1 /* keylist.c - Print information about OpenPGP keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2008, 2010, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2013, 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
27 #ifdef HAVE_DOSISH_SYSTEM
28 # include <fcntl.h> /* for setmode() */
34 #include "../common/status.h"
37 #include "../common/util.h"
38 #include "../common/ttyio.h"
41 #include "../common/i18n.h"
42 #include "../common/status.h"
43 #include "call-agent.h"
44 #include "../common/mbox-util.h"
45 #include "../common/zb32.h"
47 #include "../common/compliance.h"
48 #include "../common/pkscreening.h"
51 static void list_all (ctrl_t, int, int);
52 static void list_one (ctrl_t ctrl,
53 strlist_t names, int secret, int mark_secret);
54 static void locate_one (ctrl_t ctrl, strlist_t names, int no_local);
55 static void print_card_serialno (const char *serialno);
57 struct keylist_context
59 int check_sigs; /* If set signatures shall be verified. */
60 int good_sigs; /* Counter used if CHECK_SIGS is set. */
61 int inv_sigs; /* Counter used if CHECK_SIGS is set. */
62 int no_key; /* Counter used if CHECK_SIGS is set. */
63 int oth_err; /* Counter used if CHECK_SIGS is set. */
64 int no_validity; /* Do not show validity. */
68 static void list_keyblock (ctrl_t ctrl,
69 kbnode_t keyblock, int secret, int has_secret,
70 int fpr, struct keylist_context *listctx);
73 /* The stream used to write attribute packets to. */
74 static estream_t attrib_fp;
77 /* Release resources from a keylist context. */
79 keylist_context_release (struct keylist_context *listctx)
81 (void)listctx; /* Nothing to release. */
85 /* List the keys. If list is NULL, all available keys are listed.
86 * With LOCATE_MODE set the locate algorithm is used to find a key; if
87 * in addition NO_LOCAL is set the locate does not look into the local
90 public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode, int no_local)
92 #ifndef NO_TRUST_MODELS
95 byte trust_model, marginals, completes, cert_depth, min_cert_level;
96 ulong created, nextcheck;
98 read_trust_options (ctrl, &trust_model, &created, &nextcheck,
99 &marginals, &completes, &cert_depth, &min_cert_level);
101 es_fprintf (es_stdout, "tru:");
103 if (nextcheck && nextcheck <= make_timestamp ())
104 es_fprintf (es_stdout, "o");
105 if (trust_model != opt.trust_model)
106 es_fprintf (es_stdout, "t");
107 if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
108 || opt.trust_model == TM_TOFU_PGP)
110 if (marginals != opt.marginals_needed)
111 es_fprintf (es_stdout, "m");
112 if (completes != opt.completes_needed)
113 es_fprintf (es_stdout, "c");
114 if (cert_depth != opt.max_cert_depth)
115 es_fprintf (es_stdout, "d");
116 if (min_cert_level != opt.min_cert_level)
117 es_fprintf (es_stdout, "l");
120 es_fprintf (es_stdout, ":%d:%lu:%lu", trust_model, created, nextcheck);
122 /* Only show marginals, completes, and cert_depth in the classic
123 or PGP trust models since they are not meaningful
126 if (trust_model == TM_PGP || trust_model == TM_CLASSIC)
127 es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth);
128 es_fprintf (es_stdout, "\n");
130 #endif /*!NO_TRUST_MODELS*/
132 /* We need to do the stale check right here because it might need to
133 update the keyring while we already have the keyring open. This
134 is very bad for W32 because of a sharing violation. For real OSes
135 it might lead to false results if we are later listing a keyring
136 which is associated with the inode of a deleted file. */
137 check_trustdb_stale (ctrl);
140 tofu_begin_batch_update (ctrl);
144 locate_one (ctrl, list, no_local);
146 list_all (ctrl, 0, opt.with_secret);
148 list_one (ctrl, list, 0, opt.with_secret);
151 tofu_end_batch_update (ctrl);
157 secret_key_list (ctrl_t ctrl, strlist_t list)
161 check_trustdb_stale (ctrl);
164 list_all (ctrl, 1, 0);
165 else /* List by user id */
166 list_one (ctrl, list, 1, 0);
170 /* Helper for print_key_info and print_key_info_log. */
172 format_key_info (ctrl_t ctrl, PKT_public_key *pk, int secret)
176 char pkstrbuf[PUBKEY_STRING_SIZE];
179 keyid_from_pk (pk, keyid);
181 /* If the pk was chosen by a particular user ID, that is the one to
184 p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
186 p = get_user_id_native (ctrl, keyid);
188 result = xtryasprintf ("%s %s/%s %s %s",
189 secret? (pk->flags.primary? "sec":"ssb")
190 /* */ : (pk->flags.primary? "pub":"sub"),
191 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
192 keystr (keyid), datestr_from_pk (pk), p);
198 /* Print basic information about a public or secret key. With FP
199 * passed as NULL, the tty output interface is used, otherwise output
200 * is directed to the given stream. INDENT gives the requested
201 * indentation; if that is a negative value indentation is suppressed
202 * for the first line. SECRET tells that the PK has a secret part.
203 * FIXME: This is similar in use to print_key_line and thus both
204 * functions should eventually be united.
207 print_key_info (ctrl_t ctrl, estream_t fp,
208 int indent, PKT_public_key *pk, int secret)
210 int indentabs = indent >= 0? indent : -indent;
213 /* Note: Negative values for INDENT are not yet needed. */
215 info = format_key_info (ctrl, pk, secret);
217 if (!fp && indent >= 0)
218 tty_printf ("\n"); /* (Backward compatibility to old code) */
219 tty_fprintf (fp, "%*s%s\n", indentabs, "",
220 info? info : "[Ooops - out of core]");
226 /* Same as print_key_info put print using the log functions at
229 print_key_info_log (ctrl_t ctrl, int loglevel,
230 int indent, PKT_public_key *pk, int secret)
232 int indentabs = indent >= 0? indent : -indent;
235 info = format_key_info (ctrl, pk, secret);
237 log_log (loglevel, "%*s%s\n", indentabs, "",
238 info? info : "[Ooops - out of core]");
244 /* Print basic information of a secret key including the card serial
245 number information. */
246 #ifdef ENABLE_CARD_SUPPORT
248 print_card_key_info (estream_t fp, kbnode_t keyblock)
254 char pkstrbuf[PUBKEY_STRING_SIZE];
257 for (node = keyblock; node; node = node->next)
259 if (node->pkt->pkttype == PKT_PUBLIC_KEY
260 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
263 PKT_public_key *pk = node->pkt->pkt.public_key;
266 rc = hexkeygrip_from_pk (pk, &hexgrip);
269 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
272 else if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
273 s2k_char = serialno? '>':' ';
275 s2k_char = '#'; /* Key not found. */
277 tty_fprintf (fp, "%s%c %s/%s %n",
278 node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb",
280 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
283 tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
284 tty_fprintf (fp, " ");
285 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
288 tty_fprintf (fp, "\n%*s%s", indent, "", _("card-no: "));
289 if (strlen (serialno) == 32
290 && !strncmp (serialno, "D27600012401", 12))
292 /* This is an OpenPGP card. Print the relevant part. */
293 /* Example: D2760001240101010001000003470000 */
295 tty_fprintf (fp, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
298 tty_fprintf (fp, "%s", serialno);
300 tty_fprintf (fp, "\n");
306 #endif /*ENABLE_CARD_SUPPORT*/
309 /* Flags = 0x01 hashed 0x02 critical. */
311 status_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
316 /* Don't print these. */
320 snprintf (status, sizeof status,
321 "%d %u %u ", type, flags, (unsigned int) len);
323 write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0);
327 /* Print a policy URL. Allowed values for MODE are:
328 * -1 - print to the TTY
329 * 0 - print to stdout.
