1
/* protect-tool.c - A tool to test the secret key protection
2
* Copyright (C) 2002, 2003, 2004 Free Software Foundation, Inc.
4
* This file is part of GnuPG.
6
* GnuPG is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
9
* (at your option) any later version.
11
* GnuPG is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, write to the Free Software
18
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
35
#ifdef HAVE_LANGINFO_CODESET
38
#ifdef HAVE_DOSISH_SYSTEM
39
#include <fcntl.h> /* for setmode() */
42
#define JNLIB_NEED_LOG_LOGV
45
#include "simple-pwquery.h"
50
enum cmd_and_opt_values
76
struct rsa_secret_key_s
78
gcry_mpi_t n; /* public modulus */
79
gcry_mpi_t e; /* public exponent */
80
gcry_mpi_t d; /* exponent */
81
gcry_mpi_t p; /* prime p. */
82
gcry_mpi_t q; /* prime q. */
83
gcry_mpi_t u; /* inverse of p mod q. */
87
static const char *opt_homedir;
91
static int opt_no_fail_on_exist;
92
static int opt_have_cert;
93
static const char *opt_passphrase;
94
static char *opt_prompt;
95
static int opt_status_msg;
97
static char *get_passphrase (int promptno);
98
static char *get_new_passphrase (int promptno);
99
static void release_passphrase (char *pw);
100
static int store_private_key (const unsigned char *grip,
101
const void *buffer, size_t length, int force);
104
static ARGPARSE_OPTS opts[] = {
106
{ 301, NULL, 0, N_("@Options:\n ") },
108
{ oVerbose, "verbose", 0, "verbose" },
109
{ oArmor, "armor", 0, "write output in advanced format" },
110
{ oPassphrase, "passphrase", 2, "|STRING|use passphrase STRING" },
111
{ oProtect, "protect", 256, "protect a private key"},
112
{ oUnprotect, "unprotect", 256, "unprotect a private key"},
113
{ oShadow, "shadow", 256, "create a shadow entry for a priblic key"},
114
{ oShowShadowInfo, "show-shadow-info", 256, "return the shadow info"},
115
{ oShowKeygrip, "show-keygrip", 256, "show the \"keygrip\""},
117
{ oP12Import, "p12-import", 256, "import a PKCS-12 encoded private key"},
118
{ oP12Export, "p12-export", 256, "export a private key PKCS-12 encoded"},
119
{ oHaveCert, "have-cert", 0, "certificate to export provided on STDIN"},
120
{ oStore, "store", 0, "store the created key in the appropriate place"},
121
{ oForce, "force", 0, "force overwriting"},
122
{ oNoFailOnExist, "no-fail-on-exist", 0, "@" },
123
{ oHomedir, "homedir", 2, "@" },
124
{ oPrompt, "prompt", 2, "|ESCSTRING|use ESCSTRING as prompt in pinentry"},
125
{ oStatusMsg, "enable-status-msg", 0, "@"},
130
my_strusage (int level)
135
case 11: p = "gpg-protect-tool (GnuPG)";
137
case 13: p = VERSION; break;
138
case 17: p = PRINTABLE_OS_NAME; break;
139
case 19: p = _("Please report bugs to <" PACKAGE_BUGREPORT ">.\n");
142
case 40: p = _("Usage: gpg-protect-tool [options] (-h for help)\n");
144
case 41: p = _("Syntax: gpg-protect-tool [options] [args]]\n"
145
"Secret key maintenance tool\n");
158
#ifdef USE_SIMPLE_GETTEXT
159
set_gettext_file( PACKAGE_GT );
162
setlocale (LC_ALL, "");
163
bindtextdomain (PACKAGE_GT, LOCALEDIR);
164
textdomain (PACKAGE_GT);
171
/* Used by gcry for logging */
173
my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr)
175
/* translate the log levels */
178
