1 /* export.c - Export keys in the OpenPGP defined format.
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
3 * 2005, 2010 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
38 #include "call-agent.h"
40 /* An object to keep track of subkeys. */
43 struct subkey_list_s *next;
46 typedef struct subkey_list_s *subkey_list_t;
49 static int do_export (ctrl_t ctrl,
50 strlist_t users, int secret, unsigned int options );
51 static int do_export_stream (ctrl_t ctrl, iobuf_t out,
52 strlist_t users, int secret,
53 kbnode_t *keyblock_out, unsigned int options,
55 static int build_sexp (iobuf_t out, PACKET *pkt, int *indent);
59 parse_export_options(char *str,unsigned int *options,int noisy)
61 struct parse_options export_opts[]=
63 {"export-local-sigs",EXPORT_LOCAL_SIGS,NULL,
64 N_("export signatures that are marked as local-only")},
65 {"export-attributes",EXPORT_ATTRIBUTES,NULL,
66 N_("export attribute user IDs (generally photo IDs)")},
67 {"export-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL,
68 N_("export revocation keys marked as \"sensitive\"")},
69 {"export-clean",EXPORT_CLEAN,NULL,
70 N_("remove unusable parts from key during export")},
71 {"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL,
72 N_("remove as much as possible from key during export")},
73 {"export-sexp-format",EXPORT_SEXP_FORMAT, NULL,
74 N_("export keys in an S-expression based format")},
75 /* Aliases for backward compatibility */
76 {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL},
77 {"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL},
78 {"include-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL,NULL},
80 {"export-unusable-sigs",0,NULL,NULL},
81 {"export-clean-sigs",0,NULL,NULL},
82 {"export-clean-uids",0,NULL,NULL},
84 /* add tags for include revoked and disabled? */
87 return parse_options(str,options,export_opts,noisy);
92 * Export the public keys (to standard out or --output).
93 * Depending on opt.armor the output is armored.
94 * options are defined in main.h.
95 * If USERS is NULL, the complete ring will be exported. */
97 export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options )
99 return do_export (ctrl, users, 0, options );
103 * Export to an already opened stream; return -1 if no keys have
107 export_pubkeys_stream (ctrl_t ctrl, iobuf_t out, strlist_t users,
108 kbnode_t *keyblock_out, unsigned int options )
112 rc = do_export_stream (ctrl, out, users, 0, keyblock_out, options, &any);
120 * Export a single key into a memory buffer.
123 export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
124 kbnode_t *r_keyblock, void **r_data, size_t *r_datalen)
136 if (!add_to_strlist_try (&helplist, keyspec))
137 return gpg_error_from_syserror ();
139 iobuf = iobuf_temp ();
140 err = do_export_stream (ctrl, iobuf, helplist, 0, r_keyblock, options, &any);
142 err = gpg_error (GPG_ERR_NOT_FOUND);
148 iobuf_flush_temp (iobuf);
149 src = iobuf_get_temp_buffer (iobuf);
150 datalen = iobuf_get_temp_length (iobuf);
152 err = gpg_error (GPG_ERR_NO_PUBKEY);
153 else if (!(*r_data = xtrymalloc (datalen)))
154 err = gpg_error_from_syserror ();
157 memcpy (*r_data, src, datalen);
158 *r_datalen = datalen;
162 free_strlist (helplist);
163 if (err && *r_keyblock)
165 release_kbnode (*r_keyblock);
173 export_seckeys (ctrl_t ctrl, strlist_t users )
175 /* Use only relevant options for the secret key. */
176 unsigned int options = (opt.export_options & EXPORT_SEXP_FORMAT);
177 return do_export (ctrl, users, 1, options);
181 export_secsubkeys (ctrl_t ctrl, strlist_t users )
183 /* Use only relevant options for the secret key. */
184 unsigned int options = (opt.export_options & EXPORT_SEXP_FORMAT);
185 return do_export (ctrl, users, 2, options);
189 /* Export the keys identified by the list of strings in USERS. If
190 Secret is false public keys will be exported. With secret true
191 secret keys will be exported; in this case 1 means the entire
192 secret keyblock and 2 only the subkeys. OPTIONS are the export
195 do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options )
199 armor_filter_context_t *afx = NULL;
200 compress_filter_context_t zfx;
