1 /* keylist.c - print keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2008, 2012 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
27 #ifdef HAVE_DOSISH_SYSTEM
28 #include <fcntl.h> /* for setmode() */
44 static void list_all(int);
45 static void list_one( strlist_t names, int secret);
46 static void locate_one (strlist_t names);
47 static void print_card_serialno (PKT_secret_key *sk);
56 /* The stream used to write attribute packets to. */
57 static FILE *attrib_fp = NULL;
61 * If list is NULL, all available keys are listed
64 public_key_list( strlist_t list, int locate_mode )
68 byte trust_model,marginals,completes,cert_depth,min_cert_level;
69 ulong created,nextcheck;
71 read_trust_options(&trust_model,&created,&nextcheck,
72 &marginals,&completes,&cert_depth,&min_cert_level);
76 if(nextcheck && nextcheck <= make_timestamp())
78 if(trust_model!=opt.trust_model)
80 if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
82 if(marginals!=opt.marginals_needed)
84 if(completes!=opt.completes_needed)
86 if(cert_depth!=opt.max_cert_depth)
88 if(min_cert_level!=opt.min_cert_level)
92 printf(":%d:%lu:%lu",trust_model,created,nextcheck);
94 /* Only show marginals, completes, and cert_depth in the classic
95 or PGP trust models since they are not meaningful
98 if(trust_model==TM_PGP || trust_model==TM_CLASSIC)
99 printf(":%d:%d:%d",marginals,completes,cert_depth);
104 /* We need to do the stale check right here because it might need to
105 update the keyring while we already have the keyring open. This
106 is very bad for W32 because of a sharing violation. For real OSes
107 it might lead to false results if we are later listing a keyring
108 which is associated with the inode of a deleted file. */
109 check_trustdb_stale ();
121 secret_key_list( strlist_t list )
123 check_trustdb_stale ();
127 else /* List by user id */
132 print_seckey_info (PKT_secret_key *sk)
137 keyid_from_sk (sk, keyid);
138 p=get_user_id_native(keyid);
140 tty_printf ("\nsec %4u%c/%s %s %s\n",
142 pubkey_letter (sk->pubkey_algo),
143 keystr(keyid), datestr_from_sk (sk), p);
148 /* Print information about the public key. With FP passed as NULL,
149 the tty output interface is used, otherwise output is directted to
152 print_pubkey_info (FILE *fp, PKT_public_key *pk)
157 keyid_from_pk (pk, keyid);
159 /* If the pk was chosen by a particular user ID, that is the one to
162 p=utf8_to_native(pk->user_id->name,pk->user_id->len,0);
164 p=get_user_id_native(keyid);
167 fprintf (fp, "pub %4u%c/%s %s %s\n",
169 pubkey_letter (pk->pubkey_algo),
170 keystr(keyid), datestr_from_pk (pk), p);
172 tty_printf ("\npub %4u%c/%s %s %s\n",
173 nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
174 keystr(keyid), datestr_from_pk (pk), p);
180 /* Print basic information of a secret key including the card serial
181 number information. */
183 print_card_key_info (FILE *fp, KBNODE keyblock)
188 for (node = keyblock; node; node = node->next )
190 if (node->pkt->pkttype == PKT_SECRET_KEY
191 || (node->pkt->pkttype == PKT_SECRET_SUBKEY) )
193 PKT_secret_key *sk = node->pkt->pkt.secret_key;
195 tty_fprintf (fp, "%s%c %4u%c/%s ",
196 node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
197 (sk->protect.s2k.mode==1001)?'#':
198 (sk->protect.s2k.mode==1002)?'>':' ',
200 pubkey_letter (sk->pubkey_algo),
202 tty_fprintf (fp, _("created: %s"), datestr_from_sk (sk));
203 tty_fprintf (fp, " ");
204 tty_fprintf (fp, _("expires: %s"), expirestr_from_sk (sk));
205 if (sk->is_protected && sk->protect.s2k.mode == 1002)
207 tty_fprintf (fp, "\n ");
208 tty_fprintf (fp, _("card-no: "));
209 if (sk->protect.ivlen == 16
210 && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
212 /* This is an OpenPGP card. */
213 for (i=8; i < 14; i++)
216 tty_fprintf (fp, " ");
217 tty_fprintf (fp, "%02X", sk->protect.iv[i]);
221 { /* Something is wrong: Print all. */
222 for (i=0; i < sk->protect.ivlen; i++)
223 tty_fprintf (fp, "%02X", sk->protect.iv[i]);
226 tty_fprintf (fp, "\n");
