1 /* keylist.c - Print information about OpenPGP keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2008, 2010, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2013, 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
27 #ifdef HAVE_DOSISH_SYSTEM
28 # include <fcntl.h> /* for setmode() */
34 #include "../common/status.h"
37 #include "../common/util.h"
38 #include "../common/ttyio.h"
41 #include "../common/i18n.h"
42 #include "../common/status.h"
43 #include "call-agent.h"
44 #include "../common/mbox-util.h"
45 #include "../common/zb32.h"
47 #include "../common/compliance.h"
50 static void list_all (ctrl_t, int, int);
51 static void list_one (ctrl_t ctrl,
52 strlist_t names, int secret, int mark_secret);
53 static void locate_one (ctrl_t ctrl, strlist_t names, int no_local);
54 static void print_card_serialno (const char *serialno);
56 struct keylist_context
58 int check_sigs; /* If set signatures shall be verified. */
59 int good_sigs; /* Counter used if CHECK_SIGS is set. */
60 int inv_sigs; /* Counter used if CHECK_SIGS is set. */
61 int no_key; /* Counter used if CHECK_SIGS is set. */
62 int oth_err; /* Counter used if CHECK_SIGS is set. */
63 int no_validity; /* Do not show validity. */
67 static void list_keyblock (ctrl_t ctrl,
68 kbnode_t keyblock, int secret, int has_secret,
69 int fpr, struct keylist_context *listctx);
72 /* The stream used to write attribute packets to. */
73 static estream_t attrib_fp;
76 /* Release resources from a keylist context. */
78 keylist_context_release (struct keylist_context *listctx)
80 (void)listctx; /* Nothing to release. */
84 /* List the keys. If list is NULL, all available keys are listed.
85 * With LOCATE_MODE set the locate algorithm is used to find a key; if
86 * in addition NO_LOCAL is set the locate does not look into the local
89 public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode, int no_local)
91 #ifndef NO_TRUST_MODELS
94 byte trust_model, marginals, completes, cert_depth, min_cert_level;
95 ulong created, nextcheck;
97 read_trust_options (ctrl, &trust_model, &created, &nextcheck,
98 &marginals, &completes, &cert_depth, &min_cert_level);
100 es_fprintf (es_stdout, "tru:");
102 if (nextcheck && nextcheck <= make_timestamp ())
103 es_fprintf (es_stdout, "o");
104 if (trust_model != opt.trust_model)
105 es_fprintf (es_stdout, "t");
106 if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
107 || opt.trust_model == TM_TOFU_PGP)
109 if (marginals != opt.marginals_needed)
110 es_fprintf (es_stdout, "m");
111 if (completes != opt.completes_needed)
112 es_fprintf (es_stdout, "c");
113 if (cert_depth != opt.max_cert_depth)
114 es_fprintf (es_stdout, "d");
115 if (min_cert_level != opt.min_cert_level)
116 es_fprintf (es_stdout, "l");
119 es_fprintf (es_stdout, ":%d:%lu:%lu", trust_model, created, nextcheck);
121 /* Only show marginals, completes, and cert_depth in the classic
122 or PGP trust models since they are not meaningful
125 if (trust_model == TM_PGP || trust_model == TM_CLASSIC)
126 es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth);
127 es_fprintf (es_stdout, "\n");
129 #endif /*!NO_TRUST_MODELS*/
131 /* We need to do the stale check right here because it might need to
132 update the keyring while we already have the keyring open. This
133 is very bad for W32 because of a sharing violation. For real OSes
134 it might lead to false results if we are later listing a keyring
135 which is associated with the inode of a deleted file. */
136 check_trustdb_stale (ctrl);
139 tofu_begin_batch_update (ctrl);
143 locate_one (ctrl, list, no_local);
145 list_all (ctrl, 0, opt.with_secret);
147 list_one (ctrl, list, 0, opt.with_secret);
150 tofu_end_batch_update (ctrl);
156 secret_key_list (ctrl_t ctrl, strlist_t list)
160 check_trustdb_stale (ctrl);
163 list_all (ctrl, 1, 0);
164 else /* List by user id */
165 list_one (ctrl, list, 1, 0);
169 format_seckey_info (ctrl_t ctrl, PKT_public_key *pk)
173 char pkstrbuf[PUBKEY_STRING_SIZE];
176 keyid_from_pk (pk, keyid);
177 p = get_user_id_native (ctrl, keyid);
179 info = xtryasprintf ("sec %s/%s %s %s",
180 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
181 keystr (keyid), datestr_from_pk (pk), p);
189 print_seckey_info (ctrl_t ctrl, PKT_public_key *pk)
191 char *p = format_seckey_info (ctrl, pk);
192 tty_printf ("\n%s\n", p);
196 /* Print information about the public key. With FP passed as NULL,
197 the tty output interface is used, otherwise output is directed to
200 print_pubkey_info (ctrl_t ctrl, estream_t fp, PKT_public_key *pk)
204 char pkstrbuf[PUBKEY_STRING_SIZE];
206 keyid_from_pk (pk, keyid);
208 /* If the pk was chosen by a particular user ID, that is the one to
211 p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
213 p = get_user_id_native (ctrl, keyid);
217 tty_fprintf (fp, "%s %s/%s %s %s\n",
218 pk->flags.primary? "pub":"sub",
219 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
220 keystr (keyid), datestr_from_pk (pk), p);
225 /* Print basic information of a secret key including the card serial
226 number information. */
227 #ifdef ENABLE_CARD_SUPPORT
229 print_card_key_info (estream_t fp, kbnode_t keyblock)
235 char pkstrbuf[PUBKEY_STRING_SIZE];
238 for (node = keyblock; node; node = node->next)
240 if (node->pkt->pkttype == PKT_PUBLIC_KEY
241 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
244 PKT_public_key *pk = node->pkt->pkt.public_key;
247 rc = hexkeygrip_from_pk (pk, &hexgrip);
250 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
253 else if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
254 s2k_char = serialno? '>':' ';
256 s2k_char = '#'; /* Key not found. */
258 tty_fprintf (fp, "%s%c %s/%s %n",
259 node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb",
261 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
264 tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
265 tty_fprintf (fp, " ");
266 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
269 tty_fprintf (fp, "\n%*s%s", indent, "", _("card-no: "));
270 if (strlen (serialno) == 32
271 && !strncmp (serialno, "D27600012401", 12))
273 /* This is an OpenPGP card. Print the relevant part. */
274 /* Example: D2760001240101010001000003470000 */
276 tty_fprintf (fp, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
279 tty_fprintf (fp, "%s", serialno);
281 tty_fprintf (fp, "\n");
287 #endif /*ENABLE_CARD_SUPPORT*/
290 /* Flags = 0x01 hashed 0x02 critical. */
292 status_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
297 /* Don't print these. */
301 snprintf (status, sizeof status,
302 "%d %u %u ", type, flags, (unsigned int) len);
304 write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0);
308 /* Print a policy URL. Allowed values for MODE are:
309 * -1 - print to the TTY
310 * 0 - print to stdout.