202 memset( &zfx, 0, sizeof zfx);
204 rc = open_outfile (-1, NULL, 0, !!secret, &out );
208 if (!(options & EXPORT_SEXP_FORMAT))
212 afx = new_armor_context ();
213 afx->what = secret? 5 : 1;
214 push_armor_filter (afx, out);
218 rc = do_export_stream (ctrl, out, users, secret, NULL, options, &any );
224 release_armor_context (afx);
230 /* Release an entire subkey list. */
232 release_subkey_list (subkey_list_t list)
236 subkey_list_t tmp = list->next;;
243 /* Returns true if NODE is a subkey and contained in LIST. */
245 subkey_in_list_p (subkey_list_t list, KBNODE node)
247 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
248 || node->pkt->pkttype == PKT_SECRET_SUBKEY )
252 keyid_from_pk (node->pkt->pkt.public_key, kid);
254 for (; list; list = list->next)
255 if (list->kid[0] == kid[0] && list->kid[1] == kid[1])
261 /* Allocate a new subkey list item from NODE. */
263 new_subkey_list_item (KBNODE node)
265 subkey_list_t list = xcalloc (1, sizeof *list);
267 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
268 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
269 keyid_from_pk (node->pkt->pkt.public_key, list->kid);
275 /* Helper function to check whether the subkey at NODE actually
276 matches the description at DESC. The function returns true if the
277 key under question has been specified by an exact specification
278 (keyID or fingerprint) and does match the one at NODE. It is
279 assumed that the packet at NODE is either a public or secret
282 exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, KBNODE node)
285 byte fpr[MAX_FINGERPRINT_LEN];
291 case KEYDB_SEARCH_MODE_SHORT_KID:
292 case KEYDB_SEARCH_MODE_LONG_KID:
293 keyid_from_pk (node->pkt->pkt.public_key, kid);
296 case KEYDB_SEARCH_MODE_FPR16:
297 case KEYDB_SEARCH_MODE_FPR20:
298 case KEYDB_SEARCH_MODE_FPR:
299 fingerprint_from_pk (node->pkt->pkt.public_key, fpr,&fprlen);
308 case KEYDB_SEARCH_MODE_SHORT_KID:
309 if (desc->u.kid[1] == kid[1])
313 case KEYDB_SEARCH_MODE_LONG_KID:
314 if (desc->u.kid[0] == kid[0] && desc->u.kid[1] == kid[1])
318 case KEYDB_SEARCH_MODE_FPR16:
319 if (!memcmp (desc->u.fpr, fpr, 16))
323 case KEYDB_SEARCH_MODE_FPR20:
324 case KEYDB_SEARCH_MODE_FPR:
325 if (!memcmp (desc->u.fpr, fpr, 20))
337 /* Return a canonicalized public key algoithms. This is used to
338 compare different flavors of algorithms (e.g. ELG and ELG_E are
339 considered the same). */
340 static enum gcry_pk_algos
341 canon_pk_algo (enum gcry_pk_algos algo)
347 case GCRY_PK_RSA_S: return GCRY_PK_RSA;
349 case GCRY_PK_ELG_E: return GCRY_PK_ELG;
352 case GCRY_PK_ECDH: return GCRY_PK_ECC;
353 default: return algo;
358 /* Use the key transfer format given in S_PGP to create the secinfo
359 structure in PK and change the parameter array in PK to include the
360 secret parameters. */
362 transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
365 gcry_sexp_t top_list;
366 gcry_sexp_t list = NULL;
372 int is_v4, is_protected;
373 enum gcry_pk_algos pk_algo;
374 int protect_algo = 0;
383 gcry_mpi_t skey[10]; /* We support up to 9 parameters. */
385 struct seckey_info *ski;
387 /* gcry_log_debugsxp ("transferkey", s_pgp); */
388 top_list = gcry_sexp_find_token (s_pgp, "openpgp-private-key", 0);
392 list = gcry_sexp_find_token (top_list, "version", 0);
395 value = gcry_sexp_nth_data (list, 1, &valuelen);
396 if (!value || valuelen != 1 || !(value[0] == '3' || value[0] == '4'))
398 is_v4 = (value[0] == '4');
400 gcry_sexp_release (list);
401 list = gcry_sexp_find_token (top_list, "protection", 0);
404 value = gcry_sexp_nth_data (list, 1, &valuelen);
407 if (valuelen == 4 && !memcmp (value, "sha1", 4))
409 else if (valuelen == 3 && !memcmp (value, "sum", 3))
411 else if (valuelen == 4 && !memcmp (value, "none", 4))
417 string = gcry_sexp_nth_string (list, 2);
420 protect_algo = gcry_cipher_map_name (string);
423 value = gcry_sexp_nth_data (list, 3, &valuelen);
424 if (!value || !valuelen || valuelen > sizeof iv)
426 memcpy (iv, value, valuelen);
429 string = gcry_sexp_nth_string (list, 4);
432 s2k_mode = strtol (string, NULL, 10);
435 string = gcry_sexp_nth_string (list, 5);
438 s2k_algo = gcry_md_map_name (string);