233 /* Flags = 0x01 hashed 0x02 critical */
235 status_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
239 /* Don't print these. */
243 sprintf(status,"%d %u %u ",type,flags,(unsigned int)len);
245 write_status_text_and_buffer(STATUS_SIG_SUBPACKET,status,buf,len,0);
250 mode=1 for log_info + status messages
251 mode=2 for status messages only
255 show_policy_url(PKT_signature *sig,int indent,int mode)
260 FILE *fp=mode?log_get_stream():stdout;
262 while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,&len,&seq,&crit)))
269 for(i=0;i<indent;i++)
273 str=_("Critical signature policy: ");
275 str=_("Signature policy: ");
280 print_utf8_string(fp,p,len);
285 write_status_buffer ( STATUS_POLICY_URL, p, len, 0 );
291 mode=1 for log_info + status messages
292 mode=2 for status messages only
296 show_keyserver_url(PKT_signature *sig,int indent,int mode)
301 FILE *fp=mode?log_get_stream():stdout;
303 while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&len,&seq,&crit)))
310 for(i=0;i<indent;i++)
314 str=_("Critical preferred keyserver: ");
316 str=_("Preferred keyserver: ");
321 print_utf8_string(fp,p,len);
326 status_one_subpacket(SIGSUBPKT_PREF_KS,len,(crit?0x02:0)|0x01,p);
332 mode=1 for log_info + status messages
333 mode=2 for status messages only
336 1 == standard notations
341 show_notation(PKT_signature *sig,int indent,int mode,int which)
343 FILE *fp=mode?log_get_stream():stdout;
344 struct notation *nd,*notations;
349 notations=sig_to_notation(sig);
351 /* There may be multiple notations in the same sig. */
352 for(nd=notations;nd;nd=nd->next)
356 int has_at=!!strchr(nd->name,'@');
358 if((which&1 && !has_at) || (which&2 && has_at))
363 for(i=0;i<indent;i++)
366 if(nd->flags.critical)
367 str=_("Critical signature notation: ");
369 str=_("Signature notation: ");
374 /* This is all UTF8 */
375 print_utf8_string(fp,nd->name,strlen(nd->name));
377 print_utf8_string(fp,nd->value,strlen(nd->value));
384 write_status_buffer(STATUS_NOTATION_NAME,
385 nd->name,strlen(nd->name),0);
386 write_status_buffer(STATUS_NOTATION_DATA,
387 nd->value,strlen(nd->value),50);
391 free_notation(notations);
395 print_signature_stats(struct sig_stats *s)
397 if( s->inv_sigs == 1 )
398 tty_printf(_("1 bad signature\n") );
399 else if( s->inv_sigs )
400 tty_printf(_("%d bad signatures\n"), s->inv_sigs );
402 tty_printf(_("1 signature not checked due to a missing key\n") );
404 tty_printf(_("%d signatures not checked due to missing keys\n"),s->no_key);
405 if( s->oth_err == 1 )
406 tty_printf(_("1 signature not checked due to an error\n") );
407 else if( s->oth_err )
408 tty_printf(_("%d signatures not checked due to errors\n"), s->oth_err );
412 list_all( int secret )
415 KBNODE keyblock = NULL;
417 const char *lastresname, *resname;
418 struct sig_stats stats;
420 memset(&stats,0,sizeof(stats));
422 hd = keydb_new (secret);
426 rc = keydb_search_first (hd);
429 log_error("keydb_search_first failed: %s\n", g10_errstr(rc) );
435 rc = keydb_get_keyblock (hd, &keyblock);
437 log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
442 resname = keydb_get_resource_name (hd);
443 if (lastresname != resname )
447 printf("%s\n", resname );
448 for(i=strlen(resname); i; i-- )
451 lastresname = resname;
454 merge_keys_and_selfsig( keyblock );
455 list_keyblock( keyblock, secret, opt.fingerprint,
456 opt.check_sigs?&stats:NULL);
457 release_kbnode( keyblock );
459 } while (!(rc = keydb_search_next (hd)));
461 log_error ("keydb_search_next failed: %s\n", g10_errstr(rc));
463 if(opt.check_sigs && !opt.with_colons)
464 print_signature_stats(&stats);
467 release_kbnode (keyblock);
473 list_one( strlist_t names, int secret )
476 KBNODE keyblock = NULL;
479 const char *keyring_str = _("Keyring");
481 struct sig_stats stats;
483 memset(&stats,0,sizeof(stats));
485 /* fixme: using the bynames function has the disadvantage that we
486 * don't know wether one of the names given was not found. OTOH,
487 * this function has the advantage to list the names in the