311 * 1 - use log_info and emit status messages.
312 * 2 - emit only status messages.
315 show_policy_url (PKT_signature * sig, int indent, int mode)
320 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
323 enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit)))
329 tty_fprintf (fp, "%*s", indent, "");
332 str = _("Critical signature policy: ");
334 str = _("Signature policy: ");
336 log_info ("%s", str);
338 tty_fprintf (fp, "%s", str);
339 tty_print_utf8_string2 (fp, p, len, 0);
340 tty_fprintf (fp, "\n");
344 write_status_buffer (STATUS_POLICY_URL, p, len, 0);
349 /* Print a keyserver URL. Allowed values for MODE are:
350 * -1 - print to the TTY
351 * 0 - print to stdout.
352 * 1 - use log_info and emit status messages.
353 * 2 - emit only status messages.
356 show_keyserver_url (PKT_signature * sig, int indent, int mode)
361 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
364 enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq,
371 tty_fprintf (fp, "%*s", indent, "");
374 str = _("Critical preferred keyserver: ");
376 str = _("Preferred keyserver: ");
378 log_info ("%s", str);
380 tty_fprintf (fp, "%s", str);
381 tty_print_utf8_string2 (fp, p, len, 0);
382 tty_fprintf (fp, "\n");
386 status_one_subpacket (SIGSUBPKT_PREF_KS, len,
387 (crit ? 0x02 : 0) | 0x01, p);
392 /* Print notation data. Allowed values for MODE are:
393 * -1 - print to the TTY
394 * 0 - print to stdout.
395 * 1 - use log_info and emit status messages.
396 * 2 - emit only status messages.
398 * Defined bits in WHICH:
399 * 1 - standard notations
403 show_notation (PKT_signature * sig, int indent, int mode, int which)
405 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
406 notation_t nd, notations;
411 notations = sig_to_notation (sig);
413 /* There may be multiple notations in the same sig. */
414 for (nd = notations; nd; nd = nd->next)
418 int has_at = !!strchr (nd->name, '@');
420 if ((which & 1 && !has_at) || (which & 2 && has_at))
424 tty_fprintf (fp, "%*s", indent, "");
426 if (nd->flags.critical)
427 str = _("Critical signature notation: ");
429 str = _("Signature notation: ");
431 log_info ("%s", str);
433 tty_fprintf (fp, "%s", str);
434 /* This is all UTF8 */
435 tty_print_utf8_string2 (fp, nd->name, strlen (nd->name), 0);
436 tty_fprintf (fp, "=");
437 tty_print_utf8_string2 (fp, nd->value, strlen (nd->value), 0);
438 /* (We need to use log_printf so that the next call to a
439 log function does not insert an extra LF.) */
443 tty_fprintf (fp, "\n");
449 write_status_buffer (STATUS_NOTATION_NAME,
450 nd->name, strlen (nd->name), 0);
451 if (nd->flags.critical || nd->flags.human)
452 write_status_text (STATUS_NOTATION_FLAGS,
453 nd->flags.critical && nd->flags.human? "1 1" :
454 nd->flags.critical? "1 0" : "0 1");
455 write_status_buffer (STATUS_NOTATION_DATA,
456 nd->value, strlen (nd->value), 50);
460 free_notation (notations);
465 print_signature_stats (struct keylist_context *s)
468 return; /* Signature checking was not requested. */
470 /* Better flush stdout so that the stats are always printed after
472 es_fflush (es_stdout);
475 log_info (ngettext("%d good signature\n",
476 "%d good signatures\n", s->good_sigs), s->good_sigs);
479 log_info (ngettext("%d bad signature\n",
480 "%d bad signatures\n", s->inv_sigs), s->inv_sigs);
483 log_info (ngettext("%d signature not checked due to a missing key\n",
484 "%d signatures not checked due to missing keys\n",
485 s->no_key), s->no_key);
488 log_info (ngettext("%d signature not checked due to an error\n",
489 "%d signatures not checked due to errors\n",
490 s->oth_err), s->oth_err);
494 /* List all keys. If SECRET is true only secret keys are listed. If
495 MARK_SECRET is true secret keys are indicated in a public key
498 list_all (ctrl_t ctrl, int secret, int mark_secret)
501 KBNODE keyblock = NULL;
504 const char *lastresname, *resname;
505 struct keylist_context listctx;
507 memset (&listctx, 0, sizeof (listctx));
509 listctx.check_sigs = 1;
513 rc = gpg_error_from_syserror ();
515 rc = keydb_search_first (hd);
518 if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
519 log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc));
526 rc = keydb_get_keyblock (hd, &keyblock);
529 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
530 continue; /* Skip legacy keys. */
531 if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION)
532 continue; /* Skip keys with unknown versions. */
533 log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
537 if (secret || mark_secret)
538 any_secret = !agent_probe_any_secret_key (NULL, keyblock);
542 if (secret && !any_secret)
543 ; /* Secret key listing requested but this isn't one. */
546 if (!opt.with_colons && !(opt.list_options & LIST_SHOW_ONLY_FPR_MBOX))
548 resname = keydb_get_resource_name (hd);
549 if (lastresname != resname)
553 es_fprintf (es_stdout, "%s\n", resname);
554 for (i = strlen (resname); i; i--)
555 es_putc ('-', es_stdout);
556 es_putc ('\n', es_stdout);
557 lastresname = resname;
560 merge_keys_and_selfsig (ctrl, keyblock);
561 list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint,
564 release_kbnode (keyblock);
567 while (!(rc = keydb_search_next (hd)));
568 es_fflush (es_stdout);
569 if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
570 log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
571 if (keydb_get_skipped_counter (hd))
572 log_info (ngettext("Warning: %lu key skipped due to its large size\n",
573 "Warning: %lu keys skipped due to their large sizes\n",
574 keydb_get_skipped_counter (hd)),
575 keydb_get_skipped_counter (hd));
577 if (opt.check_sigs && !opt.with_colons)
578 print_signature_stats (&listctx);
581 keylist_context_release (&listctx);
582 release_kbnode (keyblock);
588 list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)
591 KBNODE keyblock = NULL;
594 const char *keyring_str = _("Keyring");
596 struct keylist_context listctx;