441 value = gcry_sexp_nth_data (list, 6, &valuelen);
442 if (!value || !valuelen || valuelen > sizeof s2k_salt)
444 memcpy (s2k_salt, value, valuelen);
446 string = gcry_sexp_nth_string (list, 7);
449 s2k_count = strtoul (string, NULL, 10);
453 /* Parse the gcrypt PK algo and check that it is okay. */
454 gcry_sexp_release (list);
455 list = gcry_sexp_find_token (top_list, "algo", 0);
458 string = gcry_sexp_nth_string (list, 1);
461 pk_algo = gcry_pk_map_name (string);
462 xfree (string); string = NULL;
463 if (gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey)
464 || gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &nskey)
465 || !npkey || npkey >= nskey)
468 /* Check that the pubkey algo matches the one from the public key. */
469 switch (canon_pk_algo (pk_algo))
472 if (!is_RSA (pk->pubkey_algo))
473 pk_algo = 0; /* Does not match. */
476 if (!is_DSA (pk->pubkey_algo))
477 pk_algo = 0; /* Does not match. */
480 if (!is_ELGAMAL (pk->pubkey_algo))
481 pk_algo = 0; /* Does not match. */
484 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
486 else if (pk->pubkey_algo == PUBKEY_ALGO_ECDH)
488 else if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA)
491 pk_algo = 0; /* Does not match. */
492 /* For ECC we do not have the domain parameters thus fix our info. */
497 pk_algo = 0; /* Oops. */
502 err = gpg_error (GPG_ERR_PUBKEY_ALGO);
506 /* This check has to go after the ecc adjustments. */
507 if (nskey > PUBKEY_MAX_NSKEY)
510 /* Parse the key parameters. */
511 gcry_sexp_release (list);
512 list = gcry_sexp_find_token (top_list, "skey", 0);
519 value = gcry_sexp_nth_data (list, ++idx, &valuelen);
520 if (!value && skeyidx >= npkey)
523 /* Check for too many parameters. Note that depending on the
524 protection mode and version number we may see less than NSKEY
525 (but at least NPKEY+1) parameters. */
528 if (skeyidx >= DIM (skey)-1)
531 if (!value || valuelen != 1 || !(value[0] == '_' || value[0] == 'e'))
533 is_enc = (value[0] == 'e');
534 value = gcry_sexp_nth_data (list, ++idx, &valuelen);
535 if (!value || !valuelen)
539 void *p = xtrymalloc (valuelen);
542 memcpy (p, value, valuelen);
543 skey[skeyidx] = gcry_mpi_set_opaque (NULL, p, valuelen*8);
549 if (gcry_mpi_scan (skey + skeyidx, GCRYMPI_FMT_STD,
550 value, valuelen, NULL))
555 skey[skeyidx++] = NULL;
557 gcry_sexp_release (list); list = NULL;
559 /* We have no need for the CSUM value thus we don't parse it. */
560 /* list = gcry_sexp_find_token (top_list, "csum", 0); */
563 /* string = gcry_sexp_nth_string (list, 1); */
565 /* goto bad_seckey; */
566 /* desired_csum = strtoul (string, NULL, 10); */
567 /* xfree (string); */
570 /* desired_csum = 0; */
571 /* gcry_sexp_release (list); list = NULL; */
573 /* Get the curve name if any, */
574 list = gcry_sexp_find_token (top_list, "curve", 0);
577 curve = gcry_sexp_nth_string (list, 1);
578 gcry_sexp_release (list); list = NULL;
581 gcry_sexp_release (top_list); top_list = NULL;
583 /* log_debug ("XXX is_v4=%d\n", is_v4); */
584 /* log_debug ("XXX pubkey_algo=%d\n", pubkey_algo); */
585 /* log_debug ("XXX is_protected=%d\n", is_protected); */
586 /* log_debug ("XXX protect_algo=%d\n", protect_algo); */
587 /* log_printhex ("XXX iv", iv, ivlen); */
588 /* log_debug ("XXX ivlen=%d\n", ivlen); */
589 /* log_debug ("XXX s2k_mode=%d\n", s2k_mode); */
590 /* log_debug ("XXX s2k_algo=%d\n", s2k_algo); */
591 /* log_printhex ("XXX s2k_salt", s2k_salt, sizeof s2k_salt); */
592 /* log_debug ("XXX s2k_count=%lu\n", (unsigned long)s2k_count); */
593 /* for (idx=0; skey[idx]; idx++) */
595 /* int is_enc = gcry_mpi_get_flag (skey[idx], GCRYMPI_FLAG_OPAQUE); */
596 /* log_info ("XXX skey[%d]%s:", idx, is_enc? " (enc)":""); */
600 /* unsigned int nbits; */
601 /* p = gcry_mpi_get_opaque (skey[idx], &nbits); */
602 /* log_printhex (NULL, p, (nbits+7)/8); */
605 /* gcry_mpi_dump (skey[idx]); */
606 /* log_printf ("\n"); */
609 if (!is_v4 || is_protected != 2 )
611 /* We only support the v4 format and a SHA-1 checksum. */
612 err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
616 /* We need to change the received parameters for ECC algorithms.
