1 /* export.c - Export keys in the OpenPGP defined format.
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
3 * 2005, 2010 Free Software Foundation, Inc.
4 * Copyright (C) 1998-2016 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
39 #include "call-agent.h"
41 /* An object to keep track of subkeys. */
44 struct subkey_list_s *next;
47 typedef struct subkey_list_s *subkey_list_t;
50 /* An object to track statistics for export operations. */
53 ulong count; /* Number of processed keys. */
54 ulong secret_count; /* Number of secret keys seen. */
55 ulong exported; /* Number of actual exported keys. */
59 /* Local prototypes. */
60 static int do_export (ctrl_t ctrl, strlist_t users, int secret,
61 unsigned int options, export_stats_t stats);
62 static int do_export_stream (ctrl_t ctrl, iobuf_t out,
63 strlist_t users, int secret,
64 kbnode_t *keyblock_out, unsigned int options,
65 export_stats_t stats, int *any);
70 /* Option parser for export options. See parse_options fro
73 parse_export_options(char *str,unsigned int *options,int noisy)
75 struct parse_options export_opts[]=
77 {"export-local-sigs",EXPORT_LOCAL_SIGS,NULL,
78 N_("export signatures that are marked as local-only")},
79 {"export-attributes",EXPORT_ATTRIBUTES,NULL,
80 N_("export attribute user IDs (generally photo IDs)")},
81 {"export-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL,
82 N_("export revocation keys marked as \"sensitive\"")},
83 {"export-clean",EXPORT_CLEAN,NULL,
84 N_("remove unusable parts from key during export")},
85 {"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL,
86 N_("remove as much as possible from key during export")},
87 /* Aliases for backward compatibility */
88 {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL},
89 {"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL},
90 {"include-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL,NULL},
92 {"export-unusable-sigs",0,NULL,NULL},
93 {"export-clean-sigs",0,NULL,NULL},
94 {"export-clean-uids",0,NULL,NULL},
96 /* add tags for include revoked and disabled? */
99 return parse_options(str,options,export_opts,noisy);
103 /* Create a new export stats object initialized to zero. On error
104 returns NULL and sets ERRNO. */
106 export_new_stats (void)
108 export_stats_t stats;
110 return xtrycalloc (1, sizeof *stats);
114 /* Release an export stats object. */
116 export_release_stats (export_stats_t stats)
122 /* Print export statistics using the status interface. */
124 export_print_stats (export_stats_t stats)
129 if (is_status_enabled ())
133 snprintf (buf, sizeof buf, "%lu %lu %lu",
137 write_status_text (STATUS_EXPORT_RES, buf);
143 * Export public keys (to stdout or to --output FILE).
145 * Depending on opt.armor the output is armored. OPTIONS are defined
146 * in main.h. If USERS is NULL, all keys will be exported. STATS is
147 * either an export stats object for update or NULL.
149 * This function is the core of "gpg --export".
152 export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options,
153 export_stats_t stats)
155 return do_export (ctrl, users, 0, options, stats);
160 * Export secret keys (to stdout or to --output FILE).
162 * Depending on opt.armor the output is armored. If USERS is NULL,
163 * all secret keys will be exported. STATS is either an export stats
164 * object for update or NULL.
166 * This function is the core of "gpg --export-secret-keys".
169 export_seckeys (ctrl_t ctrl, strlist_t users, export_stats_t stats)
171 return do_export (ctrl, users, 1, 0, stats);
176 * Export secret sub keys (to stdout or to --output FILE).
178 * This is the same as export_seckeys but replaces the primary key by
179 * a stub key. Depending on opt.armor the output is armored. If
180 * USERS is NULL, all secret subkeys will be exported. STATS is
181 * either an export stats object for update or NULL.
183 * This function is the core of "gpg --export-secret-subkeys".
186 export_secsubkeys (ctrl_t ctrl, strlist_t users, export_stats_t stats)
188 return do_export (ctrl, users, 2, 0, stats);
193 * Export a single key into a memory buffer. STATS is either an
194 * export stats object for update or NULL.
197 export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
198 export_stats_t stats,
199 kbnode_t *r_keyblock, void **r_data, size_t *r_datalen)
211 if (!add_to_strlist_try (&helplist, keyspec))
212 return gpg_error_from_syserror ();
214 iobuf = iobuf_temp ();
215 err = do_export_stream (ctrl, iobuf, helplist, 0, r_keyblock, options,
218 err = gpg_error (GPG_ERR_NOT_FOUND);
224 iobuf_flush_temp (iobuf);
