1 /* keylist.c - Print information about OpenPGP keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2008, 2010, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2013, 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
28 #ifdef HAVE_DOSISH_SYSTEM
29 #include <fcntl.h> /* for setmode() */
44 #include "call-agent.h"
45 #include "mbox-util.h"
48 static void list_all (int, int);
49 static void list_one (strlist_t names, int secret, int mark_secret);
50 static void locate_one (ctrl_t ctrl, strlist_t names);
51 static void print_card_serialno (const char *serialno);
53 struct keylist_context
55 int check_sigs; /* If set signatures shall be verified. */
56 int good_sigs; /* Counter used if CHECK_SIGS is set. */
57 int inv_sigs; /* Counter used if CHECK_SIGS is set. */
58 int no_key; /* Counter used if CHECK_SIGS is set. */
59 int oth_err; /* Counter used if CHECK_SIGS is set. */
63 static void list_keyblock (kbnode_t keyblock, int secret, int has_secret,
64 int fpr, struct keylist_context *listctx);
67 /* The stream used to write attribute packets to. */
68 static estream_t attrib_fp;
71 /* Release resources from a keylist context. */
73 keylist_context_release (struct keylist_context *listctx)
75 (void)listctx; /* Nothing to release. */
79 /* List the keys. If list is NULL, all available keys are listed.
80 With LOCATE_MODE set the locate algorithm is used to find a
83 public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
85 #ifndef NO_TRUST_MODELS
88 byte trust_model, marginals, completes, cert_depth, min_cert_level;
89 ulong created, nextcheck;
91 read_trust_options (&trust_model, &created, &nextcheck,
92 &marginals, &completes, &cert_depth, &min_cert_level);
94 es_fprintf (es_stdout, "tru:");
96 if (nextcheck && nextcheck <= make_timestamp ())
97 es_fprintf (es_stdout, "o");
98 if (trust_model != opt.trust_model)
99 es_fprintf (es_stdout, "t");
100 if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC)
102 if (marginals != opt.marginals_needed)
103 es_fprintf (es_stdout, "m");
104 if (completes != opt.completes_needed)
105 es_fprintf (es_stdout, "c");
106 if (cert_depth != opt.max_cert_depth)
107 es_fprintf (es_stdout, "d");
108 if (min_cert_level != opt.min_cert_level)
109 es_fprintf (es_stdout, "l");
112 es_fprintf (es_stdout, ":%d:%lu:%lu", trust_model, created, nextcheck);
114 /* Only show marginals, completes, and cert_depth in the classic
115 or PGP trust models since they are not meaningful
118 if (trust_model == TM_PGP || trust_model == TM_CLASSIC)
119 es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth);
120 es_fprintf (es_stdout, "\n");
122 #endif /*!NO_TRUST_MODELS*/
124 /* We need to do the stale check right here because it might need to
125 update the keyring while we already have the keyring open. This
126 is very bad for W32 because of a sharing violation. For real OSes
127 it might lead to false results if we are later listing a keyring
128 which is associated with the inode of a deleted file. */
129 check_trustdb_stale ();
132 locate_one (ctrl, list);
134 list_all (0, opt.with_secret);
136 list_one (list, 0, opt.with_secret);
141 secret_key_list (ctrl_t ctrl, strlist_t list)
145 check_trustdb_stale ();
149 else /* List by user id */
150 list_one (list, 1, 0);
154 print_seckey_info (PKT_public_key *pk)
158 char pkstrbuf[PUBKEY_STRING_SIZE];
160 keyid_from_pk (pk, keyid);
161 p = get_user_id_native (keyid);
163 tty_printf ("\nsec %s/%s %s %s\n",
164 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
165 keystr (keyid), datestr_from_pk (pk), p);
170 /* Print information about the public key. With FP passed as NULL,
171 the tty output interface is used, otherwise output is directted to
174 print_pubkey_info (estream_t fp, PKT_public_key *pk)
178 char pkstrbuf[PUBKEY_STRING_SIZE];
180 keyid_from_pk (pk, keyid);
182 /* If the pk was chosen by a particular user ID, that is the one to
185 p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
187 p = get_user_id_native (keyid);
191 tty_fprintf (fp, "%s %s/%s %s %s\n",
192 pk->flags.primary? "pub":"sub",
193 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
194 keystr (keyid), datestr_from_pk (pk), p);
199 /* Print basic information of a secret key including the card serial
200 number information. */
201 #ifdef ENABLE_CARD_SUPPORT
203 print_card_key_info (estream_t fp, kbnode_t keyblock)
209 char pkstrbuf[PUBKEY_STRING_SIZE];
212 for (node = keyblock; node; node = node->next)
214 if (node->pkt->pkttype == PKT_PUBLIC_KEY
215 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
218 PKT_public_key *pk = node->pkt->pkt.public_key;
221 rc = hexkeygrip_from_pk (pk, &hexgrip);
224 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
227 else if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
228 s2k_char = serialno? '>':' ';
230 s2k_char = '#'; /* Key not found. */
232 tty_fprintf (fp, "%s%c %s/%s %n",
233 node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb",
235 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
238 tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
239 tty_fprintf (fp, " ");
240 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
243 tty_fprintf (fp, "\n%*s%s", indent, "", _("card-no: "));
244 if (strlen (serialno) == 32
245 && !strncmp (serialno, "D27600012401", 12))
247 /* This is an OpenPGP card. Print the relevant part. */
248 /* Example: D2760001240101010001000003470000 */
250 tty_fprintf (fp, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
253 tty_fprintf (fp, "%s", serialno);
255 tty_fprintf (fp, "\n");
261 #endif /*ENABLE_CARD_SUPPORT*/
264 /* Flags = 0x01 hashed 0x02 critical. */
266 status_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
271 /* Don't print these. */
275 snprintf (status, sizeof status,
276 "%d %u %u ", type, flags, (unsigned int) len);
278 write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0);
282 /* Print a policy URL. Allowed values for MODE are:
283 * 0 - print to stdout.
