2
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
3
* 2004 Free Software Foundation, Inc.
2
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
3
* 2005 Free Software Foundation, Inc.
5
5
* This file is part of GnuPG.
17
17
* You should have received a copy of the GNU General Public License
18
18
* along with this program; if not, write to the Free Software
19
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
22
23
#include <config.h>
38
40
static int do_export( STRLIST users, int secret, unsigned int options );
39
41
static int do_export_stream( IOBUF out, STRLIST users, int secret,
48
50
{"export-local-sigs",EXPORT_LOCAL_SIGS,NULL},
49
51
{"export-attributes",EXPORT_ATTRIBUTES,NULL},
50
52
{"export-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL},
51
{"export-minimal",EXPORT_MINIMAL,NULL},
52
{"export-unusable-sigs",EXPORT_UNUSABLE_SIGS,NULL},
53
{"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN_SIGS|EXPORT_CLEAN_UIDS,NULL},
54
{"export-clean",EXPORT_CLEAN_SIGS|EXPORT_CLEAN_UIDS,NULL},
55
{"export-clean-sigs",EXPORT_CLEAN_SIGS,NULL},
56
{"export-clean-uids",EXPORT_CLEAN_UIDS,NULL},
58
{"export-reset-subkey-passwd", EXPORT_RESET_SUBKEY_PASSWD, NULL},
53
60
/* Aliases for backward compatibility */
54
61
{"include-local-sigs",EXPORT_LOCAL_SIGS,NULL},
55
62
{"include-attributes",EXPORT_ATTRIBUTES,NULL},
56
63
{"include-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL},
65
{"export-unusable-sigs",0,NULL},
58
67
/* add tags for include revoked and disabled? */
221
230
keystr(sk_keyid));
236
/* It's a public key export */
237
if((options&EXPORT_MINIMAL)
238
&& (node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
239
keyid_from_pk(node->pkt->pkt.public_key,keyid);
225
if(options&EXPORT_MINIMAL)
226
keyid_from_sk(sk,keyid);
241
if(options&EXPORT_CLEAN_UIDS)
242
clean_uids_from_key(keyblock,opt.verbose);
228
else if((options&EXPORT_MINIMAL)
229
&& (node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
230
keyid_from_pk(node->pkt->pkt.public_key,keyid);
232
245
/* and write it */
233
246
for( kbctx=NULL; (node = walk_kbnode( keyblock, &kbctx, 0 )); ) {
243
/* don't export any comment packets but those in the
245
if( !secret && node->pkt->pkttype == PKT_COMMENT )
256
/* We used to use comment packets, but not any longer. In
257
case we still have comments on a key, strip them here
258
before we call build_packet(). */
259
if( node->pkt->pkttype == PKT_COMMENT )
248
262
/* make sure that ring_trust packets never get exported */
249
263
if (node->pkt->pkttype == PKT_RING_TRUST)
316
if( node->pkt->pkttype == PKT_SIGNATURE )
330
if(node->pkt->pkttype==PKT_USER_ID)
332
/* Run clean_sigs_from_uid against each uid if
333
export-clean-sigs is on. */
334
if(options&EXPORT_CLEAN_SIGS)
335
clean_sigs_from_uid(keyblock,node,opt.verbose);
337
else if(node->pkt->pkttype==PKT_SIGNATURE)
318
339
/* If we have export-minimal turned on, do not include
319
340
any signature that isn't a selfsig. Note that this
325
346
|| node->pkt->pkt.signature->keyid[1]!=keyid[1]))
328
/* We do basically the same thing for
329
export-unusable-sigs. It only applies to expired
330
uid sigs that aren't selfsigs. */
331
if(!(options&EXPORT_UNUSABLE_SIGS)
332
&& IS_UID_SIG(node->pkt->pkt.signature)
333
&& node->pkt->pkt.signature->flags.expired
334
&& (node->pkt->pkt.signature->keyid[0]!=keyid[0]
335
|| node->pkt->pkt.signature->keyid[1]!=keyid[1]))
338
/* do not export packets which are marked as not exportable */
349
/* do not export packets which are marked as not
339
351
if(!(options&EXPORT_LOCAL_SIGS)
340
352
&& !node->pkt->pkt.signature->flags.exportable)
341
353
continue; /* not exportable */
374
386
if( secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY )
376
/* we don't want to export the secret parts of the
388
/* We don't want to export the secret parts of the
377
389
* primary key, this is done by using GNU protection mode 1001
379
391
int save_mode = node->pkt->pkt.secret_key->protect.s2k.mode;
381
393
rc = build_packet( out, node->pkt );
382
394
node->pkt->pkt.secret_key->protect.s2k.mode = save_mode;
396
else if (secret == 2 && node->pkt->pkttype == PKT_SECRET_SUBKEY
397
&& (opt.export_options&EXPORT_RESET_SUBKEY_PASSWD))
399
/* If the subkey is protected reset the passphrase to
400
export an unprotected subkey. This feature is
401
useful in cases of a subkey copied to an unattended
402
machine where a passphrase is not required. */
403
PKT_secret_key *sk_save, *sk;
405
sk_save = node->pkt->pkt.secret_key;
406
sk = copy_secret_key (NULL, sk_save);
407
node->pkt->pkt.secret_key = sk;
409
log_info ("about to export an unprotected subkey\n");
410
switch (is_secret_key_protected (sk))
413
rc = G10ERR_PUBKEY_ALGO;
418
if (sk->protect.s2k.mode == 1001)
419
; /* No secret parts. */
420
else if( sk->protect.s2k.mode == 1002 )
421
; /* Card key stub. */
424
rc = check_secret_key( sk, 0 );
430
node->pkt->pkt.secret_key = sk_save;
431
free_secret_key (sk);
432
/* FIXME: Make translatable after releasing 1.4.2 */
433
log_error ("failed to unprotect the subkey: %s\n",
438
rc = build_packet (out, node->pkt);
440
node->pkt->pkt.secret_key = sk_save;
441
free_secret_key (sk);
386
445
/* Warn the user if the secret key or any of the secret