case GCRY_LOG_CONT: level = JNLIB_LOG_CONT; break;
179
case GCRY_LOG_INFO: level = JNLIB_LOG_INFO; break;
180
case GCRY_LOG_WARN: level = JNLIB_LOG_WARN; break;
181
case GCRY_LOG_ERROR:level = JNLIB_LOG_ERROR; break;
182
case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break;
183
case GCRY_LOG_BUG: level = JNLIB_LOG_BUG; break;
184
case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break;
185
default: level = JNLIB_LOG_ERROR; break; }
186
log_logv (level, fmt, arg_ptr);
191
/* print_mpi (const char *text, gcry_mpi_t a) */
194
/* void *bufaddr = &buf; */
197
/* rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, bufaddr, NULL, a); */
199
/* log_info ("%s: [error printing number: %s]\n", text, gpg_strerror (rc)); */
202
/* log_info ("%s: %s\n", text, buf); */
203
/* gcry_free (buf); */
209
static unsigned char *
210
make_canonical (const char *fname, const char *buf, size_t buflen)
215
unsigned char *result;
217
rc = gcry_sexp_sscan (&sexp, &erroff, buf, buflen);
220
log_error ("invalid S-Expression in `%s' (off=%u): %s\n",
221
fname, (unsigned int)erroff, gpg_strerror (rc));
224
len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, NULL, 0);
226
result = xmalloc (len);
227
len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, result, len);
229
gcry_sexp_release (sexp);
234
make_advanced (const unsigned char *buf, size_t buflen)
239
unsigned char *result;
241
rc = gcry_sexp_sscan (&sexp, &erroff, buf, buflen);
244
log_error ("invalid canonical S-Expression (off=%u): %s\n",
245
(unsigned int)erroff, gpg_strerror (rc));
248
len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
250
result = xmalloc (len);
251
len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, result, len);
253
gcry_sexp_release (sexp);
259
read_file (const char *fname, size_t *r_length)
265
if (!strcmp (fname, "-"))
267
size_t nread, bufsize = 0;
270
#ifdef HAVE_DOSISH_SYSTEM
271
setmode ( fileno(fp) , O_BINARY );
280
buf = xmalloc (bufsize);
282
buf = xrealloc (buf, bufsize);
284
nread = fread (buf+buflen, 1, NCHUNK, fp);
285
if (nread < NCHUNK && ferror (fp))
287
log_error ("error reading `[stdin]': %s\n", strerror (errno));
293
while (nread == NCHUNK);
301
fp = fopen (fname, "rb");
304
log_error ("can't open `%s': %s\n", fname, strerror (errno));
308
if (fstat (fileno(fp), &st))
310
log_error ("can't stat `%s': %s\n", fname, strerror (errno));
316
buf = xmalloc (buflen+1);
317
if (fread (buf, buflen, 1, fp) != 1)
319
log_error ("error reading `%s': %s\n", fname, strerror (errno));
332
static unsigned char *
333
read_key (const char *fname)
339
buf = read_file (fname, &buflen);
342
key = make_canonical (fname, buf, buflen);
350
read_and_protect (const char *fname)
354
unsigned char *result;
358
key = read_key (fname);
362
pw = get_passphrase (1);
363
rc = agent_protect (key, pw, &result, &resultlen);
364
release_passphrase (pw);
368
log_error ("protecting the key failed: %s\n", gpg_strerror (rc));
374
char *p = make_advanced (result, resultlen);
379
resultlen = strlen (p);
382
fwrite (result, resultlen, 1, stdout);
388
read_and_unprotect (const char *fname)
392
unsigned char *result;
396
key = read_key (fname);
400