284 * 1 - use log_info and emit status messages.
285 * 2 - emit only status messages.
288 show_policy_url (PKT_signature * sig, int indent, int mode)
293 estream_t fp = mode ? log_get_stream () : es_stdout;
296 enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit)))
303 for (i = 0; i < indent; i++)
307 str = _("Critical signature policy: ");
309 str = _("Signature policy: ");
311 log_info ("%s", str);
313 es_fprintf (fp, "%s", str);
314 print_utf8_buffer (fp, p, len);
315 es_fprintf (fp, "\n");
319 write_status_buffer (STATUS_POLICY_URL, p, len, 0);
326 mode=1 for log_info + status messages
327 mode=2 for status messages only
331 show_keyserver_url (PKT_signature * sig, int indent, int mode)
336 estream_t fp = mode ? log_get_stream () : es_stdout;
339 enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq,
347 for (i = 0; i < indent; i++)
348 es_putc (' ', es_stdout);
351 str = _("Critical preferred keyserver: ");
353 str = _("Preferred keyserver: ");
355 log_info ("%s", str);
357 es_fprintf (es_stdout, "%s", str);
358 print_utf8_buffer (fp, p, len);
359 es_fprintf (fp, "\n");
363 status_one_subpacket (SIGSUBPKT_PREF_KS, len,
364 (crit ? 0x02 : 0) | 0x01, p);
370 mode=1 for log_info + status messages
371 mode=2 for status messages only
373 Defined bits in WHICH:
374 1 == standard notations
378 show_notation (PKT_signature * sig, int indent, int mode, int which)
380 estream_t fp = mode ? log_get_stream () : es_stdout;
381 struct notation *nd, *notations;
386 notations = sig_to_notation (sig);
388 /* There may be multiple notations in the same sig. */
389 for (nd = notations; nd; nd = nd->next)
393 int has_at = !!strchr (nd->name, '@');
395 if ((which & 1 && !has_at) || (which & 2 && has_at))
400 for (i = 0; i < indent; i++)
401 es_putc (' ', es_stdout);
403 if (nd->flags.critical)
404 str = _("Critical signature notation: ");
406 str = _("Signature notation: ");
408 log_info ("%s", str);
410 es_fprintf (es_stdout, "%s", str);
411 /* This is all UTF8 */
412 print_utf8_buffer (fp, nd->name, strlen (nd->name));
413 es_fprintf (fp, "=");
414 print_utf8_buffer (fp, nd->value, strlen (nd->value));
415 /* (We need to use log_printf so that the next call to a
416 log function does not insert an extra LF.) */
426 write_status_buffer (STATUS_NOTATION_NAME,
427 nd->name, strlen (nd->name), 0);
428 write_status_buffer (STATUS_NOTATION_DATA,
429 nd->value, strlen (nd->value), 50);
433 free_notation (notations);
438 print_signature_stats (struct keylist_context *s)
441 return; /* Signature checking was not requested. */
443 if (s->good_sigs == 1)
444 log_info (_("1 good signature\n"));
445 else if (s->good_sigs)
446 log_info (_("%d good signatures\n"), s->good_sigs);
448 if (s->inv_sigs == 1)
449 log_info (_("1 bad signature\n"));
450 else if (s->inv_sigs)
451 log_info (_("%d bad signatures\n"), s->inv_sigs);
454 log_info (_("1 signature not checked due to a missing key\n"));
456 log_info (_("%d signatures not checked due to missing keys\n"), s->no_key);
459 log_info (_("1 signature not checked due to an error\n"));
461 log_info (_("%d signatures not checked due to errors\n"), s->oth_err);
465 /* List all keys. If SECRET is true only secret keys are listed. If
466 MARK_SECRET is true secret keys are indicated in a public key
469 list_all (int secret, int mark_secret)
472 KBNODE keyblock = NULL;
475 const char *lastresname, *resname;
476 struct keylist_context listctx;
478 memset (&listctx, 0, sizeof (listctx));
480 listctx.check_sigs = 1;
484 rc = gpg_error (GPG_ERR_GENERAL);
486 rc = keydb_search_first (hd);
489 if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
490 log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc));
497 rc = keydb_get_keyblock (hd, &keyblock);
500 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
501 continue; /* Skip legacy keys. */
502 log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
506 if (secret || mark_secret)
507 any_secret = !agent_probe_any_secret_key (NULL, keyblock);
511 if (secret && !any_secret)
512 ; /* Secret key listing requested but this isn't one. */
515 if (!opt.with_colons)
517 resname = keydb_get_resource_name (hd);
518 if (lastresname != resname)
522 es_fprintf (es_stdout, "%s\n", resname);
523 for (i = strlen (resname); i; i--)
524 es_putc ('-', es_stdout);
525 es_putc ('\n', es_stdout);
526 lastresname = resname;
529 merge_keys_and_selfsig (keyblock);
530 list_keyblock (keyblock, secret, any_secret, opt.fingerprint,
533 release_kbnode (keyblock);
536 while (!(rc = keydb_search_next (hd)));
537 es_fflush (es_stdout);
538 if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
539 log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