225 src = iobuf_get_temp_buffer (iobuf);
226 datalen = iobuf_get_temp_length (iobuf);
228 err = gpg_error (GPG_ERR_NO_PUBKEY);
229 else if (!(*r_data = xtrymalloc (datalen)))
230 err = gpg_error_from_syserror ();
233 memcpy (*r_data, src, datalen);
234 *r_datalen = datalen;
238 free_strlist (helplist);
239 if (err && *r_keyblock)
241 release_kbnode (*r_keyblock);
248 /* Export the keys identified by the list of strings in USERS. If
249 Secret is false public keys will be exported. With secret true
250 secret keys will be exported; in this case 1 means the entire
251 secret keyblock and 2 only the subkeys. OPTIONS are the export
254 do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options,
255 export_stats_t stats)
259 armor_filter_context_t *afx = NULL;
260 compress_filter_context_t zfx;
262 memset( &zfx, 0, sizeof zfx);
264 rc = open_outfile (-1, NULL, 0, !!secret, &out );
270 afx = new_armor_context ();
271 afx->what = secret? 5 : 1;
272 push_armor_filter (afx, out);
275 rc = do_export_stream (ctrl, out, users, secret, NULL, options, stats, &any);
281 release_armor_context (afx);
287 /* Release an entire subkey list. */
289 release_subkey_list (subkey_list_t list)
293 subkey_list_t tmp = list->next;;
300 /* Returns true if NODE is a subkey and contained in LIST. */
302 subkey_in_list_p (subkey_list_t list, KBNODE node)
304 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
305 || node->pkt->pkttype == PKT_SECRET_SUBKEY )
309 keyid_from_pk (node->pkt->pkt.public_key, kid);
311 for (; list; list = list->next)
312 if (list->kid[0] == kid[0] && list->kid[1] == kid[1])
318 /* Allocate a new subkey list item from NODE. */
320 new_subkey_list_item (KBNODE node)
322 subkey_list_t list = xcalloc (1, sizeof *list);
324 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
325 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
326 keyid_from_pk (node->pkt->pkt.public_key, list->kid);
332 /* Helper function to check whether the subkey at NODE actually
333 matches the description at DESC. The function returns true if the
334 key under question has been specified by an exact specification
335 (keyID or fingerprint) and does match the one at NODE. It is
336 assumed that the packet at NODE is either a public or secret
339 exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, KBNODE node)
342 byte fpr[MAX_FINGERPRINT_LEN];
348 case KEYDB_SEARCH_MODE_SHORT_KID:
349 case KEYDB_SEARCH_MODE_LONG_KID:
350 keyid_from_pk (node->pkt->pkt.public_key, kid);
353 case KEYDB_SEARCH_MODE_FPR16:
354 case KEYDB_SEARCH_MODE_FPR20:
355 case KEYDB_SEARCH_MODE_FPR:
356 fingerprint_from_pk (node->pkt->pkt.public_key, fpr,&fprlen);
365 case KEYDB_SEARCH_MODE_SHORT_KID:
366 if (desc->u.kid[1] == kid[1])
370 case KEYDB_SEARCH_MODE_LONG_KID:
371 if (desc->u.kid[0] == kid[0] && desc->u.kid[1] == kid[1])
375 case KEYDB_SEARCH_MODE_FPR16:
376 if (!memcmp (desc->u.fpr, fpr, 16))
380 case KEYDB_SEARCH_MODE_FPR20:
381 case KEYDB_SEARCH_MODE_FPR:
382 if (!memcmp (desc->u.fpr, fpr, 20))
394 /* Return an error if the key represented by the S-expression S_KEY
395 * and the OpenPGP key represented by PK do not use the same curve. */
397 match_curve_skey_pk (gcry_sexp_t s_key, PKT_public_key *pk)
399 gcry_sexp_t curve = NULL;
400 gcry_sexp_t flags = NULL;
401 char *curve_str = NULL;
403 const char *oidstr = NULL;
404 gcry_mpi_t curve_as_mpi = NULL;
409 if (!(pk->pubkey_algo==PUBKEY_ALGO_ECDH
410 || pk->pubkey_algo==PUBKEY_ALGO_ECDSA
411 || pk->pubkey_algo==PUBKEY_ALGO_EDDSA))
412 return gpg_error (GPG_ERR_PUBKEY_ALGO);
414 curve = gcry_sexp_find_token (s_key, "curve", 0);
417 log_error ("no reported curve\n");
418 return gpg_error (GPG_ERR_UNKNOWN_CURVE);
420 curve_str = gcry_sexp_nth_string (curve, 1);
421 gcry_sexp_release (curve); curve = NULL;
424 log_error ("no curve name\n");
425 return gpg_error (GPG_ERR_UNKNOWN_CURVE);
427 oidstr = openpgp_curve_to_oid (curve_str, NULL);
430 log_error ("no OID known for curve '%s'\n", curve_str);
432 return gpg_error (GPG_ERR_UNKNOWN_CURVE);
435 err = openpgp_oid_from_str (oidstr, &curve_as_mpi);
438 if (gcry_mpi_cmp (pk->pkey[0], curve_as_mpi))
440 log_error ("curves do not match\n");
441 gcry_mpi_release (curve_as_mpi);
442 return gpg_error (GPG_ERR_INV_CURVE);
444 gcry_mpi_release (curve_as_mpi);
445 flags = gcry_sexp_find_token (s_key, "flags", 0);
448 for (idx = 1; idx < gcry_sexp_length (flags); idx++)
450 flag = gcry_sexp_nth_string (flags, idx);
451 if (flag && (strcmp ("eddsa", flag) == 0))
456 if (is_eddsa != (pk->pubkey_algo == PUBKEY_ALGO_EDDSA))