330 * 1 - use log_info and emit status messages.
331 * 2 - emit only status messages.
334 show_policy_url (PKT_signature * sig, int indent, int mode)
339 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
341 while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_POLICY, &len, &seq, &crit)))
347 tty_fprintf (fp, "%*s", indent, "");
350 str = _("Critical signature policy: ");
352 str = _("Signature policy: ");
354 log_info ("%s", str);
356 tty_fprintf (fp, "%s", str);
357 tty_print_utf8_string2 (fp, p, len, 0);
358 tty_fprintf (fp, "\n");
362 write_status_buffer (STATUS_POLICY_URL, p, len, 0);
367 /* Print a keyserver URL. Allowed values for MODE are:
368 * -1 - print to the TTY
369 * 0 - print to stdout.
370 * 1 - use log_info and emit status messages.
371 * 2 - emit only status messages.
374 show_keyserver_url (PKT_signature * sig, int indent, int mode)
379 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
381 while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &len, &seq, &crit)))
387 tty_fprintf (fp, "%*s", indent, "");
390 str = _("Critical preferred keyserver: ");
392 str = _("Preferred keyserver: ");
394 log_info ("%s", str);
396 tty_fprintf (fp, "%s", str);
397 tty_print_utf8_string2 (fp, p, len, 0);
398 tty_fprintf (fp, "\n");
402 status_one_subpacket (SIGSUBPKT_PREF_KS, len,
403 (crit ? 0x02 : 0) | 0x01, p);
408 /* Print notation data. Allowed values for MODE are:
409 * -1 - print to the TTY
410 * 0 - print to stdout.
411 * 1 - use log_info and emit status messages.
412 * 2 - emit only status messages.
414 * Defined bits in WHICH:
415 * 1 - standard notations
419 show_notation (PKT_signature * sig, int indent, int mode, int which)
421 estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
422 notation_t nd, notations;
427 notations = sig_to_notation (sig);
429 /* There may be multiple notations in the same sig. */
430 for (nd = notations; nd; nd = nd->next)
434 int has_at = !!strchr (nd->name, '@');
436 if ((which & 1 && !has_at) || (which & 2 && has_at))
440 tty_fprintf (fp, "%*s", indent, "");
442 if (nd->flags.critical)
443 str = _("Critical signature notation: ");
445 str = _("Signature notation: ");
447 log_info ("%s", str);
449 tty_fprintf (fp, "%s", str);
450 /* This is all UTF8 */
451 tty_print_utf8_string2 (fp, nd->name, strlen (nd->name), 0);
452 tty_fprintf (fp, "=");
453 tty_print_utf8_string2 (fp, nd->value, strlen (nd->value), 0);
454 /* (We need to use log_printf so that the next call to a
455 log function does not insert an extra LF.) */
459 tty_fprintf (fp, "\n");
465 write_status_buffer (STATUS_NOTATION_NAME,
466 nd->name, strlen (nd->name), 0);
467 if (nd->flags.critical || nd->flags.human)
468 write_status_text (STATUS_NOTATION_FLAGS,
469 nd->flags.critical && nd->flags.human? "1 1" :
470 nd->flags.critical? "1 0" : "0 1");
471 if (!nd->flags.human && nd->bdat && nd->blen)
472 write_status_buffer (STATUS_NOTATION_DATA,
473 nd->bdat, nd->blen, 250);
475 write_status_buffer (STATUS_NOTATION_DATA,
476 nd->value, strlen (nd->value), 50);
480 free_notation (notations);
485 print_signature_stats (struct keylist_context *s)
488 return; /* Signature checking was not requested. */
490 /* Better flush stdout so that the stats are always printed after
492 es_fflush (es_stdout);
495 log_info (ngettext("%d good signature\n",
496 "%d good signatures\n", s->good_sigs), s->good_sigs);
499 log_info (ngettext("%d bad signature\n",
500 "%d bad signatures\n", s->inv_sigs), s->inv_sigs);
503 log_info (ngettext("%d signature not checked due to a missing key\n",
504 "%d signatures not checked due to missing keys\n",
505 s->no_key), s->no_key);
508 log_info (ngettext("%d signature not checked due to an error\n",
509 "%d signatures not checked due to errors\n",
510 s->oth_err), s->oth_err);
514 /* List all keys. If SECRET is true only secret keys are listed. If
515 MARK_SECRET is true secret keys are indicated in a public key
518 list_all (ctrl_t ctrl, int secret, int mark_secret)
521 KBNODE keyblock = NULL;
524 const char *lastresname, *resname;
525 struct keylist_context listctx;
527 memset (&listctx, 0, sizeof (listctx));
529 listctx.check_sigs = 1;
531 hd = keydb_new (ctrl);
533 rc = gpg_error_from_syserror ();
535 rc = keydb_search_first (hd);
538 if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
539 log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc));
547 glo_ctrl.silence_parse_warnings++;
548 rc = keydb_get_keyblock (hd, &keyblock);
550 glo_ctrl.silence_parse_warnings--;
553 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
554 continue; /* Skip legacy keys. */
555 log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
559 if (secret || mark_secret)
560 any_secret = !agent_probe_any_secret_key (ctrl, keyblock);
564 if (secret && !any_secret)
565 ; /* Secret key listing requested but this isn't one. */
568 if (!opt.with_colons && !(opt.list_options & LIST_SHOW_ONLY_FPR_MBOX))
570 resname = keydb_get_resource_name (hd);
571 if (lastresname != resname)
575 es_fprintf (es_stdout, "%s\n", resname);
576 for (i = strlen (resname); i; i--)
577 es_putc ('-', es_stdout);
578 es_putc ('\n', es_stdout);
579 lastresname = resname;
582 merge_keys_and_selfsig (ctrl, keyblock);
583 list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint,
586 release_kbnode (keyblock);
589 while (!(rc = keydb_search_next (hd)));
590 es_fflush (es_stdout);
591 if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
592 log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
593 if (keydb_get_skipped_counter (hd))
594 log_info (ngettext("Warning: %lu key skipped due to its large size\n",
595 "Warning: %lu keys skipped due to their large sizes\n",
596 keydb_get_skipped_counter (hd)),
597 keydb_get_skipped_counter (hd));
599 if (opt.check_sigs && !opt.with_colons)
600 print_signature_stats (&listctx);
603 keylist_context_release (&listctx);
604 release_kbnode (keyblock);
610 list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)
613 KBNODE keyblock = NULL;
