1
/* g10.c - The GnuPG utility (main for gpg)
2
* Copyright (C) 1998,1999,2000,2001,2002,2003
3
* 2004 Free Software Foundation, Inc.
5
* This file is part of GnuPG.
7
* GnuPG is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU General Public License as published by
9
* the Free Software Foundation; either version 2 of the License, or
10
* (at your option) any later version.
12
* GnuPG is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU General Public License for more details.
17
* You should have received a copy of the GNU General Public License
18
* along with this program; if not, write to the Free Software
19
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
30
#ifdef HAVE_DOSISH_SYSTEM
31
#include <fcntl.h> /* for setmode() */
34
#include <sys/stat.h> /* for stat() */
38
#define INCLUDED_BY_MAIN_MODULE 1
54
#include "keyserver-internal.h"
57
enum cmd_and_opt_values { aNull = 0,
65
aListSecretKeys = 'K',
70
oHiddenRecipient = 'R',
98
aDeleteSecretAndPublicKeys,
163
#endif /* __riscos__ */
167
#endif /* __riscos__ */
191
#endif /* __riscos__ */
195
#endif /* __riscos__ */
227
oUseEmbeddedFilename,
270
#endif /* __riscos__ */
275
oAllowNonSelfsignedUID,
276
oNoAllowNonSelfsignedUID,
279
oAllowSecretKeyImport,
280
oEnableSpecialFilenames,
301
oNoExpensiveTrustChecks,
307
oPreservePermissions,
308
oDefaultPreferenceList,
309
oPersonalCipherPreferences,
310
oPersonalDigestPreferences,
311
oPersonalCompressPreferences,
323
oNoMangleDosFilenames,
324
oEnableProgressFilter,
329
static ARGPARSE_OPTS opts[] = {
331
{ 300, NULL, 0, N_("@Commands:\n ") },
333
{ aSign, "sign", 256, N_("|[file]|make a signature")},
334
{ aClearsign, "clearsign", 256, N_("|[file]|make a clear text signature") },
335
{ aDetachedSign, "detach-sign", 256, N_("make a detached signature")},
336
{ aEncr, "encrypt", 256, N_("encrypt data")},
337
{ aEncrFiles, "encrypt-files", 256, "@"},
338
{ aSym, "symmetric", 256, N_("encryption only with symmetric cipher")},
339
{ aStore, "store", 256, "@"},
340
{ aDecrypt, "decrypt", 256, N_("decrypt data (default)")},
341
{ aDecryptFiles, "decrypt-files", 256, "@"},
342
{ aVerify, "verify" , 256, N_("verify a signature")},
343
{ aVerifyFiles, "verify-files" , 256, "@" },
344
{ aListKeys, "list-keys", 256, N_("list keys")},
345
{ aListKeys, "list-public-keys", 256, "@" },
346
{ aListSigs, "list-sigs", 256, N_("list keys and signatures")},
347
{ aCheckKeys, "check-sigs",256, N_("list and check key signatures")},
348
{ oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")},
349
{ aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")},
350
{ aKeygen, "gen-key", 256, N_("generate a new key pair")},
351
{ aDeleteKeys,"delete-keys",256,N_("remove keys from the public keyring")},
352
{ aDeleteSecretKeys, "delete-secret-keys",256,
353
N_("remove keys from the secret keyring")},
354
{ aSignKey, "sign-key" ,256, N_("sign a key")},
355
{ aLSignKey, "lsign-key" ,256, N_("sign a key locally")},
356
{ aNRSignKey, "nrsign-key" ,256, "@"},
357
{ aNRLSignKey, "nrlsign-key" ,256, "@"},
358
{ aEditKey, "edit-key" ,256, N_("sign or edit a key")},
359
{ aGenRevoke, "gen-revoke",256, N_("generate a revocation certificate")},
360
{ aDesigRevoke, "desig-revoke",256, "@" },
361
{ aExport, "export" , 256, N_("export keys") },
362
{ aSendKeys, "send-keys" , 256, N_("export keys to a key server") },
363
{ aRecvKeys, "recv-keys" , 256, N_("import keys from a key server") },
364
{ aSearchKeys, "search-keys" , 256,
365
N_("search for keys on a key server") },
366
{ aRefreshKeys, "refresh-keys", 256,
367
N_("update all keys from a keyserver")},
368
{ aExportAll, "export-all" , 256, "@" },
369
{ aExportSecret, "export-secret-keys" , 256, "@" },
370
{ aExportSecretSub, "export-secret-subkeys" , 256, "@" },
371
{ aImport, "import", 256 , N_("import/merge keys")},
372
{ aFastImport, "fast-import", 256 , "@"},
373
{ aCardStatus, "card-status", 256, N_("print the card status")},
374
{ aCardEdit, "card-edit", 256, N_("change data on a card")},
375
{ aChangePIN, "change-pin", 256, N_("change a card's PIN")},
377
{ aListPackets, "list-packets",256, "@"},
378
{ aExportOwnerTrust, "export-ownertrust", 256, "@"},
379
{ aImportOwnerTrust, "import-ownertrust", 256, "@"},
380
{ aUpdateTrustDB, "update-trustdb",0 , N_("update the trust database")},
381
{ aCheckTrustDB, "check-trustdb",0 , "@"},
382
{ aFixTrustDB, "fix-trustdb",0 , N_("fix a corrupted trust database")},
383
{ aDeArmor, "dearmor", 256, "@" },
384
{ aDeArmor, "dearmour", 256, "@" },
385
{ aEnArmor, "enarmor", 256, "@" },
386
{ aEnArmor, "enarmour", 256, "@" },
387
{ aPrintMD, "print-md" , 256, N_("|algo [files]|print message digests")},
388
{ aPrimegen, "gen-prime" , 256, "@" },
389
{ aGenRandom, "gen-random" , 256, "@" },
390
{ aGPGConfList, "gpgconf-list", 256, "@" },
392
{ 301, NULL, 0, N_("@\nOptions:\n ") },
394
{ oArmor, "armor", 0, N_("create ascii armored output")},
395
{ oArmor, "armour", 0, "@" },
396
{ oRecipient, "recipient", 2, N_("|NAME|encrypt for NAME")},
397
{ oHiddenRecipient, "hidden-recipient", 2, "@" },
398
{ oRecipient, "remote-user", 2, "@"}, /* old option name */
399
{ oDefRecipient, "default-recipient" ,2, "@" },
400
{ oDefRecipientSelf, "default-recipient-self" ,0, "@" },
401
{ oNoDefRecipient, "no-default-recipient", 0, "@" },
402
{ oTempDir, "temp-directory", 2, "@" },
403
{ oExecPath, "exec-path", 2, "@" },
404
{ oEncryptTo, "encrypt-to", 2, "@" },
405
{ oHiddenEncryptTo, "hidden-encrypt-to", 2, "@" },