458 log_error ("disagreement about EdDSA\n");
459 err = gpg_error (GPG_ERR_INV_CURVE);
466 /* Return a canonicalized public key algoithms. This is used to
467 compare different flavors of algorithms (e.g. ELG and ELG_E are
468 considered the same). */
469 static enum gcry_pk_algos
470 canon_pk_algo (enum gcry_pk_algos algo)
476 case GCRY_PK_RSA_S: return GCRY_PK_RSA;
478 case GCRY_PK_ELG_E: return GCRY_PK_ELG;
481 case GCRY_PK_ECDH: return GCRY_PK_ECC;
482 default: return algo;
487 /* Take a cleartext dump of a secret key in PK and change the
488 * parameter array in PK to include the secret parameters. */
490 cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk)
492 gpg_error_t err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
493 gcry_sexp_t top_list;
494 gcry_sexp_t key = NULL;
495 char *key_type = NULL;
496 enum gcry_pk_algos pk_algo;
497 struct seckey_info *ski;
499 gcry_mpi_t pub_params[10] = { NULL };
501 /* we look for a private-key, then the first element in it tells us
503 top_list = gcry_sexp_find_token (s_key, "private-key", 0);
506 if (gcry_sexp_length(top_list) != 2)
508 key = gcry_sexp_nth (top_list, 1);
511 key_type = gcry_sexp_nth_string(key, 0);
512 pk_algo = gcry_pk_map_name (key_type);
514 log_assert (!pk->seckey_info);
516 pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
519 err = gpg_error_from_syserror ();
523 switch (canon_pk_algo (pk_algo))
526 if (!is_RSA (pk->pubkey_algo))
527 goto bad_pubkey_algo;
528 err = gcry_sexp_extract_param (key, NULL, "ne",
532 for (idx=0; idx < 2 && !err; idx++)
533 if (gcry_mpi_cmp(pk->pkey[idx], pub_params[idx]))
534 err = gpg_error (GPG_ERR_BAD_PUBKEY);
537 for (idx = 2; idx < 6 && !err; idx++)
539 gcry_mpi_release (pk->pkey[idx]);
540 pk->pkey[idx] = NULL;
542 err = gcry_sexp_extract_param (key, NULL, "dpqu",
551 for (idx = 2; idx < 6; idx++)
552 ski->csum += checksum_mpi (pk->pkey[idx]);
557 if (!is_DSA (pk->pubkey_algo))
558 goto bad_pubkey_algo;
559 err = gcry_sexp_extract_param (key, NULL, "pqgy",
565 for (idx=0; idx < 4 && !err; idx++)
566 if (gcry_mpi_cmp(pk->pkey[idx], pub_params[idx]))
567 err = gpg_error (GPG_ERR_BAD_PUBKEY);
570 gcry_mpi_release (pk->pkey[4]);
572 err = gcry_sexp_extract_param (key, NULL, "x",
577 ski->csum += checksum_mpi (pk->pkey[4]);
581 if (!is_ELGAMAL (pk->pubkey_algo))
582 goto bad_pubkey_algo;
583 err = gcry_sexp_extract_param (key, NULL, "pgy",
588 for (idx=0; idx < 3 && !err; idx++)
589 if (gcry_mpi_cmp(pk->pkey[idx], pub_params[idx]))
590 err = gpg_error (GPG_ERR_BAD_PUBKEY);
593 gcry_mpi_release (pk->pkey[3]);
595 err = gcry_sexp_extract_param (key, NULL, "x",
600 ski->csum += checksum_mpi (pk->pkey[3]);
604 err = match_curve_skey_pk (key, pk);
608 err = gcry_sexp_extract_param (key, NULL, "q",
611 if (!err && (gcry_mpi_cmp(pk->pkey[1], pub_params[0])))
612 err = gpg_error (GPG_ERR_BAD_PUBKEY);
615 if (pk->pubkey_algo == PUBKEY_ALGO_ECDH)
619 gcry_mpi_release (pk->pkey[sec_start]);
620 pk->pkey[sec_start] = NULL;
621 err = gcry_sexp_extract_param (key, NULL, "d",
622 &pk->pkey[sec_start],
627 ski->csum += checksum_mpi (pk->pkey[sec_start]);
631 pk->seckey_info = NULL;
633 err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
638 gcry_sexp_release (top_list);
639 gcry_sexp_release (key);
640 gcry_free (key_type);
642 for (idx=0; idx < DIM(pub_params); idx++)
643 gcry_mpi_release (pub_params[idx]);
647 err = gpg_error (GPG_ERR_PUBKEY_ALGO);
651 err = gpg_error (GPG_ERR_BAD_SECKEY);
656 /* Use the key transfer format given in S_PGP to create the secinfo
657 structure in PK and change the parameter array in PK to include the
658 secret parameters. */
660 transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
663 gcry_sexp_t top_list;
664 gcry_sexp_t list = NULL;
670 int is_v4, is_protected;
671 enum gcry_pk_algos pk_algo;
672 int protect_algo = 0;
681 gcry_mpi_t skey[10]; /* We support up to 9 parameters. */
683 struct seckey_info *ski;
685 /* gcry_log_debugsxp ("transferkey", s_pgp); */
686 top_list = gcry_sexp_find_token (s_pgp, "openpgp-private-key", 0);
690 list = gcry_sexp_find_token (top_list, "version", 0);
693 value = gcry_sexp_nth_data (list, 1, &valuelen);
694 if (!value || valuelen != 1 || !(value[0] == '3' || value[0] == '4'))
696 is_v4 = (value[0] == '4');
698 gcry_sexp_release (list);
699 list = gcry_sexp_find_token (top_list, "protection", 0);
702 value = gcry_sexp_nth_data (list, 1, &valuelen);
705 if (valuelen == 4 && !memcmp (value, "sha1", 4))
707 else if (valuelen == 3 && !memcmp (value, "sum", 3))
709 else if (valuelen == 4 && !memcmp (value, "none", 4))