488 * sequence as defined by the keyDB and does not duplicate
489 * outputs. A solution could be do test whether all given have
490 * been listed (this needs a way to use the keyDB search
491 * functions) or to have the search function return indicators for
492 * found names. Yet another way is to use the keydb search
493 * facilities directly. */
495 rc = get_seckey_bynames( &ctx, NULL, names, &keyblock );
497 log_error("error reading key: %s\n", g10_errstr(rc) );
498 get_seckey_end( ctx );
502 if ((opt.list_options&LIST_SHOW_KEYRING) && !opt.with_colons) {
503 resname = keydb_get_resource_name (get_ctx_handle(ctx));
504 printf("%s: %s\n", keyring_str, resname);
505 for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )
509 list_keyblock( keyblock, 1, opt.fingerprint, NULL );
510 release_kbnode( keyblock );
511 } while( !get_seckey_next( ctx, NULL, &keyblock ) );
512 get_seckey_end( ctx );
515 rc = get_pubkey_bynames( &ctx, NULL, names, &keyblock );
517 log_error("error reading key: %s\n", g10_errstr(rc) );
518 get_pubkey_end( ctx );
522 if ((opt.list_options&LIST_SHOW_KEYRING) && !opt.with_colons) {
523 resname = keydb_get_resource_name (get_ctx_handle(ctx));
524 printf("%s: %s\n", keyring_str, resname);
525 for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )
529 list_keyblock( keyblock, 0, opt.fingerprint,
530 opt.check_sigs?&stats:NULL );
531 release_kbnode( keyblock );
532 } while( !get_pubkey_next( ctx, NULL, &keyblock ) );
533 get_pubkey_end( ctx );
536 if(opt.check_sigs && !opt.with_colons)
537 print_signature_stats(&stats);
542 locate_one (strlist_t names)
546 GETKEY_CTX ctx = NULL;
547 KBNODE keyblock = NULL;
548 struct sig_stats stats;
550 memset (&stats,0,sizeof(stats));
552 for (sl=names; sl; sl = sl->next)
554 rc = get_pubkey_byname (&ctx, NULL, sl->d, &keyblock, NULL, 1, 0);
557 if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
558 log_error ("error reading key: %s\n", g10_errstr(rc) );
564 list_keyblock (keyblock, 0, opt.fingerprint,
565 opt.check_sigs? &stats : NULL );
566 release_kbnode (keyblock);
568 while ( ctx && !get_pubkey_next (ctx, NULL, &keyblock));
569 get_pubkey_end (ctx);
574 if (opt.check_sigs && !opt.with_colons)
575 print_signature_stats (&stats);
580 print_key_data( PKT_public_key *pk )
582 int n = pk ? pubkey_get_npkey( pk->pubkey_algo ) : 0;
585 for(i=0; i < n; i++ ) {
586 printf("pkd:%d:%u:", i, mpi_get_nbits( pk->pkey[i] ) );
587 mpi_print(stdout, pk->pkey[i], 1 );
594 print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
596 if(pk || (sk && sk->protect.s2k.mode!=1001))
598 unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage;
601 if ( use & PUBKEY_USAGE_ENC )
604 if ( use & PUBKEY_USAGE_SIG )
607 if( pk? pk->is_primary : sk->is_primary )
610 /* The PUBKEY_USAGE_CERT flag was introduced later and
611 we used to always print 'c' for a primary key. To
612 avoid any regression here we better track whether we
613 printed 'c' already. */
618 if ( (use & PUBKEY_USAGE_CERT) && !c_printed )
621 if ( (use & PUBKEY_USAGE_AUTH) )
625 if ( keyblock ) { /* figure out the usable capabilities */
627 int enc=0, sign=0, cert=0, auth=0, disabled=0;
629 for (k=keyblock; k; k = k->next ) {
630 if ( k->pkt->pkttype == PKT_PUBLIC_KEY
631 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
632 pk = k->pkt->pkt.public_key;
635 disabled=pk_is_disabled(pk);
637 if ( pk->is_valid && !pk->is_revoked && !pk->has_expired ) {
638 if ( pk->pubkey_usage & PUBKEY_USAGE_ENC )
640 if ( pk->pubkey_usage & PUBKEY_USAGE_SIG )
646 if ( pk->pubkey_usage & PUBKEY_USAGE_CERT )
648 if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
652 else if ( k->pkt->pkttype == PKT_SECRET_KEY
653 || k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
654 sk = k->pkt->pkt.secret_key;
655 if ( sk->is_valid && !sk->is_revoked && !sk->has_expired
656 && sk->protect.s2k.mode!=1001 ) {
657 if ( sk->pubkey_usage & PUBKEY_USAGE_ENC )
659 if ( sk->pubkey_usage & PUBKEY_USAGE_SIG )
665 if ( (sk->pubkey_usage & PUBKEY_USAGE_CERT) )
667 if ( (sk->pubkey_usage & PUBKEY_USAGE_AUTH) )