540 if (keydb_get_skipped_counter (hd))
541 log_info (_("Warning: %lu key(s) skipped due to their large size\n"),
542 keydb_get_skipped_counter (hd));
544 if (opt.check_sigs && !opt.with_colons)
545 print_signature_stats (&listctx);
548 keylist_context_release (&listctx);
549 release_kbnode (keyblock);
555 list_one (strlist_t names, int secret, int mark_secret)
558 KBNODE keyblock = NULL;
561 const char *keyring_str = _("Keyring");
563 struct keylist_context listctx;
565 memset (&listctx, 0, sizeof (listctx));
566 if (!secret && opt.check_sigs)
567 listctx.check_sigs = 1;
569 /* fixme: using the bynames function has the disadvantage that we
570 * don't know wether one of the names given was not found. OTOH,
571 * this function has the advantage to list the names in the
572 * sequence as defined by the keyDB and does not duplicate
573 * outputs. A solution could be do test whether all given have
574 * been listed (this needs a way to use the keyDB search
575 * functions) or to have the search function return indicators for
576 * found names. Yet another way is to use the keydb search
577 * facilities directly. */
578 rc = getkey_bynames (&ctx, NULL, names, secret, &keyblock);
581 log_error ("error reading key: %s\n", gpg_strerror (rc));
582 get_pubkey_end (ctx);
588 if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
590 resname = keydb_get_resource_name (get_ctx_handle (ctx));
591 es_fprintf (es_stdout, "%s: %s\n", keyring_str, resname);
592 for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
593 es_putc ('-', es_stdout);
594 es_putc ('\n', es_stdout);
596 list_keyblock (keyblock, secret, mark_secret, opt.fingerprint, &listctx);
597 release_kbnode (keyblock);
599 while (!getkey_next (ctx, NULL, &keyblock));
602 if (opt.check_sigs && !opt.with_colons)
603 print_signature_stats (&listctx);
605 keylist_context_release (&listctx);
610 locate_one (ctrl_t ctrl, strlist_t names)
614 GETKEY_CTX ctx = NULL;
615 KBNODE keyblock = NULL;
616 struct keylist_context listctx;
618 memset (&listctx, 0, sizeof (listctx));
620 listctx.check_sigs = 1;
622 for (sl = names; sl; sl = sl->next)
624 rc = get_pubkey_byname (ctrl, &ctx, NULL, sl->d, &keyblock, NULL, 1, 0);
627 if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
628 log_error ("error reading key: %s\n", gpg_strerror (rc));
634 list_keyblock (keyblock, 0, 0, opt.fingerprint, &listctx);
635 release_kbnode (keyblock);
637 while (ctx && !get_pubkey_next (ctx, NULL, &keyblock));
638 get_pubkey_end (ctx);
643 if (opt.check_sigs && !opt.with_colons)
644 print_signature_stats (&listctx);
646 keylist_context_release (&listctx);
651 print_key_data (PKT_public_key * pk)
653 int n = pk ? pubkey_get_npkey (pk->pubkey_algo) : 0;
656 for (i = 0; i < n; i++)
658 es_fprintf (es_stdout, "pkd:%d:%u:", i, mpi_get_nbits (pk->pkey[i]));
659 mpi_print (es_stdout, pk->pkey[i], 1);
660 es_putc (':', es_stdout);
661 es_putc ('\n', es_stdout);
666 print_capabilities (PKT_public_key *pk, KBNODE keyblock)
668 unsigned int use = pk->pubkey_usage;
671 if (use & PUBKEY_USAGE_ENC)
672 es_putc ('e', es_stdout);
674 if (use & PUBKEY_USAGE_SIG)
676 es_putc ('s', es_stdout);
677 if (pk->flags.primary)
679 es_putc ('c', es_stdout);
680 /* The PUBKEY_USAGE_CERT flag was introduced later and we
681 used to always print 'c' for a primary key. To avoid any
682 regression here we better track whether we printed 'c'
688 if ((use & PUBKEY_USAGE_CERT) && !c_printed)
689 es_putc ('c', es_stdout);
691 if ((use & PUBKEY_USAGE_AUTH))
692 es_putc ('a', es_stdout);
694 if ((use & PUBKEY_USAGE_UNKNOWN))
695 es_putc ('?', es_stdout);
699 /* Figure out the usable capabilities. */
701 int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0;
703 for (k = keyblock; k; k = k->next)
705 if (k->pkt->pkttype == PKT_PUBLIC_KEY
706 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
708 pk = k->pkt->pkt.public_key;
710 if (pk->flags.primary)
711 disabled = pk_is_disabled (pk);
713 if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired)
715 if (pk->pubkey_usage & PUBKEY_USAGE_ENC)
717 if (pk->pubkey_usage & PUBKEY_USAGE_SIG)
720 if (pk->flags.primary)
723 if (pk->pubkey_usage & PUBKEY_USAGE_CERT)
725 if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
731 es_putc ('E', es_stdout);
733 es_putc ('S', es_stdout);
735 es_putc ('C', es_stdout);
737 es_putc ('A', es_stdout);
739 es_putc ('D', es_stdout);
742 es_putc (':', es_stdout);
746 /* FLAGS: 0x01 hashed
749 print_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
754 es_fprintf (es_stdout, "spk:%d:%u:%u:", type, flags, (unsigned int) len);
756 for (i = 0; i < len; i++)
758 /* printable ascii other than : and % */