598 memset (&listctx, 0, sizeof (listctx));
599 if (!secret && opt.check_sigs)
600 listctx.check_sigs = 1;
602 /* fixme: using the bynames function has the disadvantage that we
603 * don't know whether one of the names given was not found. OTOH,
604 * this function has the advantage to list the names in the
605 * sequence as defined by the keyDB and does not duplicate
606 * outputs. A solution could be do test whether all given have
607 * been listed (this needs a way to use the keyDB search
608 * functions) or to have the search function return indicators for
609 * found names. Yet another way is to use the keydb search
610 * facilities directly. */
611 rc = getkey_bynames (ctrl, &ctx, NULL, names, secret, &keyblock);
614 log_error ("error reading key: %s\n", gpg_strerror (rc));
615 getkey_end (ctrl, ctx);
616 write_status_error ("keylist.getkey", rc);
622 if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
624 resname = keydb_get_resource_name (get_ctx_handle (ctx));
625 es_fprintf (es_stdout, "%s: %s\n", keyring_str, resname);
626 for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
627 es_putc ('-', es_stdout);
628 es_putc ('\n', es_stdout);
631 keyblock, secret, mark_secret, opt.fingerprint, &listctx);
632 release_kbnode (keyblock);
634 while (!getkey_next (ctrl, ctx, NULL, &keyblock));
635 getkey_end (ctrl, ctx);
637 if (opt.check_sigs && !opt.with_colons)
638 print_signature_stats (&listctx);
640 keylist_context_release (&listctx);
645 locate_one (ctrl_t ctrl, strlist_t names, int no_local)
649 GETKEY_CTX ctx = NULL;
650 KBNODE keyblock = NULL;
651 struct keylist_context listctx;
653 memset (&listctx, 0, sizeof (listctx));
655 listctx.check_sigs = 1;
657 for (sl = names; sl; sl = sl->next)
659 rc = get_best_pubkey_byname (ctrl,
660 no_local? GET_PUBKEY_NO_LOCAL
661 /* */: GET_PUBKEY_NORMAL,
662 &ctx, NULL, sl->d, &keyblock, 1);
665 if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
666 log_error ("error reading key: %s\n", gpg_strerror (rc));
667 else if (opt.verbose)
668 log_info (_("key \"%s\" not found: %s\n"),
669 sl->d, gpg_strerror (rc));
675 list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx);
676 release_kbnode (keyblock);
678 while (ctx && !getkey_next (ctrl, ctx, NULL, &keyblock));
679 getkey_end (ctrl, ctx);
684 if (opt.check_sigs && !opt.with_colons)
685 print_signature_stats (&listctx);
687 keylist_context_release (&listctx);
692 print_key_data (PKT_public_key * pk)
694 int n = pk ? pubkey_get_npkey (pk->pubkey_algo) : 0;
697 for (i = 0; i < n; i++)
699 es_fprintf (es_stdout, "pkd:%d:%u:", i, mpi_get_nbits (pk->pkey[i]));
700 mpi_print (es_stdout, pk->pkey[i], 1);
701 es_putc (':', es_stdout);
702 es_putc ('\n', es_stdout);
707 print_capabilities (ctrl_t ctrl, PKT_public_key *pk, KBNODE keyblock)
709 unsigned int use = pk->pubkey_usage;
712 if (use & PUBKEY_USAGE_ENC)
713 es_putc ('e', es_stdout);
715 if (use & PUBKEY_USAGE_SIG)
717 es_putc ('s', es_stdout);
718 if (pk->flags.primary)
720 es_putc ('c', es_stdout);
721 /* The PUBKEY_USAGE_CERT flag was introduced later and we
722 used to always print 'c' for a primary key. To avoid any
723 regression here we better track whether we printed 'c'
729 if ((use & PUBKEY_USAGE_CERT) && !c_printed)
730 es_putc ('c', es_stdout);
732 if ((use & PUBKEY_USAGE_AUTH))
733 es_putc ('a', es_stdout);
735 if ((use & PUBKEY_USAGE_UNKNOWN))
736 es_putc ('?', es_stdout);
740 /* Figure out the usable capabilities. */
742 int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0;
744 for (k = keyblock; k; k = k->next)
746 if (k->pkt->pkttype == PKT_PUBLIC_KEY
747 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
749 pk = k->pkt->pkt.public_key;
751 if (pk->flags.primary)
752 disabled = pk_is_disabled (pk);
754 if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired)
756 if (pk->pubkey_usage & PUBKEY_USAGE_ENC)
758 if (pk->pubkey_usage & PUBKEY_USAGE_SIG)
761 if (pk->flags.primary)
764 if (pk->pubkey_usage & PUBKEY_USAGE_CERT)
766 if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
772 es_putc ('E', es_stdout);
774 es_putc ('S', es_stdout);
776 es_putc ('C', es_stdout);
778 es_putc ('A', es_stdout);
780 es_putc ('D', es_stdout);
783 es_putc (':', es_stdout);
787 /* FLAGS: 0x01 hashed
790 print_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
795 es_fprintf (es_stdout, "spk:%d:%u:%u:", type, flags, (unsigned int) len);
797 for (i = 0; i < len; i++)
799 /* printable ascii other than : and % */
800 if (buf[i] >= 32 && buf[i] <= 126 && buf[i] != ':' && buf[i] != '%')
801 es_fprintf (es_stdout, "%c", buf[i]);
803 es_fprintf (es_stdout, "%%%02X", buf[i]);
806 es_fprintf (es_stdout, "\n");
811 print_subpackets_colon (PKT_signature * sig)
815 log_assert (opt.show_subpackets);
817 for (i = opt.show_subpackets; *i; i++)
825 while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit)))
826 print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
830 while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit)))
831 print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
837 dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
844 for (i = 0; i < uid->numattribs; i++)
846 if (is_status_enabled ())
848 byte array[MAX_FINGERPRINT_LEN], *p;
849 char buf[(MAX_FINGERPRINT_LEN * 2) + 90];
854 fingerprint_from_pk (pk, array, &n);
857 for (j = 0; j < n; j++, p++)
858 sprintf (buf + 2 * j, "%02X", *p);
860 sprintf (buf + strlen (buf), " %lu %u %u %u %lu %lu %u",
861 (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1,
862 uid->numattribs, (ulong) uid->created,
863 (ulong) uid->expiredate,
864 ((uid->flags.primary ? 0x01 : 0) | (uid->flags.revoked ? 0x02 : 0) |
865 (uid->flags.expired ? 0x04 : 0)));
866 write_status_text (STATUS_ATTRIBUTE, buf);
869 es_fwrite (uid->attribs[i].data, uid->attribs[i].len, 1, attrib_fp);
870 es_fflush (attrib_fp);
876 list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
877 struct keylist_context *listctx)
884 char *hexgrip = NULL;
