1 /* keylist.c - print keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2008, 2012 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
27 #ifdef HAVE_DOSISH_SYSTEM
28 #include <fcntl.h> /* for setmode() */
44 static void list_all(int);
45 static void list_one( strlist_t names, int secret);
46 static void locate_one (strlist_t names);
47 static void print_card_serialno (PKT_secret_key *sk);
56 /* The stream used to write attribute packets to. */
57 static FILE *attrib_fp = NULL;
61 * If list is NULL, all available keys are listed
64 public_key_list( strlist_t list, int locate_mode )
68 byte trust_model,marginals,completes,cert_depth,min_cert_level;
69 ulong created,nextcheck;
71 read_trust_options(&trust_model,&created,&nextcheck,
72 &marginals,&completes,&cert_depth,&min_cert_level);
76 if(nextcheck && nextcheck <= make_timestamp())
78 if(trust_model!=opt.trust_model)
80 if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
82 if(marginals!=opt.marginals_needed)
84 if(completes!=opt.completes_needed)
86 if(cert_depth!=opt.max_cert_depth)
88 if(min_cert_level!=opt.min_cert_level)
92 printf(":%d:%lu:%lu",trust_model,created,nextcheck);
94 /* Only show marginals, completes, and cert_depth in the classic
95 or PGP trust models since they are not meaningful
98 if(trust_model==TM_PGP || trust_model==TM_CLASSIC)
99 printf(":%d:%d:%d",marginals,completes,cert_depth);
104 /* We need to do the stale check right here because it might need to
105 update the keyring while we already have the keyring open. This
106 is very bad for W32 because of a sharing violation. For real OSes
107 it might lead to false results if we are later listing a keyring
108 which is associated with the inode of a deleted file. */
109 check_trustdb_stale ();
121 secret_key_list( strlist_t list )
123 check_trustdb_stale ();
127 else /* List by user id */
132 print_seckey_info (PKT_secret_key *sk)
137 keyid_from_sk (sk, keyid);
138 p=get_user_id_native(keyid);
140 tty_printf ("\nsec %4u%c/%s %s %s\n",
142 pubkey_letter (sk->pubkey_algo),
143 keystr(keyid), datestr_from_sk (sk), p);
148 /* Print information about the public key. With FP passed as NULL,
149 the tty output interface is used, otherwise output is directted to
152 print_pubkey_info (FILE *fp, PKT_public_key *pk)
157 keyid_from_pk (pk, keyid);
159 /* If the pk was chosen by a particular user ID, that is the one to
162 p=utf8_to_native(pk->user_id->name,pk->user_id->len,0);
164 p=get_user_id_native(keyid);
167 fprintf (fp, "%s %4u%c/%s %s %s\n",
168 pk->is_primary? "pub":"sub",
170 pubkey_letter (pk->pubkey_algo),
171 keystr(keyid), datestr_from_pk (pk), p);
173 tty_printf ("\n%s %4u%c/%s %s %s\n",
174 pk->is_primary? "pub":"sub",
175 nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
176 keystr(keyid), datestr_from_pk (pk), p);
182 /* Print basic information of a secret key including the card serial
183 number information. */
185 print_card_key_info (FILE *fp, KBNODE keyblock)
190 for (node = keyblock; node; node = node->next )
192 if (node->pkt->pkttype == PKT_SECRET_KEY
193 || (node->pkt->pkttype == PKT_SECRET_SUBKEY) )
195 PKT_secret_key *sk = node->pkt->pkt.secret_key;
197 tty_fprintf (fp, "%s%c %4u%c/%s ",
198 node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
199 (sk->protect.s2k.mode==1001)?'#':
200 (sk->protect.s2k.mode==1002)?'>':' ',
202 pubkey_letter (sk->pubkey_algo),
204 tty_fprintf (fp, _("created: %s"), datestr_from_sk (sk));
205 tty_fprintf (fp, " ");
206 tty_fprintf (fp, _("expires: %s"), expirestr_from_sk (sk));
207 if (sk->is_protected && sk->protect.s2k.mode == 1002)
209 tty_fprintf (fp, "\n ");
210 tty_fprintf (fp, _("card-no: "));
211 if (sk->protect.ivlen == 16
212 && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
214 /* This is an OpenPGP card. */
215 for (i=8; i < 14; i++)
218 tty_fprintf (fp, " ");
219 tty_fprintf (fp, "%02X", sk->protect.iv[i]);
223 { /* Something is wrong: Print all. */
224 for (i=0; i < sk->protect.ivlen; i++)
225 tty_fprintf (fp, "%02X", sk->protect.iv[i]);