715 string = gcry_sexp_nth_string (list, 2);
718 protect_algo = gcry_cipher_map_name (string);
721 value = gcry_sexp_nth_data (list, 3, &valuelen);
722 if (!value || !valuelen || valuelen > sizeof iv)
724 memcpy (iv, value, valuelen);
727 string = gcry_sexp_nth_string (list, 4);
730 s2k_mode = strtol (string, NULL, 10);
733 string = gcry_sexp_nth_string (list, 5);
736 s2k_algo = gcry_md_map_name (string);
739 value = gcry_sexp_nth_data (list, 6, &valuelen);
740 if (!value || !valuelen || valuelen > sizeof s2k_salt)
742 memcpy (s2k_salt, value, valuelen);
744 string = gcry_sexp_nth_string (list, 7);
747 s2k_count = strtoul (string, NULL, 10);
751 /* Parse the gcrypt PK algo and check that it is okay. */
752 gcry_sexp_release (list);
753 list = gcry_sexp_find_token (top_list, "algo", 0);
756 string = gcry_sexp_nth_string (list, 1);
759 pk_algo = gcry_pk_map_name (string);
760 xfree (string); string = NULL;
761 if (gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey)
762 || gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &nskey)
763 || !npkey || npkey >= nskey)
766 /* Check that the pubkey algo matches the one from the public key. */
767 switch (canon_pk_algo (pk_algo))
770 if (!is_RSA (pk->pubkey_algo))
771 pk_algo = 0; /* Does not match. */
774 if (!is_DSA (pk->pubkey_algo))
775 pk_algo = 0; /* Does not match. */
778 if (!is_ELGAMAL (pk->pubkey_algo))
779 pk_algo = 0; /* Does not match. */
782 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
784 else if (pk->pubkey_algo == PUBKEY_ALGO_ECDH)
786 else if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA)
789 pk_algo = 0; /* Does not match. */
790 /* For ECC we do not have the domain parameters thus fix our info. */
795 pk_algo = 0; /* Oops. */
800 err = gpg_error (GPG_ERR_PUBKEY_ALGO);
804 /* This check has to go after the ecc adjustments. */
805 if (nskey > PUBKEY_MAX_NSKEY)
808 /* Parse the key parameters. */
809 gcry_sexp_release (list);
810 list = gcry_sexp_find_token (top_list, "skey", 0);
817 value = gcry_sexp_nth_data (list, ++idx, &valuelen);
818 if (!value && skeyidx >= npkey)
821 /* Check for too many parameters. Note that depending on the
822 protection mode and version number we may see less than NSKEY
823 (but at least NPKEY+1) parameters. */
826 if (skeyidx >= DIM (skey)-1)
829 if (!value || valuelen != 1 || !(value[0] == '_' || value[0] == 'e'))
831 is_enc = (value[0] == 'e');
832 value = gcry_sexp_nth_data (list, ++idx, &valuelen);
833 if (!value || !valuelen)
837 void *p = xtrymalloc (valuelen);
840 memcpy (p, value, valuelen);
841 skey[skeyidx] = gcry_mpi_set_opaque (NULL, p, valuelen*8);
847 if (gcry_mpi_scan (skey + skeyidx, GCRYMPI_FMT_STD,
848 value, valuelen, NULL))
853 skey[skeyidx++] = NULL;
855 gcry_sexp_release (list); list = NULL;
857 /* We have no need for the CSUM value thus we don't parse it. */
858 /* list = gcry_sexp_find_token (top_list, "csum", 0); */
861 /* string = gcry_sexp_nth_string (list, 1); */
863 /* goto bad_seckey; */
864 /* desired_csum = strtoul (string, NULL, 10); */
865 /* xfree (string); */
868 /* desired_csum = 0; */
869 /* gcry_sexp_release (list); list = NULL; */
871 /* Get the curve name if any, */
872 list = gcry_sexp_find_token (top_list, "curve", 0);
875 curve = gcry_sexp_nth_string (list, 1);
876 gcry_sexp_release (list); list = NULL;
879 gcry_sexp_release (top_list); top_list = NULL;
881 /* log_debug ("XXX is_v4=%d\n", is_v4); */
882 /* log_debug ("XXX pubkey_algo=%d\n", pubkey_algo); */
883 /* log_debug ("XXX is_protected=%d\n", is_protected); */
884 /* log_debug ("XXX protect_algo=%d\n", protect_algo); */
885 /* log_printhex ("XXX iv", iv, ivlen); */
886 /* log_debug ("XXX ivlen=%d\n", ivlen); */
887 /* log_debug ("XXX s2k_mode=%d\n", s2k_mode); */
888 /* log_debug ("XXX s2k_algo=%d\n", s2k_algo); */
889 /* log_printhex ("XXX s2k_salt", s2k_salt, sizeof s2k_salt); */
890 /* log_debug ("XXX s2k_count=%lu\n", (unsigned long)s2k_count); */
891 /* for (idx=0; skey[idx]; idx++) */
893 /* int is_enc = gcry_mpi_get_flag (skey[idx], GCRYMPI_FLAG_OPAQUE); */
894 /* log_info ("XXX skey[%d]%s:", idx, is_enc? " (enc)":""); */
898 /* unsigned int nbits; */
899 /* p = gcry_mpi_get_opaque (skey[idx], &nbits); */
900 /* log_printhex (NULL, p, (nbits+7)/8); */
903 /* gcry_mpi_dump (skey[idx]); */
904 /* log_printf ("\n"); */
907 if (!is_v4 || is_protected != 2 )
909 /* We only support the v4 format and a SHA-1 checksum. */
910 err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
914 /* We need to change the received parameters for ECC algorithms.