885 char *serialno = NULL;
887 /* Get the keyid from the keyblock. */
888 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
891 log_error ("Oops; key lost!\n");
892 dump_kbnode (keyblock);
896 pk = node->pkt->pkt.public_key;
898 if (secret || opt.with_keygrip)
900 rc = hexkeygrip_from_pk (pk, &hexgrip);
902 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
907 /* Encode some info about the secret key in SECRET. */
908 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
909 secret = serialno? 3 : 1;
911 secret = 2; /* Key not found. */
914 if (!listctx->no_validity)
915 check_trustdb_stale (ctrl);
917 /* Print the "pub" line and in KF_NONE mode the fingerprint. */
918 print_key_line (ctrl, es_stdout, pk, secret);
921 print_fingerprint (ctrl, NULL, pk, 0);
923 if (opt.with_keygrip && hexgrip)
924 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
927 print_card_serialno (serialno);
929 if (opt.with_key_data)
932 if (opt.with_key_origin
933 && (pk->keyorg || pk->keyupdate || pk->updateurl))
935 char updatestr[MK_DATESTR_SIZE];
937 es_fprintf (es_stdout, " origin=%s last=%s %s",
938 key_origin_string (pk->keyorg),
939 mk_datestr (updatestr, sizeof updatestr, pk->keyupdate),
940 pk->updateurl? "url=":"");
942 print_utf8_string (es_stdout, pk->updateurl);
943 es_putc ('\n', es_stdout);
947 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
949 if (node->pkt->pkttype == PKT_USER_ID)
951 PKT_user_id *uid = node->pkt->pkt.user_id;
953 int kl = opt.keyid_format == KF_NONE? 10 : keystrlen ();
955 if ((uid->flags.expired || uid->flags.revoked)
956 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
964 if (attrib_fp && uid->attrib_data != NULL)
965 dump_attribs (uid, pk);
967 if ((uid->flags.revoked || uid->flags.expired)
968 || ((opt.list_options & LIST_SHOW_UID_VALIDITY)
969 && !listctx->no_validity))
971 const char *validity;
973 validity = uid_trust_string_fixed (ctrl, pk, uid);
974 indent = ((kl + (opt.legacy_list_mode? 9:11))
975 - atoi (uid_trust_string_fixed (ctrl, NULL, NULL)));
976 if (indent < 0 || indent > 40)
979 es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity);
983 indent = kl + (opt.legacy_list_mode? 10:12);
984 es_fprintf (es_stdout, "uid%*s", indent, "");
987 print_utf8_buffer (es_stdout, uid->name, uid->len);
988 es_putc ('\n', es_stdout);
990 if (opt.with_wkd_hash)
992 char *mbox, *hash, *p;
995 mbox = mailbox_from_userid (uid->name);
996 if (mbox && (p = strchr (mbox, '@')))
999 gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
1000 mbox, strlen (mbox));
1001 hash = zb32_encode (hashbuf, 8*20);
1004 es_fprintf (es_stdout, " %*s%s@%s\n",
1005 indent, "", hash, p);
1012 if (opt.with_key_origin
1013 && (uid->keyorg || uid->keyupdate || uid->updateurl))
1015 char updatestr[MK_DATESTR_SIZE];
1017 es_fprintf (es_stdout, " %*sorigin=%s last=%s %s",
1019 key_origin_string (uid->keyorg),
1020 mk_datestr (updatestr, sizeof updatestr,
1022 uid->updateurl? "url=":"");
1024 print_utf8_string (es_stdout, uid->updateurl);
1025 es_putc ('\n', es_stdout);
1028 if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
1029 show_photos (ctrl, uid->attribs, uid->numattribs, pk, uid);
1031 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1033 PKT_public_key *pk2 = node->pkt->pkt.public_key;
1035 if ((pk2->flags.revoked || pk2->has_expired)
1036 && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS))
1044 xfree (serialno); serialno = NULL;
1045 xfree (hexgrip); hexgrip = NULL;
1046 if (secret || opt.with_keygrip)
1048 rc = hexkeygrip_from_pk (pk2, &hexgrip);
1050 log_error ("error computing a keygrip: %s\n",
1055 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1056 secret = serialno? 3 : 1;
1058 secret = 2; /* Key not found. */
1061 /* Print the "sub" line. */
1062 print_key_line (ctrl, es_stdout, pk2, secret);
1063 if (fpr > 1 || opt.with_subkey_fingerprint)
1065 print_fingerprint (ctrl, NULL, pk2, 0);
1067 print_card_serialno (serialno);
1069 if (opt.with_keygrip && hexgrip)
1070 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1071 if (opt.with_key_data)
1072 print_key_data (pk2);
1074 else if (opt.list_sigs
1075 && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
1077 PKT_signature *sig = node->pkt->pkt.signature;
1080 char *reason_text = NULL;
1081 char *reason_comment = NULL;
1082 size_t reason_commentlen;
1084 if (listctx->check_sigs)
1086 rc = check_key_signature (ctrl, keyblock, node, NULL);
1087 switch (gpg_err_code (rc))
1090 listctx->good_sigs++;
1093 case GPG_ERR_BAD_SIGNATURE:
1094 listctx->inv_sigs++;
1097 case GPG_ERR_NO_PUBKEY:
1098 case GPG_ERR_UNUSABLE_PUBKEY:
1107 /* TODO: Make sure a cached sig record here still has
1108 the pk that issued it. See also
1109 keyedit.c:print_and_check_one_sig */
1117 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1118 || sig->sig_class == 0x30)
1121 get_revocation_reason (sig, &reason_text,
1122 &reason_comment, &reason_commentlen);
1124 else if ((sig->sig_class & ~3) == 0x10)
1126 else if (sig->sig_class == 0x18)
1128 else if (sig->sig_class == 0x1F)
1132 es_fprintf (es_stdout, "sig "
1133 "[unexpected signature class 0x%02x]\n",
1138 es_fputs (sigstr, es_stdout);
1139 es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s",
1140 sigrc, (sig->sig_class - 0x10 > 0 &&
1141 sig->sig_class - 0x10 <
1142 4) ? '0' + sig->sig_class - 0x10 : ' ',
1143 sig->flags.exportable ? ' ' : 'L',
1144 sig->flags.revocable ? ' ' : 'R',
1145 sig->flags.policy_url ? 'P' : ' ',
1146 sig->flags.notation ? 'N' : ' ',
1147 sig->flags.expired ? 'X' : ' ',
1148 (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
1150 sig->trust_depth : ' ', keystr (sig->keyid),
1151 datestr_from_sig (sig));
1152 if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
1153 es_fprintf (es_stdout, " %s", expirestr_from_sig (sig));
1154 es_fprintf (es_stdout, " ");
1156 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1157 else if (sigrc == '?')