406
{ oNoEncryptTo, "no-encrypt-to", 0, "@" },
407
{ oUser, "local-user",2, N_("use this user-id to sign or decrypt")},
408
{ oCompress, NULL, 1, N_("|N|set compress level N (0 disables)") },
409
{ oTextmodeShort, NULL, 0, "@"},
410
{ oTextmode, "textmode", 0, N_("use canonical text mode")},
411
{ oNoTextmode, "no-textmode", 0, "@"},
412
{ oExpert, "expert", 0, "@"},
413
{ oNoExpert, "no-expert", 0, "@"},
414
{ oAskSigExpire, "ask-sig-expire", 0, "@"},
415
{ oNoAskSigExpire, "no-ask-sig-expire", 0, "@"},
416
{ oAskCertExpire, "ask-cert-expire", 0, "@"},
417
{ oNoAskCertExpire, "no-ask-cert-expire", 0, "@"},
418
{ oOutput, "output", 2, N_("use as output file")},
419
{ oVerbose, "verbose", 0, N_("verbose") },
420
{ oQuiet, "quiet", 0, "@" },
421
{ oNoTTY, "no-tty", 0, "@" },
422
{ oLogFile, "log-file" ,2, "@" },
423
{ oForceV3Sigs, "force-v3-sigs", 0, "@" },
424
{ oNoForceV3Sigs, "no-force-v3-sigs", 0, "@" },
425
{ oForceV4Certs, "force-v4-certs", 0, "@" },
426
{ oNoForceV4Certs, "no-force-v4-certs", 0, "@" },
427
{ oForceMDC, "force-mdc", 0, "@" },
428
{ oNoForceMDC, "no-force-mdc", 0, "@" },
429
{ oDisableMDC, "disable-mdc", 0, "@" },
430
{ oNoDisableMDC, "no-disable-mdc", 0, "@" },
431
{ oDryRun, "dry-run", 0, N_("do not make any changes") },
432
{ oInteractive, "interactive", 0, N_("prompt before overwriting") },
433
{ oUseAgent, "use-agent",0, "@"},
434
{ oNoUseAgent, "no-use-agent",0, "@"},
435
{ oGpgAgentInfo, "gpg-agent-info",2, "@"},
436
{ oBatch, "batch", 0, "@"},
437
{ oAnswerYes, "yes", 0, "@"},
438
{ oAnswerNo, "no", 0, "@"},
439
{ oKeyring, "keyring" , 2, "@"},
440
{ oPrimaryKeyring, "primary-keyring",2, "@" },
441
{ oSecretKeyring, "secret-keyring" ,2, "@"},
442
{ oShowKeyring, "show-keyring", 0, "@"},
443
{ oDefaultKey, "default-key" , 2, "@"},
444
{ oKeyServer, "keyserver", 2, "@"},
445
{ oKeyServerOptions, "keyserver-options",2,"@"},
446
{ oImportOptions, "import-options",2,"@"},
447
{ oExportOptions, "export-options",2,"@"},
448
{ oListOptions, "list-options",2,"@"},
449
{ oVerifyOptions, "verify-options",2,"@"},
450
{ oCharset, "charset" , 2, "@" },
451
{ oOptions, "options" , 2, "@"},
453
{ oDebug, "debug" ,4|16, "@"},
454
{ oDebugLevel, "debug-level" ,2, "@"},
455
{ oDebugAll, "debug-all" ,0, "@"},
456
{ oStatusFD, "status-fd" ,1, "@" },
458
{ oStatusFile, "status-file" ,2, "@" },
459
#endif /* __riscos__ */
460
{ oAttributeFD, "attribute-fd" ,1, "@" },
462
{ oAttributeFile, "attribute-file" ,2, "@" },
463
#endif /* __riscos__ */
464
{ oNoSKComments, "no-sk-comments", 0, "@"},
465
{ oSKComments, "sk-comments", 0, "@"},
466
{ oCompletesNeeded, "completes-needed", 1, "@"},
467
{ oMarginalsNeeded, "marginals-needed", 1, "@"},
468
{ oMaxCertDepth, "max-cert-depth", 1, "@" },
469
{ oTrustedKey, "trusted-key", 2, "@"},
470
{ oLoadExtension, "load-extension" ,2, "@"},
471
{ oGnuPG, "gnupg", 0, "@"},
472
{ oGnuPG, "no-pgp2", 0, "@"},
473
{ oGnuPG, "no-pgp6", 0, "@"},
474
{ oGnuPG, "no-pgp7", 0, "@"},
475
{ oGnuPG, "no-pgp8", 0, "@"},
476
{ oRFC1991, "rfc1991", 0, "@"},
477
{ oRFC2440, "rfc2440", 0, "@"},
478
{ oOpenPGP, "openpgp", 0, N_("use strict OpenPGP behavior")},
479
{ oPGP2, "pgp2", 0, N_("generate PGP 2.x compatible messages")},
480
{ oPGP6, "pgp6", 0, "@"},
481
{ oPGP7, "pgp7", 0, "@"},
482
{ oPGP8, "pgp8", 0, "@"},
483
{ oS2KMode, "s2k-mode", 1, "@"},
484
{ oS2KDigest, "s2k-digest-algo",2, "@"},
485
{ oS2KCipher, "s2k-cipher-algo",2, "@"},
486
{ oSimpleSKChecksum, "simple-sk-checksum", 0, "@"},
487
{ oCipherAlgo, "cipher-algo", 2 , "@"},
488
{ oDigestAlgo, "digest-algo", 2 , "@"},
489
{ oCertDigestAlgo, "cert-digest-algo", 2 , "@" },
490
{ oCompressAlgo,"compress-algo",2, "@"},
491
{ oThrowKeyid, "throw-keyid", 0, "@"},
492
{ oNoThrowKeyid, "no-throw-keyid", 0, "@" },
493
{ oShowPhotos, "show-photos", 0, "@" },
494
{ oNoShowPhotos, "no-show-photos", 0, "@" },
495
{ oPhotoViewer, "photo-viewer", 2, "@" },
496
{ oSetNotation, "set-notation", 2, "@" },
497
{ oSetNotation, "notation-data", 2, "@" }, /* Alias */
498
{ oSigNotation, "sig-notation", 2, "@" },
499
{ oCertNotation, "cert-notation", 2, "@" },
502
"@\n(See the man page for a complete listing of all commands and options)\n"
505
{ 303, NULL, 0, N_("@\nExamples:\n\n"
506
" -se -r Bob [file] sign and encrypt for user Bob\n"
507
" --clearsign [file] make a clear text signature\n"
508
" --detach-sign [file] make a detached signature\n"
509
" --list-keys [names] show keys\n"
510
" --fingerprint [names] show fingerprints\n" ) },
513
{ aListOwnerTrust, "list-ownertrust", 256, "@"}, /* deprecated */
514
{ oCompressAlgo, "compression-algo", 1, "@"}, /* alias */
515
{ aPrintMDs, "print-mds" , 256, "@"}, /* old */
516
{ aListTrustDB, "list-trustdb",0 , "@"},
518
/* { aListTrustPath, "list-trust-path",0, "@"}, */
519
{ aPipeMode, "pipemode", 0, "@" },
520
{ oPasswdFD, "passphrase-fd",1, "@" },
522
{ oPasswdFile, "passphrase-file",2, "@" },
523
#endif /* __riscos__ */
524
{ oCommandFD, "command-fd",1, "@" },
526
{ oCommandFile, "command-file",2, "@" },
527
#endif /* __riscos__ */
528
{ oQuickRandom, "quick-random", 0, "@"},
529
{ oNoVerbose, "no-verbose", 0, "@"},
530
{ oTrustDBName, "trustdb-name", 2, "@" },
531
{ oNoSecmemWarn, "no-secmem-warning", 0, "@" }, /* used only by regression tests */
532
{ oNoPermissionWarn, "no-permission-warning", 0, "@" },
533
{ oNoMDCWarn, "no-mdc-warning", 0, "@" },
534
{ oNoArmor, "no-armor", 0, "@"},
535
{ oNoArmor, "no-armour", 0, "@"},
536