759 if (buf[i] >= 32 && buf[i] <= 126 && buf[i] != ':' && buf[i] != '%')
760 es_fprintf (es_stdout, "%c", buf[i]);
762 es_fprintf (es_stdout, "%%%02X", buf[i]);
765 es_fprintf (es_stdout, "\n");
770 print_subpackets_colon (PKT_signature * sig)
774 assert (opt.show_subpackets);
776 for (i = opt.show_subpackets; *i; i++)
784 while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit)))
785 print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
789 while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit)))
790 print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
796 dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
803 for (i = 0; i < uid->numattribs; i++)
805 if (is_status_enabled ())
807 byte array[MAX_FINGERPRINT_LEN], *p;
808 char buf[(MAX_FINGERPRINT_LEN * 2) + 90];
813 fingerprint_from_pk (pk, array, &n);
816 for (j = 0; j < n; j++, p++)
817 sprintf (buf + 2 * j, "%02X", *p);
819 sprintf (buf + strlen (buf), " %lu %u %u %u %lu %lu %u",
820 (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1,
821 uid->numattribs, (ulong) uid->created,
822 (ulong) uid->expiredate,
823 ((uid->is_primary ? 0x01 : 0) | (uid->
824 is_revoked ? 0x02 : 0) |
825 (uid->is_expired ? 0x04 : 0)));
826 write_status_text (STATUS_ATTRIBUTE, buf);
829 es_fwrite (uid->attribs[i].data, uid->attribs[i].len, 1, attrib_fp);
830 es_fflush (attrib_fp);
835 /* Print IPGP cert records instead of a standard key listing. */
837 list_keyblock_pka (kbnode_t keyblock)
842 char pkstrbuf[PUBKEY_STRING_SIZE];
845 /* Get the keyid from the keyblock. */
846 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
849 log_error ("Oops; key lost!\n");
850 dump_kbnode (keyblock);
854 pk = node->pkt->pkt.public_key;
856 es_fprintf (es_stdout, ";; pub %s/%s %s\n;; ",
857 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
858 keystr_from_pk (pk), datestr_from_pk (pk));
859 print_fingerprint (NULL, pk, 10);
860 hexfpr = hexfingerprint (pk);
862 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
864 if (node->pkt->pkttype == PKT_USER_ID)
866 PKT_user_id *uid = node->pkt->pkt.user_id;
870 if (pk && (uid->is_expired || uid->is_revoked)
871 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
874 es_fputs (";; uid ", es_stdout);
875 print_utf8_buffer (es_stdout, uid->name, uid->len);
876 es_putc ('\n', es_stdout);
877 mbox = mailbox_from_userid (uid->name);
878 if (mbox && (p = strchr (mbox, '@')))
885 es_fprintf (es_stdout, "$ORIGIN _pka.%s.\n", p);
886 gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
887 hash = zb32_encode (hashbuf, 8*20);
890 len = strlen (hexfpr)/2;
891 es_fprintf (es_stdout,
892 "%s TYPE37 \\# %u 0006 0000 00 %02X %s\n",
893 hash, 6 + len, len, hexfpr);
901 es_putc ('\n', es_stdout);
908 list_keyblock_print (KBNODE keyblock, int secret, int fpr,
909 struct keylist_context *listctx)
917 char *hexgrip = NULL;
918 char *serialno = NULL;
919 char pkstrbuf[PUBKEY_STRING_SIZE];
921 /* Get the keyid from the keyblock. */
922 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
925 log_error ("Oops; key lost!\n");
926 dump_kbnode (keyblock);
930 pk = node->pkt->pkt.public_key;
932 if (secret || opt.with_keygrip)
934 rc = hexkeygrip_from_pk (pk, &hexgrip);
936 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
941 if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
942 s2k_char = serialno? '>':' ';
944 s2k_char = '#'; /* Key not found. */
949 check_trustdb_stale ();
952 es_fprintf (es_stdout, "%s%c %s/%s %s",
955 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
956 keystr_from_pk (pk), datestr_from_pk (pk));
958 if ((opt.list_options & LIST_SHOW_USAGE))
960 es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk, 0));
962 if (pk->flags.revoked)
964 es_fprintf (es_stdout, " [");
965 es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk));
966 es_fprintf (es_stdout, "]");
968 else if (pk->has_expired)
970 es_fprintf (es_stdout, " [");
971 es_fprintf (es_stdout, _("expired: %s"), expirestr_from_pk (pk));
972 es_fprintf (es_stdout, "]");
974 else if (pk->expiredate)
976 es_fprintf (es_stdout, " [");
977 es_fprintf (es_stdout, _("expires: %s"), expirestr_from_pk (pk));
978 es_fprintf (es_stdout, "]");
982 /* I need to think about this some more. It's easy enough to
983 include, but it looks sort of confusing in the listing... */
984 if (opt.list_options & LIST_SHOW_VALIDITY)
986 int validity = get_validity (pk, NULL);
987 es_fprintf (es_stdout, " [%s]", trust_value_to_string (validity));
991 if (pk->pubkey_algo >= 100)
992 es_fprintf (es_stdout, " [experimental algorithm %d]", pk->pubkey_algo);
994 es_fprintf (es_stdout, "\n");
997 print_fingerprint (NULL, pk, 0);
999 if (opt.with_keygrip && hexgrip)