1159 else if (!opt.fast_list_mode)
1162 char *p = get_user_id (ctrl, sig->keyid, &n, NULL);
1163 print_utf8_buffer (es_stdout, p, n);
1166 es_putc ('\n', es_stdout);
1168 if (sig->flags.policy_url
1169 && (opt.list_options & LIST_SHOW_POLICY_URLS))
1170 show_policy_url (sig, 3, 0);
1172 if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
1173 show_notation (sig, 3, 0,
1175 list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
1178 list_options & LIST_SHOW_USER_NOTATIONS) ? 2 :
1181 if (sig->flags.pref_ks
1182 && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
1183 show_keyserver_url (sig, 3, 0);
1187 es_fprintf (es_stdout, " %s%s\n",
1188 _("reason for revocation: "), reason_text);
1191 const byte *s, *s_lf;
1195 n = reason_commentlen;
1199 /* We don't want any empty lines, so we skip them. */
1200 for (;n && *s == '\n'; s++, n--)
1204 s_lf = memchr (s, '\n', n);
1205 n_lf = s_lf? s_lf - s : n;
1206 es_fprintf (es_stdout, " %s",
1207 _("revocation comment: "));
1208 es_write_sanitized (es_stdout, s, n_lf, NULL, NULL);
1209 es_putc ('\n', es_stdout);
1210 s += n_lf; n -= n_lf;
1216 xfree (reason_text);
1217 xfree (reason_comment);
1219 /* fixme: check or list other sigs here */
1222 es_putc ('\n', es_stdout);
1228 /* Do a simple key listing printing only the fingerprint and the mail
1229 * address of valid keys. */
1231 list_keyblock_simple (ctrl_t ctrl, kbnode_t keyblock)
1236 char hexfpr[2*MAX_FINGERPRINT_LEN+1];
1241 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1244 log_error ("Oops; key lost!\n");
1245 dump_kbnode (keyblock);
1248 hexfingerprint (node->pkt->pkt.public_key, hexfpr, sizeof hexfpr);
1250 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1252 if (node->pkt->pkttype == PKT_USER_ID)
1254 PKT_user_id *uid = node->pkt->pkt.user_id;
1256 if (uid->attrib_data)
1259 if (uid->flags.expired || uid->flags.revoked)
1262 mbox = mailbox_from_userid (uid->name);
1265 ec = gpg_err_code_from_syserror ();
1266 if (ec != GPG_ERR_EINVAL)
1267 log_error ("error getting mailbox from user-id: %s\n",
1271 es_fprintf (es_stdout, "%s %s\n", hexfpr, mbox);
1279 print_revokers (estream_t fp, PKT_public_key * pk)
1281 /* print the revoker record */
1282 if (!pk->revkey && pk->numrevkeys)
1288 for (i = 0; i < pk->numrevkeys; i++)
1292 es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid);
1293 p = pk->revkey[i].fpr;
1294 for (j = 0; j < 20; j++, p++)
1295 es_fprintf (fp, "%02X", *p);
1296 es_fprintf (fp, ":%02x%s:\n",
1297 pk->revkey[i].class,
1298 (pk->revkey[i].class & 0x40) ? "s" : "");
1304 /* Print the compliance flags to field 18. PK is the public key.
1305 * KEYLENGTH is the length of the key in bits and CURVENAME is either
1306 * NULL or the name of the curve. The latter two args are here
1307 * merely because the caller has already computed them. */
1309 print_compliance_flags (PKT_public_key *pk,
1310 unsigned int keylength, const char *curvename)
1315 keylength = nbits_from_pk (pk);
1317 if (pk->version == 5)
1319 es_fputs (gnupg_status_compliance_flag (CO_GNUPG), es_stdout);
1322 if (gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey,
1323 keylength, curvename))
1325 es_fprintf (es_stdout, any ? " %s" : "%s",
1326 gnupg_status_compliance_flag (CO_DE_VS));
1332 /* List a key in colon mode. If SECRET is true this is a secret key
1333 record (i.e. requested via --list-secret-key). If HAS_SECRET a
1334 secret key is available even if SECRET is not set. */
1336 list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
1337 int secret, int has_secret)
1344 int trustletter = 0;
1345 int trustletter_print;
1346 int ownertrust_print;
1349 char *hexgrip_buffer = NULL;
1350 const char *hexgrip = NULL;
1351 char *serialno = NULL;
1353 unsigned int keylength;
1355 const char *curvename = NULL;
1357 /* Get the keyid from the keyblock. */
1358 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1361 log_error ("Oops; key lost!\n");
1362 dump_kbnode (keyblock);
1366 pk = node->pkt->pkt.public_key;
1367 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1369 rc = hexkeygrip_from_pk (pk, &hexgrip_buffer);
1371 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1372 /* In the error case we print an empty string so that we have a
1373 * "grp" record for each and subkey - even if it is empty. This
1374 * may help to prevent sync problems. */
1375 hexgrip = hexgrip_buffer? hexgrip_buffer : "";
1378 if ((secret || has_secret)
1379 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1380 stubkey = 1; /* Key not found. */
1382 keyid_from_pk (pk, keyid);
1383 if (!pk->flags.valid)
1384 trustletter_print = 'i';
1385 else if (pk->flags.revoked)
1386 trustletter_print = 'r';
1387 else if (pk->has_expired)
1388 trustletter_print = 'e';
1389 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1390 trustletter_print = 0;
1393 trustletter = get_validity_info (ctrl, keyblock, pk, NULL);
1394 if (trustletter == 'u')
1396 trustletter_print = trustletter;
1399 if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
1400 ownertrust_print = get_ownertrust_info (ctrl, pk, 0);
1402 ownertrust_print = 0;
1404 keylength = nbits_from_pk (pk);
1406 es_fputs (secret? "sec:":"pub:", es_stdout);
1407 if (trustletter_print)
1408 es_putc (trustletter_print, es_stdout);
1409 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::",
1412 (ulong) keyid[0], (ulong) keyid[1],
1413 colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
1415 if (ownertrust_print)
1416 es_putc (ownertrust_print, es_stdout);
1417 es_putc (':', es_stdout);
1419 es_putc (':', es_stdout);
1420 es_putc (':', es_stdout);
1421 print_capabilities (ctrl, pk, keyblock);
1422 es_putc (':', es_stdout); /* End of field 13. */
1423 es_putc (':', es_stdout); /* End of field 14. */
1424 if (secret || has_secret)
1427 es_putc ('#', es_stdout);