915 The transfer format has the curve name and the parameters
916 separate. We put them all into the SKEY array. */
917 if (canon_pk_algo (pk_algo) == GCRY_PK_ECC)
921 /* Assert that all required parameters are available. We also
922 check that the array does not contain more parameters than
923 needed (this was used by some beta versions of 2.1. */
924 if (!curve || !skey[0] || !skey[1] || skey[2])
926 err = gpg_error (GPG_ERR_INTERNAL);
930 oidstr = openpgp_curve_to_oid (curve, NULL);
933 log_error ("no OID known for curve '%s'\n", curve);
934 err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
937 /* Put the curve's OID into into the MPI array. This requires
938 that we shift Q and D. For ECDH also insert the KDF parms. */
943 skey[2] = gcry_mpi_copy (pk->pkey[2]);
952 err = openpgp_oid_from_str (oidstr, skey + 0);
955 /* Fixup the NPKEY and NSKEY to match OpenPGP reality. */
959 /* for (idx=0; skey[idx]; idx++) */
961 /* log_info ("YYY skey[%d]:", idx); */
962 /* if (gcry_mpi_get_flag (skey[idx], GCRYMPI_FLAG_OPAQUE)) */
965 /* unsigned int nbits; */
966 /* p = gcry_mpi_get_opaque (skey[idx], &nbits); */
967 /* log_printhex (NULL, p, (nbits+7)/8); */
970 /* gcry_mpi_dump (skey[idx]); */
971 /* log_printf ("\n"); */
975 /* Do some sanity checks. */
978 /* We expect an already encoded S2K count. */
979 err = gpg_error (GPG_ERR_INV_DATA);
982 err = openpgp_cipher_test_algo (protect_algo);
985 err = openpgp_md_test_algo (s2k_algo);
989 /* Check that the public key parameters match. Note that since
990 Libgcrypt 1.5 gcry_mpi_cmp handles opaque MPI correctly. */
991 for (idx=0; idx < npkey; idx++)
992 if (gcry_mpi_cmp (pk->pkey[idx], skey[idx]))
994 err = gpg_error (GPG_ERR_BAD_PUBKEY);
998 /* Check that the first secret key parameter in SKEY is encrypted
999 and that there are no more secret key parameters. The latter is
1000 guaranteed by the v4 packet format. */
1001 if (!gcry_mpi_get_flag (skey[npkey], GCRYMPI_FLAG_OPAQUE))
1003 if (npkey+1 < DIM (skey) && skey[npkey+1])
1006 /* Check that the secret key parameters in PK are all set to NULL. */
1007 for (idx=npkey; idx < nskey; idx++)
1011 /* Now build the protection info. */
1012 pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
1015 err = gpg_error_from_syserror ();
1019 ski->is_protected = 1;
1021 ski->algo = protect_algo;
1022 ski->s2k.mode = s2k_mode;
1023 ski->s2k.hash_algo = s2k_algo;
1024 log_assert (sizeof ski->s2k.salt == sizeof s2k_salt);
1025 memcpy (ski->s2k.salt, s2k_salt, sizeof s2k_salt);
1026 ski->s2k.count = s2k_count;
1027 log_assert (ivlen <= sizeof ski->iv);
1028 memcpy (ski->iv, iv, ivlen);
1031 /* Store the protected secret key parameter. */
1032 pk->pkey[npkey] = skey[npkey];
1039 gcry_sexp_release (list);
1040 gcry_sexp_release (top_list);
1041 for (idx=0; idx < skeyidx; idx++)
1042 gcry_mpi_release (skey[idx]);
1046 err = gpg_error (GPG_ERR_BAD_SECKEY);
1050 err = gpg_error (GPG_ERR_ENOMEM);
1055 /* Print an "EXPORTED" status line. PK is the primary public key. */
1057 print_status_exported (PKT_public_key *pk)
1061 if (!is_status_enabled ())
1064 hexfpr = hexfingerprint (pk, NULL, 0);
1065 write_status_text (STATUS_EXPORTED, hexfpr? hexfpr : "[?]");
1071 * Receive a secret key from agent specified by HEXGRIP.
1073 * Since the key data from agant is encrypted, decrypt it by CIPHERHD.
1074 * Then, parse the decrypted key data in transfer format, and put
1075 * secret parameters into PK.
1077 * If CLEARTEXT is 0, store the secret key material
1078 * passphrase-protected. Otherwise, store secret key material in the
1081 * CACHE_NONCE_ADDR is used to share nonce for multple key retrievals.
1084 receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
1086 char **cache_nonce_addr, const char *hexgrip,
1089 gpg_error_t err = 0;
1090 unsigned char *wrappedkey = NULL;
1091 size_t wrappedkeylen;
1092 unsigned char *key = NULL;
1093 size_t keylen, realkeylen;
1098 log_info ("key %s: asking agent for the secret parts\n", hexgrip);
1100 prompt = gpg_format_keydesc (pk, FORMAT_KEYDESC_EXPORT,1);
1101 err = agent_export_key (ctrl, hexgrip, prompt, !cleartext, cache_nonce_addr,
1102 &wrappedkey, &wrappedkeylen);
1107 if (wrappedkeylen < 24)
1109 err = gpg_error (GPG_ERR_INV_LENGTH);
1112 keylen = wrappedkeylen - 8;
1113 key = xtrymalloc_secure (keylen);
1116 err = gpg_error_from_syserror ();
1119 err = gcry_cipher_decrypt (cipherhd, key, keylen, wrappedkey, wrappedkeylen);
1122 realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err);
1124 goto unwraperror; /* Invalid csexp. */
1126 err = gcry_sexp_sscan (&s_skey, NULL, key, realkeylen);
1130 err = cleartext_secret_key_to_openpgp (s_skey, pk);
1132 err = transfer_format_to_openpgp (s_skey, pk);
1133 gcry_sexp_release (s_skey);
1141 log_error ("key %s: error receiving key from agent:"
1142 " %s%s\n", hexgrip, gpg_strerror (err),
1143 gpg_err_code (err) == GPG_ERR_FULLY_CANCELED?