rc = agent_unprotect (key, (pw=get_passphrase (1)), &result, &resultlen);
401
release_passphrase (pw);
406
log_info ("[PROTECT-TOOL:] bad-passphrase\n");
407
log_error ("unprotecting the key failed: %s\n", gpg_strerror (rc));
413
char *p = make_advanced (result, resultlen);
418
resultlen = strlen (p);
421
fwrite (result, resultlen, 1, stdout);
428
read_and_shadow (const char *fname)
432
unsigned char *result;
435
key = read_key (fname);
439
rc = agent_shadow_key (key, "(8:313233342:43)", &result);
443
log_error ("shadowing the key failed: %s\n", gpg_strerror (rc));
446
resultlen = gcry_sexp_canon_len (result, 0, NULL,NULL);
451
char *p = make_advanced (result, resultlen);
456
resultlen = strlen (p);
459
fwrite (result, resultlen, 1, stdout);
464
show_shadow_info (const char *fname)
468
const unsigned char *info;
471
key = read_key (fname);
475
rc = agent_get_shadow_info (key, &info);
479
log_error ("get_shadow_info failed: %s\n", gpg_strerror (rc));
482
infolen = gcry_sexp_canon_len (info, 0, NULL,NULL);
487
char *p = make_advanced (info, infolen);
490
fwrite (p, strlen (p), 1, stdout);
494
fwrite (info, infolen, 1, stdout);
499
show_file (const char *fname)
505
key = read_key (fname);
509
keylen = gcry_sexp_canon_len (key, 0, NULL,NULL);
512
p = make_advanced (key, keylen);
516
fwrite (p, strlen (p), 1, stdout);
522
show_keygrip (const char *fname)
526
unsigned char grip[20];
529
key = read_key (fname);
533
if (gcry_sexp_new (&private, key, 0, 0))
535
log_error ("gcry_sexp_new failed\n");
540
if (!gcry_pk_get_keygrip (private, grip))
542
log_error ("can't calculate keygrip\n");
545
gcry_sexp_release (private);
547
for (i=0; i < 20; i++)
548
printf ("%02X", grip[i]);
554
rsa_key_check (struct rsa_secret_key_s *skey)
557
gcry_mpi_t t = gcry_mpi_snew (0);
558
gcry_mpi_t t1 = gcry_mpi_snew (0);
559
gcry_mpi_t t2 = gcry_mpi_snew (0);
560
gcry_mpi_t phi = gcry_mpi_snew (0);
562
/* check that n == p * q */
563
gcry_mpi_mul (t, skey->p, skey->q);
564
if (gcry_mpi_cmp( t, skey->n) )
566
log_error ("RSA oops: n != p * q\n");
570
/* check that p is less than q */
571
if (gcry_mpi_cmp (skey->p, skey->q) > 0)
575
log_info ("swapping secret primes\n");
576
tmp = gcry_mpi_copy (skey->p);
577
gcry_mpi_set (skey->p, skey->q);
578
gcry_mpi_set (skey->q, tmp);
579
gcry_mpi_release (tmp);
580
/* and must recompute u of course */
581
gcry_mpi_invm (skey->u, skey->p, skey->q);
584
/* check that e divides neither p-1 nor q-1 */
585
gcry_mpi_sub_ui (t, skey->p, 1 );
586
gcry_mpi_div (NULL, t, t, skey->e, 0);
587
if (!gcry_mpi_cmp_ui( t, 0) )
589
log_error ("RSA oops: e divides p-1\n");
592
gcry_mpi_sub_ui (t, skey->q, 1);
593
gcry_mpi_div (NULL, t, t, skey->e, 0);
594
if (!gcry_mpi_cmp_ui( t, 0))
596
log_info ( "RSA oops: e divides q-1\n" );
600
/* check that d is correct. */
601
gcry_mpi_sub_ui (t1, skey->p, 1);
602
gcry_mpi_sub_ui (t2, skey->q, 1);
603
gcry_mpi_mul (phi, t1, t2);
604
gcry_mpi_invm (t, skey->e, phi);
605
if (gcry_mpi_cmp (t, skey->d))
606
{ /* no: try universal exponent. */
607
gcry_mpi_gcd (t, t1, t2);
608
gcry_mpi_div (t, NULL, phi, t, 0);
609
gcry_mpi_invm (t, skey->e, t);
610
if (gcry_mpi_cmp (t, skey->d))
612