{ oNoDefKeyring, "no-default-keyring", 0, "@" },
537
{ oNoGreeting, "no-greeting", 0, "@" },
538
{ oNoOptions, "no-options", 0, "@" }, /* shortcut for --options /dev/null */
539
{ oHomedir, "homedir", 2, "@" }, /* defaults to "~/.gnupg" */
540
{ oNoBatch, "no-batch", 0, "@" },
541
{ oWithColons, "with-colons", 0, "@"},
542
{ oWithKeyData,"with-key-data", 0, "@"},
543
{ aListKeys, "list-key", 0, "@" }, /* alias */
544
{ aListSigs, "list-sig", 0, "@" }, /* alias */
545
{ aCheckKeys, "check-sig",0, "@" }, /* alias */
546
{ oSkipVerify, "skip-verify",0, "@" },
547
{ oCompressKeys, "compress-keys",0, "@"},
548
{ oCompressSigs, "compress-sigs",0, "@"},
549
{ oDefCertCheckLevel, "default-cert-check-level", 1, "@"},
550
{ oAlwaysTrust, "always-trust", 0, "@"},
551
{ oTrustModel, "trust-model", 2, "@"},
552
{ oForceOwnertrust, "force-ownertrust", 2, "@"},
553
{ oEmuChecksumBug, "emulate-checksum-bug", 0, "@"},
554
{ oSetFilename, "set-filename", 2, "@" },
555
{ oForYourEyesOnly, "for-your-eyes-only", 0, "@" },
556
{ oNoForYourEyesOnly, "no-for-your-eyes-only", 0, "@" },
557
{ oSetPolicyURL, "set-policy-url", 2, "@" },
558
{ oSigPolicyURL, "sig-policy-url", 2, "@" },
559
{ oCertPolicyURL, "cert-policy-url", 2, "@" },
560
{ oShowPolicyURL, "show-policy-url", 0, "@" },
561
{ oNoShowPolicyURL, "no-show-policy-url", 0, "@" },
562
{ oShowNotation, "show-notation", 0, "@" },
563
{ oNoShowNotation, "no-show-notation", 0, "@" },
564
{ oSigKeyserverURL, "sig-keyserver-url", 2, "@" },
565
{ oComment, "comment", 2, "@" },
566
{ oDefaultComment, "default-comment", 0, "@" },
567
{ oNoComments, "no-comments", 0, "@" },
568
{ oEmitVersion, "emit-version", 0, "@"},
569
{ oNoEmitVersion, "no-emit-version", 0, "@"},
570
{ oNoEmitVersion, "no-version", 0, "@"}, /* alias */
571
{ oNotDashEscaped, "not-dash-escaped", 0, "@" },
572
{ oEscapeFrom, "escape-from-lines", 0, "@" },
573
{ oNoEscapeFrom, "no-escape-from-lines", 0, "@" },
574
{ oLockOnce, "lock-once", 0, "@" },
575
{ oLockMultiple, "lock-multiple", 0, "@" },
576
{ oLockNever, "lock-never", 0, "@" },
577
{ oLoggerFD, "logger-fd",1, "@" },
579
{ oLoggerFile, "logger-file",2, "@" },
580
#endif /* __riscos__ */
581
{ oUseEmbeddedFilename, "use-embedded-filename", 0, "@" },
582
{ oUtf8Strings, "utf8-strings", 0, "@" },
583
{ oNoUtf8Strings, "no-utf8-strings", 0, "@" },
584
{ oWithFingerprint, "with-fingerprint", 0, "@" },
585
{ oDisableCipherAlgo, "disable-cipher-algo", 2, "@" },
586
{ oDisablePubkeyAlgo, "disable-pubkey-algo", 2, "@" },
587
{ oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", 0, "@" },
588
{ oNoAllowNonSelfsignedUID, "no-allow-non-selfsigned-uid", 0, "@" },
589
{ oAllowFreeformUID, "allow-freeform-uid", 0, "@" },
590
{ oNoAllowFreeformUID, "no-allow-freeform-uid", 0, "@" },
591
{ oNoLiteral, "no-literal", 0, "@" },
592
{ oSetFilesize, "set-filesize", 20, "@" },
593
{ oHonorHttpProxy,"honor-http-proxy", 0, "@" },
594
{ oFastListMode,"fast-list-mode", 0, "@" },
595
{ oFixedListMode,"fixed-list-mode", 0, "@" },
596
{ oListOnly, "list-only", 0, "@"},
597
{ oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" },
598
{ oIgnoreValidFrom, "ignore-valid-from", 0, "@" },
599
{ oIgnoreCrcError, "ignore-crc-error", 0,"@" },
600
{ oIgnoreMDCError, "ignore-mdc-error", 0,"@" },
601
{ oShowSessionKey, "show-session-key", 0, "@" },
602
{ oOverrideSessionKey, "override-session-key", 2, "@" },
603
{ oNoRandomSeedFile, "no-random-seed-file", 0, "@" },
604
{ oAutoKeyRetrieve, "auto-key-retrieve", 0, "@" },
605
{ oNoAutoKeyRetrieve, "no-auto-key-retrieve", 0, "@" },
606
{ oNoSigCache, "no-sig-cache", 0, "@" },
607
{ oNoSigCreateCheck, "no-sig-create-check", 0, "@" },
608
{ oAutoCheckTrustDB, "auto-check-trustdb", 0, "@"},
609
{ oNoAutoCheckTrustDB, "no-auto-check-trustdb", 0, "@"},
610
{ oMergeOnly, "merge-only", 0, "@" },
611
{ oAllowSecretKeyImport, "allow-secret-key-import", 0, "@" },
612
{ oTryAllSecrets, "try-all-secrets", 0, "@" },
613
{ oEnableSpecialFilenames, "enable-special-filenames", 0, "@" },
614
{ oNoExpensiveTrustChecks, "no-expensive-trust-checks", 0, "@" },
615
{ aDeleteSecretAndPublicKeys, "delete-secret-and-public-keys",256, "@" },
616
{ aRebuildKeydbCaches, "rebuild-keydb-caches", 256, "@"},
617
{ oPreservePermissions, "preserve-permissions", 0, "@"},
618
{ oDefaultPreferenceList, "default-preference-list", 2, "@"},
619
{ oPersonalCipherPreferences, "personal-cipher-preferences", 2, "@"},
620
{ oPersonalDigestPreferences, "personal-digest-preferences", 2, "@"},
621
{ oPersonalCompressPreferences, "personal-compress-preferences", 2, "@"},
622
{ oEmuMDEncodeBug, "emulate-md-encode-bug", 0, "@"},
623
{ oAgentProgram, "agent-program", 2 , "@" },
624
{ oDisplay, "display", 2, "@" },
625
{ oTTYname, "ttyname", 2, "@" },
626
{ oTTYtype, "ttytype", 2, "@" },
627
{ oLCctype, "lc-ctype", 2, "@" },
628
{ oLCmessages, "lc-messages", 2, "@" },
629
{ oGroup, "group", 2, "@" },
630
{ oStrict, "strict", 0, "@" },
631
{ oNoStrict, "no-strict", 0, "@" },
632
{ oMangleDosFilenames, "mangle-dos-filenames", 0, "@" },
633
{ oNoMangleDosFilenames, "no-mangle-dos-filenames", 0, "@" },
634
{ oEnableProgressFilter, "enable-progress-filter", 0, "@" },
635
{ oMultifile, "multifile", 0, "@" },
640
int g10_errors_seen = 0;
642
static int utf8_strings = 0;
643
static int maybe_setuid = 1;
645
static char *build_list( const char *text, char letter,
646
const char *(*mapf)(int), int (*chkf)(int) );
647
static void set_cmd( enum cmd_and_opt_values *ret_cmd,