228 tty_fprintf (fp, "\n");
235 /* Flags = 0x01 hashed 0x02 critical */
237 status_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
241 /* Don't print these. */
245 sprintf(status,"%d %u %u ",type,flags,(unsigned int)len);
247 write_status_text_and_buffer(STATUS_SIG_SUBPACKET,status,buf,len,0);
252 mode=1 for log_info + status messages
253 mode=2 for status messages only
257 show_policy_url(PKT_signature *sig,int indent,int mode)
262 FILE *fp=mode?log_get_stream():stdout;
264 while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,&len,&seq,&crit)))
271 for(i=0;i<indent;i++)
275 str=_("Critical signature policy: ");
277 str=_("Signature policy: ");
282 print_utf8_string(fp,p,len);
287 write_status_buffer ( STATUS_POLICY_URL, p, len, 0 );
293 mode=1 for log_info + status messages
294 mode=2 for status messages only
298 show_keyserver_url(PKT_signature *sig,int indent,int mode)
303 FILE *fp=mode?log_get_stream():stdout;
305 while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&len,&seq,&crit)))
312 for(i=0;i<indent;i++)
316 str=_("Critical preferred keyserver: ");
318 str=_("Preferred keyserver: ");
323 print_utf8_string(fp,p,len);
328 status_one_subpacket(SIGSUBPKT_PREF_KS,len,(crit?0x02:0)|0x01,p);
334 mode=1 for log_info + status messages
335 mode=2 for status messages only
338 1 == standard notations
343 show_notation(PKT_signature *sig,int indent,int mode,int which)
345 FILE *fp=mode?log_get_stream():stdout;
346 struct notation *nd,*notations;
351 notations=sig_to_notation(sig);
353 /* There may be multiple notations in the same sig. */
354 for(nd=notations;nd;nd=nd->next)
358 int has_at=!!strchr(nd->name,'@');
360 if((which&1 && !has_at) || (which&2 && has_at))
365 for(i=0;i<indent;i++)
368 if(nd->flags.critical)
369 str=_("Critical signature notation: ");
371 str=_("Signature notation: ");
376 /* This is all UTF8 */
377 print_utf8_string(fp,nd->name,strlen(nd->name));
379 print_utf8_string(fp,nd->value,strlen(nd->value));
386 write_status_buffer(STATUS_NOTATION_NAME,
387 nd->name,strlen(nd->name),0);
388 write_status_buffer(STATUS_NOTATION_DATA,
389 nd->value,strlen(nd->value),50);
393 free_notation(notations);
397 print_signature_stats(struct sig_stats *s)
399 if( s->inv_sigs == 1 )
400 tty_printf(_("1 bad signature\n") );
401 else if( s->inv_sigs )
402 tty_printf(_("%d bad signatures\n"), s->inv_sigs );
404 tty_printf(_("1 signature not checked due to a missing key\n") );
406 tty_printf(_("%d signatures not checked due to missing keys\n"),s->no_key);
407 if( s->oth_err == 1 )
408 tty_printf(_("1 signature not checked due to an error\n") );
409 else if( s->oth_err )
410 tty_printf(_("%d signatures not checked due to errors\n"), s->oth_err );
414 list_all( int secret )
417 KBNODE keyblock = NULL;
419 const char *lastresname, *resname;
420 struct sig_stats stats;
422 memset(&stats,0,sizeof(stats));
424 hd = keydb_new (secret);
428 rc = keydb_search_first (hd);
431 log_error("keydb_search_first failed: %s\n", g10_errstr(rc) );
437 rc = keydb_get_keyblock (hd, &keyblock);
439 log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
444 resname = keydb_get_resource_name (hd);
445 if (lastresname != resname )
449 printf("%s\n", resname );
450 for(i=strlen(resname); i; i-- )
453 lastresname = resname;
456 merge_keys_and_selfsig( keyblock );
457 list_keyblock( keyblock, secret, opt.fingerprint,
458 opt.check_sigs?&stats:NULL);
459 release_kbnode( keyblock );
461 } while (!(rc = keydb_search_next (hd)));
463 log_error ("keydb_search_next failed: %s\n", g10_errstr(rc));
465 if(opt.check_sigs && !opt.with_colons)
466 print_signature_stats(&stats);
469 release_kbnode (keyblock);
475 list_one( strlist_t names, int secret )
478 KBNODE keyblock = NULL;
481 const char *keyring_str = _("Keyring");
483 struct sig_stats stats;
485 memset(&stats,0,sizeof(stats));
487 /* fixme: using the bynames function has the disadvantage that we
488 * don't know wether one of the names given was not found. OTOH,
489 * this function has the advantage to list the names in the