617 const char *keyring_str = _("Keyring");
619 struct keylist_context listctx;
621 memset (&listctx, 0, sizeof (listctx));
622 if (!secret && opt.check_sigs)
623 listctx.check_sigs = 1;
625 /* fixme: using the bynames function has the disadvantage that we
626 * don't know whether one of the names given was not found. OTOH,
627 * this function has the advantage to list the names in the
628 * sequence as defined by the keyDB and does not duplicate
629 * outputs. A solution could be do test whether all given have
630 * been listed (this needs a way to use the keyDB search
631 * functions) or to have the search function return indicators for
632 * found names. Yet another way is to use the keydb search
633 * facilities directly. */
634 rc = getkey_bynames (ctrl, &ctx, NULL, names, secret, &keyblock);
637 log_error ("error reading key: %s\n", gpg_strerror (rc));
638 getkey_end (ctrl, ctx);
639 write_status_error ("keylist.getkey", rc);
645 /* getkey_bynames makes sure that only secret keys are returned
646 * if requested, thus we do not need to test again. With
647 * MARK_SECRET set (ie. option --with-secret) we have to test
648 * for a secret key, though. */
651 else if (mark_secret)
652 any_secret = !agent_probe_any_secret_key (ctrl, keyblock);
656 if (secret && !any_secret)
657 ;/* Secret key listing requested but getkey_bynames failed. */
660 if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
662 resname = keydb_get_resource_name (get_ctx_handle (ctx));
663 es_fprintf (es_stdout, "%s: %s\n", keyring_str, resname);
664 for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
665 es_putc ('-', es_stdout);
666 es_putc ('\n', es_stdout);
668 list_keyblock (ctrl, keyblock, secret, any_secret,
669 opt.fingerprint, &listctx);
671 release_kbnode (keyblock);
673 while (!getkey_next (ctrl, ctx, NULL, &keyblock));
674 getkey_end (ctrl, ctx);
676 if (opt.check_sigs && !opt.with_colons)
677 print_signature_stats (&listctx);
679 keylist_context_release (&listctx);
684 locate_one (ctrl_t ctrl, strlist_t names, int no_local)
688 GETKEY_CTX ctx = NULL;
689 KBNODE keyblock = NULL;
690 struct keylist_context listctx;
692 memset (&listctx, 0, sizeof (listctx));
694 listctx.check_sigs = 1;
696 for (sl = names; sl; sl = sl->next)
698 rc = get_best_pubkey_byname (ctrl,
699 no_local? GET_PUBKEY_NO_LOCAL
700 /* */: GET_PUBKEY_NORMAL,
701 &ctx, NULL, sl->d, &keyblock, 1);
704 if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
705 log_error ("error reading key: %s\n", gpg_strerror (rc));
706 else if (opt.verbose)
707 log_info (_("key \"%s\" not found: %s\n"),
708 sl->d, gpg_strerror (rc));
714 list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx);
715 release_kbnode (keyblock);
717 while (ctx && !getkey_next (ctrl, ctx, NULL, &keyblock));
718 getkey_end (ctrl, ctx);
723 if (opt.check_sigs && !opt.with_colons)
724 print_signature_stats (&listctx);
726 keylist_context_release (&listctx);
731 print_key_data (PKT_public_key * pk)
733 int n = pk ? pubkey_get_npkey (pk->pubkey_algo) : 0;
736 for (i = 0; i < n; i++)
738 es_fprintf (es_stdout, "pkd:%d:%u:", i, mpi_get_nbits (pk->pkey[i]));
739 mpi_print (es_stdout, pk->pkey[i], 1);
740 es_putc (':', es_stdout);
741 es_putc ('\n', es_stdout);
746 /* Various public key screenings. (Right now just ROCA). With
747 * COLON_MODE set the output is formatted for use in the compliance
748 * field of a colon listing.
751 print_pk_screening (PKT_public_key *pk, int colon_mode)
755 if (is_RSA (pk->pubkey_algo) && pubkey_get_npkey (pk->pubkey_algo))
757 err = screen_key_for_roca (pk->pkey[0]);
760 else if (gpg_err_code (err) == GPG_ERR_TRUE)
763 es_fprintf (es_stdout, colon_mode > 1? " %d":"%d", 6001);
765 es_fprintf (es_stdout,
766 " Screening: ROCA vulnerability detected\n");
768 else if (!colon_mode)
769 es_fprintf (es_stdout, " Screening: [ROCA check failed: %s]\n",
777 print_capabilities (ctrl_t ctrl, PKT_public_key *pk, KBNODE keyblock)
779 unsigned int use = pk->pubkey_usage;
782 if (use & PUBKEY_USAGE_ENC)
783 es_putc ('e', es_stdout);
785 if (use & PUBKEY_USAGE_SIG)
787 es_putc ('s', es_stdout);
788 if (pk->flags.primary)
790 es_putc ('c', es_stdout);
791 /* The PUBKEY_USAGE_CERT flag was introduced later and we
792 used to always print 'c' for a primary key. To avoid any
793 regression here we better track whether we printed 'c'
799 if ((use & PUBKEY_USAGE_CERT) && !c_printed)
800 es_putc ('c', es_stdout);
802 if ((use & PUBKEY_USAGE_AUTH))
803 es_putc ('a', es_stdout);
805 if ((use & PUBKEY_USAGE_UNKNOWN))
806 es_putc ('?', es_stdout);
810 /* Figure out the usable capabilities. */
812 int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0;
814 for (k = keyblock; k; k = k->next)
816 if (k->pkt->pkttype == PKT_PUBLIC_KEY
817 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
819 pk = k->pkt->pkt.public_key;
821 if (pk->flags.primary)
822 disabled = pk_is_disabled (pk);
824 if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired)
826 if (pk->pubkey_usage & PUBKEY_USAGE_ENC)
828 if (pk->pubkey_usage & PUBKEY_USAGE_SIG)
831 if (pk->flags.primary)
834 if (pk->pubkey_usage & PUBKEY_USAGE_CERT)
836 if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
842 es_putc ('E', es_stdout);
844 es_putc ('S', es_stdout);
846 es_putc ('C', es_stdout);
848 es_putc ('A', es_stdout);
850 es_putc ('D', es_stdout);
853 es_putc (':', es_stdout);
857 /* FLAGS: 0x01 hashed
860 print_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
865 es_fprintf (es_stdout, "spk:%d:%u:%u:", type, flags, (unsigned int) len);
867 for (i = 0; i < len; i++)
869 /* printable ascii other than : and % */
870 if (buf[i] >= 32 && buf[i] <= 126 && buf[i] != ':' && buf[i] != '%')
871 es_fprintf (es_stdout, "%c", buf[i]);
873 es_fprintf (es_stdout, "%%%02X", buf[i]);
876 es_fprintf (es_stdout, "\n");
881 print_subpackets_colon (PKT_signature * sig)
885 log_assert (opt.show_subpackets);
887 for (i = opt.show_subpackets; *i; i++)
895 while ((p = enum_sig_subpkt (sig, 1, *i, &len, &seq, &crit)))
896 print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