687 /* Flags = 0x01 hashed 0x02 critical */
689 print_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
693 printf("spk:%d:%u:%u:",type,flags,(unsigned int)len);
697 /* printable ascii other than : and % */
698 if(buf[i]>=32 && buf[i]<=126 && buf[i]!=':' && buf[i]!='%')
701 printf("%%%02X",buf[i]);
708 print_subpackets_colon(PKT_signature *sig)
712 assert(opt.show_subpackets);
714 for(i=opt.show_subpackets;*i;i++)
722 while((p=enum_sig_subpkt(sig->hashed,*i,&len,&seq,&crit)))
723 print_one_subpacket(*i,len,0x01|(crit?0x02:0),p);
727 while((p=enum_sig_subpkt(sig->unhashed,*i,&len,&seq,&crit)))
728 print_one_subpacket(*i,len,0x00|(crit?0x02:0),p);
733 dump_attribs(const PKT_user_id *uid,PKT_public_key *pk,PKT_secret_key *sk)
740 for(i=0;i<uid->numattribs;i++)
742 if(is_status_enabled())
744 byte array[MAX_FINGERPRINT_LEN], *p;
745 char buf[(MAX_FINGERPRINT_LEN*2)+90];
749 fingerprint_from_pk( pk, array, &n );
751 fingerprint_from_sk( sk, array, &n );
756 for(j=0; j < n ; j++, p++ )
757 sprintf(buf+2*j, "%02X", *p );
759 sprintf(buf+strlen(buf)," %lu %u %u %u %lu %lu %u",
760 (ulong)uid->attribs[i].len,uid->attribs[i].type,i+1,
761 uid->numattribs,(ulong)uid->created,(ulong)uid->expiredate,
762 ((uid->is_primary?0x01:0)|
763 (uid->is_revoked?0x02:0)|
764 (uid->is_expired?0x04:0)));
765 write_status_text(STATUS_ATTRIBUTE,buf);
768 fwrite(uid->attribs[i].data,uid->attribs[i].len,1,attrib_fp);
774 list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
781 struct sig_stats *stats=opaque;
784 /* get the keyid from the keyblock */
785 node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
787 log_error("Oops; key lost!\n");
788 dump_kbnode( keyblock );
795 sk = node->pkt->pkt.secret_key;
797 printf("sec%c %4u%c/%s %s",(sk->protect.s2k.mode==1001)?'#':
798 (sk->protect.s2k.mode==1002)?'>':' ',
799 nbits_from_sk( sk ),pubkey_letter( sk->pubkey_algo ),
800 keystr_from_sk(sk),datestr_from_sk( sk ));
805 printf(_("expired: %s"),expirestr_from_sk(sk));
808 else if(sk->expiredate )
811 printf(_("expires: %s"),expirestr_from_sk(sk));
819 pk = node->pkt->pkt.public_key;
822 check_trustdb_stale();
824 printf("pub %4u%c/%s %s",
825 nbits_from_pk(pk),pubkey_letter(pk->pubkey_algo),
826 keystr_from_pk(pk),datestr_from_pk( pk ));
828 /* We didn't include this before in the key listing, but there
829 is room in the new format, so why not? */
834 printf(_("revoked: %s"),revokestr_from_pk(pk));
837 else if(pk->has_expired)
840 printf(_("expired: %s"),expirestr_from_pk(pk));
843 else if(pk->expiredate)
846 printf(_("expires: %s"),expirestr_from_pk(pk));
851 /* I need to think about this some more. It's easy enough to
852 include, but it looks sort of confusing in the
854 if(opt.list_options&LIST_SHOW_VALIDITY)
856 int validity=get_validity(pk,NULL);
857 printf(" [%s]",trust_value_to_string(validity));
865 print_fingerprint( pk, sk, 0 );
866 print_card_serialno (sk);
867 if( opt.with_key_data )
868 print_key_data( pk );
870 for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
871 if( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode ) {
872 PKT_user_id *uid=node->pkt->pkt.user_id;
874 if(pk && (uid->is_expired || uid->is_revoked)
875 && !(opt.list_options&LIST_SHOW_UNUSABLE_UIDS))
883 if(attrib_fp && uid->attrib_data!=NULL)
884 dump_attribs(uid,pk,sk);
886 if((uid->is_revoked || uid->is_expired)
887 || ((opt.list_options&LIST_SHOW_UID_VALIDITY) && pk))
889 const char *validity;
892 validity=uid_trust_string_fixed(pk,uid);
893 indent=(keystrlen()+9)-atoi(uid_trust_string_fixed(NULL,NULL));
895 if(indent<0 || indent>40)
898 printf("uid%*s%s ",indent,"",validity);
901 printf("uid%*s", (int)keystrlen()+10,"");
903 print_utf8_string( stdout, uid->name, uid->len );
906 if((opt.list_options&LIST_SHOW_PHOTOS) && uid->attribs!=NULL)
907 show_photos(uid->attribs,uid->numattribs,pk,sk,uid);
909 else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
911 PKT_public_key *pk2 = node->pkt->pkt.public_key;
913 if((pk2->is_revoked || pk2->has_expired)