490 * sequence as defined by the keyDB and does not duplicate
491 * outputs. A solution could be do test whether all given have
492 * been listed (this needs a way to use the keyDB search
493 * functions) or to have the search function return indicators for
494 * found names. Yet another way is to use the keydb search
495 * facilities directly. */
497 rc = get_seckey_bynames( &ctx, NULL, names, &keyblock );
499 log_error("error reading key: %s\n", g10_errstr(rc) );
500 get_seckey_end( ctx );
504 if ((opt.list_options&LIST_SHOW_KEYRING) && !opt.with_colons) {
505 resname = keydb_get_resource_name (get_ctx_handle(ctx));
506 printf("%s: %s\n", keyring_str, resname);
507 for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )
511 list_keyblock( keyblock, 1, opt.fingerprint, NULL );
512 release_kbnode( keyblock );
513 } while( !get_seckey_next( ctx, NULL, &keyblock ) );
514 get_seckey_end( ctx );
517 rc = get_pubkey_bynames( &ctx, NULL, names, &keyblock );
519 log_error("error reading key: %s\n", g10_errstr(rc) );
520 get_pubkey_end( ctx );
524 if ((opt.list_options&LIST_SHOW_KEYRING) && !opt.with_colons) {
525 resname = keydb_get_resource_name (get_ctx_handle(ctx));
526 printf("%s: %s\n", keyring_str, resname);
527 for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )
531 list_keyblock( keyblock, 0, opt.fingerprint,
532 opt.check_sigs?&stats:NULL );
533 release_kbnode( keyblock );
534 } while( !get_pubkey_next( ctx, NULL, &keyblock ) );
535 get_pubkey_end( ctx );
538 if(opt.check_sigs && !opt.with_colons)
539 print_signature_stats(&stats);
544 locate_one (strlist_t names)
548 GETKEY_CTX ctx = NULL;
549 KBNODE keyblock = NULL;
550 struct sig_stats stats;
552 memset (&stats,0,sizeof(stats));
554 for (sl=names; sl; sl = sl->next)
556 rc = get_pubkey_byname (&ctx, NULL, sl->d, &keyblock, NULL, 1, 0);
559 if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
560 log_error ("error reading key: %s\n", g10_errstr(rc) );
566 list_keyblock (keyblock, 0, opt.fingerprint,
567 opt.check_sigs? &stats : NULL );
568 release_kbnode (keyblock);
570 while ( ctx && !get_pubkey_next (ctx, NULL, &keyblock));
571 get_pubkey_end (ctx);
576 if (opt.check_sigs && !opt.with_colons)
577 print_signature_stats (&stats);
582 print_key_data( PKT_public_key *pk )
584 int n = pk ? pubkey_get_npkey( pk->pubkey_algo ) : 0;
587 for(i=0; i < n; i++ ) {
588 printf("pkd:%d:%u:", i, mpi_get_nbits( pk->pkey[i] ) );
589 mpi_print(stdout, pk->pkey[i], 1 );
596 print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
598 if(pk || (sk && sk->protect.s2k.mode!=1001))
600 unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage;
603 if ( use & PUBKEY_USAGE_ENC )
606 if ( use & PUBKEY_USAGE_SIG )
609 if( pk? pk->is_primary : sk->is_primary )
612 /* The PUBKEY_USAGE_CERT flag was introduced later and
613 we used to always print 'c' for a primary key. To
614 avoid any regression here we better track whether we
615 printed 'c' already. */
620 if ( (use & PUBKEY_USAGE_CERT) && !c_printed )
623 if ( (use & PUBKEY_USAGE_AUTH) )
627 if ( keyblock ) { /* figure out the usable capabilities */
629 int enc=0, sign=0, cert=0, auth=0, disabled=0;
631 for (k=keyblock; k; k = k->next ) {
632 if ( k->pkt->pkttype == PKT_PUBLIC_KEY
633 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
634 pk = k->pkt->pkt.public_key;
637 disabled=pk_is_disabled(pk);
639 if ( pk->is_valid && !pk->is_revoked && !pk->has_expired ) {
640 if ( pk->pubkey_usage & PUBKEY_USAGE_ENC )
642 if ( pk->pubkey_usage & PUBKEY_USAGE_SIG )
648 if ( pk->pubkey_usage & PUBKEY_USAGE_CERT )
650 if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
654 else if ( k->pkt->pkttype == PKT_SECRET_KEY
655 || k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
656 sk = k->pkt->pkt.secret_key;
657 if ( sk->is_valid && !sk->is_revoked && !sk->has_expired
658 && sk->protect.s2k.mode!=1001 ) {
659 if ( sk->pubkey_usage & PUBKEY_USAGE_ENC )
661 if ( sk->pubkey_usage & PUBKEY_USAGE_SIG )
667 if ( (sk->pubkey_usage & PUBKEY_USAGE_CERT) )