900 while ((p = enum_sig_subpkt (sig, 0, *i, &len, &seq, &crit)))
901 print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
907 dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
914 for (i = 0; i < uid->numattribs; i++)
916 if (is_status_enabled ())
918 byte array[MAX_FINGERPRINT_LEN], *p;
919 char buf[(MAX_FINGERPRINT_LEN * 2) + 90];
924 fingerprint_from_pk (pk, array, &n);
927 for (j = 0; j < n; j++, p++)
928 sprintf (buf + 2 * j, "%02X", *p);
930 sprintf (buf + strlen (buf), " %lu %u %u %u %lu %lu %u",
931 (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1,
932 uid->numattribs, (ulong) uid->created,
933 (ulong) uid->expiredate,
934 ((uid->flags.primary ? 0x01 : 0) | (uid->flags.revoked ? 0x02 : 0) |
935 (uid->flags.expired ? 0x04 : 0)));
936 write_status_text (STATUS_ATTRIBUTE, buf);
939 es_fwrite (uid->attribs[i].data, uid->attribs[i].len, 1, attrib_fp);
940 es_fflush (attrib_fp);
945 /* Order two signatures. We first order by keyid and then by creation
948 cmp_signodes (const void *av, const void *bv)
950 const kbnode_t an = *(const kbnode_t *)av;
951 const kbnode_t bn = *(const kbnode_t *)bv;
952 const PKT_signature *a;
953 const PKT_signature *b;
956 /* log_assert (an->pkt->pkttype == PKT_SIGNATURE); */
957 /* log_assert (bn->pkt->pkttype == PKT_SIGNATURE); */
959 a = an->pkt->pkt.signature;
960 b = bn->pkt->pkt.signature;
962 /* Self-signatures are ordered first. */
963 if ((an->flag & NODFLG_MARK_B) && !(bn->flag & NODFLG_MARK_B))
965 if (!(an->flag & NODFLG_MARK_B) && (bn->flag & NODFLG_MARK_B))
968 /* then the keyids. (which are or course the same for self-sigs). */
969 i = keyid_cmp (a->keyid, b->keyid);
973 /* Followed by creation time */
974 if (a->timestamp > b->timestamp)
976 if (a->timestamp < b->timestamp)
979 /* followed by the class in a way that a rev comes first. */
980 if (a->sig_class > b->sig_class)
982 if (a->sig_class < b->sig_class)
985 /* To make the sort stable we compare the entire structure as last resort. */
986 return memcmp (a, b, sizeof *a);
990 /* Helper for list_keyblock_print. */
992 list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
993 struct keylist_context *listctx)
995 /* (extra indentation to keep the diff history short) */
996 PKT_signature *sig = node->pkt->pkt.signature;
999 char *reason_text = NULL;
1000 char *reason_comment = NULL;
1001 size_t reason_commentlen;
1002 int reason_code = 0;
1004 if (listctx->check_sigs)
1006 rc = check_key_signature (ctrl, keyblock, node, NULL);
1007 switch (gpg_err_code (rc))
1010 listctx->good_sigs++;
1013 case GPG_ERR_BAD_SIGNATURE:
1014 listctx->inv_sigs++;
1017 case GPG_ERR_NO_PUBKEY:
1018 case GPG_ERR_UNUSABLE_PUBKEY:
1027 /* TODO: Make sure a cached sig record here still has
1028 the pk that issued it. See also
1029 keyedit.c:print_and_check_one_sig */
1037 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1038 || sig->sig_class == 0x30)
1041 reason_code = get_revocation_reason (sig, &reason_text,
1043 &reason_commentlen);
1045 else if ((sig->sig_class & ~3) == 0x10)
1047 else if (sig->sig_class == 0x18)
1049 else if (sig->sig_class == 0x1F)
1053 es_fprintf (es_stdout, "sig "
1054 "[unexpected signature class 0x%02x]\n",
1059 es_fputs (sigstr, es_stdout);
1060 es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s",
1061 sigrc, (sig->sig_class - 0x10 > 0 &&
1062 sig->sig_class - 0x10 <
1063 4) ? '0' + sig->sig_class - 0x10 : ' ',
1064 sig->flags.exportable ? ' ' : 'L',
1065 sig->flags.revocable ? ' ' : 'R',
1066 sig->flags.policy_url ? 'P' : ' ',
1067 sig->flags.notation ? 'N' : ' ',
1068 sig->flags.expired ? 'X' : ' ',
1069 (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
1071 sig->trust_depth : ' ', keystr (sig->keyid),
1072 datestr_from_sig (sig));
1073 if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
1074 es_fprintf (es_stdout, " %s", expirestr_from_sig (sig));
1075 es_fprintf (es_stdout, " ");
1077 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1078 else if (sigrc == '?')
1080 else if (!opt.fast_list_mode)
1083 char *p = get_user_id (ctrl, sig->keyid, &n, NULL);
1084 print_utf8_buffer (es_stdout, p, n);
1087 es_putc ('\n', es_stdout);
1089 if (sig->flags.policy_url
1090 && (opt.list_options & LIST_SHOW_POLICY_URLS))
1091 show_policy_url (sig, 3, 0);
1093 if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
1094 show_notation (sig, 3, 0,
1096 list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
1099 list_options & LIST_SHOW_USER_NOTATIONS) ? 2 :
1102 if (sig->flags.pref_ks
1103 && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
1104 show_keyserver_url (sig, 3, 0);
1106 if (reason_text && (reason_code || reason_comment))
1108 es_fprintf (es_stdout, " %s%s\n",
1109 _("reason for revocation: "), reason_text);
1112 const byte *s, *s_lf;
1116 n = reason_commentlen;
1120 /* We don't want any empty lines, so we skip them. */
1121 for (;n && *s == '\n'; s++, n--)
1125 s_lf = memchr (s, '\n', n);
1126 n_lf = s_lf? s_lf - s : n;
1127 es_fprintf (es_stdout, " %s",
1128 _("revocation comment: "));
1129 es_write_sanitized (es_stdout, s, n_lf, NULL, NULL);
1130 es_putc ('\n', es_stdout);
1131 s += n_lf; n -= n_lf;
1137 xfree (reason_text);
1138 xfree (reason_comment);
1140 /* fixme: check or list other sigs here */
1145 list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
1146 struct keylist_context *listctx)
1153 char *hexgrip = NULL;
1154 char *serialno = NULL;
1156 /* Get the keyid from the keyblock. */
1157 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1160 log_error ("Oops; key lost!\n");
1161 dump_kbnode (keyblock);
1165 pk = node->pkt->pkt.public_key;
1166 mainkid = pk_keyid (pk);
1168 if (secret || opt.with_keygrip)
1170 rc = hexkeygrip_from_pk (pk, &hexgrip);
1172 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1177 /* Encode some info about the secret key in SECRET. */
1178 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1179 secret = serialno? 3 : 1;
1181 secret = 2; /* Key not found. */
1184 if (!listctx->no_validity)