914 && !(opt.list_options&LIST_SHOW_UNUSABLE_SUBKEYS))
922 printf("sub %4u%c/%s %s",
923 nbits_from_pk( pk2 ),pubkey_letter( pk2->pubkey_algo ),
924 keystr_from_pk(pk2),datestr_from_pk(pk2));
925 if( pk2->is_revoked )
928 printf(_("revoked: %s"),revokestr_from_pk(pk2));
931 else if( pk2->has_expired )
934 printf(_("expired: %s"),expirestr_from_pk(pk2));
937 else if( pk2->expiredate )
940 printf(_("expires: %s"),expirestr_from_pk(pk2));
945 print_fingerprint( pk2, NULL, 0 );
946 if( opt.with_key_data )
947 print_key_data( pk2 );
949 else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
951 PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
953 printf("ssb%c %4u%c/%s %s",
954 (sk2->protect.s2k.mode==1001)?'#':
955 (sk2->protect.s2k.mode==1002)?'>':' ',
956 nbits_from_sk( sk2 ),pubkey_letter( sk2->pubkey_algo ),
957 keystr_from_sk(sk2),datestr_from_sk( sk2 ) );
958 if( sk2->expiredate )
961 printf(_("expires: %s"),expirestr_from_sk(sk2));
967 print_fingerprint( NULL, sk2, 0 );
968 print_card_serialno (sk2);
971 else if( opt.list_sigs
972 && node->pkt->pkttype == PKT_SIGNATURE
974 PKT_signature *sig = node->pkt->pkt.signature;
980 rc = check_key_signature( keyblock, node, NULL );
981 switch( gpg_err_code (rc) ) {
982 case 0: sigrc = '!'; break;
983 case GPG_ERR_BAD_SIGNATURE:
984 stats->inv_sigs++; sigrc = '-'; break;
985 case GPG_ERR_NO_PUBKEY:
986 case GPG_ERR_UNUSABLE_PUBKEY: stats->no_key++; continue;
987 default: stats->oth_err++; sigrc = '%'; break;
990 /* TODO: Make sure a cached sig record here still has
991 the pk that issued it. See also
992 keyedit.c:print_and_check_one_sig */
999 if( sig->sig_class == 0x20 || sig->sig_class == 0x28
1000 || sig->sig_class == 0x30 )
1002 else if( (sig->sig_class&~3) == 0x10 )
1004 else if( sig->sig_class == 0x18 )
1006 else if( sig->sig_class == 0x1F )
1010 "[unexpected signature class 0x%02x]\n",sig->sig_class );
1014 fputs( sigstr, stdout );
1015 printf("%c%c %c%c%c%c%c%c %s %s",
1016 sigrc,(sig->sig_class-0x10>0 &&
1017 sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
1018 sig->flags.exportable?' ':'L',
1019 sig->flags.revocable?' ':'R',
1020 sig->flags.policy_url?'P':' ',
1021 sig->flags.notation?'N':' ',
1022 sig->flags.expired?'X':' ',
1023 (sig->trust_depth>9)?'T':
1024 (sig->trust_depth>0)?'0'+sig->trust_depth:' ',
1025 keystr(sig->keyid),datestr_from_sig(sig));
1026 if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
1027 printf(" %s", expirestr_from_sig(sig));
1030 printf("[%s] ", g10_errstr(rc) );
1031 else if( sigrc == '?' )
1033 else if ( !opt.fast_list_mode ) {
1035 char *p = get_user_id( sig->keyid, &n );
1036 print_utf8_string( stdout, p, n );
1041 if(sig->flags.policy_url
1042 && (opt.list_options&LIST_SHOW_POLICY_URLS))
1043 show_policy_url(sig,3,0);
1045 if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
1046 show_notation(sig,3,0,
1047 ((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
1048 ((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
1050 if(sig->flags.pref_ks
1051 && (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
1052 show_keyserver_url(sig,3,0);
1054 /* fixme: check or list other sigs here */
1061 print_revokers(PKT_public_key *pk)
1063 /* print the revoker record */
1064 if( !pk->revkey && pk->numrevkeys )
1070 for (i=0; i < pk->numrevkeys; i++)
1074 printf ("rvk:::%d::::::", pk->revkey[i].algid);
1075 p = pk->revkey[i].fpr;
1076 for (j=0; j < 20; j++, p++ )
1077 printf ("%02X", *p);
1078 printf (":%02x%s:\n", pk->revkey[i].class,
1079 (pk->revkey[i].class&0x40)?"s":"");
1085 list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
1093 int trustletter = 0;
1097 /* get the keyid from the keyblock */
1098 node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
1101 log_error("Oops; key lost!\n");
1102 dump_kbnode( keyblock );
1109 sk = node->pkt->pkt.secret_key;
1110 keyid_from_sk ( sk, keyid );
1111 printf ("sec::%u:%d:%08lX%08lX:%s:%s:::",
1112 nbits_from_sk( sk ),
1114 (ulong)keyid[0],(ulong)keyid[1],