669 if ( (sk->pubkey_usage & PUBKEY_USAGE_AUTH) )
689 /* Flags = 0x01 hashed 0x02 critical */
691 print_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
695 printf("spk:%d:%u:%u:",type,flags,(unsigned int)len);
699 /* printable ascii other than : and % */
700 if(buf[i]>=32 && buf[i]<=126 && buf[i]!=':' && buf[i]!='%')
703 printf("%%%02X",buf[i]);
710 print_subpackets_colon(PKT_signature *sig)
714 assert(opt.show_subpackets);
716 for(i=opt.show_subpackets;*i;i++)
724 while((p=enum_sig_subpkt(sig->hashed,*i,&len,&seq,&crit)))
725 print_one_subpacket(*i,len,0x01|(crit?0x02:0),p);
729 while((p=enum_sig_subpkt(sig->unhashed,*i,&len,&seq,&crit)))
730 print_one_subpacket(*i,len,0x00|(crit?0x02:0),p);
735 dump_attribs(const PKT_user_id *uid,PKT_public_key *pk,PKT_secret_key *sk)
742 for(i=0;i<uid->numattribs;i++)
744 if(is_status_enabled())
746 byte array[MAX_FINGERPRINT_LEN], *p;
747 char buf[(MAX_FINGERPRINT_LEN*2)+90];
751 fingerprint_from_pk( pk, array, &n );
753 fingerprint_from_sk( sk, array, &n );
758 for(j=0; j < n ; j++, p++ )
759 sprintf(buf+2*j, "%02X", *p );
761 sprintf(buf+strlen(buf)," %lu %u %u %u %lu %lu %u",
762 (ulong)uid->attribs[i].len,uid->attribs[i].type,i+1,
763 uid->numattribs,(ulong)uid->created,(ulong)uid->expiredate,
764 ((uid->is_primary?0x01:0)|
765 (uid->is_revoked?0x02:0)|
766 (uid->is_expired?0x04:0)));
767 write_status_text(STATUS_ATTRIBUTE,buf);
770 fwrite(uid->attribs[i].data,uid->attribs[i].len,1,attrib_fp);
776 list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
783 struct sig_stats *stats=opaque;
786 /* get the keyid from the keyblock */
787 node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
789 log_error("Oops; key lost!\n");
790 dump_kbnode( keyblock );
797 sk = node->pkt->pkt.secret_key;
799 printf("sec%c %4u%c/%s %s",(sk->protect.s2k.mode==1001)?'#':
800 (sk->protect.s2k.mode==1002)?'>':' ',
801 nbits_from_sk( sk ),pubkey_letter( sk->pubkey_algo ),
802 keystr_from_sk(sk),datestr_from_sk( sk ));
807 printf(_("expired: %s"),expirestr_from_sk(sk));
810 else if(sk->expiredate )
813 printf(_("expires: %s"),expirestr_from_sk(sk));
821 pk = node->pkt->pkt.public_key;
824 check_trustdb_stale();
826 printf("pub %4u%c/%s %s",
827 nbits_from_pk(pk),pubkey_letter(pk->pubkey_algo),
828 keystr_from_pk(pk),datestr_from_pk( pk ));
830 /* We didn't include this before in the key listing, but there
831 is room in the new format, so why not? */
836 printf(_("revoked: %s"),revokestr_from_pk(pk));
839 else if(pk->has_expired)
842 printf(_("expired: %s"),expirestr_from_pk(pk));
845 else if(pk->expiredate)
848 printf(_("expires: %s"),expirestr_from_pk(pk));
853 /* I need to think about this some more. It's easy enough to
854 include, but it looks sort of confusing in the
856 if(opt.list_options&LIST_SHOW_VALIDITY)
858 int validity=get_validity(pk,NULL);
859 printf(" [%s]",trust_value_to_string(validity));
867 print_fingerprint( pk, sk, 0 );
868 print_card_serialno (sk);
869 if( opt.with_key_data )
870 print_key_data( pk );
872 for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
873 if( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode ) {
874 PKT_user_id *uid=node->pkt->pkt.user_id;
876 if(pk && (uid->is_expired || uid->is_revoked)
877 && !(opt.list_options&LIST_SHOW_UNUSABLE_UIDS))
885 if(attrib_fp && uid->attrib_data!=NULL)
886 dump_attribs(uid,pk,sk);
888 if((uid->is_revoked || uid->is_expired)
889 || ((opt.list_options&LIST_SHOW_UID_VALIDITY) && pk))
891 const char *validity;
894 validity=uid_trust_string_fixed(pk,uid);
895 indent=(keystrlen()+9)-atoi(uid_trust_string_fixed(NULL,NULL));
897 if(indent<0 || indent>40)
900 printf("uid%*s%s ",indent,"",validity);
903 printf("uid%*s", (int)keystrlen()+10,"");
905 print_utf8_string( stdout, uid->name, uid->len );
908 if((opt.list_options&LIST_SHOW_PHOTOS) && uid->attribs!=NULL)
909 show_photos(uid->attribs,uid->numattribs,pk,sk,uid);
911 else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
913 PKT_public_key *pk2 = node->pkt->pkt.public_key;