1185 check_trustdb_stale (ctrl);
1187 /* Print the "pub" line and in KF_NONE mode the fingerprint. */
1188 print_key_line (ctrl, es_stdout, pk, secret);
1191 print_fingerprint (ctrl, NULL, pk, 0);
1193 if (opt.with_keygrip && hexgrip)
1194 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1197 print_card_serialno (serialno);
1199 if (opt.with_key_data)
1200 print_key_data (pk);
1202 if (opt.with_key_screening)
1203 print_pk_screening (pk, 0);
1205 if (opt.with_key_origin
1206 && (pk->keyorg || pk->keyupdate || pk->updateurl))
1208 char updatestr[MK_DATESTR_SIZE];
1210 es_fprintf (es_stdout, " origin=%s last=%s %s",
1211 key_origin_string (pk->keyorg),
1212 mk_datestr (updatestr, sizeof updatestr, pk->keyupdate),
1213 pk->updateurl? "url=":"");
1215 print_utf8_string (es_stdout, pk->updateurl);
1216 es_putc ('\n', es_stdout);
1219 for (node = keyblock; node; node = node->next)
1221 if (is_deleted_kbnode (node))
1224 if (node->pkt->pkttype == PKT_USER_ID)
1226 PKT_user_id *uid = node->pkt->pkt.user_id;
1228 int kl = opt.keyid_format == KF_NONE? 10 : keystrlen ();
1230 if ((uid->flags.expired || uid->flags.revoked)
1231 && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
1239 if (attrib_fp && uid->attrib_data != NULL)
1240 dump_attribs (uid, pk);
1242 if ((uid->flags.revoked || uid->flags.expired)
1243 || ((opt.list_options & LIST_SHOW_UID_VALIDITY)
1244 && !listctx->no_validity))
1246 const char *validity;
1248 validity = uid_trust_string_fixed (ctrl, pk, uid);
1249 indent = ((kl + (opt.legacy_list_mode? 9:11))
1250 - atoi (uid_trust_string_fixed (ctrl, NULL, NULL)));
1251 if (indent < 0 || indent > 40)
1254 es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity);
1258 indent = kl + (opt.legacy_list_mode? 10:12);
1259 es_fprintf (es_stdout, "uid%*s", indent, "");
1262 print_utf8_buffer (es_stdout, uid->name, uid->len);
1263 es_putc ('\n', es_stdout);
1265 if (opt.with_wkd_hash)
1267 char *mbox, *hash, *p;
1270 mbox = mailbox_from_userid (uid->name, 0);
1271 if (mbox && (p = strchr (mbox, '@')))
1274 gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
1275 mbox, strlen (mbox));
1276 hash = zb32_encode (hashbuf, 8*20);
1279 es_fprintf (es_stdout, " %*s%s@%s\n",
1280 indent, "", hash, p);
1287 if (opt.with_key_origin
1288 && (uid->keyorg || uid->keyupdate || uid->updateurl))
1290 char updatestr[MK_DATESTR_SIZE];
1292 es_fprintf (es_stdout, " %*sorigin=%s last=%s %s",
1294 key_origin_string (uid->keyorg),
1295 mk_datestr (updatestr, sizeof updatestr,
1297 uid->updateurl? "url=":"");
1299 print_utf8_string (es_stdout, uid->updateurl);
1300 es_putc ('\n', es_stdout);
1303 if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
1304 show_photos (ctrl, uid->attribs, uid->numattribs, pk, uid);
1306 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1308 PKT_public_key *pk2 = node->pkt->pkt.public_key;
1310 if ((pk2->flags.revoked || pk2->has_expired)
1311 && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS))
1319 xfree (serialno); serialno = NULL;
1320 xfree (hexgrip); hexgrip = NULL;
1321 if (secret || opt.with_keygrip)
1323 rc = hexkeygrip_from_pk (pk2, &hexgrip);
1325 log_error ("error computing a keygrip: %s\n",
1330 if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1331 secret = serialno? 3 : 1;
1333 secret = 2; /* Key not found. */
1336 /* Print the "sub" line. */
1337 print_key_line (ctrl, es_stdout, pk2, secret);
1338 if (fpr > 1 || opt.with_subkey_fingerprint)
1340 print_fingerprint (ctrl, NULL, pk2, 0);
1342 print_card_serialno (serialno);
1344 if (opt.with_keygrip && hexgrip)
1345 es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
1346 if (opt.with_key_data)
1347 print_key_data (pk2);
1348 if (opt.with_key_screening)
1349 print_pk_screening (pk2, 0);
1351 else if (opt.list_sigs
1352 && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
1354 if ((opt.list_options & LIST_SORT_SIGS))
1357 unsigned int sigcount = 0;
1361 for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1363 sigarray = xcalloc (sigcount, sizeof *sigarray);
1366 for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1368 if (!keyid_cmp (mainkid, n->pkt->pkt.signature->keyid))
1369 n->flag |= NODFLG_MARK_B; /* Is a self-sig. */
1371 n->flag &= ~NODFLG_MARK_B;
1373 sigarray[sigcount++] = node = n;
1375 /* Note that NODE is now at the last signature. */
1377 qsort (sigarray, sigcount, sizeof *sigarray, cmp_signodes);
1379 for (idx=0; idx < sigcount; idx++)
1380 list_signature_print (ctrl, keyblock, sigarray[idx], listctx);
1384 list_signature_print (ctrl, keyblock, node, listctx);
1387 es_putc ('\n', es_stdout);
1393 /* Do a simple key listing printing only the fingerprint and the mail
1394 * address of valid keys. */
1396 list_keyblock_simple (ctrl_t ctrl, kbnode_t keyblock)
1401 char hexfpr[2*MAX_FINGERPRINT_LEN+1];
1406 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1409 log_error ("Oops; key lost!\n");
1410 dump_kbnode (keyblock);
1413 hexfingerprint (node->pkt->pkt.public_key, hexfpr, sizeof hexfpr);
1415 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1417 if (node->pkt->pkttype == PKT_USER_ID)
1419 PKT_user_id *uid = node->pkt->pkt.user_id;
1421 if (uid->attrib_data)
1424 if (uid->flags.expired || uid->flags.revoked)
1427 mbox = mailbox_from_userid (uid->name, 0);
1430 ec = gpg_err_code_from_syserror ();
1431 if (ec != GPG_ERR_EINVAL)
1432 log_error ("error getting mailbox from user-id: %s\n",
1436 es_fprintf (es_stdout, "%s %s\n", hexfpr, mbox);
1444 print_revokers (estream_t fp, PKT_public_key * pk)
1446 /* print the revoker record */
1447 if (!pk->revkey && pk->numrevkeys)
1453 for (i = 0; i < pk->numrevkeys; i++)
1457 es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid);
1458 p = pk->revkey[i].fpr;
1459 for (j = 0; j < pk->revkey[i].fprlen; j++, p++)
1460 es_fprintf (fp, "%02X", *p);
1461 es_fprintf (fp, ":%02x%s:\n",
1462 pk->revkey[i].class,
1463 (pk->revkey[i].class & 0x40) ? "s" : "");
1469 /* Print the compliance flags to field 18. PK is the public key.