1144 "":_(" - skipped"));
1150 /* Export the keys identified by the list of strings in USERS to the
1151 stream OUT. If Secret is false public keys will be exported. With
1152 secret true secret keys will be exported; in this case 1 means the
1153 entire secret keyblock and 2 only the subkeys. OPTIONS are the
1154 export options to apply. If KEYBLOCK_OUT is not NULL, AND the exit
1155 code is zero, a pointer to the first keyblock found and exported
1156 will be stored at this address; no other keyblocks are exported in
1157 this case. The caller must free the returned keyblock. If any
1158 key has been exported true is stored at ANY. */
1160 do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
1161 kbnode_t *keyblock_out, unsigned int options,
1162 export_stats_t stats, int *any)
1164 gpg_error_t err = 0;
1166 KBNODE keyblock = NULL;
1168 size_t ndesc, descindex;
1169 KEYDB_SEARCH_DESC *desc = NULL;
1170 subkey_list_t subkey_list = NULL; /* Track already processed subkeys. */
1173 gcry_cipher_hd_t cipherhd = NULL;
1174 char *cache_nonce = NULL;
1175 struct export_stats_s dummystats;
1179 stats = &dummystats;
1182 kdbhd = keydb_new ();
1184 return gpg_error_from_syserror ();
1186 /* For the DANE format override the options. */
1187 if ((options & EXPORT_DANE_FORMAT))
1188 options = (EXPORT_DANE_FORMAT | EXPORT_MINIMAL | EXPORT_CLEAN);
1194 desc = xcalloc (ndesc, sizeof *desc);
1195 desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1199 for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
1201 desc = xmalloc ( ndesc * sizeof *desc);
1203 for (ndesc=0, sl=users; sl; sl = sl->next)
1205 if (!(err=classify_user_id (sl->d, desc+ndesc, 1)))
1208 log_error (_("key \"%s\" not found: %s\n"),
1209 sl->d, gpg_strerror (err));
1212 keydb_disable_caching (kdbhd); /* We are looping the search. */
1214 /* It would be nice to see which of the given users did actually
1215 match one in the keyring. To implement this we need to have
1216 a found flag for each entry in desc. To set this flag we
1217 must check all those entries after a match to mark all
1218 matched one - currently we stop at the first match. To do
1219 this we need an extra flag to enable this feature. */
1222 #ifdef ENABLE_SELINUX_HACKS
1225 log_error (_("exporting secret keys not allowed\n"));
1226 err = gpg_error (GPG_ERR_NOT_SUPPORTED);
1231 /* For secret key export we need to setup a decryption context. */
1237 err = agent_keywrap_key (ctrl, 1, &kek, &keklen);
1240 log_error ("error getting the KEK: %s\n", gpg_strerror (err));
1244 /* Prepare a cipher context. */
1245 err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
1246 GCRY_CIPHER_MODE_AESWRAP, 0);
1248 err = gcry_cipher_setkey (cipherhd, kek, keklen);
1251 log_error ("error setting up an encryption context: %s\n",
1252 gpg_strerror (err));
1261 int skip_until_subkey = 0;
1265 err = keydb_search (kdbhd, desc, ndesc, &descindex);
1267 desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1271 /* Read the keyblock. */
1272 release_kbnode (keyblock);
1274 err = keydb_get_keyblock (kdbhd, &keyblock);
1277 log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
1281 node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
1284 log_error ("public key packet not found in keyblock - skipped\n");
1288 setup_main_keyids (keyblock); /* gpg_format_keydesc needs it. */
1289 pk = node->pkt->pkt.public_key;
1290 keyid_from_pk (pk, keyid);
1292 /* If a secret key export is required we need to check whether
1293 we have a secret key at all and if so create the seckey_info
1297 if (agent_probe_any_secret_key (ctrl, keyblock))
1298 continue; /* No secret key (neither primary nor subkey). */
1300 /* No v3 keys with GNU mode 1001. */
1301 if (secret == 2 && pk->version == 3)
1303 log_info (_("key %s: PGP 2.x style key - skipped\n"),
1308 /* The agent does not yet allow to export v3 packets. It is
1309 actually questionable whether we should allow them at
1311 if (pk->version == 3)
1313 log_info ("key %s: PGP 2.x style key (v3) export "
1314 "not yet supported - skipped\n", keystr (keyid));
1317 stats->secret_count++;
1320 /* Always do the cleaning on the public key part if requested.
1321 Note that we don't yet set this option if we are exporting
1322 secret keys. Note that both export-clean and export-minimal
1323 only apply to UID sigs (0x10, 0x11, 0x12, and 0x13). A
1324 designated revocation is never stripped, even with
1325 export-minimal set. */
1326 if ((options & EXPORT_CLEAN))
1327 clean_key (keyblock, opt.verbose, (options&EXPORT_MINIMAL), NULL, NULL);
1330 xfree (cache_nonce);
1332 for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); )
1334 if (skip_until_subkey)
1336 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1337 skip_until_subkey = 0;
1342 /* We used to use comment packets, but not any longer. In
1343 case we still have comments on a key, strip them here
1344 before we call build_packet(). */
1345 if (node->pkt->pkttype == PKT_COMMENT)
1348 /* Make sure that ring_trust packets never get exported. */
1349 if (node->pkt->pkttype == PKT_RING_TRUST)
1352 /* If exact is set, then we only export what was requested
1353 (plus the primary key, if the user didn't specifically
1355 if (desc[descindex].exact
1356 && node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1358 if (!exact_subkey_match_p (desc+descindex, node))
1360 /* Before skipping this subkey, check whether any
1361 other description wants an exact match on a
1362 subkey and include that subkey into the output
1363 too. Need to add this subkey to a list so that
1364 it won't get processed a second time.
1366 So the first step here is to check that list and
1367 skip in any case if the key is in that list.