1000 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1003 print_card_serialno (serialno);
1005 if (opt.with_key_data)
1006 print_key_data (pk);
1008 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1010 if (node->pkt->pkttype == PKT_USER_ID)
1012 PKT_user_id *uid = node->pkt->pkt.user_id;
1014 if ((uid->is_expired || uid->is_revoked)
1015 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
1023 if (attrib_fp && uid->attrib_data != NULL)
1024 dump_attribs (uid, pk);
1026 if ((uid->is_revoked || uid->is_expired)
1027 || (opt.list_options & LIST_SHOW_UID_VALIDITY))
1029 const char *validity;
1032 validity = uid_trust_string_fixed (pk, uid);
1034 (keystrlen () + 9) -
1035 atoi (uid_trust_string_fixed (NULL, NULL));
1037 if (indent < 0 || indent > 40)
1040 es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity);
1043 es_fprintf (es_stdout, "uid%*s", (int) keystrlen () + 10, "");
1045 print_utf8_buffer (es_stdout, uid->name, uid->len);
1046 es_putc ('\n', es_stdout);
1048 if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
1049 show_photos (uid->attribs, uid->numattribs, pk, uid);
1051 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1053 PKT_public_key *pk2 = node->pkt->pkt.public_key;
1055 if ((pk2->flags.revoked || pk2->has_expired)
1056 && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS))
1064 xfree (serialno); serialno = NULL;
1065 xfree (hexgrip); hexgrip = NULL;
1066 if (secret || opt.with_keygrip)
1068 rc = hexkeygrip_from_pk (pk2, &hexgrip);
1070 log_error ("error computing a keygrip: %s\n",
1075 if (!agent_get_keyinfo (NULL, hexgrip, &serialno))
1076 s2k_char = serialno? '>':' ';
1078 s2k_char = '#'; /* Key not found. */
1083 es_fprintf (es_stdout, "%s%c %s/%s %s",
1084 secret? "ssb":"sub",
1086 pubkey_string (pk2, pkstrbuf, sizeof pkstrbuf),
1087 keystr_from_pk (pk2), datestr_from_pk (pk2));
1089 if (pk2->pubkey_algo == PUBKEY_ALGO_ECDSA
1090 || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA
1091 || pk2->pubkey_algo == PUBKEY_ALGO_ECDH)
1093 char *curve = openpgp_oid_to_str (pk2->pkey[0]);
1094 const char *name = openpgp_oid_to_curve (curve);
1095 if (!*name || *name == '?')
1097 es_fprintf (es_stdout, " %s", name);
1101 if ((opt.list_options & LIST_SHOW_USAGE))
1103 es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk2, 0));
1105 if (pk2->flags.revoked)
1107 es_fprintf (es_stdout, " [");
1108 es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk2));
1109 es_fprintf (es_stdout, "]");
1111 else if (pk2->has_expired)
1113 es_fprintf (es_stdout, " [");
1114 es_fprintf (es_stdout, _("expired: %s"), expirestr_from_pk (pk2));
1115 es_fprintf (es_stdout, "]");
1117 else if (pk2->expiredate)
1119 es_fprintf (es_stdout, " [");
1120 es_fprintf (es_stdout, _("expires: %s"), expirestr_from_pk (pk2));
1121 es_fprintf (es_stdout, "]");
1123 es_putc ('\n', es_stdout);
1126 print_fingerprint (NULL, pk2, 0);
1128 print_card_serialno (serialno);
1130 if (opt.with_keygrip && hexgrip)
1131 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1132 if (opt.with_key_data)
1133 print_key_data (pk2);
1135 else if (opt.list_sigs
1136 && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
1138 PKT_signature *sig = node->pkt->pkt.signature;
1142 if (listctx->check_sigs)
1144 rc = check_key_signature (keyblock, node, NULL);
1145 switch (gpg_err_code (rc))
1148 listctx->good_sigs++;
1151 case GPG_ERR_BAD_SIGNATURE:
1152 listctx->inv_sigs++;
1155 case GPG_ERR_NO_PUBKEY:
1156 case GPG_ERR_UNUSABLE_PUBKEY:
1165 /* TODO: Make sure a cached sig record here still has
1166 the pk that issued it. See also
1167 keyedit.c:print_and_check_one_sig */
1175 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1176 || sig->sig_class == 0x30)
1178 else if ((sig->sig_class & ~3) == 0x10)
1180 else if (sig->sig_class == 0x18)
1182 else if (sig->sig_class == 0x1F)
1186 es_fprintf (es_stdout, "sig "
1187 "[unexpected signature class 0x%02x]\n",
1192 es_fputs (sigstr, es_stdout);
1193 es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s",
1194 sigrc, (sig->sig_class - 0x10 > 0 &&
1195 sig->sig_class - 0x10 <
1196 4) ? '0' + sig->sig_class - 0x10 : ' ',
1197 sig->flags.exportable ? ' ' : 'L',
1198 sig->flags.revocable ? ' ' : 'R',
1199 sig->flags.policy_url ? 'P' : ' ',
1200 sig->flags.notation ? 'N' : ' ',
1201 sig->flags.expired ? 'X' : ' ',
1202 (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
1204 sig->trust_depth : ' ', keystr (sig->keyid),
1205 datestr_from_sig (sig));
1206 if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
1207 es_fprintf (es_stdout, " %s", expirestr_from_sig (sig));
1208 es_fprintf (es_stdout, " ");
1210 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1211 else if (sigrc == '?')
