2
* Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
2
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
3
* 2004 Free Software Foundation, Inc.
4
5
* This file is part of GnuPG.
6
7
* GnuPG is free software; you can redistribute it and/or modify
7
8
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
9
* the Free Software Foundation; either version 3 of the License, or
9
10
* (at your option) any later version.
11
12
* GnuPG is distributed in the hope that it will be useful,
14
15
* GNU General Public License for more details.
16
17
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, write to the Free Software
18
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
18
* along with this program; if not, see <http://www.gnu.org/licenses/>.
21
21
#include <config.h>
59
59
ud = native_to_utf8( reason->desc );
60
60
buflen += strlen(ud);
62
buffer = xmalloc ( buflen );
62
buffer = xmalloc( buflen );
63
63
*buffer = reason->code;
65
65
memcpy(buffer+1, ud, strlen(ud) );
69
69
build_sig_subpkt( sig, SIGSUBPKT_REVOC_REASON, buffer, buflen );
76
76
and pick a user ID that has a uid signature, and include it if
79
export_minimal_pk(iobuf_t out,KBNODE keyblock,
79
export_minimal_pk(IOBUF out,KBNODE keyblock,
80
80
PKT_signature *revsig,PKT_signature *revkey)
89
89
node=find_kbnode(keyblock,PKT_PUBLIC_KEY);
92
log_error(_("key incomplete\n"));
93
return GPG_ERR_GENERAL;
92
log_error("key incomplete\n");
93
return G10ERR_GENERAL;
96
96
keyid_from_pk(node->pkt->pkt.public_key,keyid);
99
99
rc=build_packet(out,&pkt);
102
log_error(_("build_packet failed: %s\n"), gpg_strerror (rc) );
102
log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
113
113
rc=build_packet(out,&pkt);
116
log_error(_("build_packet failed: %s\n"), gpg_strerror (rc) );
116
log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
125
125
rc=build_packet(out,&pkt);
128
log_error(_("build_packet failed: %s\n"), gpg_strerror (rc) );
128
log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
171
171
rc=build_packet(out,&pkt);
174
log_error(_("build_packet failed: %s\n"), gpg_strerror (rc) );
174
log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
183
183
rc=build_packet(out,&pkt);
186
log_error(_("build_packet failed: %s\n"), gpg_strerror (rc) );
186
log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
195
195
* Generate a revocation certificate for UNAME via a designated revoker
198
gen_desig_revoke( const char *uname )
198
gen_desig_revoke( const char *uname, strlist_t locusr )
201
armor_filter_context_t afx;
201
armor_filter_context_t *afx;
202
202
PKT_public_key *pk = NULL;
203
203
PKT_secret_key *sk = NULL;
204
204
PKT_signature *sig = NULL;
206
206
struct revocation_reason_info *reason = NULL;
207
207
KEYDB_HANDLE kdbhd;
208
208
KEYDB_SEARCH_DESC desc;
209
209
KBNODE keyblock=NULL,node;
214
log_error(_("sorry, can't do this in batch mode\n"));
215
return GPG_ERR_GENERAL;
218
memset( &afx, 0, sizeof afx);
212
SK_LIST sk_list=NULL;
216
log_error(_("can't do this in batch mode\n"));
217
return G10ERR_GENERAL;
220
afx = new_armor_context ();
220
222
kdbhd = keydb_new (0);
221
223
classify_user_id (uname, &desc);
222
rc = desc.mode? keydb_search (kdbhd, &desc, 1) : GPG_ERR_INV_USER_ID;
224
rc = desc.mode? keydb_search (kdbhd, &desc, 1) : G10ERR_INV_USER_ID;
224
log_error (_("key `%s' not found: %s\n"),uname, gpg_strerror (rc));
226
log_error (_("key \"%s\" not found: %s\n"),uname, g10_errstr (rc));
228
230
rc = keydb_get_keyblock (kdbhd, &keyblock );
230
log_error (_("error reading keyblock: %s\n"), gpg_strerror (rc) );
232
log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
244
246
keyid_from_pk(pk,keyid);
250
rc=build_sk_list(locusr,&sk_list,0,PUBKEY_USAGE_CERT);
246
255
/* Are we a designated revoker for this key? */
248
257
if(!pk->revkey && pk->numrevkeys)
251
260
for(i=0;i<pk->numrevkeys;i++)
254
265
free_secret_key(sk);
256
sk=xcalloc (1,sizeof(*sk));
258
rc=get_seckey_byfprint(sk,pk->revkey[i].fpr,MAX_FINGERPRINT_LEN);
269
for(list=sk_list;list;list=list->next)
271
byte fpr[MAX_FINGERPRINT_LEN];
274
fingerprint_from_sk(list->sk,fpr,&fprlen);
276
/* Don't get involved with keys that don't have 160
281
if(memcmp(fpr,pk->revkey[i].fpr,20)==0)
286
sk=copy_secret_key(NULL,list->sk);
292
sk=xmalloc_secure_clear(sizeof(*sk));
293
rc=get_seckey_byfprint(sk,pk->revkey[i].fpr,MAX_FINGERPRINT_LEN);
260
296
/* We have the revocation key */
275
311
tty_printf("\n");
277
313
if( !cpr_get_answer_is_yes("gen_desig_revoke.okay",
278
_("Create a revocation certificate for this key? ")) )
314
_("Create a designated revocation certificate for this key? (y/N) ")))
281
317
/* get the reason for the revocation (this is always v4) */