1115 colon_datestr_from_sk( sk ),
1116 colon_strtime (sk->expiredate)
1117 /* fixme: add LID here */ );
1121 pk = node->pkt->pkt.public_key;
1123 keyid_from_pk( pk, keyid );
1124 fputs( "pub:", stdout );
1125 if ( !pk->is_valid )
1127 else if ( pk->is_revoked )
1129 else if ( pk->has_expired )
1131 else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
1135 trustletter = get_validity_info ( pk, NULL );
1136 if ( trustletter == 'u' )
1138 putchar(trustletter);
1140 printf (":%u:%d:%08lX%08lX:%s:%s::",
1141 nbits_from_pk( pk ),
1143 (ulong)keyid[0],(ulong)keyid[1],
1144 colon_datestr_from_pk( pk ),
1145 colon_strtime (pk->expiredate) );
1146 if ( !opt.fast_list_mode && !opt.no_expensive_trust_checks )
1147 putchar( get_ownertrust_info(pk) );
1153 print_capabilities (pk, sk, keyblock);
1156 putchar (':'); /* End of field 13. */
1157 putchar (':'); /* End of field 14. */
1158 if (sk->protect.s2k.mode == 1001)
1159 putchar ('#'); /* Key is just a stub. */
1160 else if (sk->protect.s2k.mode == 1002)
1162 /* Key is stored on an external token (card) or handled by
1163 the gpg-agent. Print the serial number of that token
1165 for (i=0; i < sk->protect.ivlen; i++)
1166 printf ("%02X", sk->protect.iv[i]);
1168 putchar (':'); /* End of field 15. */
1172 print_revokers (pk);
1174 print_fingerprint (pk, sk, 0);
1175 if (opt.with_key_data)
1176 print_key_data (pk);
1179 for ( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; )
1181 if ( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode )
1184 PKT_user_id *uid=node->pkt->pkt.user_id;
1186 if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
1187 dump_attribs (node->pkt->pkt.user_id,pk,sk);
1189 * Fixme: We need a is_valid flag here too
1191 str = uid->attrib_data? "uat":"uid";
1192 /* If we're listing a secret key, leave out the validity
1193 values for now. This is handled better in 1.9. */
1195 printf ("%s:::::",str);
1196 else if ( uid->is_revoked )
1197 printf ("%s:r::::",str);
1198 else if ( uid->is_expired )
1199 printf ("%s:e::::",str);
1200 else if ( opt.no_expensive_trust_checks )
1201 printf ("%s:::::",str);
1206 if ( pk && !ulti_hack )
1207 uid_validity=get_validity_info (pk, uid);
1210 printf ("%s:%c::::",str,uid_validity);
1213 printf ("%s:", colon_strtime (uid->created));
1214 printf ("%s:", colon_strtime (uid->expiredate));
1216 namehash_from_uid (uid);
1218 for (i=0; i < 20; i++ )
1219 printf ("%02X",uid->namehash[i]);
1223 if (uid->attrib_data)
1224 printf ("%u %lu",uid->numattribs,uid->attrib_len);
1226 print_string (stdout,uid->name,uid->len, ':' );
1230 else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
1233 PKT_public_key *pk2 = node->pkt->pkt.public_key;
1235 keyid_from_pk ( pk2, keyid2 );
1236 fputs ("sub:", stdout );
1237 if ( !pk2->is_valid )
1239 else if ( pk2->is_revoked )
1241 else if ( pk2->has_expired )
1243 else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
1247 /* TRUSTLETTER should always be defined here. */
1249 printf ("%c", trustletter );
1251 printf(":%u:%d:%08lX%08lX:%s:%s:::::",
1252 nbits_from_pk( pk2 ),
1254 (ulong)keyid2[0],(ulong)keyid2[1],
1255 colon_datestr_from_pk( pk2 ),
1256 colon_strtime (pk2->expiredate)
1257 /* fixme: add LID and ownertrust here */
1259 print_capabilities (pk2, NULL, NULL);
1262 print_fingerprint ( pk2, NULL, 0 );
1263 if ( opt.with_key_data )
1264 print_key_data( pk2 );
1266 else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
1269 PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
1271 keyid_from_sk ( sk2, keyid2 );
1272 printf ("ssb::%u:%d:%08lX%08lX:%s:%s:::::",
1273 nbits_from_sk( sk2 ),
1275 (ulong)keyid2[0],(ulong)keyid2[1],
1276 colon_datestr_from_sk( sk2 ),
1277 colon_strtime (sk2->expiredate)
1278 /* fixme: add LID */ );
1279 print_capabilities (NULL, sk2, NULL);
1280 putchar(':'); /* End of field 13. */
1281 putchar(':'); /* End of field 14. */
1282 if (sk2->protect.s2k.mode == 1001)
1283 putchar ('#'); /* Key is just a stub. */
1284 else if (sk2->protect.s2k.mode == 1002)