617 The transfer format has the curve name and the parameters
618 separate. We put them all into the SKEY array. */
619 if (canon_pk_algo (pk_algo) == GCRY_PK_ECC)
623 /* Assert that all required parameters are available. We also
624 check that the array does not contain more parameters than
625 needed (this was used by some beta versions of 2.1. */
626 if (!curve || !skey[0] || !skey[1] || skey[2])
628 err = gpg_error (GPG_ERR_INTERNAL);
632 oidstr = openpgp_curve_to_oid (curve, NULL);
635 log_error ("no OID known for curve '%s'\n", curve);
636 err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
639 /* Put the curve's OID into into the MPI array. This requires
640 that we shift Q and D. For ECDH also insert the KDF parms. */
645 skey[2] = gcry_mpi_copy (pk->pkey[2]);
654 err = openpgp_oid_from_str (oidstr, skey + 0);
657 /* Fixup the NPKEY and NSKEY to match OpenPGP reality. */
661 /* for (idx=0; skey[idx]; idx++) */
663 /* log_info ("YYY skey[%d]:", idx); */
664 /* if (gcry_mpi_get_flag (skey[idx], GCRYMPI_FLAG_OPAQUE)) */
667 /* unsigned int nbits; */
668 /* p = gcry_mpi_get_opaque (skey[idx], &nbits); */
669 /* log_printhex (NULL, p, (nbits+7)/8); */
672 /* gcry_mpi_dump (skey[idx]); */
673 /* log_printf ("\n"); */
677 /* Do some sanity checks. */
680 /* We expect an already encoded S2K count. */
681 err = gpg_error (GPG_ERR_INV_DATA);
684 err = openpgp_cipher_test_algo (protect_algo);
687 err = openpgp_md_test_algo (s2k_algo);
691 /* Check that the public key parameters match. Note that since
692 Libgcrypt 1.5 gcry_mpi_cmp handles opaque MPI correctly. */
693 for (idx=0; idx < npkey; idx++)
694 if (gcry_mpi_cmp (pk->pkey[idx], skey[idx]))
696 err = gpg_error (GPG_ERR_BAD_PUBKEY);
700 /* Check that the first secret key parameter in SKEY is encrypted
701 and that there are no more secret key parameters. The latter is
702 guaranteed by the v4 packet format. */
703 if (!gcry_mpi_get_flag (skey[npkey], GCRYMPI_FLAG_OPAQUE))
705 if (npkey+1 < DIM (skey) && skey[npkey+1])
708 /* Check that the secret key parameters in PK are all set to NULL. */
709 for (idx=npkey; idx < nskey; idx++)
713 /* Now build the protection info. */
714 pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
717 err = gpg_error_from_syserror ();
721 ski->is_protected = 1;
723 ski->algo = protect_algo;
724 ski->s2k.mode = s2k_mode;
725 ski->s2k.hash_algo = s2k_algo;
726 assert (sizeof ski->s2k.salt == sizeof s2k_salt);
727 memcpy (ski->s2k.salt, s2k_salt, sizeof s2k_salt);
728 ski->s2k.count = s2k_count;
729 assert (ivlen <= sizeof ski->iv);
730 memcpy (ski->iv, iv, ivlen);
733 /* Store the protected secret key parameter. */
734 pk->pkey[npkey] = skey[npkey];
741 gcry_sexp_release (list);
742 gcry_sexp_release (top_list);
743 for (idx=0; idx < skeyidx; idx++)
744 gcry_mpi_release (skey[idx]);
748 err = gpg_error (GPG_ERR_BAD_SECKEY);
752 err = gpg_error (GPG_ERR_ENOMEM);
756 /* Export the keys identified by the list of strings in USERS to the
757 stream OUT. If Secret is false public keys will be exported. With
758 secret true secret keys will be exported; in this case 1 means the
759 entire secret keyblock and 2 only the subkeys. OPTIONS are the
760 export options to apply. If KEYBLOCK_OUT is not NULL, AND the exit
761 code is zero, a pointer to the first keyblock found and exported
762 will be stored at this address; no other keyblocks are exported in
763 this case. The caller must free it the returned keyblock. If any
764 key has been exported true is stored at ANY. */
766 do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
767 kbnode_t *keyblock_out, unsigned int options, int *any)
771 KBNODE keyblock = NULL;
773 size_t ndesc, descindex;
774 KEYDB_SEARCH_DESC *desc = NULL;
775 subkey_list_t subkey_list = NULL; /* Track already processed subkeys. */
779 gcry_cipher_hd_t cipherhd = NULL;
780 char *cache_nonce = NULL;
784 kdbhd = keydb_new ();
789 desc = xcalloc (ndesc, sizeof *desc);
790 desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
794 for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