1429 es_fputs (serialno, es_stdout);
1430 else if (has_secret)
1431 es_putc ('+', es_stdout);
1433 es_putc (':', es_stdout); /* End of field 15. */
1434 es_putc (':', es_stdout); /* End of field 16. */
1435 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1436 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1437 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1439 curve = openpgp_oid_to_str (pk->pkey[0]);
1440 curvename = openpgp_oid_to_curve (curve, 0);
1443 es_fputs (curvename, es_stdout);
1445 es_putc (':', es_stdout); /* End of field 17. */
1446 print_compliance_flags (pk, keylength, curvename);
1447 es_putc (':', es_stdout); /* End of field 18 (compliance). */
1449 es_fputs (colon_strtime (pk->keyupdate), es_stdout);
1450 es_putc (':', es_stdout); /* End of field 19 (last_update). */
1451 es_fprintf (es_stdout, "%d%s", pk->keyorg, pk->updateurl? " ":"");
1453 es_write_sanitized (es_stdout, pk->updateurl, strlen (pk->updateurl),
1455 es_putc (':', es_stdout); /* End of field 20 (origin). */
1456 es_putc ('\n', es_stdout);
1458 print_revokers (es_stdout, pk);
1459 print_fingerprint (ctrl, NULL, pk, 0);
1461 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1462 if (opt.with_key_data)
1463 print_key_data (pk);
1465 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1467 if (node->pkt->pkttype == PKT_USER_ID)
1469 PKT_user_id *uid = node->pkt->pkt.user_id;
1472 if (attrib_fp && uid->attrib_data != NULL)
1473 dump_attribs (uid, pk);
1475 if (uid->flags.revoked)
1477 else if (uid->flags.expired)
1479 else if (opt.no_expensive_trust_checks)
1484 uid_validity = get_validity_info (ctrl, keyblock, pk, uid);
1486 es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout);
1488 es_putc (uid_validity, es_stdout);
1489 es_fputs ("::::", es_stdout);
1491 es_fprintf (es_stdout, "%s:", colon_strtime (uid->created));
1492 es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate));
1494 namehash_from_uid (uid);
1496 for (i = 0; i < 20; i++)
1497 es_fprintf (es_stdout, "%02X", uid->namehash[i]);
1499 es_fprintf (es_stdout, "::");
1501 if (uid->attrib_data)
1502 es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len);
1504 es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
1505 es_fputs (":::::::::", es_stdout);
1507 es_fputs (colon_strtime (uid->keyupdate), es_stdout);
1508 es_putc (':', es_stdout); /* End of field 19 (last_update). */
1509 es_fprintf (es_stdout, "%d%s", uid->keyorg, uid->updateurl? " ":"");
1511 es_write_sanitized (es_stdout,
1512 uid->updateurl, strlen (uid->updateurl),
1514 es_putc (':', es_stdout); /* End of field 20 (origin). */
1515 es_putc ('\n', es_stdout);
1517 if (!uid->attrib_data && opt.with_tofu_info
1518 && (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP))
1520 /* Print a "tfs" record. */
1521 tofu_write_tfs_record (ctrl, es_stdout, pk, uid->name);
1525 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1528 PKT_public_key *pk2;
1529 int need_hexgrip = !!hexgrip;
1531 pk2 = node->pkt->pkt.public_key;
1532 xfree (hexgrip_buffer); hexgrip_buffer = NULL; hexgrip = NULL;
1533 xfree (serialno); serialno = NULL;
1535 || secret || has_secret || opt.with_keygrip || opt.with_key_data)
1537 rc = hexkeygrip_from_pk (pk2, &hexgrip_buffer);
1539 log_error ("error computing a keygrip: %s\n",
1541 hexgrip = hexgrip_buffer? hexgrip_buffer : "";
1544 if ((secret||has_secret)
1545 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1546 stubkey = 1; /* Key not found. */
1548 keyid_from_pk (pk2, keyid2);
1549 es_fputs (secret? "ssb:":"sub:", es_stdout);
1550 if (!pk2->flags.valid)
1551 es_putc ('i', es_stdout);
1552 else if (pk2->flags.revoked)
1553 es_putc ('r', es_stdout);
1554 else if (pk2->has_expired)
1555 es_putc ('e', es_stdout);
1556 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1560 /* TRUSTLETTER should always be defined here. */
1562 es_fprintf (es_stdout, "%c", trustletter);
1564 keylength = nbits_from_pk (pk2);
1565 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s:::::",
1568 (ulong) keyid2[0], (ulong) keyid2[1],
1569 colon_datestr_from_pk (pk2),
1570 colon_strtime (pk2->expiredate));
1571 print_capabilities (ctrl, pk2, NULL);
1572 es_putc (':', es_stdout); /* End of field 13. */
1573 es_putc (':', es_stdout); /* End of field 14. */
1574 if (secret || has_secret)
1577 es_putc ('#', es_stdout);
1579 es_fputs (serialno, es_stdout);
1580 else if (has_secret)
1581 es_putc ('+', es_stdout);
1583 es_putc (':', es_stdout); /* End of field 15. */
1584 es_putc (':', es_stdout); /* End of field 16. */
1585 if (pk2->pubkey_algo == PUBKEY_ALGO_ECDSA
1586 || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA
1587 || pk2->pubkey_algo == PUBKEY_ALGO_ECDH)
1590 curve = openpgp_oid_to_str (pk2->pkey[0]);
1591 curvename = openpgp_oid_to_curve (curve, 0);
1594 es_fputs (curvename, es_stdout);
1596 es_putc (':', es_stdout); /* End of field 17. */
1597 print_compliance_flags (pk2, keylength, curvename);
1598 es_putc (':', es_stdout); /* End of field 18. */
1599 es_putc ('\n', es_stdout);
1600 print_fingerprint (ctrl, NULL, pk2, 0);
1602 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1603 if (opt.with_key_data)
1604 print_key_data (pk2);
1606 else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE)
1608 PKT_signature *sig = node->pkt->pkt.signature;
1609 int sigrc, fprokay = 0;
1612 byte fparray[MAX_FINGERPRINT_LEN];
1615 char *issuer_fpr = NULL;
1616 char *reason_text = NULL;
1617 char *reason_comment = NULL;
1618 size_t reason_commentlen;
1621 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1622 || sig->sig_class == 0x30)
1625 reason_code = get_revocation_reason (sig, &reason_text,
1627 &reason_commentlen);
1629 else if ((sig->sig_class & ~3) == 0x10)
1631 else if (sig->sig_class == 0x18)
1633 else if (sig->sig_class == 0x1F)