648
enum cmd_and_opt_values new_cmd );
649
static void print_mds( const char *fname, int algo );
650
static void add_notation_data( const char *string, int which );
651
static void add_policy_url( const char *string, int which );
652
static void add_keyserver_url( const char *string, int which );
653
static void emergency_cleanup (void);
656
RISCOS_GLOBAL_STATICS("GnuPG Heap")
657
#endif /* __riscos__ */
660
pk_test_algo (int algo)
662
return openpgp_pk_test_algo (algo, 0);
667
my_strusage( int level )
669
static char *digests, *pubkeys, *ciphers, *zips;
672
case 11: p = "gpg (GnuPG)";
674
case 13: p = VERSION; break;
675
case 17: p = PRINTABLE_OS_NAME; break;
677
_("Please report bugs to <gnupg-bugs@gnu.org>.\n");
681
_("Usage: gpg [options] [files] (-h for help)");
684
_("Syntax: gpg [options] [files]\n"
685
"sign, check, encrypt or decrypt\n"
686
"default operation depends on the input data\n");
689
case 31: p = "\nHome: "; break;
691
case 32: p = opt.homedir; break;
692
#else /* __riscos__ */
693
case 32: p = make_filename(opt.homedir, NULL); break;
694
#endif /* __riscos__ */
695
case 33: p = _("\nSupported algorithms:\n"); break;
698
pubkeys = build_list(_("Pubkey: "), 0, gcry_pk_algo_name,
704
ciphers = build_list(_("Cipher: "), 'S', gcry_cipher_algo_name,
705
openpgp_cipher_test_algo );
710
digests = build_list(_("Hash: "), 'H', gcry_md_algo_name,
711
openpgp_md_test_algo );
716
zips = build_list(_("Compression: "),'Z',compress_algo_to_string,
717
check_compress_algo);
728
build_list( const char *text, char letter,
729
const char * (*mapf)(int), int (*chkf)(int) )
733
size_t n=strlen(text)+2;
734
char *list, *p, *line=NULL;
737
gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* drop setuid */
739
for(i=0; i <= 110; i++ )
740
if( !chkf(i) && (s=mapf(i)) )
741
n += strlen(s) + 7 + 2;
742
list = xmalloc ( 21 + n ); *list = 0;
743
for(p=NULL, i=0; i <= 110; i++ ) {
744
if( !chkf(i) && (s=mapf(i)) ) {
746
p = stpcpy( list, text );
750
p = stpcpy( p, ", ");
752
if(strlen(line)>60) {
753
int spaces=strlen(text);
755
list = xrealloc(list,n+spaces+1);
756
/* realloc could move the block, so find the end again */
763
for(;spaces;spaces--)
768
if(opt.verbose && letter)
771
sprintf(num," (%c%d)",letter,i);
777
p = stpcpy(p, "\n" );
785
#ifdef USE_SIMPLE_GETTEXT
786
set_gettext_file( PACKAGE_GT );
789
setlocale( LC_ALL, "" );
790
bindtextdomain( PACKAGE_GT, LOCALEDIR );
791
textdomain( PACKAGE_GT );
797
wrong_args( const char *text)
799
fputs(_("usage: gpg [options] "),stderr);
807
log_set_strict (int yesno)
813
make_username( const char *string )
817
p = xstrdup (string);
819
p = native_to_utf8( string );
825
* same as add_to_strlist() but if is_utf8 is *not* set a conversion
829
add_to_strlist2 ( STRLIST *list, const char *string, int is_utf8)
834
sl = add_to_strlist( list, string );
837
char *p = native_to_utf8( string );
838
sl = add_to_strlist( list, p );
845
/* Setup the debugging. With a LEVEL of NULL only the active debug
846
flags are propagated to the subsystems. With LEVEL set, a specific
847
set of debug flags is set; thus overriding all flags already
850
set_debug (const char *level)
854
else if (!strcmp (level, "none"))
856
else if (!strcmp (level, "basic"))
857
opt.debug = DBG_MEMSTAT_VALUE;
858
else if (!strcmp (level, "advanced"))
859
opt.debug = DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE;
860
else if (!strcmp (level, "expert"))
861
opt.debug = (DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE
862
|DBG_CACHE_VALUE|DBG_FILTER_VALUE|DBG_PACKET_VALUE);
863
else if (!strcmp (level, "guru"))
867
log_error (_("invalid debug-level `%s' given\n"), level);
871
if (opt.debug & DBG_MEMORY_VALUE )
872
memory_debug_mode = 1;
873
if (opt.debug & DBG_MEMSTAT_VALUE )
874
memory_stat_debug_mode = 1;
875
if (opt.debug & DBG_MPI_VALUE)
876
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
877
if (opt.debug & DBG_CIPHER_VALUE )
878
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
879
if (opt.debug & DBG_IOBUF_VALUE )
880
iobuf_debug_mode = 1;
884
/* We need the home directory also in some other directories, so make
885
sure that both variables are always in sync. */
887
set_homedir (const char *dir)
891
g10_opt_homedir = opt.homedir = dir;
896
set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd )
898
enum cmd_and_opt_values cmd = *ret_cmd;
900
if( !cmd || cmd == new_cmd )
902
else if( cmd == aSign && new_cmd == aEncr )
904
else if( cmd == aEncr && new_cmd == aSign )
906
else if( cmd == aSign && new_cmd == aSym )
908
else if( cmd == aSym && new_cmd == aSign )
910
else if( ( cmd == aSign && new_cmd == aClearsign )
911
|| ( cmd == aClearsign && new_cmd == aSign ) )
914
log_error(_("conflicting commands\n"));
922
static void add_group(char *string)
925
struct groupitem *item;
928
/* Break off the group name */
929
name=strsep(&string,"=");
932
log_error(_("no = sign found in group definition \"%s\"\n"),name);
936
trim_trailing_ws(name,strlen(name));
938
/* Break apart the values */
939
while ((value= strsep(&string," \t")))
942
add_to_strlist2 (&values,value,utf8_strings);
945
item=xmalloc (sizeof(struct groupitem));
948
item->next=opt.grouplist;
953
/* We need to check three things.
955
0) The homedir. It must be x00, a directory, and owned by the
958
1) The options file. Okay unless it or its containing directory is
959
group or other writable or not owned by us. disable exec in this
962
2) Extensions. Same as #2.