796 desc = xmalloc ( ndesc * sizeof *desc);
798 for (ndesc=0, sl=users; sl; sl = sl->next)
800 if (!(err=classify_user_id (sl->d, desc+ndesc, 1)))
803 log_error (_("key \"%s\" not found: %s\n"),
804 sl->d, gpg_strerror (err));
807 keydb_disable_caching (kdbhd); /* We are looping the search. */
809 /* It would be nice to see which of the given users did actually
810 match one in the keyring. To implement this we need to have
811 a found flag for each entry in desc. To set this flag we
812 must check all those entries after a match to mark all
813 matched one - currently we stop at the first match. To do
814 this we need an extra flag to enable this feature. */
817 #ifdef ENABLE_SELINUX_HACKS
820 log_error (_("exporting secret keys not allowed\n"));
821 err = gpg_error (GPG_ERR_NOT_SUPPORTED);
826 /* For secret key export we need to setup a decryption context. */
832 err = agent_keywrap_key (ctrl, 1, &kek, &keklen);
835 log_error ("error getting the KEK: %s\n", gpg_strerror (err));
839 /* Prepare a cipher context. */
840 err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
841 GCRY_CIPHER_MODE_AESWRAP, 0);
843 err = gcry_cipher_setkey (cipherhd, kek, keklen);
846 log_error ("error setting up an encryption context: %s\n",
856 int skip_until_subkey = 0;
860 err = keydb_search (kdbhd, desc, ndesc, &descindex);
862 desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
863 if (gpg_err_code (err) == GPG_ERR_LEGACY_KEY)
864 continue; /* Skip PGP2 keys. */
868 /* Read the keyblock. */
869 release_kbnode (keyblock);
871 err = keydb_get_keyblock (kdbhd, &keyblock);
872 if (gpg_err_code (err) == GPG_ERR_LEGACY_KEY)
873 continue; /* Skip PGP2 keys. */
876 log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
880 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
883 log_error ("public key packet not found in keyblock - skipped\n");
886 setup_main_keyids (keyblock); /* gpg_format_keydesc needs it. */
887 pk = node->pkt->pkt.public_key;
888 keyid_from_pk (pk, keyid);
890 /* If a secret key export is required we need to check whether
891 we have a secret key at all and if so create the seckey_info
895 if (agent_probe_any_secret_key (ctrl, keyblock))
896 continue; /* No secret key (neither primary nor subkey). */
898 /* No v3 keys with GNU mode 1001. */
899 if (secret == 2 && pk->version == 3)
901 log_info (_("key %s: PGP 2.x style key - skipped\n"),
906 /* The agent does not yet allow to export v3 packets. It is
907 actually questionable whether we should allow them at
909 if (pk->version == 3)
911 log_info ("key %s: PGP 2.x style key (v3) export "
912 "not yet supported - skipped\n", keystr (keyid));
917 /* Always do the cleaning on the public key part if requested.
918 Note that we don't yet set this option if we are exporting
919 secret keys. Note that both export-clean and export-minimal
920 only apply to UID sigs (0x10, 0x11, 0x12, and 0x13). A
921 designated revocation is never stripped, even with
922 export-minimal set. */
923 if ((options & EXPORT_CLEAN))
924 clean_key (keyblock, opt.verbose, (options&EXPORT_MINIMAL), NULL, NULL);
929 for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); )
931 if (skip_until_subkey)
933 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
934 skip_until_subkey = 0;
939 /* We used to use comment packets, but not any longer. In
940 case we still have comments on a key, strip them here
941 before we call build_packet(). */
942 if (node->pkt->pkttype == PKT_COMMENT)
945 /* Make sure that ring_trust packets never get exported. */
946 if (node->pkt->pkttype == PKT_RING_TRUST)
949 /* If exact is set, then we only export what was requested
950 (plus the primary key, if the user didn't specifically
952 if (desc[descindex].exact
953 && node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
955 if (!exact_subkey_match_p (desc+descindex, node))
957 /* Before skipping this subkey, check whether any
958 other description wants an exact match on a
959 subkey and include that subkey into the output
960 too. Need to add this subkey to a list so that
961 it won't get processed a second time.