1637 es_fprintf (es_stdout, "sig::::::::::%02x%c:\n",
1638 sig->sig_class, sig->flags.exportable ? 'x' : 'l');
1644 PKT_public_key *signer_pk = NULL;
1646 es_fflush (es_stdout);
1647 if (opt.no_sig_cache)
1648 signer_pk = xmalloc_clear (sizeof (PKT_public_key));
1650 rc = check_key_signature2 (ctrl, keyblock, node, NULL, signer_pk,
1652 switch (gpg_err_code (rc))
1657 case GPG_ERR_BAD_SIGNATURE:
1660 case GPG_ERR_NO_PUBKEY:
1661 case GPG_ERR_UNUSABLE_PUBKEY:
1669 if (opt.no_sig_cache)
1673 fingerprint_from_pk (signer_pk, fparray, &fplen);
1676 free_public_key (signer_pk);
1682 sigrc = ' '; /* Note the fix-up below in --list-sigs mode. */
1685 if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode)
1688 siguid = get_user_id (ctrl, sig->keyid, &siguidlen, &nouid);
1689 if (!opt.check_sigs && nouid)
1690 sigrc = '?'; /* No key in local keyring. */
1699 es_fputs (sigstr, es_stdout);
1700 es_putc (':', es_stdout);
1702 es_putc (sigrc, es_stdout);
1703 es_fprintf (es_stdout, "::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1704 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1705 colon_datestr_from_sig (sig),
1706 colon_expirestr_from_sig (sig));
1708 if (sig->trust_depth || sig->trust_value)
1709 es_fprintf (es_stdout, "%d %d", sig->trust_depth, sig->trust_value);
1710 es_fprintf (es_stdout, ":");
1712 if (sig->trust_regexp)
1713 es_write_sanitized (es_stdout, sig->trust_regexp,
1714 strlen (sig->trust_regexp), ":", NULL);
1715 es_fprintf (es_stdout, ":");
1718 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1720 es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL);
1722 es_fprintf (es_stdout, ":%02x%c", sig->sig_class,
1723 sig->flags.exportable ? 'x' : 'l');
1725 es_fprintf (es_stdout, ",%02x", reason_code);
1726 es_fputs ("::", es_stdout);
1728 if (opt.no_sig_cache && opt.check_sigs && fprokay)
1730 for (i = 0; i < fplen; i++)
1731 es_fprintf (es_stdout, "%02X", fparray[i]);
1733 else if ((issuer_fpr = issuer_fpr_string (sig)))
1734 es_fputs (issuer_fpr, es_stdout);
1736 es_fprintf (es_stdout, ":::%d:", sig->digest_algo);
1740 es_fputs ("::::", es_stdout);
1741 es_write_sanitized (es_stdout, reason_comment, reason_commentlen,
1743 es_putc (':', es_stdout);
1745 es_putc ('\n', es_stdout);
1747 if (opt.show_subpackets)
1748 print_subpackets_colon (sig);
1750 /* fixme: check or list other sigs here */
1751 xfree (reason_text);
1752 xfree (reason_comment);
1759 xfree (hexgrip_buffer);
1764 * Reorder the keyblock so that the primary user ID (and not attribute
1765 * packet) comes first. Fixme: Replace this by a generic sort
1768 do_reorder_keyblock (KBNODE keyblock, int attr)
1770 KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
1773 for (node = keyblock; node; primary0 = node, node = node->next)
1775 if (node->pkt->pkttype == PKT_USER_ID &&
1776 ((attr && node->pkt->pkt.user_id->attrib_data) ||
1777 (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
1778 node->pkt->pkt.user_id->flags.primary)
1780 primary = primary2 = node;
1781 for (node = node->next; node; primary2 = node, node = node->next)
1783 if (node->pkt->pkttype == PKT_USER_ID
1784 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1785 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1794 return; /* No primary key flag found (should not happen). */
1796 for (last = NULL, node = keyblock; node; last = node, node = node->next)
1798 if (node->pkt->pkttype == PKT_USER_ID)
1802 log_assert (last); /* The user ID is never the first packet. */
1803 log_assert (primary0); /* Ditto (this is the node before primary). */
1804 if (node == primary)
1805 return; /* Already the first one. */
1807 last->next = primary;
1808 primary0->next = primary2->next;
1809 primary2->next = node;
1813 reorder_keyblock (KBNODE keyblock)
1815 do_reorder_keyblock (keyblock, 1);
1816 do_reorder_keyblock (keyblock, 0);
1820 list_keyblock (ctrl_t ctrl,
1821 KBNODE keyblock, int secret, int has_secret, int fpr,
1822 struct keylist_context *listctx)
1824 reorder_keyblock (keyblock);
1826 if (opt.with_colons)
1827 list_keyblock_colon (ctrl, keyblock, secret, has_secret);
1828 else if ((opt.list_options & LIST_SHOW_ONLY_FPR_MBOX))
1830 if (!listctx->no_validity)
1831 check_trustdb_stale (ctrl);
1832 list_keyblock_simple (ctrl, keyblock);
1835 list_keyblock_print (ctrl, keyblock, secret, fpr, listctx);
1838 es_fflush (es_stdout);
1842 /* Public function used by keygen to list a keyblock. If NO_VALIDITY
1843 * is set the validity of a key is never shown. */
1845 list_keyblock_direct (ctrl_t ctrl,
1846 kbnode_t keyblock, int secret, int has_secret, int fpr,
1849 struct keylist_context listctx;
1851 memset (&listctx, 0, sizeof (listctx));
1852 listctx.no_validity = !!no_validity;
1853 list_keyblock (ctrl, keyblock, secret, has_secret, fpr, &listctx);
1854 keylist_context_release (&listctx);
1858 /* Print an hex digit in ICAO spelling. */
1860 print_icao_hexdigit (estream_t fp, int c)
1862 static const char *list[16] = {
1863 "Zero", "One", "Two", "Three", "Four", "Five", "Six", "Seven",
1864 "Eight", "Niner", "Alfa", "Bravo", "Charlie", "Delta", "Echo", "Foxtrot"
1867 tty_fprintf (fp, "%s", list[c&15]);
1872 * Function to print the finperprint.
1873 * mode 0: as used in key listings, opt.with_colons is honored
1874 * 1: print using log_info ()
1875 * 2: direct use of tty
1876 * 3: direct use of tty but only primary key.
1877 * 4: direct use of tty but only subkey.
1878 * 10: Same as 0 but with_colons etc is ignored.
1879 * 20: Same as 0 but using a compact format.
1881 * Modes 1 and 2 will try and print both subkey and primary key
1882 * fingerprints. A MODE with bit 7 set is used internally. If
1883 * OVERRIDE_FP is not NULL that stream will be used in 0 instead
1884 * of es_stdout or instead of the TTY in modes 2 and 3.