1470 * KEYLENGTH is the length of the key in bits and CURVENAME is either
1471 * NULL or the name of the curve. The latter two args are here
1472 * merely because the caller has already computed them. */
1474 print_compliance_flags (PKT_public_key *pk,
1475 unsigned int keylength, const char *curvename)
1480 keylength = nbits_from_pk (pk);
1482 if (pk->version == 5)
1484 es_fputs (gnupg_status_compliance_flag (CO_GNUPG), es_stdout);
1487 if (gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0, pk->pkey,
1488 keylength, curvename))
1490 es_fprintf (es_stdout, any ? " %s" : "%s",
1491 gnupg_status_compliance_flag (CO_DE_VS));
1495 if (opt.with_key_screening)
1496 print_pk_screening (pk, 1+any);
1500 /* List a key in colon mode. If SECRET is true this is a secret key
1501 record (i.e. requested via --list-secret-key). If HAS_SECRET a
1502 secret key is available even if SECRET is not set. */
1504 list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
1505 int secret, int has_secret)
1512 int trustletter = 0;
1513 int trustletter_print;
1514 int ownertrust_print;
1517 char *hexgrip_buffer = NULL;
1518 const char *hexgrip = NULL;
1519 char *serialno = NULL;
1521 unsigned int keylength;
1523 const char *curvename = NULL;
1525 /* Get the keyid from the keyblock. */
1526 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1529 log_error ("Oops; key lost!\n");
1530 dump_kbnode (keyblock);
1534 pk = node->pkt->pkt.public_key;
1535 if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
1537 rc = hexkeygrip_from_pk (pk, &hexgrip_buffer);
1539 log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
1540 /* In the error case we print an empty string so that we have a
1541 * "grp" record for each primary and subkey - even if it is
1542 * empty. This may help to prevent sync problems. */
1543 hexgrip = hexgrip_buffer? hexgrip_buffer : "";
1546 if ((secret || has_secret)
1547 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1548 stubkey = 1; /* Key not found. */
1550 keyid_from_pk (pk, keyid);
1551 if (!pk->flags.valid)
1552 trustletter_print = 'i';
1553 else if (pk->flags.revoked)
1554 trustletter_print = 'r';
1555 else if (pk->has_expired)
1556 trustletter_print = 'e';
1557 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1558 trustletter_print = 0;
1561 trustletter = get_validity_info (ctrl, keyblock, pk, NULL);
1562 if (trustletter == 'u')
1564 trustletter_print = trustletter;
1567 if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
1568 ownertrust_print = get_ownertrust_info (ctrl, pk, 0);
1570 ownertrust_print = 0;
1572 keylength = nbits_from_pk (pk);
1574 es_fputs (secret? "sec:":"pub:", es_stdout);
1575 if (trustletter_print)
1576 es_putc (trustletter_print, es_stdout);
1577 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::",
1580 (ulong) keyid[0], (ulong) keyid[1],
1581 colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
1583 if (ownertrust_print)
1584 es_putc (ownertrust_print, es_stdout);
1585 es_putc (':', es_stdout);
1587 es_putc (':', es_stdout);
1588 es_putc (':', es_stdout);
1589 print_capabilities (ctrl, pk, keyblock);
1590 es_putc (':', es_stdout); /* End of field 13. */
1591 es_putc (':', es_stdout); /* End of field 14. */
1592 if (secret || has_secret)
1595 es_putc ('#', es_stdout);
1597 es_fputs (serialno, es_stdout);
1598 else if (has_secret)
1599 es_putc ('+', es_stdout);
1601 es_putc (':', es_stdout); /* End of field 15. */
1602 es_putc (':', es_stdout); /* End of field 16. */
1603 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1604 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1605 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1607 curve = openpgp_oid_to_str (pk->pkey[0]);
1608 curvename = openpgp_oid_to_curve (curve, 0);
1611 es_fputs (curvename, es_stdout);
1613 es_putc (':', es_stdout); /* End of field 17. */
1614 print_compliance_flags (pk, keylength, curvename);
1615 es_putc (':', es_stdout); /* End of field 18 (compliance). */
1617 es_fputs (colon_strtime (pk->keyupdate), es_stdout);
1618 es_putc (':', es_stdout); /* End of field 19 (last_update). */
1619 es_fprintf (es_stdout, "%d%s", pk->keyorg, pk->updateurl? " ":"");
1621 es_write_sanitized (es_stdout, pk->updateurl, strlen (pk->updateurl),
1623 es_putc (':', es_stdout); /* End of field 20 (origin). */
1624 es_putc ('\n', es_stdout);
1626 print_revokers (es_stdout, pk);
1627 print_fingerprint (ctrl, NULL, pk, 0);
1629 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1630 if (opt.with_key_data)
1631 print_key_data (pk);
1633 for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
1635 if (node->pkt->pkttype == PKT_USER_ID)
1637 PKT_user_id *uid = node->pkt->pkt.user_id;
1640 if (attrib_fp && uid->attrib_data != NULL)
1641 dump_attribs (uid, pk);
1643 if (uid->flags.revoked)
1645 else if (uid->flags.expired)
1647 else if (opt.no_expensive_trust_checks)
1652 uid_validity = get_validity_info (ctrl, keyblock, pk, uid);
1654 es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout);
1656 es_putc (uid_validity, es_stdout);
1657 es_fputs ("::::", es_stdout);
1659 es_fprintf (es_stdout, "%s:", colon_strtime (uid->created));
1660 es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate));
1662 namehash_from_uid (uid);
1664 for (i = 0; i < 20; i++)
1665 es_fprintf (es_stdout, "%02X", uid->namehash[i]);
1667 es_fprintf (es_stdout, "::");
1669 if (uid->attrib_data)
1670 es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len);
1672 es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
1673 es_fputs (":::::::::", es_stdout);
1675 es_fputs (colon_strtime (uid->keyupdate), es_stdout);
1676 es_putc (':', es_stdout); /* End of field 19 (last_update). */
1677 es_fprintf (es_stdout, "%d%s", uid->keyorg, uid->updateurl? " ":"");
1679 es_write_sanitized (es_stdout,
1680 uid->updateurl, strlen (uid->updateurl),
1682 es_putc (':', es_stdout); /* End of field 20 (origin). */
1683 es_putc ('\n', es_stdout);
1685 if (!uid->attrib_data && opt.with_tofu_info
1686 && (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP))
1688 /* Print a "tfs" record. */
1689 tofu_write_tfs_record (ctrl, es_stdout, pk, uid->name);
1693 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1696 PKT_public_key *pk2;
1697 int need_hexgrip = !!hexgrip;
1699 pk2 = node->pkt->pkt.public_key;
1700 xfree (hexgrip_buffer); hexgrip_buffer = NULL; hexgrip = NULL;
1701 xfree (serialno); serialno = NULL;
1703 || secret || has_secret || opt.with_keygrip || opt.with_key_data)
1705 rc = hexkeygrip_from_pk (pk2, &hexgrip_buffer);
1707 log_error ("error computing a keygrip: %s\n",
1709 hexgrip = hexgrip_buffer? hexgrip_buffer : "";
1712 if ((secret||has_secret)
1713 && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
1714 stubkey = 1; /* Key not found. */
1716 keyid_from_pk (pk2, keyid2);
1717 es_fputs (secret? "ssb:":"sub:", es_stdout);
1718 if (!pk2->flags.valid)
1719 es_putc ('i', es_stdout);
1720 else if (pk2->flags.revoked)
1721 es_putc ('r', es_stdout);
1722 else if (pk2->has_expired)
1723 es_putc ('e', es_stdout);
1724 else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
1728 /* TRUSTLETTER should always be defined here. */
1730 es_fprintf (es_stdout, "%c", trustletter);
1732 keylength = nbits_from_pk (pk2);
1733 es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s:::::",
1736 (ulong) keyid2[0], (ulong) keyid2[1],