1286 /* Key is stored on an external token (card) or handled by
1287 the gpg-agent. Print the serial number of that token
1289 for (i=0; i < sk2->protect.ivlen; i++)
1290 printf ("%02X", sk2->protect.iv[i]);
1292 putchar(':'); /* End of field 15. */
1296 print_fingerprint ( NULL, sk2, 0 );
1298 else if ( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE )
1300 PKT_signature *sig = node->pkt->pkt.signature;
1301 int sigrc,fprokay=0;
1304 byte fparray[MAX_FINGERPRINT_LEN];
1306 if ( sig->sig_class == 0x20 || sig->sig_class == 0x28
1307 || sig->sig_class == 0x30 )
1309 else if ( (sig->sig_class&~3) == 0x10 )
1311 else if ( sig->sig_class == 0x18 )
1313 else if ( sig->sig_class == 0x1F )
1317 printf ("sig::::::::::%02x%c:\n",
1318 sig->sig_class, sig->flags.exportable?'x':'l');
1322 if ( opt.check_sigs )
1324 PKT_public_key *signer_pk=NULL;
1327 if (opt.no_sig_cache)
1328 signer_pk = xmalloc_clear (sizeof(PKT_public_key));
1330 rc = check_key_signature2 ( keyblock, node, NULL, signer_pk,
1332 switch ( gpg_err_code (rc) )
1334 case 0: sigrc = '!'; break;
1335 case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
1336 case GPG_ERR_NO_PUBKEY:
1337 case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
1338 default: sigrc = '%'; break;
1341 if (opt.no_sig_cache)
1345 fingerprint_from_pk (signer_pk, fparray, &fplen);
1348 free_public_key(signer_pk);
1356 fputs ( sigstr, stdout );
1360 printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1361 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1362 colon_datestr_from_sig(sig),
1363 colon_expirestr_from_sig(sig));
1365 if (sig->trust_depth || sig->trust_value)
1366 printf("%d %d",sig->trust_depth,sig->trust_value);
1369 if (sig->trust_regexp)
1370 print_string (stdout,sig->trust_regexp,
1371 strlen(sig->trust_regexp),':');
1375 printf("[%s] ", g10_errstr(rc) );
1376 else if ( sigrc == '?' )
1378 else if ( !opt.fast_list_mode )
1381 char *p = get_user_id( sig->keyid, &n );
1382 print_string( stdout, p, n, ':' );
1385 printf (":%02x%c::", sig->sig_class,sig->flags.exportable?'x':'l');
1387 if (opt.no_sig_cache && opt.check_sigs && fprokay)
1389 for (i=0; i < fplen ; i++ )
1390 printf ("%02X", fparray[i] );
1393 printf (":::%d:\n", sig->digest_algo);
1395 if (opt.show_subpackets)
1396 print_subpackets_colon (sig);
1398 /* fixme: check or list other sigs here */
1404 * Reorder the keyblock so that the primary user ID (and not attribute
1405 * packet) comes first. Fixme: Replace this by a generic sort
1408 do_reorder_keyblock (KBNODE keyblock,int attr)
1410 KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
1413 for (node=keyblock; node; primary0=node, node = node->next) {
1414 if( node->pkt->pkttype == PKT_USER_ID &&
1415 ((attr && node->pkt->pkt.user_id->attrib_data) ||
1416 (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
1417 node->pkt->pkt.user_id->is_primary ) {
1418 primary = primary2 = node;
1419 for (node=node->next; node; primary2=node, node = node->next ) {
1420 if( node->pkt->pkttype == PKT_USER_ID
1421 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1422 || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1430 return; /* no primary key flag found (should not happen) */
1432 for (last=NULL, node=keyblock; node; last = node, node = node->next) {
1433 if( node->pkt->pkttype == PKT_USER_ID )
1437 assert (last); /* the user ID is never the first packet */
1438 assert (primary0); /* ditto (this is the node before primary) */
1439 if ( node == primary )
1440 return; /* already the first one */
1442 last->next = primary;
1443 primary0->next = primary2->next;
1444 primary2->next = node;
1448 reorder_keyblock (KBNODE keyblock)
1450 do_reorder_keyblock(keyblock,1);
1451 do_reorder_keyblock(keyblock,0);
1455 list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque )
1457 reorder_keyblock (keyblock);
1458 if (opt.with_colons)
1459 list_keyblock_colon (keyblock, secret, fpr );
1461 list_keyblock_print (keyblock, secret, fpr, opaque );
1465 * standard function to print the finperprint.