915 if((pk2->is_revoked || pk2->has_expired)
916 && !(opt.list_options&LIST_SHOW_UNUSABLE_SUBKEYS))
924 printf("sub %4u%c/%s %s",
925 nbits_from_pk( pk2 ),pubkey_letter( pk2->pubkey_algo ),
926 keystr_from_pk(pk2),datestr_from_pk(pk2));
927 if( pk2->is_revoked )
930 printf(_("revoked: %s"),revokestr_from_pk(pk2));
933 else if( pk2->has_expired )
936 printf(_("expired: %s"),expirestr_from_pk(pk2));
939 else if( pk2->expiredate )
942 printf(_("expires: %s"),expirestr_from_pk(pk2));
947 print_fingerprint( pk2, NULL, 0 );
948 if( opt.with_key_data )
949 print_key_data( pk2 );
951 else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
953 PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
955 printf("ssb%c %4u%c/%s %s",
956 (sk2->protect.s2k.mode==1001)?'#':
957 (sk2->protect.s2k.mode==1002)?'>':' ',
958 nbits_from_sk( sk2 ),pubkey_letter( sk2->pubkey_algo ),
959 keystr_from_sk(sk2),datestr_from_sk( sk2 ) );
960 if( sk2->expiredate )
963 printf(_("expires: %s"),expirestr_from_sk(sk2));
969 print_fingerprint( NULL, sk2, 0 );
970 print_card_serialno (sk2);
973 else if( opt.list_sigs
974 && node->pkt->pkttype == PKT_SIGNATURE
976 PKT_signature *sig = node->pkt->pkt.signature;
982 rc = check_key_signature( keyblock, node, NULL );
983 switch( gpg_err_code (rc) ) {
984 case 0: sigrc = '!'; break;
985 case GPG_ERR_BAD_SIGNATURE:
986 stats->inv_sigs++; sigrc = '-'; break;
987 case GPG_ERR_NO_PUBKEY:
988 case GPG_ERR_UNUSABLE_PUBKEY: stats->no_key++; continue;
989 default: stats->oth_err++; sigrc = '%'; break;
992 /* TODO: Make sure a cached sig record here still has
993 the pk that issued it. See also
994 keyedit.c:print_and_check_one_sig */
1001 if( sig->sig_class == 0x20 || sig->sig_class == 0x28
1002 || sig->sig_class == 0x30 )
1004 else if( (sig->sig_class&~3) == 0x10 )
1006 else if( sig->sig_class == 0x18 )
1008 else if( sig->sig_class == 0x1F )
1012 "[unexpected signature class 0x%02x]\n",sig->sig_class );
1016 fputs( sigstr, stdout );
1017 printf("%c%c %c%c%c%c%c%c %s %s",
1018 sigrc,(sig->sig_class-0x10>0 &&
1019 sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
1020 sig->flags.exportable?' ':'L',
1021 sig->flags.revocable?' ':'R',
1022 sig->flags.policy_url?'P':' ',
1023 sig->flags.notation?'N':' ',
1024 sig->flags.expired?'X':' ',
1025 (sig->trust_depth>9)?'T':
1026 (sig->trust_depth>0)?'0'+sig->trust_depth:' ',
1027 keystr(sig->keyid),datestr_from_sig(sig));
1028 if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
1029 printf(" %s", expirestr_from_sig(sig));
1032 printf("[%s] ", g10_errstr(rc) );
1033 else if( sigrc == '?' )
1035 else if ( !opt.fast_list_mode ) {
1037 char *p = get_user_id( sig->keyid, &n );
1038 print_utf8_string( stdout, p, n );
1043 if(sig->flags.policy_url
1044 && (opt.list_options&LIST_SHOW_POLICY_URLS))
1045 show_policy_url(sig,3,0);
1047 if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
1048 show_notation(sig,3,0,
1049 ((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
1050 ((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
1052 if(sig->flags.pref_ks
1053 && (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
1054 show_keyserver_url(sig,3,0);
1056 /* fixme: check or list other sigs here */
1063 print_revokers(PKT_public_key *pk)
1065 /* print the revoker record */
1066 if( !pk->revkey && pk->numrevkeys )
1072 for (i=0; i < pk->numrevkeys; i++)
1076 printf ("rvk:::%d::::::", pk->revkey[i].algid);
1077 p = pk->revkey[i].fpr;
1078 for (j=0; j < 20; j++, p++ )
1079 printf ("%02X", *p);
1080 printf (":%02x%s:\n", pk->revkey[i].class,
1081 (pk->revkey[i].class&0x40)?"s":"");
1087 list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
1095 int trustletter = 0;
1099 /* get the keyid from the keyblock */
1100 node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
1103 log_error("Oops; key lost!\n");
1104 dump_kbnode( keyblock );
1111 sk = node->pkt->pkt.secret_key;
1112 keyid_from_sk ( sk, keyid );
1113 printf ("sec::%u:%d:%08lX%08lX:%s:%s:::",
1114 nbits_from_sk( sk ),
1116 (ulong)keyid[0],(ulong)keyid[1],