1213 else if (!opt.fast_list_mode)
1216 char *p = get_user_id (sig->keyid, &n);
1217 print_utf8_buffer (es_stdout, p, n);
1220 es_putc ('\n', es_stdout);
1222 if (sig->flags.policy_url
1223 && (opt.list_options & LIST_SHOW_POLICY_URLS))
1224 show_policy_url (sig, 3, 0);
1226 if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
1227 show_notation (sig, 3, 0,
1229 list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
1232 list_options & LIST_SHOW_USER_NOTATIONS) ? 2 :
1235 if (sig->flags.pref_ks
1236 && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
1237 show_keyserver_url (sig, 3, 0);
1239 /* fixme: check or list other sigs here */
1242 es_putc ('\n', es_stdout);
1248 print_revokers (estream_t fp, PKT_public_key * pk)
1250 /* print the revoker record */
1251 if (!pk->revkey && pk->numrevkeys)
1257 for (i = 0; i < pk->numrevkeys; i++)
1261 es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid);
1262 p = pk->revkey[i].fpr;
1263 for (j = 0; j < 20; j++, p++)
1264 es_fprintf (fp, "%02X", *p);
1265 es_fprintf (fp, ":%02x%s:\n",
1266 pk->revkey[i].class,
1267 (pk->revkey[i].class & 0x40) ? "s" : "");
1273 /* List a key in colon mode. If SECRET is true this is a secret key
1274 record (i.e. requested via --list-secret-key). If HAS_SECRET a
1275 secret key is available even if SECRET is not set. */
1277 list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr)
1284 int trustletter = 0;
1288 char *hexgrip = NULL;
1289 char *serialno = NULL;
1292 /* Get the keyid from the keyblock. */
1293 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1296 log_error ("Oops; key lost!\n");
1297 dump_kbnode (keyblock);
1301 pk = node->pkt->pkt.public_key;
1302 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1304 rc = hexkeygrip_from_pk (pk, &hexgrip);
1306 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1309 if ((secret||has_secret) && agent_get_keyinfo (NULL, hexgrip, &serialno))
1310 stubkey = 1; /* Key not found. */
1312 keyid_from_pk (pk, keyid);
1313 es_fputs (secret? "sec:":"pub:", es_stdout);
1314 if (!pk->flags.valid)
1315 es_putc ('i', es_stdout);
1316 else if (pk->flags.revoked)
1317 es_putc ('r', es_stdout);
1318 else if (pk->has_expired)
1319 es_putc ('e', es_stdout);
1320 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1324 trustletter = get_validity_info (pk, NULL);
1325 if (trustletter == 'u')
1327 es_putc (trustletter, es_stdout);
1330 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::",
1333 (ulong) keyid[0], (ulong) keyid[1],
1334 colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
1336 if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
1337 es_putc (get_ownertrust_info (pk), es_stdout);
1338 es_putc (':', es_stdout);
1340 es_putc (':', es_stdout);
1341 es_putc (':', es_stdout);
1342 print_capabilities (pk, keyblock);
1343 es_putc (':', es_stdout); /* End of field 13. */
1344 es_putc (':', es_stdout); /* End of field 14. */
1345 if (secret || has_secret)
1348 es_putc ('#', es_stdout);
1350 es_fputs (serialno, es_stdout);
1351 else if (has_secret)
1352 es_putc ('+', es_stdout);
1354 es_putc (':', es_stdout); /* End of field 15. */
1355 es_putc (':', es_stdout); /* End of field 16. */
1356 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1357 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1358 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1360 char *curve = openpgp_oid_to_str (pk->pkey[0]);
1361 const char *name = openpgp_oid_to_curve (curve);
1362 if (!*name || *name == '?')
1364 es_fputs (name, es_stdout);
1367 es_putc (':', es_stdout); /* End of field 17. */
1368 es_putc ('\n', es_stdout);
1370 print_revokers (es_stdout, pk);
1372 print_fingerprint (NULL, pk, 0);
1373 if (opt.with_key_data || opt.with_keygrip)
1376 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1377 if (opt.with_key_data)
1378 print_key_data (pk);
1381 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1383 if (node->pkt->pkttype == PKT_USER_ID)
1386 PKT_user_id *uid = node->pkt->pkt.user_id;
1388 if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
1389 dump_attribs (node->pkt->pkt.user_id, pk);
1391 * Fixme: We need a valid flag here too
1393 str = uid->attrib_data ? "uat" : "uid";
1394 if (uid->is_revoked)
1395 es_fprintf (es_stdout, "%s:r::::", str);
1396 else if (uid->is_expired)
1397 es_fprintf (es_stdout, "%s:e::::", str);
1398 else if (opt.no_expensive_trust_checks)
1399 es_fprintf (es_stdout, "%s:::::", str);
1405 uid_validity = get_validity_info (pk, uid);
1408 es_fprintf (es_stdout, "%s:%c::::", str, uid_validity);
1411 es_fprintf (es_stdout, "%s:", colon_strtime (uid->created));
1412 es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate));
1414 namehash_from_uid (uid);
1416 for (i = 0; i < 20; i++)
1417 es_fprintf (es_stdout, "%02X", uid->namehash[i]);
1419 es_fprintf (es_stdout, "::");
1421 if (uid->attrib_data)
1422 es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len);
1424 es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
1425 es_putc (':', es_stdout);
1426 es_putc ('\n', es_stdout);
1428 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1431 PKT_public_key *pk2;
1433 pk2 = node->pkt->pkt.public_key;
1434 xfree (hexgrip); hexgrip = NULL;
1435 xfree (serialno); serialno = NULL;
1436 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1438 rc = hexkeygrip_from_pk (pk2, &hexgrip);
1440 log_error ("error computing a keygrip: %s\n",
1444 if ((secret||has_secret)
1445 && agent_get_keyinfo (NULL, hexgrip, &serialno))
1446 stubkey = 1; /* Key not found. */
1448 keyid_from_pk (pk2, keyid2);
1449 es_fputs (secret? "ssb:":"sub:", es_stdout);
1450 if (!pk2->flags.valid)
1451 es_putc ('i', es_stdout);
1452 else if (pk2->flags.revoked)
1453 es_putc ('r', es_stdout);
1454 else if (pk2->has_expired)
1455 es_putc ('e', es_stdout);
1456 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1460 /* TRUSTLETTER should always be defined here. */
1462 es_fprintf (es_stdout, "%c", trustletter);
1464 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s:::::",
1465 nbits_from_pk (pk2),
1467 (ulong) keyid2[0], (ulong) keyid2[1],
1468 colon_datestr_from_pk (pk2), colon_strtime (pk2->expiredate)
1469 /* fixme: add LID and ownertrust here */
1471 print_capabilities (pk2, NULL);
1472 es_putc (':', es_stdout); /* End of field 13. */
1473 es_putc (':', es_stdout); /* End of field 14. */
1474 if (secret || has_secret)
1477 es_putc ('#', es_stdout);
1479 es_fputs (serialno, es_stdout);
1480 else if (has_secret)
1481 es_putc ('+', es_stdout);
1483 es_putc (':', es_stdout); /* End of field 15. */
1484 es_putc (':', es_stdout); /* End of field 16. */
1485 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1486 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1487 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1489 char *curve = openpgp_oid_to_str (pk->pkey[0]);
1490 const char *name = openpgp_oid_to_curve (curve);
1491 if (!*name || *name == '?')