964
Returns true if the item is unsafe. */
966
check_permissions(const char *path,int item)
968
#if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
969
static int homedir_cache=-1;
971
struct stat statbuf,dirbuf;
972
int homedir=0,ret=0,checkonly=0;
973
int perm=0,own=0,enc_dir_perm=0,enc_dir_own=0;
978
assert(item==0 || item==1 || item==2);
980
/* extensions may attach a path */
981
if(item==2 && path[0]!=DIRSEP_C)
983
if(strchr(path,DIRSEP_C))
984
tmppath=make_filename(path,NULL);
986
tmppath=make_filename(GNUPG_LIBDIR,path,NULL);
989
tmppath=xstrdup (path);
991
/* If the item is located in the homedir, but isn't the homedir,
992
don't continue if we already checked the homedir itself. This is
993
to avoid user confusion with an extra options file warning which
994
could be rectified if the homedir itself had proper
996
if(item!=0 && homedir_cache>-1
997
&& ascii_strncasecmp(opt.homedir,tmppath,strlen(opt.homedir))==0)
1003
/* It's okay if the file or directory doesn't exist */
1004
if(stat(tmppath,&statbuf)!=0)
1010
/* Now check the enclosing directory. Theoretically, we could walk
1011
this test up to the root directory /, but for the sake of sanity,
1012
I'm stopping at one level down. */
1013
dir=make_dirname(tmppath);
1015
if(stat(dir,&dirbuf)!=0 || !S_ISDIR(dirbuf.st_mode))
1024
/* Assume failure */
1029
/* The homedir must be x00, a directory, and owned by the user. */
1031
if(S_ISDIR(statbuf.st_mode))
1033
if(statbuf.st_uid==getuid())
1035
if((statbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
1046
else if(item==1 || item==2)
1048
/* The options or extension file. Okay unless it or its
1049
containing directory is group or other writable or not owned
1052
if(S_ISREG(statbuf.st_mode))
1054
if(statbuf.st_uid==getuid() || statbuf.st_uid==0)
1056
if((statbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
1058
/* it's not writable, so make sure the enclosing
1059
directory is also not writable */
1060
if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
1062
if((dirbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
1072
/* it's writable, so the enclosing directory had
1073
better not let people get to it. */
1074
if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
1076
if((dirbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
1079
perm=enc_dir_perm=1; /* unclear which one to fix! */
1097
log_info(_("WARNING: unsafe ownership on "
1098
"homedir \"%s\"\n"),tmppath);
1100
log_info(_("WARNING: unsafe ownership on "
1101
"configuration file \"%s\"\n"),tmppath);
1103
log_info(_("WARNING: unsafe ownership on "
1104
"extension \"%s\"\n"),tmppath);
1109
log_info(_("WARNING: unsafe permissions on "
1110
"homedir \"%s\"\n"),tmppath);
1112
log_info(_("WARNING: unsafe permissions on "
1113
"configuration file \"%s\"\n"),tmppath);
1115
log_info(_("WARNING: unsafe permissions on "
1116
"extension \"%s\"\n"),tmppath);
1121
log_info(_("WARNING: unsafe enclosing directory ownership on "
1122
"homedir \"%s\"\n"),tmppath);
1124
log_info(_("WARNING: unsafe enclosing directory ownership on "
1125
"configuration file \"%s\"\n"),tmppath);
1127
log_info(_("WARNING: unsafe enclosing directory ownership on "
1128
"extension \"%s\"\n"),tmppath);
1133
log_info(_("WARNING: unsafe enclosing directory permissions on "
1134
"homedir \"%s\"\n"),tmppath);
1136
log_info(_("WARNING: unsafe enclosing directory permissions on "
1137
"configuration file \"%s\"\n"),tmppath);
1139
log_info(_("WARNING: unsafe enclosing directory permissions on "
1140
"extension \"%s\"\n"),tmppath);
1152
#endif /* HAVE_STAT && !HAVE_DOSISH_SYSTEM */
1158
main( int argc, char **argv )
1160
ARGPARSE_ARGS pargs;
1168
STRLIST sl, remusr= NULL, locusr=NULL;
1169
STRLIST nrings=NULL, sec_nrings=NULL;
1170
armor_filter_context_t afx;
1171
int detached_sig = 0;
1172
FILE *configfp = NULL;
1173
char *configname = NULL;
1174
const char *config_filename = NULL;
1175
unsigned configlineno;
1176
int parse_debug = 0;
1177
int default_config = 1;
1178
int default_keyring = 1;
1181
char *logfile = NULL;
1182
int use_random_seed = 1;
1183
enum cmd_and_opt_values cmd = 0;
1184
const char *debug_level = NULL;
1185
const char *trustdb_name = NULL;
1186
char *def_cipher_string = NULL;
1187
char *def_digest_string = NULL;
1188
char *def_compress_string = NULL;
1189
char *cert_digest_string = NULL;
1190
char *s2k_cipher_string = NULL;
1191
char *s2k_digest_string = NULL;
1192
char *pers_cipher_list = NULL;
1193
char *pers_digest_list = NULL;
1194
char *pers_compress_list = NULL;
1198
int with_fpr = 0; /* make an option out of --fingerprint */
1199
int any_explicit_recipient = 0;
1202
riscos_global_defaults();
1204
#endif /* __riscos__ */
1207
set_strusage (my_strusage);
1208
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
1209
/* We don't need any locking in libgcrypt unless we use any kind of
1211
gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING);
1212
/* Please note that we may running SUID(ROOT), so be very CAREFUL
1213
* when adding any stuff between here and the call to
1214
* secmem_init() somewhere after the option parsing
1216
log_set_prefix ("gpg", 1);
1217
/* check that the libraries are suitable. Do it here because the
1218
option parse may need services of the library */
1219
if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
1221
log_fatal( _("libgcrypt is too old (need %s, have %s)\n"),
1222
NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
1225
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
1227
may_coredump = disable_core_dumps();
1228
gnupg_init_signals (0, emergency_cleanup);
1229
create_dotlock (NULL); /* register locking cleanup */
1232
opt.command_fd = -1; /* no command fd */
1233
opt.compress = -1; /* defaults to standard compress level */
1234
/* note: if you change these lines, look at oOpenPGP */
1235
opt.def_cipher_algo = 0;
1236
opt.def_digest_algo = 0;
1237
opt.cert_digest_algo = 0;
1238
opt.def_compress_algo = -1;
1239
opt.s2k_mode = 3; /* iterated+salted */
1240
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
1242
opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
1244
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
1246
opt.completes_needed = 1;
1247
opt.marginals_needed = 3;
1248
opt.max_cert_depth = 5;
1249
opt.pgp2_workarounds = 1;
1250
opt.force_v3_sigs = 1;
1251
opt.escape_from = 1;
1252
opt.import_options=IMPORT_SK2PK;
1254
EXPORT_INCLUDE_NON_RFC|EXPORT_INCLUDE_ATTRIBUTES;
1255