1117 colon_datestr_from_sk( sk ),
1118 colon_strtime (sk->expiredate)
1119 /* fixme: add LID here */ );
1123 pk = node->pkt->pkt.public_key;
1125 keyid_from_pk( pk, keyid );
1126 fputs( "pub:", stdout );
1127 if ( !pk->is_valid )
1129 else if ( pk->is_revoked )
1131 else if ( pk->has_expired )
1133 else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
1137 trustletter = get_validity_info ( pk, NULL );
1138 if ( trustletter == 'u' )
1140 putchar(trustletter);
1142 printf (":%u:%d:%08lX%08lX:%s:%s::",
1143 nbits_from_pk( pk ),
1145 (ulong)keyid[0],(ulong)keyid[1],
1146 colon_datestr_from_pk( pk ),
1147 colon_strtime (pk->expiredate) );
1148 if ( !opt.fast_list_mode && !opt.no_expensive_trust_checks )
1149 putchar( get_ownertrust_info(pk) );
1155 print_capabilities (pk, sk, keyblock);
1158 putchar (':'); /* End of field 13. */
1159 putchar (':'); /* End of field 14. */
1160 if (sk->protect.s2k.mode == 1001)
1161 putchar ('#'); /* Key is just a stub. */
1162 else if (sk->protect.s2k.mode == 1002)
1164 /* Key is stored on an external token (card) or handled by
1165 the gpg-agent. Print the serial number of that token
1167 for (i=0; i < sk->protect.ivlen; i++)
1168 printf ("%02X", sk->protect.iv[i]);
1170 putchar (':'); /* End of field 15. */
1174 print_revokers (pk);
1176 print_fingerprint (pk, sk, 0);
1177 if (opt.with_key_data)
1178 print_key_data (pk);
1181 for ( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; )
1183 if ( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode )
1186 PKT_user_id *uid=node->pkt->pkt.user_id;
1188 if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
1189 dump_attribs (node->pkt->pkt.user_id,pk,sk);
1191 * Fixme: We need a is_valid flag here too
1193 str = uid->attrib_data? "uat":"uid";
1194 /* If we're listing a secret key, leave out the validity
1195 values for now. This is handled better in 1.9. */
1197 printf ("%s:::::",str);
1198 else if ( uid->is_revoked )
1199 printf ("%s:r::::",str);
1200 else if ( uid->is_expired )
1201 printf ("%s:e::::",str);
1202 else if ( opt.no_expensive_trust_checks )
1203 printf ("%s:::::",str);
1208 if ( pk && !ulti_hack )
1209 uid_validity=get_validity_info (pk, uid);
1212 printf ("%s:%c::::",str,uid_validity);
1215 printf ("%s:", colon_strtime (uid->created));
1216 printf ("%s:", colon_strtime (uid->expiredate));
1218 namehash_from_uid (uid);
1220 for (i=0; i < 20; i++ )
1221 printf ("%02X",uid->namehash[i]);
1225 if (uid->attrib_data)
1226 printf ("%u %lu",uid->numattribs,uid->attrib_len);
1228 print_string (stdout,uid->name,uid->len, ':' );
1232 else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
1235 PKT_public_key *pk2 = node->pkt->pkt.public_key;
1237 keyid_from_pk ( pk2, keyid2 );
1238 fputs ("sub:", stdout );
1239 if ( !pk2->is_valid )
1241 else if ( pk2->is_revoked )
1243 else if ( pk2->has_expired )
1245 else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
1249 /* TRUSTLETTER should always be defined here. */
1251 printf ("%c", trustletter );
1253 printf(":%u:%d:%08lX%08lX:%s:%s:::::",
1254 nbits_from_pk( pk2 ),
1256 (ulong)keyid2[0],(ulong)keyid2[1],
1257 colon_datestr_from_pk( pk2 ),
1258 colon_strtime (pk2->expiredate)
1259 /* fixme: add LID and ownertrust here */
1261 print_capabilities (pk2, NULL, NULL);
1264 print_fingerprint ( pk2, NULL, 0 );
1265 if ( opt.with_key_data )
1266 print_key_data( pk2 );
1268 else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
1271 PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
1273 keyid_from_sk ( sk2, keyid2 );
1274 printf ("ssb::%u:%d:%08lX%08lX:%s:%s:::::",
1275 nbits_from_sk( sk2 ),
1277 (ulong)keyid2[0],(ulong)keyid2[1],
1278 colon_datestr_from_sk( sk2 ),
1279 colon_strtime (sk2->expiredate)
1280 /* fixme: add LID */ );
1281 print_capabilities (NULL, sk2, NULL);
1282 putchar(':'); /* End of field 13. */
1283 putchar(':'); /* End of field 14. */
1284 if (sk2->protect.s2k.mode == 1001)
1285 putchar ('#'); /* Key is just a stub. */
1286 else if (sk2->protect.s2k.mode == 1002)