293
329
if( (rc = open_outfile( NULL, 0, &out )) )
297
afx.hdrlines = "Comment: A revocation certificate should follow\n";
298
iobuf_push_filter( out, armor_filter, &afx );
333
afx->hdrlines = "Comment: A designated revocation certificate"
335
push_armor_filter (afx, out);
301
338
rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0,
303
340
revocation_reason_build_cb, reason );
305
log_error(_("make_keysig_packet failed: %s\n"), gpg_strerror (rc));
342
log_error(_("make_keysig_packet failed: %s\n"), g10_errstr(rc));
397
437
gen_revoke( const char *uname )
400
armor_filter_context_t afx;
440
armor_filter_context_t *afx;
402
442
PKT_secret_key *sk; /* used as pointer into a kbnode */
403
443
PKT_public_key *pk = NULL;
404
444
PKT_signature *sig = NULL;
407
447
KBNODE keyblock = NULL, pub_keyblock = NULL;
409
449
KEYDB_HANDLE kdbhd;
410
450
struct revocation_reason_info *reason = NULL;
411
451
KEYDB_SEARCH_DESC desc;
414
log_error(_("sorry, can't do this in batch mode\n"));
415
return GPG_ERR_GENERAL;
455
log_error(_("can't do this in batch mode\n"));
456
return G10ERR_GENERAL;
418
memset( &afx, 0, sizeof afx);
459
afx = new_armor_context ();
419
460
init_packet( &pkt );
421
462
/* search the userid:
424
465
kdbhd = keydb_new (1);
425
466
classify_user_id (uname, &desc);
426
rc = desc.mode? keydb_search (kdbhd, &desc, 1) : GPG_ERR_INV_USER_ID;
428
log_error (_("secret key `%s' not found: %s\n"),
429
uname, gpg_strerror (rc));
467
rc = desc.mode? keydb_search (kdbhd, &desc, 1) : G10ERR_INV_USER_ID;
470
log_error (_("secret key \"%s\" not found: %s\n"),
471
uname, g10_errstr (rc));
433
475
rc = keydb_get_keyblock (kdbhd, &keyblock );
435
log_error (_("error reading keyblock: %s\n"), gpg_strerror (rc) );
477
log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
447
489
keyid_from_sk( sk, sk_keyid );
448
490
print_seckey_info (sk);
450
pk = xcalloc (1, sizeof *pk );
492
pk = xmalloc_clear( sizeof *pk );
452
494
/* FIXME: We should get the public key direct from the secret one */
454
496
pub_keyblock=get_pubkeyblock(sk_keyid);
455
497
if(!pub_keyblock)
457
log_error(_("no corresponding public key: %s\n"), gpg_strerror (rc) );
499
log_error(_("no corresponding public key: %s\n"), g10_errstr(rc) );
467
509
if( cmp_public_secret_key( pk, sk ) ) {
468
510
log_error(_("public key does not match secret key!\n") );
469
rc = GPG_ERR_GENERAL;
473
515
tty_printf("\n");
474
516
if( !cpr_get_answer_is_yes("gen_revoke.okay",
475
_("Create a revocation certificate for this key? ")) ){
517
_("Create a revocation certificate for this key? (y/N) ")) )
480
523
if(sk->version>=4 || opt.force_v4_certs) {
481
524
/* get the reason for the revocation */
489
532
switch( is_secret_key_protected( sk ) ) {
491
534
log_error(_("unknown protection algorithm\n"));
492
rc = GPG_ERR_PUBKEY_ALGO;
535
rc = G10ERR_PUBKEY_ALGO;
538
tty_printf (_("Secret parts of primary key are not available.\n"));
539
rc = G10ERR_NO_SECKEY;
495
542
tty_printf(_("NOTE: This key is not protected!\n"));
498
rc = check_secret_key( sk, 0 );
545
rc = check_secret_key( sk, 0 );
508
555
if( (rc = open_outfile( NULL, 0, &out )) )
512
afx.hdrlines = "Comment: A revocation certificate should follow\n";
513
iobuf_push_filter( out, armor_filter, &afx );
559
afx->hdrlines = "Comment: A revocation certificate should follow\n";
560
push_armor_filter (afx, out);
516
563
rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0,
517
564
opt.force_v4_certs?4:0, 0, 0,
518
565
revocation_reason_build_cb, reason );
520
log_error(_("make_keysig_packet failed: %s\n"), gpg_strerror (rc));
567
log_error(_("make_keysig_packet failed: %s\n"), g10_errstr(rc));
538
585
rc = build_packet( out, &pkt );
540
log_error(_("build_packet failed: %s\n"), gpg_strerror (rc) );
587
log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
644
692
trim_trailing_ws( answer, strlen(answer) );
645
693
cpr_kill_prompt();
652
700
char *p = make_printable_string( answer, strlen(answer), 0 );
657
705
if( !description )
658
description = xstrdup (answer);
706
description = xstrdup(answer);
660
char *p = xmalloc ( strlen(description) + strlen(answer) + 2 );
708
char *p = xmalloc( strlen(description) + strlen(answer) + 2 );
661
709
strcpy(stpcpy(stpcpy( p, description),"\n"),answer);
668
716
tty_printf(_("Reason for revocation: %s\n"), code_text );
672
720
tty_printf("%s\n", description );
674
722
} while( !cpr_get_answer_is_yes("ask_revocation_reason.okay",
675
_("Is this okay? ")) );
723
_("Is this okay? (y/N) ")) );
677
reason = xmalloc ( sizeof *reason );
725
reason = xmalloc( sizeof *reason );
678
726
reason->code = code;
679
727
reason->desc = description;