963 So the first step here is to check that list and
964 skip in any case if the key is in that list.
966 We need this whole mess because the import
967 function of GnuPG < 2.1 is not able to merge
968 secret keys and thus it is useless to output them
969 as two separate keys and have import merge them. */
970 if (subkey_in_list_p (subkey_list, node))
971 skip_until_subkey = 1; /* Already processed this one. */
976 for (j=0; j < ndesc; j++)
977 if (j != descindex && desc[j].exact
978 && exact_subkey_match_p (desc+j, node))
981 skip_until_subkey = 1; /* No other one matching. */
985 if(skip_until_subkey)
988 /* Mark this one as processed. */
990 subkey_list_t tmp = new_subkey_list_item (node);
991 tmp->next = subkey_list;
996 if (node->pkt->pkttype == PKT_SIGNATURE)
998 /* Do not export packets which are marked as not
1000 if (!(options&EXPORT_LOCAL_SIGS)
1001 && !node->pkt->pkt.signature->flags.exportable)
1002 continue; /* not exportable */
1004 /* Do not export packets with a "sensitive" revocation
1005 key unless the user wants us to. Note that we do
1006 export these when issuing the actual revocation
1008 if (!(options&EXPORT_SENSITIVE_REVKEYS)
1009 && node->pkt->pkt.signature->revkey)
1013 for (i=0;i<node->pkt->pkt.signature->numrevkeys;i++)
1014 if ( (node->pkt->pkt.signature->revkey[i].class & 0x40))
1017 if (i < node->pkt->pkt.signature->numrevkeys)
1022 /* Don't export attribs? */
1023 if (!(options&EXPORT_ATTRIBUTES)
1024 && node->pkt->pkttype == PKT_USER_ID
1025 && node->pkt->pkt.user_id->attrib_data )
1027 /* Skip until we get to something that is not an attrib
1028 or a signature on an attrib */
1029 while (kbctx->next && kbctx->next->pkt->pkttype==PKT_SIGNATURE)
1030 kbctx = kbctx->next;
1035 if (secret && (node->pkt->pkttype == PKT_PUBLIC_KEY
1036 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY))
1038 u32 subkidbuf[2], *subkid;
1039 char *hexgrip, *serialno;
1041 pk = node->pkt->pkt.public_key;
1042 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
1046 keyid_from_pk (pk, subkidbuf);
1050 if (pk->seckey_info)
1052 log_error ("key %s: oops: seckey_info already set"
1053 " - skipped\n", keystr_with_sub (keyid, subkid));
1054 skip_until_subkey = 1;
1058 err = hexkeygrip_from_pk (pk, &hexgrip);
1061 log_error ("key %s: error computing keygrip: %s"
1062 " - skipped\n", keystr_with_sub (keyid, subkid),
1063 gpg_strerror (err));
1064 skip_until_subkey = 1;
1069 if (secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY)
1071 /* We are asked not to export the secret parts of
1072 the primary key. Make up an error code to create
1074 err = GPG_ERR_NOT_FOUND;
1078 err = agent_get_keyinfo (ctrl, hexgrip, &serialno);
1080 if ((!err && serialno)
1081 && secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY)
1083 /* It does not make sense to export a key with its
1084 primary key on card using a non-key stub. Thus
1085 we skip those keys when used with
1086 --export-secret-subkeys. */
1087 log_info (_("key %s: key material on-card - skipped\n"),
1088 keystr_with_sub (keyid, subkid));
1089 skip_until_subkey = 1;
1091 else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND
1092 || (!err && serialno))
1094 /* Create a key stub. */
1095 struct seckey_info *ski;
1098 pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
1101 err = gpg_error_from_syserror ();
1106 ski->is_protected = 1;
1108 ski->s2k.mode = 1001; /* GNU dummy (no secret key). */