log_error ("RSA oops: bad secret exponent\n");
617
/* check for correctness of u */
618
gcry_mpi_invm (t, skey->p, skey->q);
619
if (gcry_mpi_cmp (t, skey->u))
621
log_info ( "RSA oops: bad u parameter\n");
626
log_info ("RSA secret key check failed\n");
628
gcry_mpi_release (t);
629
gcry_mpi_release (t1);
630
gcry_mpi_release (t2);
631
gcry_mpi_release (phi);
637
/* A callback used by p12_parse to return a certificate. */
639
import_p12_cert_cb (void *opaque, const unsigned char *cert, size_t certlen)
641
struct b64state state;
642
gpg_error_t err, err2;
644
err = b64enc_start (&state, stdout, "CERTIFICATE");
646
err = b64enc_write (&state, cert, certlen);
647
err2 = b64enc_finish (&state);
651
log_error ("error writing armored certificate: %s\n", gpg_strerror (err));
655
import_p12_file (const char *fname)
658
unsigned char *result;
659
size_t buflen, resultlen;
663
struct rsa_secret_key_s sk;
666
unsigned char grip[20];
669
/* fixme: we should release some stuff on error */
671
buf = read_file (fname, &buflen);
675
kparms = p12_parse (buf, buflen, (pw=get_passphrase (2)),
676
import_p12_cert_cb, NULL);
677
release_passphrase (pw);
681
log_error ("error parsing or decrypting the PKCS-12 file\n");
684
for (i=0; kparms[i]; i++)
688
log_error ("invalid structure of private key\n");
693
/* print_mpi (" n", kparms[0]); */
694
/* print_mpi (" e", kparms[1]); */
695
/* print_mpi (" d", kparms[2]); */
696
/* print_mpi (" p", kparms[3]); */
697
/* print_mpi (" q", kparms[4]); */
698
/* print_mpi ("dmp1", kparms[5]); */
699
/* print_mpi ("dmq1", kparms[6]); */
700
/* print_mpi (" u", kparms[7]); */
708
if (rsa_key_check (&sk))
710
/* print_mpi (" n", sk.n); */
711
/* print_mpi (" e", sk.e); */
712
/* print_mpi (" d", sk.d); */
713
/* print_mpi (" p", sk.p); */
714
/* print_mpi (" q", sk.q); */
715
/* print_mpi (" u", sk.u); */
717
/* Create an S-expresion from the parameters. */
718
rc = gcry_sexp_build (&s_key, NULL,
719
"(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
720
sk.n, sk.e, sk.d, sk.p, sk.q, sk.u, NULL);
721
for (i=0; i < 8; i++)
722
gcry_mpi_release (kparms[i]);
726
log_error ("failed to created S-expression from key: %s\n",
731
/* Compute the keygrip. */
732
if (!gcry_pk_get_keygrip (s_key, grip))
734
log_error ("can't calculate keygrip\n");
737
log_info ("keygrip: ");
738
for (i=0; i < 20; i++)
739
log_printf ("%02X", grip[i]);
742
/* Convert to canonical encoding. */
743
buflen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_CANON, NULL, 0);
745
key = gcry_xmalloc_secure (buflen);
746
buflen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_CANON, key, buflen);
748
gcry_sexp_release (s_key);
751
rc = agent_protect (key, (pw=get_new_passphrase (4)), &result, &resultlen);
752
release_passphrase (pw);
756
log_error ("protecting the key failed: %s\n", gpg_strerror (rc));
762
char *p = make_advanced (result, resultlen);
767
resultlen = strlen (p);
771
store_private_key (grip, result, resultlen, opt_force);
773
fwrite (result, resultlen, 1, stdout);
781
sexp_to_kparms (gcry_sexp_t sexp)
783
gcry_sexp_t list, l2;
791
list = gcry_sexp_find_token (sexp, "private-key", 0 );
794
l2 = gcry_sexp_cadr (list);
795
gcry_sexp_release (list);