1737 colon_datestr_from_pk (pk2),
1738 colon_strtime (pk2->expiredate));
1739 print_capabilities (ctrl, pk2, NULL);
1740 es_putc (':', es_stdout); /* End of field 13. */
1741 es_putc (':', es_stdout); /* End of field 14. */
1742 if (secret || has_secret)
1745 es_putc ('#', es_stdout);
1747 es_fputs (serialno, es_stdout);
1748 else if (has_secret)
1749 es_putc ('+', es_stdout);
1751 es_putc (':', es_stdout); /* End of field 15. */
1752 es_putc (':', es_stdout); /* End of field 16. */
1753 if (pk2->pubkey_algo == PUBKEY_ALGO_ECDSA
1754 || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA
1755 || pk2->pubkey_algo == PUBKEY_ALGO_ECDH)
1758 curve = openpgp_oid_to_str (pk2->pkey[0]);
1759 curvename = openpgp_oid_to_curve (curve, 0);
1762 es_fputs (curvename, es_stdout);
1764 es_putc (':', es_stdout); /* End of field 17. */
1765 print_compliance_flags (pk2, keylength, curvename);
1766 es_putc (':', es_stdout); /* End of field 18. */
1767 es_putc ('\n', es_stdout);
1768 print_fingerprint (ctrl, NULL, pk2, 0);
1770 es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
1771 if (opt.with_key_data)
1772 print_key_data (pk2);
1774 else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE)
1776 PKT_signature *sig = node->pkt->pkt.signature;
1777 int sigrc, fprokay = 0;
1780 byte fparray[MAX_FINGERPRINT_LEN];
1783 char *issuer_fpr = NULL;
1784 char *reason_text = NULL;
1785 char *reason_comment = NULL;
1786 size_t reason_commentlen;
1787 int reason_code = 0; /* Init to silence compiler warning. */
1789 if (sig->sig_class == 0x20 || sig->sig_class == 0x28
1790 || sig->sig_class == 0x30)
1793 reason_code = get_revocation_reason (sig, &reason_text,
1795 &reason_commentlen);
1797 else if ((sig->sig_class & ~3) == 0x10)
1799 else if (sig->sig_class == 0x18)
1801 else if (sig->sig_class == 0x1F)
1805 es_fprintf (es_stdout, "sig::::::::::%02x%c:\n",
1806 sig->sig_class, sig->flags.exportable ? 'x' : 'l');
1812 PKT_public_key *signer_pk = NULL;
1814 es_fflush (es_stdout);
1815 if (opt.no_sig_cache)
1816 signer_pk = xmalloc_clear (sizeof (PKT_public_key));
1818 rc = check_key_signature2 (ctrl, keyblock, node, NULL, signer_pk,
1820 switch (gpg_err_code (rc))
1825 case GPG_ERR_BAD_SIGNATURE:
1828 case GPG_ERR_NO_PUBKEY:
1829 case GPG_ERR_UNUSABLE_PUBKEY:
1837 if (opt.no_sig_cache)
1841 fingerprint_from_pk (signer_pk, fparray, &fplen);
1844 free_public_key (signer_pk);
1850 sigrc = ' '; /* Note the fix-up below in --list-sigs mode. */
1853 if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode)
1856 siguid = get_user_id (ctrl, sig->keyid, &siguidlen, &nouid);
1857 if (!opt.check_sigs && nouid)
1858 sigrc = '?'; /* No key in local keyring. */
1867 es_fputs (sigstr, es_stdout);
1868 es_putc (':', es_stdout);
1870 es_putc (sigrc, es_stdout);
1871 es_fprintf (es_stdout, "::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1872 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1873 colon_datestr_from_sig (sig),
1874 colon_expirestr_from_sig (sig));
1876 if (sig->trust_depth || sig->trust_value)
1877 es_fprintf (es_stdout, "%d %d", sig->trust_depth, sig->trust_value);
1878 es_fprintf (es_stdout, ":");
1880 if (sig->trust_regexp)
1881 es_write_sanitized (es_stdout, sig->trust_regexp,
1882 strlen (sig->trust_regexp), ":", NULL);
1883 es_fprintf (es_stdout, ":");
1886 es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
1888 es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL);
1890 es_fprintf (es_stdout, ":%02x%c", sig->sig_class,
1891 sig->flags.exportable ? 'x' : 'l');
1893 es_fprintf (es_stdout, ",%02x", reason_code);
1894 es_fputs ("::", es_stdout);
1896 if (opt.no_sig_cache && opt.check_sigs && fprokay)
1898 for (i = 0; i < fplen; i++)
1899 es_fprintf (es_stdout, "%02X", fparray[i]);
1901 else if ((issuer_fpr = issuer_fpr_string (sig)))
1902 es_fputs (issuer_fpr, es_stdout);
1904 es_fprintf (es_stdout, ":::%d:", sig->digest_algo);
1908 es_fputs ("::::", es_stdout);
1909 es_write_sanitized (es_stdout, reason_comment, reason_commentlen,
1911 es_putc (':', es_stdout);
1913 es_putc ('\n', es_stdout);
1915 if (opt.show_subpackets)
1916 print_subpackets_colon (sig);
1918 /* fixme: check or list other sigs here */
1919 xfree (reason_text);
1920 xfree (reason_comment);
1927 xfree (hexgrip_buffer);
1932 * Reorder the keyblock so that the primary user ID (and not attribute
1933 * packet) comes first. Fixme: Replace this by a generic sort
1936 do_reorder_keyblock (KBNODE keyblock, int attr)
1938 KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
1941 for (node = keyblock; node; primary0 = node, node = node->next)
1943 if (node->pkt->pkttype == PKT_USER_ID &&
1944 ((attr && node->pkt->pkt.user_id->attrib_data) ||
1945 (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
1946 node->pkt->pkt.user_id->flags.primary)
1948 primary = primary2 = node;
1949 for (node = node->next; node; primary2 = node, node = node->next)
1951 if (node->pkt->pkttype == PKT_USER_ID
1952 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1953 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1962 return; /* No primary key flag found (should not happen). */
1964 for (last = NULL, node = keyblock; node; last = node, node = node->next)
1966 if (node->pkt->pkttype == PKT_USER_ID)
1970 log_assert (last); /* The user ID is never the first packet. */
1971 log_assert (primary0); /* Ditto (this is the node before primary). */
1972 if (node == primary)
1973 return; /* Already the first one. */
1975 last->next = primary;
1976 primary0->next = primary2->next;
1977 primary2->next = node;
1981 reorder_keyblock (KBNODE keyblock)
1983 do_reorder_keyblock (keyblock, 1);
1984 do_reorder_keyblock (keyblock, 0);
1988 list_keyblock (ctrl_t ctrl,
1989 KBNODE keyblock, int secret, int has_secret, int fpr,
1990 struct keylist_context *listctx)
1992 reorder_keyblock (keyblock);
1994 if (opt.with_colons)
1995 list_keyblock_colon (ctrl, keyblock, secret, has_secret);
1996 else if ((opt.list_options & LIST_SHOW_ONLY_FPR_MBOX))
1998 if (!listctx->no_validity)
1999 check_trustdb_stale (ctrl);
2000 list_keyblock_simple (ctrl, keyblock);
2003 list_keyblock_print (ctrl, keyblock, secret, fpr, listctx);
2006 es_fflush (es_stdout);
2010 /* Public function used by keygen to list a keyblock. If NO_VALIDITY
2011 * is set the validity of a key is never shown. */
2013 list_keyblock_direct (ctrl_t ctrl,
2014 kbnode_t keyblock, int secret, int has_secret, int fpr,
2017 struct keylist_context listctx;
2019 memset (&listctx, 0, sizeof (listctx));
2020 listctx.no_validity = !!no_validity;
2021 list_keyblock (ctrl, keyblock, secret, has_secret, fpr, &listctx);
2022 keylist_context_release (&listctx);
2026 /* Print an hex digit in ICAO spelling. */
2028 print_icao_hexdigit (estream_t fp, int c)
2030 static const char *list[16] = {
2031 "Zero", "One", "Two", "Three", "Four", "Five", "Six", "Seven",
2032 "Eight", "Niner", "Alfa", "Bravo", "Charlie", "Delta", "Echo", "Foxtrot"
2035 tty_fprintf (fp, "%s", list[c&15]);
2040 * Function to print the finperprint.
2041 * mode 0: as used in key listings, opt.with_colons is honored
2042 * 1: print using log_info ()
2043 * 2: direct use of tty
2044 * 3: direct use of tty but only primary key.
2045 * 4: direct use of tty but only subkey.
2046 * 10: Same as 0 but with_colons etc is ignored.
2047 * 20: Same as 0 but using a compact format.
