (pk2->has_expired)
1337 es_putc ('e', es_stdout);
1338 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1342 /* TRUSTLETTER should always be defined here. */
1344 es_fprintf (es_stdout, "%c", trustletter);
1346 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s:::::",
1347 nbits_from_pk (pk2),
1349 (ulong) keyid2[0], (ulong) keyid2[1],
1350 colon_datestr_from_pk (pk2), colon_strtime (pk2->expiredate)
1351 /* fixme: add LID and ownertrust here */
1353 print_capabilities (pk2, NULL);
1354 es_putc (':', es_stdout); /* End of field 13. */
1355 es_putc (':', es_stdout); /* End of field 14. */
1356 if (secret || has_secret)
1359 es_putc ('#', es_stdout);
1361 es_fputs (serialno, es_stdout);
1362 else if (has_secret)
1363 es_putc ('+', es_stdout);
1365 es_putc (':', es_stdout); /* End of field 15. */
1366 es_putc (':', es_stdout); /* End of field 16. */
1367 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1368 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1369 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1371 char *curve = openpgp_oid_to_str (pk->pkey[0]);
1372 const char *name = openpgp_oid_to_curve (curve);
1373 if (!*name || *name == '?')
1375 es_fputs (name, es_stdout);
1378 es_putc (':', es_stdout); /* End of field 17. */
1379 es_putc ('\n', es_stdout);
1381 print_fingerprint (NULL, pk2, 0);
1382 if (opt.with_key_data || opt.with_keygrip)
1385 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1386 if (opt.with_key_data)
1387 print_key_data (pk2);
1390 else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE)
1392 PKT_signature *sig = node->pkt->pkt.signature;
1393 int sigrc, fprokay = 0;
1396 byte fparray[MAX_FINGERPRINT_LEN];
1398 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1399 || sig->sig_class == 0x30)
1401 else if ((sig->sig_class & ~3) == 0x10)
1403 else if (sig->sig_class == 0x18)
1405 else if (sig->sig_class == 0x1F)
1409 es_fprintf (es_stdout, "sig::::::::::%02x%c:\n",
1410 sig->sig_class, sig->flags.exportable ? 'x' : 'l');
1416 PKT_public_key *signer_pk = NULL;
1419 if (opt.no_sig_cache)
1420 signer_pk = xmalloc_clear (sizeof (PKT_public_key));
1422 rc = check_key_signature2 (keyblock, node, NULL, signer_pk,
1424 switch (gpg_err_code (rc))
1429 case GPG_ERR_BAD_SIGNATURE:
1432 case GPG_ERR_NO_PUBKEY:
1433 case GPG_ERR_UNUSABLE_PUBKEY:
1441 if (opt.no_sig_cache)
1445 fingerprint_from_pk (signer_pk, fparray, &fplen);
1448 free_public_key (signer_pk);
1456 es_fputs (sigstr, es_stdout);
1457 es_putc (':', es_stdout);
1459 es_putc (sigrc, es_stdout);
1460 es_fprintf (es_stdout, "::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1461 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1462 colon_datestr_from_sig (sig),
1463 colon_expirestr_from_sig (sig));
1465 if (sig->trust_depth || sig->trust_value)
1466 es_fprintf (es_stdout, "%d %d", sig->trust_depth, sig->trust_value);
1467 es_fprintf (es_stdout, ":");
1469 if (sig->trust_regexp)
1470 es_write_sanitized (es_stdout, sig->trust_regexp,
1471 strlen (sig->trust_regexp), ":", NULL);
1472 es_fprintf (es_stdout, ":");
1475 es_fprintf (es_stdout, "[%s] ", g10_errstr (rc));
1476 else if (sigrc == '?')
1478 else if (!opt.fast_list_mode)
1481 p = get_user_id (sig->keyid, &n);
1482 es_write_sanitized (es_stdout, p, n, ":", NULL);
1485 es_fprintf (es_stdout, ":%02x%c::", sig->sig_class,
1486 sig->flags.exportable ? 'x' : 'l');
1488 if (opt.no_sig_cache && opt.check_sigs && fprokay)
1490 for (i = 0; i < fplen; i++)
1491 es_fprintf (es_stdout, "%02X", fparray[i]);
1494 es_fprintf (es_stdout, ":::%d:\n", sig->digest_algo);
1496 if (opt.show_subpackets)
1497 print_subpackets_colon (sig);
1499 /* fixme: check or list other sigs here */
1508 * Reorder the keyblock so that the primary user ID (and not attribute
1509 * packet) comes first. Fixme: Replace this by a generic sort
1512 do_reorder_keyblock (KBNODE keyblock, int attr)
1514 KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
1517 for (node = keyblock; node; primary0 = node, node = node->next)
1519 if (node->pkt->pkttype == PKT_USER_ID &&
1520 ((attr && node->pkt->pkt.user_id->attrib_data) ||
1521 (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
1522 node->pkt->pkt.user_id->is_primary)
1524 primary = primary2 = node;
1525 for (node = node->next; node; primary2 = node, node = node->next)
1527 if (node->pkt->pkttype == PKT_USER_ID
1528 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1529 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1538 return; /* No primary key flag found (should not happen). */
1540 for (last = NULL, node = keyblock; node; last = node, node = node->next)
1542 if (node->pkt->pkttype == PKT_USER_ID)
1546 assert (last); /* The user ID is never the first packet. */
1547 assert (primary0); /* Ditto (this is the node before primary). */
1548 if (node == primary)
1549 return; /* Already the first one. */
1551 last->next = primary;
1552 primary0->next = primary2->next;
1553 primary2->next = node;
1557 reorder_keyblock (KBNODE keyblock)
1559 do_reorder_keyblock (keyblock, 1);
1560 do_reorder_keyblock (keyblock, 0);
1564 list_keyblock (KBNODE keyblock, int secret, int has_secret, int fpr,
1567 reorder_keyblock (keyblock);
1568 if (opt.with_colons)
1569 list_keyblock_colon (keyblock, secret, has_secret, fpr);
1571 list_keyblock_print (keyblock, secret, fpr, opaque);
1575 * Function to print the finperprint.