1887 print_fingerprint (ctrl_t ctrl, estream_t override_fp,
1888 PKT_public_key *pk, int mode)
1890 char hexfpr[2*MAX_FINGERPRINT_LEN+1];
1896 int with_colons = opt.with_colons;
1897 int with_icao = opt.with_icao_spelling;
1906 else if (mode == 20)
1913 if (!opt.fingerprint && !opt.with_fingerprint
1914 && opt.with_subkey_fingerprint)
1917 if (pk->main_keyid[0] == pk->keyid[0]
1918 && pk->main_keyid[1] == pk->keyid[1])
1921 /* Just to be safe */
1922 if ((mode & 0x80) && !primary)
1924 log_error ("primary key is not really primary!\n");
1930 if (!primary && (mode == 1 || mode == 2))
1932 PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
1933 get_pubkey (ctrl, primary_pk, pk->main_keyid);
1934 print_fingerprint (ctrl, override_fp, primary_pk, (mode | 0x80));
1935 free_public_key (primary_pk);
1940 fp = log_get_stream ();
1942 text = _("Primary key fingerprint:");
1944 text = _(" Subkey fingerprint:");
1948 fp = override_fp; /* Use tty or given stream. */
1950 /* TRANSLATORS: this should fit into 24 bytes so that the
1951 * fingerprint data is properly aligned with the user ID */
1952 text = _(" Primary key fingerprint:");
1954 text = _(" Subkey fingerprint:");
1958 fp = override_fp; /* Use tty or given stream. */
1959 text = _(" Key fingerprint =");
1963 fp = override_fp; /* Use tty or given stream. */
1964 text = _(" Subkey fingerprint:");
1968 fp = override_fp? override_fp : es_stdout;
1969 if (opt.keyid_format == KF_NONE)
1971 text = " "; /* To indent ICAO spelling. */
1975 text = _(" Key fingerprint =");
1978 hexfingerprint (pk, hexfpr, sizeof hexfpr);
1979 if (with_colons && !mode)
1981 es_fprintf (fp, "fpr:::::::::%s:", hexfpr);
1983 else if (compact && !opt.fingerprint && !opt.with_fingerprint)
1985 tty_fprintf (fp, "%*s%s", 6, "", hexfpr);
1989 char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1];
1990 format_hexfingerprint (hexfpr, fmtfpr, sizeof fmtfpr);
1992 tty_fprintf (fp, "%*s%s", 6, "", fmtfpr);
1994 tty_fprintf (fp, "%s %s", text, fmtfpr);
1996 tty_fprintf (fp, "\n");
1997 if (!with_colons && with_icao)
2000 tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, "");
2001 for (i = 0, p = hexfpr; *p; i++, p++)
2006 tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, "");
2008 tty_fprintf (fp, " ");
2010 tty_fprintf (fp, " ");
2011 print_icao_hexdigit (fp, xtoi_1 (p));
2013 tty_fprintf (fp, "\"\n");
2017 /* Print the serial number of an OpenPGP card if available. */
2019 print_card_serialno (const char *serialno)
2023 if (opt.with_colons)
2024 return; /* Handled elsewhere. */
2026 es_fputs (_(" Card serial no. ="), es_stdout);
2027 es_putc (' ', es_stdout);
2028 if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12))
2030 /* This is an OpenPGP card. Print the relevant part. */
2031 /* Example: D2760001240101010001000003470000 */
2033 es_fprintf (es_stdout, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
2036 es_fputs (serialno, es_stdout);
2037 es_putc ('\n', es_stdout);
2041 /* Print a public or secret (sub)key line. Example:
2043 * pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31]
2044 * 80615870F5BAD690333686D0F2AD85AC1E42B367
2046 * Some global options may result in a different output format. If
2047 * SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and
2048 * depending on the value a flag character is shown:
2050 * 1 := ' ' Regular secret key
2051 * 2 := '#' Stub secret key
2052 * 3 := '>' Secret key is on a token.
2055 print_key_line (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, int secret)
2057 char pkstrbuf[PUBKEY_STRING_SIZE];
2059 tty_fprintf (fp, "%s%c %s",
2060 pk->flags.primary? (secret? "sec":"pub")
2061 /**/ : (secret? "ssb":"sub"),
2062 secret == 2? '#' : secret == 3? '>' : ' ',
2063 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf));
2064 if (opt.keyid_format != KF_NONE)
2065 tty_fprintf (fp, "/%s", keystr_from_pk (pk));
2066 tty_fprintf (fp, " %s", datestr_from_pk (pk));
2068 if (pk->flags.primary
2069 && !(openpgp_pk_algo_usage (pk->pubkey_algo)
2070 & (PUBKEY_USAGE_CERT| PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)))
2072 /* A primary key which is really not capable to sign. */
2073 tty_fprintf (fp, " [INVALID_ALGO]");
2075 else if ((opt.list_options & LIST_SHOW_USAGE))
2077 tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0));
2080 if (pk->flags.revoked)
2082 tty_fprintf (fp, " [");
2083 tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk));
2084 tty_fprintf (fp, "]");
2086 else if (pk->has_expired)
2088 tty_fprintf (fp, " [");
2089 tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk));
2090 tty_fprintf (fp, "]");
2092 else if (pk->expiredate)
2094 tty_fprintf (fp, " [");
2095 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
2096 tty_fprintf (fp, "]");
2100 /* I need to think about this some more. It's easy enough to
2101 include, but it looks sort of confusing in the listing... */
2102 if (opt.list_options & LIST_SHOW_VALIDITY)
2104 int validity = get_validity (ctrl, pk, NULL, NULL, 0);
2105 tty_fprintf (fp, " [%s]", trust_value_to_string (validity));
2109 if (pk->pubkey_algo >= 100)
2110 tty_fprintf (fp, " [experimental algorithm %d]", pk->pubkey_algo);
2112 tty_fprintf (fp, "\n");
2114 /* if the user hasn't explicitly asked for human-readable
2115 fingerprints, show compact fpr of primary key: */
2116 if (pk->flags.primary &&
2117 !opt.fingerprint && !opt.with_fingerprint)
2118 print_fingerprint (ctrl, fp, pk, 20);
2123 set_attrib_fd (int fd)
2125 static int last_fd = -1;
2127 if (fd != -1 && last_fd == fd)
2130 /* Fixme: Do we need to check for the log stream here? */
2131 if (attrib_fp && attrib_fp != log_get_stream ())
2132 es_fclose (attrib_fp);
2137 if (! gnupg_fd_valid (fd))
2138 log_fatal ("attribute-fd is invalid: %s\n", strerror (errno));
2140 #ifdef HAVE_DOSISH_SYSTEM
2141 setmode (fd, O_BINARY);
2144 attrib_fp = es_stdout;
2146 attrib_fp = es_stderr;
2148 attrib_fp = es_fdopen (fd, "wb");
2151 log_fatal ("can't open fd %d for attribute output: %s\n",
2152 fd, strerror (errno));