opt.keyserver_options.import_options=IMPORT_REPAIR_PKS_SUBKEY_BUG;
1256
opt.keyserver_options.export_options=
1257
EXPORT_INCLUDE_NON_RFC|EXPORT_INCLUDE_ATTRIBUTES;
1258
opt.keyserver_options.include_subkeys=1;
1259
opt.keyserver_options.include_revoked=1;
1260
opt.keyserver_options.try_dns_srv=1;
1262
VERIFY_SHOW_POLICY|VERIFY_SHOW_NOTATION|VERIFY_SHOW_KEYSERVER;
1263
opt.trust_model=TM_AUTO;
1264
opt.mangle_dos_filenames = 1;
1267
set_homedir ( default_homedir () );
1269
/* Check whether we have a config file on the commandline */
1274
pargs.flags= 1|(1<<6); /* do not remove the args, ignore version */
1275
while( arg_parse( &pargs, opts) ) {
1276
if( pargs.r_opt == oDebug || pargs.r_opt == oDebugAll )
1278
else if( pargs.r_opt == oOptions ) {
1279
/* yes there is one, so we do not try the default one, but
1280
* read the option file when it is encountered at the commandline
1284
else if( pargs.r_opt == oNoOptions )
1285
default_config = 0; /* --no-options */
1286
else if( pargs.r_opt == oHomedir )
1287
set_homedir ( pargs.r.ret_str );
1288
else if( pargs.r_opt == oNoPermissionWarn )
1290
else if (pargs.r_opt == oStrict )
1295
else if (pargs.r_opt == oNoStrict )
1302
#ifdef HAVE_DOSISH_SYSTEM
1303
if ( strchr (opt.homedir,'\\') ) {
1304
char *d, *buf = xmalloc (strlen (opt.homedir)+1);
1305
const char *s = opt.homedir;
1306
for (d=buf,s=opt.homedir; *s; s++)
1307
*d++ = *s == '\\'? '/': *s;
1313
/* Initialize the secure memory. */
1314
gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
1316
/* Okay, we are now working under our real uid */
1318
/* malloc hooks go here ... */
1319
assuan_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
1321
set_native_charset (NULL); /* Try to auto set the character set */
1323
/* Try for a version specific config file first */
1324
if( default_config )
1326
char *name = xstrdup ("gpg" EXTSEP_S "conf-" SAFE_VERSION);
1327
char *ver = name + strlen("gpg" EXTSEP_S "conf-");
1338
if((tok=strrchr (ver,SAFE_VERSION_DASH)))
1340
else if((tok=strrchr (ver,SAFE_VERSION_DOT)))
1346
configname = make_filename (opt.homedir, name, NULL);
1348
while ( access(configname,R_OK) );
1351
if (!access (configname, R_OK))
1352
{ /* Print a warning when both config files are present. */
1353
char *p = make_filename(opt.homedir, "options", NULL );
1354
if (!access (p, R_OK))
1355
log_info (_("NOTE: old default options file `%s' ignored\n"), p);
1359
{ /* Keep on using the old default one. */
1361
configname = make_filename(opt.homedir, "options", NULL );
1368
pargs.flags= 1; /* do not remove the args */
1370
/* By this point we have a homedir, and cannot change it. */
1371
check_permissions(opt.homedir,0);
1375
if(check_permissions(configname,1))
1377
/* If any options file is unsafe, then disable any external
1378
programs for keyserver calls or photo IDs. Since the
1379
external program to call is set in the options file, a
1380
unsafe options file can lead to an arbitrary program
1387
configfp = fopen( configname, "r" );
1389
if( default_config ) {
1391
log_info(_("NOTE: no default option file `%s'\n"),
1395
log_error(_("option file `%s': %s\n"),
1396
configname, strerror(errno) );
1399
xfree (configname); configname = NULL;
1401
if( parse_debug && configname )
1402
log_info(_("reading options from `%s'\n"), configname );
1406
while( optfile_parse( configfp, configname, &configlineno,
1408
switch( pargs.r_opt ) {
1409
case aCheckKeys: set_cmd( &cmd, aCheckKeys); break;
1410
case aListPackets: set_cmd( &cmd, aListPackets); break;
1411
case aImport: set_cmd( &cmd, aImport); break;
1412
case aFastImport: set_cmd( &cmd, aFastImport); break;
1413
case aSendKeys: set_cmd( &cmd, aSendKeys); break;
1414
case aRecvKeys: set_cmd( &cmd, aRecvKeys); break;
1415
case aSearchKeys: set_cmd( &cmd, aSearchKeys); break;
1416
case aRefreshKeys: set_cmd( &cmd, aRefreshKeys); break;
1417
case aExport: set_cmd( &cmd, aExport); break;
1418
case aExportAll: set_cmd( &cmd, aExportAll); break;
1419
case aListKeys: set_cmd( &cmd, aListKeys); break;
1420
case aListSigs: set_cmd( &cmd, aListSigs); break;
1421
case aExportSecret: set_cmd( &cmd, aExportSecret); break;
1422
case aExportSecretSub: set_cmd( &cmd, aExportSecretSub); break;
1423
case aDeleteSecretKeys: set_cmd( &cmd, aDeleteSecretKeys);
1425
case aDeleteSecretAndPublicKeys:
1426
set_cmd( &cmd, aDeleteSecretAndPublicKeys);
1429
case aDeleteKeys: set_cmd( &cmd, aDeleteKeys); greeting=1; break;
1431
case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
1432
case aSym: set_cmd( &cmd, aSym); break;
1434
case aDecryptFiles: multifile=1; /* fall through */
1435
case aDecrypt: set_cmd( &cmd, aDecrypt); break;
1437
case aEncrFiles: multifile=1; /* fall through */
1438
case aEncr: set_cmd( &cmd, aEncr); break;
1440
case aVerifyFiles: multifile=1; /* fall through */
1441
case aVerify: set_cmd( &cmd, aVerify); break;
1443
case aSign: set_cmd( &cmd, aSign ); break;
1444
case aKeygen: set_cmd( &cmd, aKeygen); greeting=1; break;
1445
case aSignKey: set_cmd( &cmd, aSignKey); break;
1446
case aLSignKey: set_cmd( &cmd, aLSignKey); break;
1447
case aNRSignKey: set_cmd( &cmd, aNRSignKey); break;
1448
case aNRLSignKey: set_cmd( &cmd, aNRLSignKey); break;
1449
case aStore: set_cmd( &cmd, aStore); break;
1450
case aEditKey: set_cmd( &cmd, aEditKey); greeting=1; break;
1451
case aClearsign: set_cmd( &cmd, aClearsign); break;
1452
case aGenRevoke: set_cmd( &cmd, aGenRevoke); break;
1453
case aDesigRevoke: set_cmd( &cmd, aDesigRevoke); break;
1455
case aPrimegen: set_cmd( &cmd, aPrimegen); break;
1456
case aGenRandom: set_cmd( &cmd, aGenRandom); break;
1457
case aPrintMD: set_cmd( &cmd, aPrintMD); break;
1458
case aPrintMDs: set_cmd( &cmd, aPrintMDs); break;
1459
case aListTrustDB: set_cmd( &cmd, aListTrustDB); break;
1460
case aCheckTrustDB: set_cmd( &cmd, aCheckTrustDB); break;
1461
case aUpdateTrustDB: set_cmd( &cmd, aUpdateTrustDB); break;
1462
case aFixTrustDB: set_cmd( &cmd, aFixTrustDB); break;
1463
case aListTrustPath: set_cmd( &cmd, aListTrustPath); break;
1464
case aDeArmor: set_cmd( &cmd, aDeArmor); break;
1465
case aEnArmor: set_cmd( &cmd, aEnArmor); break;
1466
case aListOwnerTrust:
1467
deprecated_warning(configname,configlineno,
1468
"--list-ownertrust","--export-ownertrust","");
1469
case aExportOwnerTrust: set_cmd( &cmd, aExportOwnerTrust); break;
1470
case aImportOwnerTrust: set_cmd( &cmd, aImportOwnerTrust); break;
1471
case aPipeMode: set_cmd( &cmd, aPipeMode); break;
1472