797
name = gcry_sexp_nth_data (list, 0, &n);
798
if(!name || n != 3 || memcmp (name, "rsa", 3))
800
gcry_sexp_release (list);
804
/* Parameter names used with RSA. */
806
array = xcalloc (strlen(elems) + 1, sizeof *array);
807
for (idx=0, s=elems; *s; s++, idx++ )
809
l2 = gcry_sexp_find_token (list, s, 1);
812
for (i=0; i<idx; i++)
813
gcry_mpi_release (array[i]);
815
gcry_sexp_release (list);
816
return NULL; /* required parameter not found */
818
array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
819
gcry_sexp_release (l2);
822
for (i=0; i<idx; i++)
823
gcry_mpi_release (array[i]);
825
gcry_sexp_release (list);
826
return NULL; /* required parameter is invalid */
830
gcry_sexp_release (list);
835
/* Check whether STRING is a KEYGRIP, i.e has the correct length and
836
does only consist of uppercase hex characters. */
838
is_keygrip (const char *string)
842
for(i=0; string[i] && i < 41; i++)
843
if (!strchr("01234567890ABCDEF", string[i]))
850
export_p12_file (const char *fname)
853
gcry_mpi_t kparms[9], *kp;
857
struct rsa_secret_key_s sk;
859
unsigned char *cert = NULL;
862
size_t keylen_for_wipe = 0;
865
if ( is_keygrip (fname) )
867
char hexgrip[40+4+1];
870
assert (strlen(fname) == 40);
871
strcpy (stpcpy (hexgrip, fname), ".key");
873
p = make_filename (opt_homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
878
key = read_key (fname);
883
keytype = agent_private_key_type (key);
884
if (keytype == PRIVATE_KEY_PROTECTED)
886
unsigned char *tmpkey;
889
rc = agent_unprotect (key, (pw=get_passphrase (1)), &tmpkey, &tmplen);
890
release_passphrase (pw);
893
if (opt_status_msg && gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE )
894
log_info ("[PROTECT-TOOL:] bad-passphrase\n");
895
log_error ("unprotecting key `%s' failed: %s\n",
896
fname, gpg_strerror (rc));
902
keylen_for_wipe = tmplen;
904
keytype = agent_private_key_type (key);
907
if (keytype == PRIVATE_KEY_SHADOWED)
909
log_error ("`%s' is a shadowed private key - can't export it\n", fname);
910
wipememory (key, keylen_for_wipe);
914
else if (keytype != PRIVATE_KEY_CLEAR)
916
log_error ("\%s' is not a private key\n", fname);
917
wipememory (key, keylen_for_wipe);
925
cert = read_file ("-", &certlen);
928
wipememory (key, keylen_for_wipe);
935
if (gcry_sexp_new (&private, key, 0, 0))
937
log_error ("gcry_sexp_new failed\n");
938
wipememory (key, keylen_for_wipe);
943
wipememory (key, keylen_for_wipe);
946
kp = sexp_to_kparms (private);
947
gcry_sexp_release (private);
950
log_error ("error converting key parameters\n");
968
kparms[5] = gcry_mpi_snew (0); /* compute d mod (p-1) */
969
gcry_mpi_sub_ui (kparms[5], kparms[3], 1);
970
gcry_mpi_mod (kparms[5], sk.d, kparms[5]);
971
kparms[6] = gcry_mpi_snew (0); /* compute d mod (q-1) */
972
gcry_mpi_sub_ui (kparms[6], kparms[4], 1);
973
gcry_mpi_mod (kparms[6], sk.d, kparms[6]);
977
key = p12_build (kparms, cert, certlen,
978
(pw=get_new_passphrase (3)), &keylen);
979
release_passphrase (pw);
981
for (i=0; i < 8; i++)
982
gcry_mpi_release (kparms[i]);
986
#ifdef HAVE_DOSISH_SYSTEM
987
setmode ( fileno (stdout) , O_BINARY );
989
fwrite (key, keylen, 1, stdout);
995