1111 ski->s2k.mode = 1002; /* GNU-divert-to-card. */
1112 for (s=serialno; sizeof (ski->ivlen) && *s && s[1];
1113 ski->ivlen++, s += 2)
1114 ski->iv[ski->ivlen] = xtoi_2 (s);
1117 if ((options&EXPORT_SEXP_FORMAT))
1118 err = build_sexp (out, node->pkt, &indent);
1120 err = build_packet (out, node->pkt);
1124 /* FIXME: Move this spaghetti code into a separate
1126 unsigned char *wrappedkey = NULL;
1127 size_t wrappedkeylen;
1128 unsigned char *key = NULL;
1129 size_t keylen, realkeylen;
1133 log_info ("key %s: asking agent for the secret parts\n",
1134 keystr_with_sub (keyid, subkid));
1137 char *prompt = gpg_format_keydesc (pk,
1138 FORMAT_KEYDESC_EXPORT,1);
1139 err = agent_export_key (ctrl, hexgrip, prompt, &cache_nonce,
1140 &wrappedkey, &wrappedkeylen);
1145 if (wrappedkeylen < 24)
1147 err = gpg_error (GPG_ERR_INV_LENGTH);
1150 keylen = wrappedkeylen - 8;
1151 key = xtrymalloc_secure (keylen);
1154 err = gpg_error_from_syserror ();
1157 err = gcry_cipher_decrypt (cipherhd, key, keylen,
1158 wrappedkey, wrappedkeylen);
1161 realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err);
1163 goto unwraperror; /* Invalid csexp. */
1165 err = gcry_sexp_sscan (&s_skey, NULL, key, realkeylen);
1170 err = transfer_format_to_openpgp (s_skey, pk);
1171 gcry_sexp_release (s_skey);
1175 if ((options&EXPORT_SEXP_FORMAT))
1176 err = build_sexp (out, node->pkt, &indent);
1178 err = build_packet (out, node->pkt);
1179 goto unwraperror_leave;
1186 log_error ("key %s: error receiving key from agent:"
1188 keystr_with_sub (keyid, subkid),
1190 gpg_err_code (err) == GPG_ERR_FULLY_CANCELED?
1191 "":_(" - skipped"));
1192 if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
1194 skip_until_subkey = 1;
1202 log_error ("key %s: error getting keyinfo from agent: %s"
1203 " - skipped\n", keystr_with_sub (keyid, subkid),
1204 gpg_strerror (err));
1205 skip_until_subkey = 1;
1209 xfree (pk->seckey_info);
1210 pk->seckey_info = NULL;
1215 if ((options&EXPORT_SEXP_FORMAT))
1216 err = build_sexp (out, node->pkt, &indent);
1218 err = build_packet (out, node->pkt);
1223 log_error ("build_packet(%d) failed: %s\n",
1224 node->pkt->pkttype, gpg_strerror (err));
1228 if (!skip_until_subkey)
1232 if ((options&EXPORT_SEXP_FORMAT) && indent)
1234 for (; indent; indent--)
1235 iobuf_put (out, ')');
1236 iobuf_put (out, '\n');
1241 *keyblock_out = keyblock;
1245 if ((options&EXPORT_SEXP_FORMAT) && indent)
1247 for (; indent; indent--)
1248 iobuf_put (out, ')');
1249 iobuf_put (out, '\n');
1251 if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
1255 gcry_cipher_close (cipherhd);
1256 release_subkey_list (subkey_list);
1258 keydb_release (kdbhd);
1259 if (err || !keyblock_out)
1260 release_kbnode( keyblock );
1261 xfree (cache_nonce);
1263 log_info(_("WARNING: nothing exported\n"));
1270 /* write_sexp_line (iobuf_t out, int *indent, const char *text) */
1274 /* for (i=0; i < *indent; i++) */
1275 /* iobuf_put (out, ' '); */
1276 /* iobuf_writestr (out, text); */
1281 /* write_sexp_keyparm (iobuf_t out, int *indent, const char *name, gcry_mpi_t a) */
1284 /* unsigned char *buffer; */
1286 /* write_sexp_line (out, indent, "("); */
1287 /* iobuf_writestr (out, name); */
1288 /* iobuf_writestr (out, " #"); */
1290 /* rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, a); */
1292 /* iobuf_writestr (out, buffer); */
1293 /* iobuf_writestr (out, "#)"); */
1294 /* gcry_free (buffer); */
1299 build_sexp_seckey (iobuf_t out, PACKET *pkt, int *indent)