1288 /* Key is stored on an external token (card) or handled by
1289 the gpg-agent. Print the serial number of that token
1291 for (i=0; i < sk2->protect.ivlen; i++)
1292 printf ("%02X", sk2->protect.iv[i]);
1294 putchar(':'); /* End of field 15. */
1298 print_fingerprint ( NULL, sk2, 0 );
1300 else if ( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE )
1302 PKT_signature *sig = node->pkt->pkt.signature;
1303 int sigrc,fprokay=0;
1306 byte fparray[MAX_FINGERPRINT_LEN];
1308 if ( sig->sig_class == 0x20 || sig->sig_class == 0x28
1309 || sig->sig_class == 0x30 )
1311 else if ( (sig->sig_class&~3) == 0x10 )
1313 else if ( sig->sig_class == 0x18 )
1315 else if ( sig->sig_class == 0x1F )
1319 printf ("sig::::::::::%02x%c:\n",
1320 sig->sig_class, sig->flags.exportable?'x':'l');
1324 if ( opt.check_sigs )
1326 PKT_public_key *signer_pk=NULL;
1329 if (opt.no_sig_cache)
1330 signer_pk = xmalloc_clear (sizeof(PKT_public_key));
1332 rc = check_key_signature2 ( keyblock, node, NULL, signer_pk,
1334 switch ( gpg_err_code (rc) )
1336 case 0: sigrc = '!'; break;
1337 case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
1338 case GPG_ERR_NO_PUBKEY:
1339 case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
1340 default: sigrc = '%'; break;
1343 if (opt.no_sig_cache)
1347 fingerprint_from_pk (signer_pk, fparray, &fplen);
1350 free_public_key(signer_pk);
1358 fputs ( sigstr, stdout );
1362 printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1363 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1364 colon_datestr_from_sig(sig),
1365 colon_expirestr_from_sig(sig));
1367 if (sig->trust_depth || sig->trust_value)
1368 printf("%d %d",sig->trust_depth,sig->trust_value);
1371 if (sig->trust_regexp)
1372 print_string (stdout,sig->trust_regexp,
1373 strlen(sig->trust_regexp),':');
1377 printf("[%s] ", g10_errstr(rc) );
1378 else if ( sigrc == '?' )
1380 else if ( !opt.fast_list_mode )
1383 char *p = get_user_id( sig->keyid, &n );
1384 print_string( stdout, p, n, ':' );
1387 printf (":%02x%c::", sig->sig_class,sig->flags.exportable?'x':'l');
1389 if (opt.no_sig_cache && opt.check_sigs && fprokay)
1391 for (i=0; i < fplen ; i++ )
1392 printf ("%02X", fparray[i] );
1395 printf (":::%d:\n", sig->digest_algo);
1397 if (opt.show_subpackets)
1398 print_subpackets_colon (sig);
1400 /* fixme: check or list other sigs here */
1406 * Reorder the keyblock so that the primary user ID (and not attribute
1407 * packet) comes first. Fixme: Replace this by a generic sort
1410 do_reorder_keyblock (KBNODE keyblock,int attr)
1412 KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
1415 for (node=keyblock; node; primary0=node, node = node->next) {
1416 if( node->pkt->pkttype == PKT_USER_ID &&
1417 ((attr && node->pkt->pkt.user_id->attrib_data) ||
1418 (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
1419 node->pkt->pkt.user_id->is_primary ) {
1420 primary = primary2 = node;
1421 for (node=node->next; node; primary2=node, node = node->next ) {
1422 if( node->pkt->pkttype == PKT_USER_ID
1423 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1424 || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1432 return; /* no primary key flag found (should not happen) */
1434 for (last=NULL, node=keyblock; node; last = node, node = node->next) {
1435 if( node->pkt->pkttype == PKT_USER_ID )
1439 assert (last); /* the user ID is never the first packet */
1440 assert (primary0); /* ditto (this is the node before primary) */
1441 if ( node == primary )
1442 return; /* already the first one */
1444 last->next = primary;
1445 primary0->next = primary2->next;
1446 primary2->next = node;
1450 reorder_keyblock (KBNODE keyblock)
1452 do_reorder_keyblock(keyblock,1);
1453 do_reorder_keyblock(keyblock,0);
1457 list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque )
1459 reorder_keyblock (keyblock);
1460 if (opt.with_colons)
1461 list_keyblock_colon (keyblock, secret, fpr );
1463 list_keyblock_print (keyblock, secret, fpr, opaque );
1467 * standard function to print the finperprint.