1576 * mode 0: as used in key listings, opt.with_colons is honored
1577 * 1: print using log_info ()
1578 * 2: direct use of tty
1579 * 3: direct use of tty but only primary key.
1581 * Modes 1 and 2 will try and print both subkey and primary key
1582 * fingerprints. A MODE with bit 7 set is used internally. If
1583 * OVERRIDE_FP is not NULL that stream will be used in 0 instead
1584 * of es_stdout or instead of the TTY in modes 2 and 3.
1587 print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode)
1589 byte array[MAX_FINGERPRINT_LEN], *p;
1595 if (pk->main_keyid[0] == pk->keyid[0]
1596 && pk->main_keyid[1] == pk->keyid[1])
1599 /* Just to be safe */
1600 if ((mode & 0x80) && !primary)
1602 log_error ("primary key is not really primary!\n");
1608 if (!primary && (mode == 1 || mode == 2))
1610 PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
1611 get_pubkey (primary_pk, pk->main_keyid);
1612 print_fingerprint (override_fp, primary_pk, (mode | 0x80));
1613 free_public_key (primary_pk);
1618 fp = log_get_stream ();
1620 text = _("Primary key fingerprint:");
1622 text = _(" Subkey fingerprint:");
1626 fp = override_fp; /* Use tty or given stream. */
1628 /* TRANSLATORS: this should fit into 24 bytes to that the
1629 * fingerprint data is properly aligned with the user ID */
1630 text = _(" Primary key fingerprint:");
1632 text = _(" Subkey fingerprint:");
1636 fp = override_fp; /* Use tty or given stream. */
1637 text = _(" Key fingerprint =");
1641 fp = override_fp? override_fp : es_stdout;
1642 text = _(" Key fingerprint =");
1645 fingerprint_from_pk (pk, array, &n);
1647 if (opt.with_colons && !mode)
1649 es_fprintf (fp, "fpr:::::::::");
1650 for (i = 0; i < n; i++, p++)
1651 es_fprintf (fp, "%02X", *p);
1656 tty_fprintf (fp, "%s", text);
1659 for (i = 0; i < n; i++, i++, p += 2)
1660 tty_fprintf (fp, "%s %02X%02X", i==10? " ":"", *p, p[1]);
1664 for (i = 0; i < n; i++, p++)
1665 tty_fprintf (fp, "%s %02X", (i && !(i % 8))? " ":"", *p);
1668 tty_fprintf (fp, "\n");
1671 /* Print the serial number of an OpenPGP card if available. */
1673 print_card_serialno (const char *serialno)
1677 if (opt.with_colons)
1678 return; /* Handled elsewhere. */
1680 es_fputs (_(" Card serial no. ="), es_stdout);
1681 es_putc (' ', es_stdout);
1682 if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12))
1684 /* This is an OpenPGP card. Print the relevant part. */
1685 /* Example: D2760001240101010001000003470000 */
1687 es_fprintf (es_stdout, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
1690 es_fputs (serialno, es_stdout);
1691 es_putc ('\n', es_stdout);
1697 set_attrib_fd (int fd)
1699 static int last_fd = -1;
1701 if (fd != -1 && last_fd == fd)
1704 /* Fixme: Do we need to check for the log stream here? */
1705 if (attrib_fp && attrib_fp != log_get_stream ())
1706 es_fclose (attrib_fp);
1711 #ifdef HAVE_DOSISH_SYSTEM
1712 setmode (fd, O_BINARY);
1715 attrib_fp = es_stdout;
1717 attrib_fp = es_stderr;
1719 attrib_fp = es_fdopen (fd, "wb");
1722 log_fatal ("can't open fd %d for attribute output: %s\n",
1723 fd, strerror (errno));