case aRebuildKeydbCaches: set_cmd( &cmd, aRebuildKeydbCaches); break;
1474
case aCardStatus: set_cmd (&cmd, aCardStatus); break;
1475
case aCardEdit: set_cmd (&cmd, aCardEdit); break;
1476
case aChangePIN: set_cmd (&cmd, aChangePIN); break;
1478
set_cmd (&cmd, aGPGConfList);
1482
case oArmor: opt.armor = 1; opt.no_armor=0; break;
1483
case oOutput: opt.outfile = pargs.r.ret_str; break;
1484
case oQuiet: opt.quiet = 1; break;
1485
case oNoTTY: tty_no_terminal(1); break;
1486
case oDryRun: opt.dry_run = 1; break;
1487
case oInteractive: opt.interactive = 1; break;
1488
case oVerbose: g10_opt_verbose++;
1489
opt.verbose++; opt.list_sigs=1; break;
1491
case oLogFile: logfile = pargs.r.ret_str; break;
1493
case oBatch: opt.batch = 1; nogreeting = 1; break;
1497
#else /* __riscos__ */
1499
riscos_not_implemented("use-agent");
1500
#endif /* __riscos__ */
1502
case oNoUseAgent: opt.use_agent = 0; break;
1503
case oGpgAgentInfo: opt.gpg_agent_info = pargs.r.ret_str; break;
1504
case oAnswerYes: opt.answer_yes = 1; break;
1505
case oAnswerNo: opt.answer_no = 1; break;
1506
case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
1507
case oPrimaryKeyring:
1508
sl=append_to_strlist( &nrings, pargs.r.ret_str);
1511
case oShowKeyring: opt.list_options|=LIST_SHOW_KEYRING; break;
1512
case oDebug: opt.debug |= pargs.r.ret_ulong; break;
1513
case oDebugAll: opt.debug = ~0; break;
1514
case oDebugLevel: debug_level = pargs.r.ret_str; break;
1516
set_status_fd( iobuf_translate_file_handle (pargs.r.ret_int, 1) );
1520
set_status_fd( iobuf_translate_file_handle ( riscos_fdopenfile (pargs.r.ret_str, 1), 1) );
1522
#endif /* __riscos__ */
1524
set_attrib_fd(iobuf_translate_file_handle (pargs.r.ret_int, 1));
1527
case oAttributeFile:
1528
set_attrib_fd(iobuf_translate_file_handle ( riscos_fdopenfile (pargs.r.ret_str, 1), 1) );
1530
#endif /* __riscos__ */
1532
log_set_fd (iobuf_translate_file_handle (pargs.r.ret_int, 1));
1536
log_set_logfile( NULL,
1537
iobuf_translate_file_handle ( riscos_fdopenfile (pargs.r.ret_str, 1), 1) );
1539
#endif /* __riscos__ */
1540
case oWithFingerprint:
1541
opt.with_fingerprint = 1;
1542
with_fpr=1; /*fall thru*/
1543
case oFingerprint: opt.fingerprint++; break;
1544
case oSecretKeyring: append_to_strlist( &sec_nrings, pargs.r.ret_str); break;
1546
/* config files may not be nested (silently ignore them) */
1549
configname = xstrdup (pargs.r.ret_str);
1553
case oNoArmor: opt.no_armor=1; opt.armor=0; break;
1554
case oNoDefKeyring: default_keyring = 0; break;
1555
case oDefCertCheckLevel: opt.def_cert_check_level=pargs.r.ret_int; break;
1556
case oNoGreeting: nogreeting = 1; break;
1557
case oNoVerbose: g10_opt_verbose = 0;
1558
opt.verbose = 0; opt.list_sigs=0; break;
1559
/* disabled for now:
1560
case oQuickRandom: quick_random_gen(1); break; */
1561
case oSKComments: opt.sk_comments=1; break;
1562
case oNoSKComments: opt.sk_comments=0; break;
1563
case oEmitVersion: opt.no_version=0; break;
1564
case oNoEmitVersion: opt.no_version=1; break;
1565
case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break;
1566
case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break;
1567
case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break;
1568
case oTrustDBName: trustdb_name = pargs.r.ret_str; break;
1569
case oDefaultKey: opt.def_secret_key = pargs.r.ret_str; break;
1571
if( *pargs.r.ret_str )
1572
opt.def_recipient = make_username(pargs.r.ret_str);
1574
case oDefRecipientSelf:
1575
xfree (opt.def_recipient); opt.def_recipient = NULL;
1576
opt.def_recipient_self = 1;
1578
case oNoDefRecipient:
1579
xfree (opt.def_recipient); opt.def_recipient = NULL;
1580
opt.def_recipient_self = 0;
1582
case oNoOptions: opt.no_homedir_creation = 1; break; /* no-options */
1583
case oHomedir: break;
1584
case oNoBatch: opt.batch = 0; break;
1585
case oWithKeyData: opt.with_key_data=1; /* fall thru */
1586
case oWithColons: opt.with_colons=':'; break;
1588
case oSkipVerify: opt.skip_verify=1; break;
1589
case oCompressKeys: opt.compress_keys = 1; break;
1590
case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
1591
/* There are many programs (like mutt) that call gpg with
1592
--always-trust so keep this option around for a long
1594
case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break;
1596
if(ascii_strcasecmp(pargs.r.ret_str,"pgp")==0)
1597
opt.trust_model=TM_PGP;
1598
else if(ascii_strcasecmp(pargs.r.ret_str,"classic")==0)
1599
opt.trust_model=TM_CLASSIC;
1600
else if(ascii_strcasecmp(pargs.r.ret_str,"always")==0)
1601
opt.trust_model=TM_ALWAYS;
1602
else if(ascii_strcasecmp(pargs.r.ret_str,"auto")==0)
1603
opt.trust_model=TM_AUTO;
1605
log_error("unknown trust model \"%s\"\n",pargs.r.ret_str);
1607
case oForceOwnertrust:
1608
log_info(_("NOTE: %s is not for normal use!\n"),
1609
"--force-ownertrust");
1610
opt.force_ownertrust=string_to_trust_value(pargs.r.ret_str);
1611
if(opt.force_ownertrust==-1)
1613
log_error("invalid ownertrust \"%s\"\n",pargs.r.ret_str);
1614
opt.force_ownertrust=0;
1617
case oLoadExtension:
1619
#if defined(USE_DYNAMIC_LINKING) || defined(_WIN32)
1620
if(check_permissions(pargs.r.ret_str,2))
1621
log_info(_("cipher extension \"%s\" not loaded due to "
1622
"unsafe permissions\n"),pargs.r.ret_str);
1624
register_cipher_extension(orig_argc? *orig_argv:NULL,
1627
#else /* __riscos__ */
1628
riscos_not_implemented("load-extension");
1629
#endif /* __riscos__ */
1632
opt.compliance = CO_RFC1991;
1633
opt.force_v4_certs = 0;
1634
opt.escape_from = 1;
1638
/* TODO: When 2440bis becomes a RFC, these may need
1640
opt.compliance = CO_RFC2440;
1641
opt.allow_non_selfsigned_uid = 1;
1642
opt.allow_freeform_uid = 1;
1643
opt.pgp2_workarounds = 0;
1644
opt.escape_from = 0;
1645
opt.force_v3_sigs = 0;
1646
opt.compress_keys = 0; /* not mandated but we do it */
1647
opt.compress_sigs = 0; /* ditto. */
1648
opt.not_dash_escaped = 0;
1649
opt.def_cipher_algo = 0;
1650
opt.def_digest_algo = 0;
1651
opt.cert_digest_algo = 0;
1652
opt.def_compress_algo = -1;
1653
opt.s2k_mode = 3; /* iterated+salted */
1654
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
1655
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
1657
case oPGP2: opt.compliance = CO_PGP2; break;
1658
case oPGP6: opt.compliance = CO_PGP6; break;
1659
case oPGP7: opt.compliance = CO_PGP7; break;
1660
case oPGP8: opt.compliance = CO_PGP8; break;
1661
case oGnuPG: opt.compliance = CO_GNUPG; break;
1662
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
1663