1305 /* FIXME: Not yet implemented. */
1306 return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
1307 /* PKT_secret_key *sk = pkt->pkt.secret_key; */
1308 /* char tmpbuf[100]; */
1310 /* if (pkt->pkttype == PKT_SECRET_KEY) */
1312 /* iobuf_writestr (out, "(openpgp-key\n"); */
1317 /* iobuf_writestr (out, " (subkey\n"); */
1321 /* write_sexp_line (out, indent, "(private-key\n"); */
1323 /* if (is_RSA (sk->pubkey_algo) && !sk->is_protected) */
1325 /* write_sexp_line (out, indent, "(rsa\n"); */
1327 /* write_sexp_keyparm (out, indent, "n", sk->skey[0]); iobuf_put (out,'\n'); */
1328 /* write_sexp_keyparm (out, indent, "e", sk->skey[1]); iobuf_put (out,'\n'); */
1329 /* write_sexp_keyparm (out, indent, "d", sk->skey[2]); iobuf_put (out,'\n'); */
1330 /* write_sexp_keyparm (out, indent, "p", sk->skey[3]); iobuf_put (out,'\n'); */
1331 /* write_sexp_keyparm (out, indent, "q", sk->skey[4]); iobuf_put (out,'\n'); */
1332 /* write_sexp_keyparm (out, indent, "u", sk->skey[5]); */
1333 /* iobuf_put (out,')'); iobuf_put (out,'\n'); */
1336 /* else if (sk->pubkey_algo == PUBKEY_ALGO_DSA && !sk->is_protected) */
1338 /* write_sexp_line (out, indent, "(dsa\n"); */
1340 /* write_sexp_keyparm (out, indent, "p", sk->skey[0]); iobuf_put (out,'\n'); */
1341 /* write_sexp_keyparm (out, indent, "q", sk->skey[1]); iobuf_put (out,'\n'); */
1342 /* write_sexp_keyparm (out, indent, "g", sk->skey[2]); iobuf_put (out,'\n'); */
1343 /* write_sexp_keyparm (out, indent, "y", sk->skey[3]); iobuf_put (out,'\n'); */
1344 /* write_sexp_keyparm (out, indent, "x", sk->skey[4]); */
1345 /* iobuf_put (out,')'); iobuf_put (out,'\n'); */
1348 /* else if (sk->pubkey_algo == PUBKEY_ALGO_ECDSA && !sk->is_protected) */
1350 /* write_sexp_line (out, indent, "(ecdsa\n"); */
1352 /* write_sexp_keyparm (out, indent, "c", sk->skey[0]); iobuf_put (out,'\n'); */
1353 /* write_sexp_keyparm (out, indent, "q", sk->skey[6]); iobuf_put (out,'\n'); */
1354 /* write_sexp_keyparm (out, indent, "d", sk->skey[7]); */
1355 /* iobuf_put (out,')'); iobuf_put (out,'\n'); */
1358 /* else if (is_ELGAMAL (sk->pubkey_algo) && !sk->is_protected) */
1360 /* write_sexp_line (out, indent, "(elg\n"); */
1362 /* write_sexp_keyparm (out, indent, "p", sk->skey[0]); iobuf_put (out,'\n'); */
1363 /* write_sexp_keyparm (out, indent, "g", sk->skey[2]); iobuf_put (out,'\n'); */
1364 /* write_sexp_keyparm (out, indent, "y", sk->skey[3]); iobuf_put (out,'\n'); */
1365 /* write_sexp_keyparm (out, indent, "x", sk->skey[4]); */
1366 /* iobuf_put (out,')'); iobuf_put (out,'\n'); */
1369 /* write_sexp_line (out, indent, "(attrib\n"); (*indent)++; */
1370 /* sprintf (tmpbuf, "(created \"%lu\"", (unsigned long)sk->timestamp); */
1371 /* write_sexp_line (out, indent, tmpbuf); */
1372 /* iobuf_put (out,')'); (*indent)--; /\* close created *\/ */
1373 /* iobuf_put (out,')'); (*indent)--; /\* close attrib *\/ */
1374 /* iobuf_put (out,')'); (*indent)--; /\* close private-key *\/ */
1375 /* if (pkt->pkttype != PKT_SECRET_KEY) */
1376 /* iobuf_put (out,')'), (*indent)--; /\* close subkey *\/ */
1377 /* iobuf_put (out,'\n'); */
1383 /* For some packet types we write them in a S-expression format. This
1384 is still EXPERIMENTAL and subject to change. */
1386 build_sexp (iobuf_t out, PACKET *pkt, int *indent)
1390 switch (pkt->pkttype)
1392 case PKT_SECRET_KEY:
1393 case PKT_SECRET_SUBKEY:
1394 rc = build_sexp_seckey (out, pkt, indent);