/* Do the percent and plus/space unescaping in place and return the
996
length of the valid buffer. */
998
percent_plus_unescape (unsigned char *string)
1000
unsigned char *p = string;
1005
if (*string == '%' && string[1] && string[2])
1008
*p++ = xtoi_2 (string);
1012
else if (*string == '+')
1028
/* Remove percent and plus escaping and make sure that the reuslt is a
1029
string. This is done in place. Returns STRING. */
1031
percent_plus_unescape_string (char *string)
1033
unsigned char *p = string;
1036
n = percent_plus_unescape (p);
1044
main (int argc, char **argv )
1046
ARGPARSE_ARGS pargs;
1050
set_strusage (my_strusage);
1051
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
1052
log_set_prefix ("gpg-protect-tool", 1);
1054
/* Try to auto set the character set. */
1055
set_native_charset (NULL);
1059
if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
1061
log_fatal( _("libgcrypt is too old (need %s, have %s)\n"),
1062
NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
1065
gcry_set_log_handler (my_gcry_logger, NULL);
1067
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
1070
opt_homedir = default_homedir ();
1075
pargs.flags= 1; /* (do not remove the args) */
1076
while (arg_parse (&pargs, opts) )
1078
switch (pargs.r_opt)
1080
case oVerbose: opt.verbose++; break;
1081
case oArmor: opt_armor=1; break;
1082
case oHomedir: opt_homedir = pargs.r.ret_str; break;
1084
case oProtect: cmd = oProtect; break;
1085
case oUnprotect: cmd = oUnprotect; break;
1086
case oShadow: cmd = oShadow; break;
1087
case oShowShadowInfo: cmd = oShowShadowInfo; break;
1088
case oShowKeygrip: cmd = oShowKeygrip; break;
1089
case oP12Import: cmd = oP12Import; break;
1090
case oP12Export: cmd = oP12Export; break;
1092
case oPassphrase: opt_passphrase = pargs.r.ret_str; break;
1093
case oStore: opt_store = 1; break;
1094
case oForce: opt_force = 1; break;
1095
case oNoFailOnExist: opt_no_fail_on_exist = 1; break;
1096
case oHaveCert: opt_have_cert = 1; break;
1097
case oPrompt: opt_prompt = pargs.r.ret_str; break;
1098
case oStatusMsg: opt_status_msg = 1; break;
1100
default : pargs.err = 2; break;
1103
if (log_get_errorcount(0))
1113
opt_prompt = percent_plus_unescape_string (xstrdup (opt_prompt));
1115
if (cmd == oProtect)
1116
read_and_protect (fname);
1117
else if (cmd == oUnprotect)
1118
read_and_unprotect (fname);
1119
else if (cmd == oShadow)
1120
read_and_shadow (fname);
1121
else if (cmd == oShowShadowInfo)
1122
show_shadow_info (fname);
1123
else if (cmd == oShowKeygrip)
1124
show_keygrip (fname);
1125
else if (cmd == oP12Import)
1126
import_p12_file (fname);
1127
else if (cmd == oP12Export)
1128
export_p12_file (fname);
1133
return 8; /*NOTREACHED*/
1139
rc = rc? rc : log_get_errorcount(0)? 2 : 0;
1144
/* Return the passphrase string and ask the agent if it has not been
1145
set from the command line PROMPTNO select the prompt to display:
1147
1 = taken from the option --prompt
1148
2 = for unprotecting a pkcs#12 object
1149
3 = for protecting a new pkcs#12 object
1150
4 = for protecting an imported pkcs#12 in our system
1151
5 = reenter the passphrase
1152
When adding 100 to the values, a "does not match - try again" errro message is shown.