1466 * mode 0: as used in key listings, opt.with_colons is honored
1467 * 1: print using log_info ()
1468 * 2: direct use of tty
1469 * 3: direct use of tty but only primary key.
1470 * modes 1 and 2 will try and print both subkey and primary key fingerprints
1473 print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
1475 byte array[MAX_FINGERPRINT_LEN], *p;
1483 if(sk->main_keyid[0]==sk->keyid[0] && sk->main_keyid[1]==sk->keyid[1])
1488 if(pk->main_keyid[0]==pk->keyid[0] && pk->main_keyid[1]==pk->keyid[1])
1492 /* Just to be safe */
1493 if(mode&0x80 && !primary)
1495 log_error("primary key is not really primary!\n");
1501 if(!primary && (mode==1 || mode==2))
1505 PKT_secret_key *primary_sk=xmalloc_clear(sizeof(*primary_sk));
1506 get_seckey(primary_sk,sk->main_keyid);
1507 print_fingerprint(NULL,primary_sk,mode|0x80);
1508 free_secret_key(primary_sk);
1512 PKT_public_key *primary_pk=xmalloc_clear(sizeof(*primary_pk));
1513 get_pubkey(primary_pk,pk->main_keyid);
1514 print_fingerprint(primary_pk,NULL,mode|0x80);
1515 free_public_key(primary_pk);
1520 fp = log_get_stream ();
1522 text = _("Primary key fingerprint:");
1524 text = _(" Subkey fingerprint:");
1526 else if (mode == 2) {
1527 fp = NULL; /* use tty */
1529 /* TRANSLATORS: this should fit into 24 bytes to that the
1530 * fingerprint data is properly aligned with the user ID */
1531 text = _(" Primary key fingerprint:");
1533 text = _(" Subkey fingerprint:");
1535 else if (mode == 3) {
1536 fp = NULL; /* use tty */
1537 text = _(" Key fingerprint =");
1541 text = _(" Key fingerprint =");
1545 fingerprint_from_sk (sk, array, &n);
1547 fingerprint_from_pk (pk, array, &n);
1549 if (opt.with_colons && !mode) {
1550 fprintf (fp, "fpr:::::::::");
1551 for (i=0; i < n ; i++, p++ )
1552 fprintf (fp, "%02X", *p );
1559 tty_printf ("%s", text);
1561 for (i=0; i < n ; i++, i++, p += 2 ) {
1565 fprintf (fp, " %02X%02X", *p, p[1] );
1570 tty_printf (" %02X%02X", *p, p[1]);
1575 for (i=0; i < n ; i++, p++ ) {
1579 fprintf (fp, " %02X", *p );
1584 tty_printf (" %02X", *p );
1594 if (n==16 && !opt.with_colons && !opt.flags.allow_weak_digest_algos)
1597 fprintf (fp, _("WARNING: a PGP-2 fingerprint is not safe\n"));
1599 tty_printf (_("WARNING: a PGP-2 fingerprint is not safe\n"));
1603 /* Print the serial number of an OpenPGP card if available. */
1605 print_card_serialno (PKT_secret_key *sk)
1611 if (!sk->is_protected || sk->protect.s2k.mode != 1002)
1612 return; /* Not a card. */
1613 if (opt.with_colons)
1614 return; /* Handled elsewhere. */
1616 fputs (_(" Card serial no. ="), stdout);
1618 if (sk->protect.ivlen == 16
1619 && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6) )
1620 { /* This is an OpenPGP card. Just print the relevant part. */
1621 for (i=8; i < 14; i++)
1625 printf ("%02X", sk->protect.iv[i]);
1629 { /* Something is wrong: Print all. */
1630 for (i=0; i < sk->protect.ivlen; i++)
1631 printf ("%02X", sk->protect.iv[i]);
1639 set_attrib_fd (int fd)
1641 static int last_fd=-1;
1643 if ( fd != -1 && last_fd == fd )
1646 if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr
1647 && attrib_fp != log_get_stream () )
1653 #ifdef HAVE_DOSISH_SYSTEM
1654 setmode (fd, O_BINARY);
1661 attrib_fp = fdopen (fd, "wb");
1664 log_fatal("can't open fd %d for attribute output: %s\n",
1665 fd, strerror(errno));