1493 es_fputs (name, es_stdout);
1496 es_putc (':', es_stdout); /* End of field 17. */
1497 es_putc ('\n', es_stdout);
1499 print_fingerprint (NULL, pk2, 0);
1500 if (opt.with_key_data || opt.with_keygrip)
1503 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1504 if (opt.with_key_data)
1505 print_key_data (pk2);
1508 else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE)
1510 PKT_signature *sig = node->pkt->pkt.signature;
1511 int sigrc, fprokay = 0;
1514 byte fparray[MAX_FINGERPRINT_LEN];
1516 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1517 || sig->sig_class == 0x30)
1519 else if ((sig->sig_class & ~3) == 0x10)
1521 else if (sig->sig_class == 0x18)
1523 else if (sig->sig_class == 0x1F)
1527 es_fprintf (es_stdout, "sig::::::::::%02x%c:\n",
1528 sig->sig_class, sig->flags.exportable ? 'x' : 'l');
1534 PKT_public_key *signer_pk = NULL;
1537 if (opt.no_sig_cache)
1538 signer_pk = xmalloc_clear (sizeof (PKT_public_key));
1540 rc = check_key_signature2 (keyblock, node, NULL, signer_pk,
1542 switch (gpg_err_code (rc))
1547 case GPG_ERR_BAD_SIGNATURE:
1550 case GPG_ERR_NO_PUBKEY:
1551 case GPG_ERR_UNUSABLE_PUBKEY:
1559 if (opt.no_sig_cache)
1563 fingerprint_from_pk (signer_pk, fparray, &fplen);
1566 free_public_key (signer_pk);
1574 es_fputs (sigstr, es_stdout);
1575 es_putc (':', es_stdout);
1577 es_putc (sigrc, es_stdout);
1578 es_fprintf (es_stdout, "::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1579 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1580 colon_datestr_from_sig (sig),
1581 colon_expirestr_from_sig (sig));
1583 if (sig->trust_depth || sig->trust_value)
1584 es_fprintf (es_stdout, "%d %d", sig->trust_depth, sig->trust_value);
1585 es_fprintf (es_stdout, ":");
1587 if (sig->trust_regexp)
1588 es_write_sanitized (es_stdout, sig->trust_regexp,
1589 strlen (sig->trust_regexp), ":", NULL);
1590 es_fprintf (es_stdout, ":");
1593 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1594 else if (sigrc == '?')
1596 else if (!opt.fast_list_mode)
1599 p = get_user_id (sig->keyid, &n);
1600 es_write_sanitized (es_stdout, p, n, ":", NULL);
1603 es_fprintf (es_stdout, ":%02x%c::", sig->sig_class,
1604 sig->flags.exportable ? 'x' : 'l');
1606 if (opt.no_sig_cache && opt.check_sigs && fprokay)
1608 for (i = 0; i < fplen; i++)
1609 es_fprintf (es_stdout, "%02X", fparray[i]);
1612 es_fprintf (es_stdout, ":::%d:\n", sig->digest_algo);
1614 if (opt.show_subpackets)
1615 print_subpackets_colon (sig);
1617 /* fixme: check or list other sigs here */
1626 * Reorder the keyblock so that the primary user ID (and not attribute
1627 * packet) comes first. Fixme: Replace this by a generic sort
1630 do_reorder_keyblock (KBNODE keyblock, int attr)
1632 KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
1635 for (node = keyblock; node; primary0 = node, node = node->next)
1637 if (node->pkt->pkttype == PKT_USER_ID &&
1638 ((attr && node->pkt->pkt.user_id->attrib_data) ||
1639 (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
1640 node->pkt->pkt.user_id->is_primary)
1642 primary = primary2 = node;
1643 for (node = node->next; node; primary2 = node, node = node->next)
1645 if (node->pkt->pkttype == PKT_USER_ID
1646 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1647 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1656 return; /* No primary key flag found (should not happen). */
1658 for (last = NULL, node = keyblock; node; last = node, node = node->next)
1660 if (node->pkt->pkttype == PKT_USER_ID)
1664 assert (last); /* The user ID is never the first packet. */
1665 assert (primary0); /* Ditto (this is the node before primary). */
1666 if (node == primary)
1667 return; /* Already the first one. */
1669 last->next = primary;
1670 primary0->next = primary2->next;
1671 primary2->next = node;
1675 reorder_keyblock (KBNODE keyblock)
1677 do_reorder_keyblock (keyblock, 1);
1678 do_reorder_keyblock (keyblock, 0);
1682 list_keyblock (KBNODE keyblock, int secret, int has_secret, int fpr,
1683 struct keylist_context *listctx)
1685 reorder_keyblock (keyblock);
1686 if (opt.print_pka_records)
1687 list_keyblock_pka (keyblock);
1688 else if (opt.with_colons)
1689 list_keyblock_colon (keyblock, secret, has_secret, fpr);
1691 list_keyblock_print (keyblock, secret, fpr, listctx);
1693 es_fflush (es_stdout);
1697 /* Public function used by keygen to list a keyblock. */
1699 list_keyblock_direct (kbnode_t keyblock, int secret, int has_secret, int fpr)
1701 struct keylist_context listctx;
1703 memset (&listctx, 0, sizeof (listctx));
1704 list_keyblock (keyblock, secret, has_secret, fpr, &listctx);
1705 keylist_context_release (&listctx);
1709 /* Print an hex digit in ICAO spelling. */
1711 print_icao_hexdigit (estream_t fp, int c)
1713 static const char *list[16] = {
1714 "Zero", "One", "Two", "Three", "Four", "Five", "Six", "Seven",
1715 "Eight", "Niner", "Alfa", "Bravo", "Charlie", "Delta", "Echo", "Foxtrot"
1718 tty_fprintf (fp, "%s", list[c&15]);
1723 * Function to print the finperprint.