1155
get_passphrase (int promptno)
1160
#ifdef HAVE_LANGINFO_CODESET
1161
char *orig_codeset = NULL;
1167
return xstrdup (opt_passphrase);
1169
error_msgno = promptno / 100;
1173
/* The Assuan agent protocol requires us to transmit utf-8 strings */
1174
orig_codeset = bind_textdomain_codeset (PACKAGE_GT, NULL);
1175
#ifdef HAVE_LANGINFO_CODESET
1177
orig_codeset = nl_langinfo (CODESET);
1179
if (orig_codeset && !strcmp (orig_codeset, "UTF-8"))
1180
orig_codeset = NULL;
1183
/* We only switch when we are able to restore the codeset later. */
1184
orig_codeset = xstrdup (orig_codeset);
1185
if (!bind_textdomain_codeset (PACKAGE_GT, "utf-8"))
1186
orig_codeset = NULL;
1190
if (promptno == 1 && opt_prompt)
1192
else if (promptno == 2)
1193
desc = _("Please enter the passphrase to unprotect the "
1195
else if (promptno == 3)
1196
desc = _("Please enter the passphrase to protect the "
1197
"new PKCS#12 object.");
1198
else if (promptno == 4)
1199
desc = _("Please enter the passphrase to protect the "
1200
"imported object within the GnuPG system.");
1201
else if (promptno == 5)
1202
desc = _("Please re-enter this passphrase");
1204
desc = _("Please enter the passphrase or the PIN\n"
1205
"needed to complete this operation.");
1207
pw = simple_pwquery (NULL,
1208
error_msgno == 1? _("does not match - try again"):NULL,
1209
_("Passphrase:"), desc, &err);
1214
bind_textdomain_codeset (PACKAGE_GT, orig_codeset);
1215
xfree (orig_codeset);
1222
log_error (_("error while asking for the passphrase: %s\n"),
1223
gpg_strerror (err));
1225
log_info (_("cancelled\n"));
1233
/* Same as get_passphrase but requests it a second time and compares
1234
it to the one entered the first time. */
1236
get_new_passphrase (int promptno)
1239
int i, secondpromptno;
1241
pw = get_passphrase (promptno);
1243
return NULL; /* Canceled. */
1245
return pw; /* Empty passphrase - no need to as for repeating it. */
1248
for (i=0; i < 3; i++)
1250
char *pw2 = get_passphrase (secondpromptno);
1254
return NULL; /* Canceled. */
1256
if (!strcmp (pw, pw2))
1259
return pw; /* Okay. */
1261
secondpromptno = 105;
1265
return NULL; /* 3 times repeated wrong - cancel. */
1271
release_passphrase (char *pw)
1275
wipememory (pw, strlen (pw));
1281
store_private_key (const unsigned char *grip,
1282
const void *buffer, size_t length, int force)
1287
char hexgrip[40+4+1];
1289
for (i=0; i < 20; i++)
1290
sprintf (hexgrip+2*i, "%02X", grip[i]);
1291
strcpy (hexgrip+40, ".key");
1293
fname = make_filename (opt_homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
1295
fp = fopen (fname, "wb");
1298
if (!access (fname, F_OK))
1301
log_info ("[PROTECT-TOOL:] secretkey-exists\n");
1302
if (opt_no_fail_on_exist)
1303
log_info ("secret key file `%s' already exists\n", fname);
1305
log_error ("secret key file `%s' already exists\n", fname);
1307
return opt_no_fail_on_exist? 0 : -1;
1309
fp = fopen (fname, "wbx"); /* FIXME: the x is a GNU extension - let
1310
configure check whether this actually
1316
log_error ("can't create `%s': %s\n", fname, strerror (errno));
1321
if (fwrite (buffer, length, 1, fp) != 1)
1323
log_error ("error writing `%s': %s\n", fname, strerror (errno));
1331
log_error ("error closing `%s': %s\n", fname, strerror (errno));
1336
log_info ("secret key stored as `%s'\n", fname);
1339
log_info ("[PROTECT-TOOL:] secretkey-stored\n");