1369 We need this whole mess because the import
1370 function of GnuPG < 2.1 is not able to merge
1371 secret keys and thus it is useless to output them
1372 as two separate keys and have import merge them. */
1373 if (subkey_in_list_p (subkey_list, node))
1374 skip_until_subkey = 1; /* Already processed this one. */
1379 for (j=0; j < ndesc; j++)
1380 if (j != descindex && desc[j].exact
1381 && exact_subkey_match_p (desc+j, node))
1384 skip_until_subkey = 1; /* No other one matching. */
1388 if(skip_until_subkey)
1391 /* Mark this one as processed. */
1393 subkey_list_t tmp = new_subkey_list_item (node);
1394 tmp->next = subkey_list;
1399 if (node->pkt->pkttype == PKT_SIGNATURE)
1401 /* Do not export packets which are marked as not
1403 if (!(options&EXPORT_LOCAL_SIGS)
1404 && !node->pkt->pkt.signature->flags.exportable)
1405 continue; /* not exportable */
1407 /* Do not export packets with a "sensitive" revocation
1408 key unless the user wants us to. Note that we do
1409 export these when issuing the actual revocation
1411 if (!(options&EXPORT_SENSITIVE_REVKEYS)
1412 && node->pkt->pkt.signature->revkey)
1416 for (i=0;i<node->pkt->pkt.signature->numrevkeys;i++)
1417 if ( (node->pkt->pkt.signature->revkey[i].class & 0x40))
1420 if (i < node->pkt->pkt.signature->numrevkeys)
1425 /* Don't export attribs? */
1426 if (!(options&EXPORT_ATTRIBUTES)
1427 && node->pkt->pkttype == PKT_USER_ID
1428 && node->pkt->pkt.user_id->attrib_data )
1430 /* Skip until we get to something that is not an attrib
1431 or a signature on an attrib */
1432 while (kbctx->next && kbctx->next->pkt->pkttype==PKT_SIGNATURE)
1433 kbctx = kbctx->next;
1438 if (secret && (node->pkt->pkttype == PKT_PUBLIC_KEY
1439 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY))
1441 u32 subkidbuf[2], *subkid;
1442 char *hexgrip, *serialno;
1444 pk = node->pkt->pkt.public_key;
1445 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
1449 keyid_from_pk (pk, subkidbuf);
1453 if (pk->seckey_info)
1455 log_error ("key %s: oops: seckey_info already set"
1456 " - skipped\n", keystr_with_sub (keyid, subkid));
1457 skip_until_subkey = 1;
1461 err = hexkeygrip_from_pk (pk, &hexgrip);
1464 log_error ("key %s: error computing keygrip: %s"
1465 " - skipped\n", keystr_with_sub (keyid, subkid),
1466 gpg_strerror (err));
1467 skip_until_subkey = 1;
1472 if (secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY)
1474 /* We are asked not to export the secret parts of
1475 the primary key. Make up an error code to create
1477 err = GPG_ERR_NOT_FOUND;
1481 err = agent_get_keyinfo (ctrl, hexgrip, &serialno, &cleartext);
1483 if ((!err && serialno)
1484 && secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY)
1486 /* It does not make sense to export a key with its
1487 primary key on card using a non-key stub. Thus
1488 we skip those keys when used with
1489 --export-secret-subkeys. */
1490 log_info (_("key %s: key material on-card - skipped\n"),
1491 keystr_with_sub (keyid, subkid));
1492 skip_until_subkey = 1;
1494 else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND
1495 || (!err && serialno))
1497 /* Create a key stub. */
1498 struct seckey_info *ski;
1501 pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
1504 err = gpg_error_from_syserror ();
1509 ski->is_protected = 1;
1511 ski->s2k.mode = 1001; /* GNU dummy (no secret key). */
1514 ski->s2k.mode = 1002; /* GNU-divert-to-card. */
1515 for (s=serialno; sizeof (ski->ivlen) && *s && s[1];
1516 ski->ivlen++, s += 2)
1517 ski->iv[ski->ivlen] = xtoi_2 (s);
1520 err = build_packet (out, node->pkt);
1521 if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY)
1524 print_status_exported (node->pkt->pkt.public_key);
1529 err = receive_seckey_from_agent (ctrl, cipherhd,
1530 cleartext, &cache_nonce,
1534 if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
1536 skip_until_subkey = 1;
1541 err = build_packet (out, node->pkt);
1542 if (node->pkt->pkttype == PKT_PUBLIC_KEY)
1545 print_status_exported (node->pkt->pkt.public_key);
1551 log_error ("key %s: error getting keyinfo from agent: %s"
1552 " - skipped\n", keystr_with_sub (keyid, subkid),
1553 gpg_strerror (err));
1554 skip_until_subkey = 1;
1558 xfree (pk->seckey_info);
1559 pk->seckey_info = NULL;
1564 err = build_packet (out, node->pkt);
1565 if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY)
1568 print_status_exported (node->pkt->pkt.public_key);
1575 log_error ("build_packet(%d) failed: %s\n",
1576 node->pkt->pkttype, gpg_strerror (err));
1580 if (!skip_until_subkey)
1586 *keyblock_out = keyblock;
1590 if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
1594 gcry_cipher_close (cipherhd);
1595 release_subkey_list (subkey_list);
1597 keydb_release (kdbhd);
1598 if (err || !keyblock_out)
1599 release_kbnode( keyblock );
1600 xfree (cache_nonce);
1602 log_info(_("WARNING: nothing exported\n"));
1610 key_to_sshblob (membuf_t *mb, const char *identifier, ...)
1613 gpg_error_t err = 0;
1614 unsigned char nbuf[4];
1619 ulongtobuf (nbuf, (ulong)strlen (identifier));
1620 put_membuf (mb, nbuf, 4);
1621 put_membuf_str (mb, identifier);
1622 if (!strncmp (identifier, "ecdsa-sha2-", 11))
1624 ulongtobuf (nbuf, (ulong)strlen (identifier+11));
1625 put_membuf (mb, nbuf, 4);
1626 put_membuf_str (mb, identifier+11);
1628 va_start (arg_ptr, identifier);
1629 while ((a = va_arg (arg_ptr, gcry_mpi_t)))
1631 err = gcry_mpi_aprint (GCRYMPI_FMT_SSH, &buf, &buflen, a);
1634 if (!strcmp (identifier, "ssh-ed25519")
1635 && buflen > 5 && buf[4] == 0x40)
1637 /* We need to strip our 0x40 prefix. */
1638 put_membuf (mb, "\x00\x00\x00\x20", 4);
1639 put_membuf (mb, buf+5, buflen-5);
1642 put_membuf (mb, buf, buflen);
1649 /* Export the key identified by USERID in the SSH public key format.