1724 * mode 0: as used in key listings, opt.with_colons is honored
1725 * 1: print using log_info ()
1726 * 2: direct use of tty
1727 * 3: direct use of tty but only primary key.
1728 * 10: Same as 0 but with_colons etc is ignored.
1730 * Modes 1 and 2 will try and print both subkey and primary key
1731 * fingerprints. A MODE with bit 7 set is used internally. If
1732 * OVERRIDE_FP is not NULL that stream will be used in 0 instead
1733 * of es_stdout or instead of the TTY in modes 2 and 3.
1736 print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode)
1738 byte array[MAX_FINGERPRINT_LEN], *p;
1743 int with_colons = opt.with_colons;
1744 int with_icao = opt.with_icao_spelling;
1753 if (pk->main_keyid[0] == pk->keyid[0]
1754 && pk->main_keyid[1] == pk->keyid[1])
1757 /* Just to be safe */
1758 if ((mode & 0x80) && !primary)
1760 log_error ("primary key is not really primary!\n");
1766 if (!primary && (mode == 1 || mode == 2))
1768 PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
1769 get_pubkey (primary_pk, pk->main_keyid);
1770 print_fingerprint (override_fp, primary_pk, (mode | 0x80));
1771 free_public_key (primary_pk);
1776 fp = log_get_stream ();
1778 text = _("Primary key fingerprint:");
1780 text = _(" Subkey fingerprint:");
1784 fp = override_fp; /* Use tty or given stream. */
1786 /* TRANSLATORS: this should fit into 24 bytes to that the
1787 * fingerprint data is properly aligned with the user ID */
1788 text = _(" Primary key fingerprint:");
1790 text = _(" Subkey fingerprint:");
1794 fp = override_fp; /* Use tty or given stream. */
1795 text = _(" Key fingerprint =");
1799 fp = override_fp? override_fp : es_stdout;
1800 text = _(" Key fingerprint =");
1803 fingerprint_from_pk (pk, array, &n);
1805 if (with_colons && !mode)
1807 es_fprintf (fp, "fpr:::::::::");
1808 for (i = 0; i < n; i++, p++)
1809 es_fprintf (fp, "%02X", *p);
1814 tty_fprintf (fp, "%s", text);
1817 for (i = 0; i < n; i++, i++, p += 2)
1818 tty_fprintf (fp, "%s %02X%02X", i==10? " ":"", *p, p[1]);
1822 for (i = 0; i < n; i++, p++)
1823 tty_fprintf (fp, "%s %02X", (i && !(i % 8))? " ":"", *p);
1826 tty_fprintf (fp, "\n");
1827 if (!with_colons && with_icao)
1830 tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, "");
1831 for (i = 0; i < n; i++, p++)
1836 tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, "");
1838 tty_fprintf (fp, " ");
1840 tty_fprintf (fp, " ");
1841 print_icao_hexdigit (fp, *p >> 4);
1842 tty_fprintf (fp, " ");
1843 print_icao_hexdigit (fp, *p & 15);
1845 tty_fprintf (fp, "\"\n");
1849 /* Print the serial number of an OpenPGP card if available. */
1851 print_card_serialno (const char *serialno)
1855 if (opt.with_colons)
1856 return; /* Handled elsewhere. */
1858 es_fputs (_(" Card serial no. ="), es_stdout);
1859 es_putc (' ', es_stdout);
1860 if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12))
1862 /* This is an OpenPGP card. Print the relevant part. */
1863 /* Example: D2760001240101010001000003470000 */
1865 es_fprintf (es_stdout, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
1868 es_fputs (serialno, es_stdout);
1869 es_putc ('\n', es_stdout);
1875 set_attrib_fd (int fd)
1877 static int last_fd = -1;
1879 if (fd != -1 && last_fd == fd)
1882 /* Fixme: Do we need to check for the log stream here? */
1883 if (attrib_fp && attrib_fp != log_get_stream ())
1884 es_fclose (attrib_fp);
1889 #ifdef HAVE_DOSISH_SYSTEM
1890 setmode (fd, O_BINARY);
1893 attrib_fp = es_stdout;
1895 attrib_fp = es_stderr;
1897 attrib_fp = es_fdopen (fd, "wb");
1900 log_fatal ("can't open fd %d for attribute output: %s\n",
1901 fd, strerror (errno));