2049 * Modes 1 and 2 will try and print both subkey and primary key
2050 * fingerprints. A MODE with bit 7 set is used internally. If
2051 * OVERRIDE_FP is not NULL that stream will be used in 0 instead
2052 * of es_stdout or instead of the TTY in modes 2 and 3.
2055 print_fingerprint (ctrl_t ctrl, estream_t override_fp,
2056 PKT_public_key *pk, int mode)
2058 char hexfpr[2*MAX_FINGERPRINT_LEN+1];
2064 int with_colons = opt.with_colons;
2065 int with_icao = opt.with_icao_spelling;
2074 else if (mode == 20)
2081 if (!opt.fingerprint && !opt.with_fingerprint
2082 && opt.with_subkey_fingerprint)
2085 if (pk->main_keyid[0] == pk->keyid[0]
2086 && pk->main_keyid[1] == pk->keyid[1])
2089 /* Just to be safe */
2090 if ((mode & 0x80) && !primary)
2092 log_error ("primary key is not really primary!\n");
2098 if (!primary && (mode == 1 || mode == 2))
2100 PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
2101 get_pubkey (ctrl, primary_pk, pk->main_keyid);
2102 print_fingerprint (ctrl, override_fp, primary_pk, (mode | 0x80));
2103 free_public_key (primary_pk);
2108 fp = log_get_stream ();
2110 text = _("Primary key fingerprint:");
2112 text = _(" Subkey fingerprint:");
2116 fp = override_fp; /* Use tty or given stream. */
2118 /* TRANSLATORS: this should fit into 24 bytes so that the
2119 * fingerprint data is properly aligned with the user ID */
2120 text = _(" Primary key fingerprint:");
2122 text = _(" Subkey fingerprint:");
2126 fp = override_fp; /* Use tty or given stream. */
2127 text = _(" Key fingerprint =");
2131 fp = override_fp; /* Use tty or given stream. */
2132 text = _(" Subkey fingerprint:");
2136 fp = override_fp? override_fp : es_stdout;
2137 if (opt.keyid_format == KF_NONE)
2139 text = " "; /* To indent ICAO spelling. */
2143 text = _(" Key fingerprint =");
2146 hexfingerprint (pk, hexfpr, sizeof hexfpr);
2147 if (with_colons && !mode)
2149 es_fprintf (fp, "fpr:::::::::%s:", hexfpr);
2151 else if (compact && !opt.fingerprint && !opt.with_fingerprint)
2153 tty_fprintf (fp, "%*s%s", 6, "", hexfpr);
2157 char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1];
2158 format_hexfingerprint (hexfpr, fmtfpr, sizeof fmtfpr);
2160 tty_fprintf (fp, "%*s%s", 6, "", fmtfpr);
2162 tty_fprintf (fp, "%s %s", text, fmtfpr);
2164 tty_fprintf (fp, "\n");
2165 if (!with_colons && with_icao)
2168 tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, "");
2169 for (i = 0, p = hexfpr; *p; i++, p++)
2174 tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, "");
2176 tty_fprintf (fp, " ");
2178 tty_fprintf (fp, " ");
2179 print_icao_hexdigit (fp, xtoi_1 (p));
2181 tty_fprintf (fp, "\"\n");
2185 /* Print the serial number of an OpenPGP card if available. */
2187 print_card_serialno (const char *serialno)
2191 if (opt.with_colons)
2192 return; /* Handled elsewhere. */
2194 es_fputs (_(" Card serial no. ="), es_stdout);
2195 es_putc (' ', es_stdout);
2196 if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12))
2198 /* This is an OpenPGP card. Print the relevant part. */
2199 /* Example: D2760001240101010001000003470000 */
2201 es_fprintf (es_stdout, "%.*s %.*s", 4, serialno+16, 8, serialno+20);
2204 es_fputs (serialno, es_stdout);
2205 es_putc ('\n', es_stdout);
2209 /* Print a public or secret (sub)key line. Example:
2211 * pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31]
2212 * 80615870F5BAD690333686D0F2AD85AC1E42B367
2214 * pub rsa2048 2017-12-31 [SC] [expires: 2028-12-31]
2215 * 80615870F5BAD690333686D0F2AD85AC1E42B3671122334455
2217 * Some global options may result in a different output format. If
2218 * SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and
2219 * depending on the value a flag character is shown:
2221 * 1 := ' ' Regular secret key
2222 * 2 := '#' Stub secret key
2223 * 3 := '>' Secret key is on a token.
2226 print_key_line (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, int secret)
2228 char pkstrbuf[PUBKEY_STRING_SIZE];
2230 tty_fprintf (fp, "%s%c %s",
2231 pk->flags.primary? (secret? "sec":"pub")
2232 /**/ : (secret? "ssb":"sub"),
2233 secret == 2? '#' : secret == 3? '>' : ' ',
2234 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf));
2235 if (opt.keyid_format != KF_NONE)
2236 tty_fprintf (fp, "/%s", keystr_from_pk (pk));
2237 tty_fprintf (fp, " %s", datestr_from_pk (pk));
2239 if (pk->flags.primary
2240 && !(openpgp_pk_algo_usage (pk->pubkey_algo)
2241 & (PUBKEY_USAGE_CERT| PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)))
2243 /* A primary key which is really not capable to sign. */
2244 tty_fprintf (fp, " [INVALID_ALGO]");
2246 else if ((opt.list_options & LIST_SHOW_USAGE))
2248 tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0));
2251 if (pk->flags.revoked)
2253 tty_fprintf (fp, " [");
2254 tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk));
2255 tty_fprintf (fp, "]");
2257 else if (pk->has_expired)
2259 tty_fprintf (fp, " [");
2260 tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk));
2261 tty_fprintf (fp, "]");
2263 else if (pk->expiredate)
2265 tty_fprintf (fp, " [");
2266 tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
2267 tty_fprintf (fp, "]");
2271 /* I need to think about this some more. It's easy enough to
2272 include, but it looks sort of confusing in the listing... */
2273 if (opt.list_options & LIST_SHOW_VALIDITY)
2275 int validity = get_validity (ctrl, pk, NULL, NULL, 0);
2276 tty_fprintf (fp, " [%s]", trust_value_to_string (validity));
2280 if (pk->pubkey_algo >= 100)
2281 tty_fprintf (fp, " [experimental algorithm %d]", pk->pubkey_algo);
2283 tty_fprintf (fp, "\n");
2285 /* if the user hasn't explicitly asked for human-readable
2286 fingerprints, show compact fpr of primary key: */
2287 if (pk->flags.primary &&
2288 !opt.fingerprint && !opt.with_fingerprint)
2289 print_fingerprint (ctrl, fp, pk, 20);
2294 set_attrib_fd (int fd)
2296 static int last_fd = -1;
2298 if (fd != -1 && last_fd == fd)
2301 /* Fixme: Do we need to check for the log stream here? */
2302 if (attrib_fp && attrib_fp != log_get_stream ())
2303 es_fclose (attrib_fp);
2308 if (! gnupg_fd_valid (fd))
2309 log_fatal ("attribute-fd is invalid: %s\n", strerror (errno));
2311 #ifdef HAVE_DOSISH_SYSTEM
2312 setmode (fd, O_BINARY);
2315 attrib_fp = es_stdout;
2317 attrib_fp = es_stderr;
2319 attrib_fp = es_fdopen (fd, "wb");
2322 log_fatal ("can't open fd %d for attribute output: %s\n",
2323 fd, strerror (errno));