1650 The function exports the latest subkey with Authentication
1651 capability unless the '!' suffix is used to export a specific
1654 export_ssh_key (ctrl_t ctrl, const char *userid)
1657 kbnode_t keyblock = NULL;
1658 KEYDB_SEARCH_DESC desc;
1660 u32 curtime = make_timestamp ();
1661 kbnode_t latest_key, node;
1663 const char *identifier;
1665 estream_t fp = NULL;
1666 struct b64state b64_state;
1667 const char *fname = "-";
1669 init_membuf (&mb, 4096);
1671 /* We need to know whether the key has been specified using the
1672 exact syntax ('!' suffix). Thus we need to run a
1673 classify_user_id on our own. */
1674 err = classify_user_id (userid, &desc, 1);
1676 /* Get the public key. */
1679 getkey_ctx_t getkeyctx;
1681 err = get_pubkey_byname (ctrl, &getkeyctx, NULL, userid, &keyblock,
1683 0 /* Only usable keys or given exact. */,
1684 1 /* No AKL lookup. */);
1687 err = getkey_next (getkeyctx, NULL, NULL);
1689 err = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
1690 else if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY)
1693 getkey_end (getkeyctx);
1697 log_error (_("key \"%s\" not found: %s\n"), userid, gpg_strerror (err));
1701 /* The finish_lookup code in getkey.c does not handle auth keys,
1702 thus we have to duplicate the code here to find the latest
1703 subkey. However, if the key has been found using an exact match
1704 ('!' notation) we use that key without any further checks and
1705 even allow the use of the primary key. */
1708 for (node = keyblock; node; node = node->next)
1710 if ((node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1711 || node->pkt->pkttype == PKT_PUBLIC_KEY)
1712 && node->pkt->pkt.public_key->flags.exact)
1720 for (node = keyblock; node; node = node->next)
1722 if (node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
1725 pk = node->pkt->pkt.public_key;
1727 log_debug ("\tchecking subkey %08lX\n",
1728 (ulong) keyid_from_pk (pk, NULL));
1729 if (!(pk->pubkey_usage & PUBKEY_USAGE_AUTH))
1732 log_debug ("\tsubkey not usable for authentication\n");
1735 if (!pk->flags.valid)
1738 log_debug ("\tsubkey not valid\n");
1741 if (pk->flags.revoked)
1744 log_debug ("\tsubkey has been revoked\n");
1747 if (pk->has_expired)
1750 log_debug ("\tsubkey has expired\n");
1753 if (pk->timestamp > curtime && !opt.ignore_valid_from)
1756 log_debug ("\tsubkey not yet valid\n");
1760 log_debug ("\tsubkey might be fine\n");
1761 /* In case a key has a timestamp of 0 set, we make sure that it
1762 is used. A better change would be to compare ">=" but that
1763 might also change the selected keys and is as such a more
1764 intrusive change. */
1765 if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date))
1767 latest_date = pk->timestamp;
1775 err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY);
1776 log_error (_("key \"%s\" not found: %s\n"), userid, gpg_strerror (err));
1780 pk = latest_key->pkt->pkt.public_key;
1782 log_debug ("\tusing key %08lX\n", (ulong) keyid_from_pk (pk, NULL));
1784 switch (pk->pubkey_algo)
1786 case PUBKEY_ALGO_DSA:
1787 identifier = "ssh-dss";
1788 err = key_to_sshblob (&mb, identifier,
1789 pk->pkey[0], pk->pkey[1], pk->pkey[2], pk->pkey[3],
1793 case PUBKEY_ALGO_RSA:
1794 case PUBKEY_ALGO_RSA_S:
1795 identifier = "ssh-rsa";
1796 err = key_to_sshblob (&mb, identifier, pk->pkey[1], pk->pkey[0], NULL);
1799 case PUBKEY_ALGO_ECDSA:
1804 curveoid = openpgp_oid_to_str (pk->pkey[0]);
1806 err = gpg_error_from_syserror ();
1807 else if (!(curve = openpgp_oid_to_curve (curveoid, 0)))
1808 err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
1811 if (!strcmp (curve, "nistp256"))
1812 identifier = "ecdsa-sha2-nistp256";
1813 else if (!strcmp (curve, "nistp384"))
1814 identifier = "ecdsa-sha2-nistp384";
1815 else if (!strcmp (curve, "nistp521"))
1816 identifier = "ecdsa-sha2-nistp521";
1821 err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
1823 err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL);
1829 case PUBKEY_ALGO_EDDSA:
1830 if (!openpgp_oid_is_ed25519 (pk->pkey[0]))
1831 err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
1834 identifier = "ssh-ed25519";
1835 err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL);
1839 case PUBKEY_ALGO_ELGAMAL_E:
1840 case PUBKEY_ALGO_ELGAMAL:
1841 err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY);
1845 err = GPG_ERR_PUBKEY_ALGO;
1852 if (opt.outfile && *opt.outfile && strcmp (opt.outfile, "-"))
1853 fp = es_fopen ((fname = opt.outfile), "w");
1858 err = gpg_error_from_syserror ();
1859 log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
1863 es_fprintf (fp, "%s ", identifier);
1864 err = b64enc_start_es (&b64_state, fp, "");
1871 blob = get_membuf (&mb, &bloblen);
1873 err = gpg_error_from_syserror ();
1875 err = b64enc_write (&b64_state, blob, bloblen);
1880 err = b64enc_finish (&b64_state);
1883 es_fprintf (fp, " openpgp:0x%08lX\n", (ulong)keyid_from_pk (pk, NULL));
1886 err = gpg_error_from_syserror ();
1890 err = gpg_error_from_syserror ();
1895 log_error (_("error writing '%s': %s\n"), fname, gpg_strerror (err));
1899 xfree (get_membuf (&mb, NULL));
1900 release_kbnode (keyblock);