1468 * mode 0: as used in key listings, opt.with_colons is honored
1469 * 1: print using log_info ()
1470 * 2: direct use of tty
1471 * 3: direct use of tty but only primary key.
1472 * modes 1 and 2 will try and print both subkey and primary key fingerprints
1475 print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
1477 byte array[MAX_FINGERPRINT_LEN], *p;
1485 if(sk->main_keyid[0]==sk->keyid[0] && sk->main_keyid[1]==sk->keyid[1])
1490 if(pk->main_keyid[0]==pk->keyid[0] && pk->main_keyid[1]==pk->keyid[1])
1494 /* Just to be safe */
1495 if(mode&0x80 && !primary)
1497 log_error("primary key is not really primary!\n");
1503 if(!primary && (mode==1 || mode==2))
1507 PKT_secret_key *primary_sk=xmalloc_clear(sizeof(*primary_sk));
1508 get_seckey(primary_sk,sk->main_keyid);
1509 print_fingerprint(NULL,primary_sk,mode|0x80);
1510 free_secret_key(primary_sk);
1514 PKT_public_key *primary_pk=xmalloc_clear(sizeof(*primary_pk));
1515 get_pubkey(primary_pk,pk->main_keyid);
1516 print_fingerprint(primary_pk,NULL,mode|0x80);
1517 free_public_key(primary_pk);
1522 fp = log_get_stream ();
1524 text = _("Primary key fingerprint:");
1526 text = _(" Subkey fingerprint:");
1528 else if (mode == 2) {
1529 fp = NULL; /* use tty */
1531 /* TRANSLATORS: this should fit into 24 bytes to that the
1532 * fingerprint data is properly aligned with the user ID */
1533 text = _(" Primary key fingerprint:");
1535 text = _(" Subkey fingerprint:");
1537 else if (mode == 3) {
1538 fp = NULL; /* use tty */
1539 text = _(" Key fingerprint =");
1543 text = _(" Key fingerprint =");
1547 fingerprint_from_sk (sk, array, &n);
1549 fingerprint_from_pk (pk, array, &n);
1551 if (opt.with_colons && !mode) {
1552 fprintf (fp, "fpr:::::::::");
1553 for (i=0; i < n ; i++, p++ )
1554 fprintf (fp, "%02X", *p );
1561 tty_printf ("%s", text);
1563 for (i=0; i < n ; i++, i++, p += 2 ) {
1567 fprintf (fp, " %02X%02X", *p, p[1] );
1572 tty_printf (" %02X%02X", *p, p[1]);
1577 for (i=0; i < n ; i++, p++ ) {
1581 fprintf (fp, " %02X", *p );
1586 tty_printf (" %02X", *p );
1596 if (n==16 && !opt.with_colons && !opt.flags.allow_weak_digest_algos)
1599 fprintf (fp, _("WARNING: a PGP-2 fingerprint is not safe\n"));
1601 tty_printf (_("WARNING: a PGP-2 fingerprint is not safe\n"));
1605 /* Print the serial number of an OpenPGP card if available. */
1607 print_card_serialno (PKT_secret_key *sk)
1613 if (!sk->is_protected || sk->protect.s2k.mode != 1002)
1614 return; /* Not a card. */
1615 if (opt.with_colons)
1616 return; /* Handled elsewhere. */
1618 fputs (_(" Card serial no. ="), stdout);
1620 if (sk->protect.ivlen == 16
1621 && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6) )
1622 { /* This is an OpenPGP card. Just print the relevant part. */
1623 for (i=8; i < 14; i++)
1627 printf ("%02X", sk->protect.iv[i]);
1631 { /* Something is wrong: Print all. */
1632 for (i=0; i < sk->protect.ivlen; i++)
1633 printf ("%02X", sk->protect.iv[i]);
1641 set_attrib_fd (int fd)
1643 static int last_fd=-1;
1645 if ( fd != -1 && last_fd == fd )
1648 if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr
1649 && attrib_fp != log_get_stream () )
1655 #ifdef HAVE_DOSISH_SYSTEM
1656 setmode (fd, O_BINARY);
1663 attrib_fp = fdopen (fd, "wb");
1666 log_fatal("can't open fd %d for attribute output: %s\n",
1667 fd, strerror(errno));