case oCompressSigs: opt.compress_sigs = 1; break;
1664
case oSetFilename: opt.set_filename = pargs.r.ret_str; break;
1665
case oForYourEyesOnly: eyes_only = 1; break;
1666
case oNoForYourEyesOnly: eyes_only = 0; break;
1668
add_policy_url(pargs.r.ret_str,0);
1669
add_policy_url(pargs.r.ret_str,1);
1671
case oSigPolicyURL: add_policy_url(pargs.r.ret_str,0); break;
1672
case oCertPolicyURL: add_policy_url(pargs.r.ret_str,1); break;
1673
case oShowPolicyURL:
1674
opt.list_options|=LIST_SHOW_POLICY;
1675
opt.verify_options|=VERIFY_SHOW_POLICY;
1677
case oNoShowPolicyURL:
1678
opt.list_options&=~LIST_SHOW_POLICY;
1679
opt.verify_options&=~VERIFY_SHOW_POLICY;
1681
case oSigKeyserverURL: add_keyserver_url(pargs.r.ret_str,0); break;
1682
case oUseEmbeddedFilename: opt.use_embedded_filename = 1; break;
1684
case oComment: add_to_strlist(&opt.comments,pargs.r.ret_str); break;
1685
case oDefaultComment:
1686
deprecated_warning(configname,configlineno,
1687
"--default-comment","--no-comments","");
1690
free_strlist(opt.comments);
1694
case oThrowKeyid: opt.throw_keyid = 1; break;
1695
case oNoThrowKeyid: opt.throw_keyid = 0; break;
1697
opt.list_options|=LIST_SHOW_PHOTOS;
1698
opt.verify_options|=VERIFY_SHOW_PHOTOS;
1701
opt.list_options&=~LIST_SHOW_PHOTOS;
1702
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
1704
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
1705
case oForceV3Sigs: opt.force_v3_sigs = 1; break;
1706
case oNoForceV3Sigs: opt.force_v3_sigs = 0; break;
1707
case oForceV4Certs: opt.force_v4_certs = 1; break;
1708
case oNoForceV4Certs: opt.force_v4_certs = 0; break;
1709
case oForceMDC: opt.force_mdc = 1; break;
1710
case oNoForceMDC: opt.force_mdc = 0; break;
1711
case oDisableMDC: opt.disable_mdc = 1; break;
1712
case oNoDisableMDC: opt.disable_mdc = 0; break;
1713
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
1714
case oS2KDigest: s2k_digest_string = xstrdup (pargs.r.ret_str); break;
1715
case oS2KCipher: s2k_cipher_string = xstrdup (pargs.r.ret_str); break;
1716
case oSimpleSKChecksum: opt.simple_sk_checksum = 1; break;
1717
case oNoEncryptTo: opt.no_encrypt_to = 1; break;
1718
case oEncryptTo: /* store the recipient in the second list */
1719
sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
1722
case oHiddenEncryptTo: /* store the recipient in the second list */
1723
sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
1726
case oRecipient: /* store the recipient */
1727
add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
1728
any_explicit_recipient = 1;
1730
case oHiddenRecipient: /* store the recipient with a flag */
1731
sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
1733
any_explicit_recipient = 1;
1735
case oTextmodeShort: opt.textmode = 2; break;
1736
case oTextmode: opt.textmode=1; break;
1737
case oNoTextmode: opt.textmode=0; break;
1738
case oExpert: opt.expert = 1; break;
1739
case oNoExpert: opt.expert = 0; break;
1740
case oAskSigExpire: opt.ask_sig_expire = 1; break;
1741
case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
1742
case oAskCertExpire: opt.ask_cert_expire = 1; break;
1743
case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
1744
case oUser: /* store the local users */
1745
add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
1747
case oCompress: opt.compress = pargs.r.ret_int; break;
1749
pwfd = iobuf_translate_file_handle (pargs.r.ret_int, 0);
1754
pwfd = iobuf_translate_file_handle ( riscos_fdopenfile (pargs.r.ret_str, 0), 0);
1756
#endif /* __riscos__ */
1758
opt.command_fd = iobuf_translate_file_handle (pargs.r.ret_int, 0);
1762
opt.command_fd = iobuf_translate_file_handle ( riscos_fdopenfile (pargs.r.ret_str, 0), 0);
1764
#endif /* __riscos__ */
1765
case oCipherAlgo: def_cipher_string = xstrdup (pargs.r.ret_str); break;
1766
case oDigestAlgo: def_digest_string = xstrdup (pargs.r.ret_str); break;
1768
/* If it is all digits, stick a Z in front of it for
1769
later. This is for backwards compatibility with
1770
versions that took the compress algorithm number. */
1772
char *pt=pargs.r.ret_str;
1783
def_compress_string=xmalloc (strlen(pargs.r.ret_str)+2);
1784
strcpy(def_compress_string,"Z");
1785
strcat(def_compress_string,pargs.r.ret_str);
1788
def_compress_string = xstrdup (pargs.r.ret_str);
1791
case oCertDigestAlgo: cert_digest_string = xstrdup (pargs.r.ret_str); break;
1793
gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
1795
case oNoPermissionWarn: opt.no_perm_warn=1; break;
1796
case oNoMDCWarn: opt.no_mdc_warn=1; break;
1798
if( set_native_charset( pargs.r.ret_str ) )
1799
log_error(_("%s is not a valid character set\n"),
1802
case oNotDashEscaped: opt.not_dash_escaped = 1; break;
1803
case oEscapeFrom: opt.escape_from = 1; break;
1804
case oNoEscapeFrom: opt.escape_from = 0; break;
1805
case oLockOnce: opt.lock_once = 1; break;
1806
case oLockNever: disable_dotlock(); break;
1810
#else /* __riscos__ */
1811
riscos_not_implemented("lock-multiple");
1812
#endif /* __riscos__ */
1815
opt.keyserver_uri=xstrdup (pargs.r.ret_str);
1816
if(parse_keyserver_uri(pargs.r.ret_str,configname,configlineno))
1817
log_error(_("could not parse keyserver URI\n"));
1819
case oKeyServerOptions:
1820
parse_keyserver_options(pargs.r.ret_str);
1822
case oImportOptions:
1823
if(!parse_import_options(pargs.r.ret_str,&opt.import_options))
1826
log_error(_("%s:%d: invalid import options\n"),
1827
configname,configlineno);
1829
log_error(_("invalid import options\n"));
1832
case oExportOptions:
1833
if(!parse_export_options(pargs.r.ret_str,&opt.export_options))
1836
log_error(_("%s:%d: invalid export options\n"),
1837
configname,configlineno);
1839
log_error(_("invalid export options\n"));
1844
struct parse_options lopts[]=
1846
{"show-photos",LIST_SHOW_PHOTOS},
1847
{"show-policy-url",LIST_SHOW_POLICY},
1848
{"show-notation",LIST_SHOW_NOTATION},
1849
{"show-keyserver-url",LIST_SHOW_KEYSERVER},
1850
{"show-validity",LIST_SHOW_VALIDITY},
1851
{"show-long-keyid",LIST_SHOW_LONG_KEYID},
1852
{"show-keyring",LIST_SHOW_KEYRING},
1853
{"show-sig-expire",LIST_SHOW_SIG_EXPIRE},
1857
if(!parse_options(pargs.r.ret_str,&opt.list_options,lopts))
1860
log_error(_("%s:%d: invalid list options\n"),
1861
configname,configlineno);
1863
log_error(_("invalid list options\n"));
1867
case oVerifyOptions:
1869
struct parse_options vopts[]=
1871
{"show-photos",VERIFY_SHOW_PHOTOS},
1872
{"show-policy-url",VERIFY_SHOW_POLICY},
1873
{"show-notation",VERIFY_SHOW_NOTATION},
1874
{"show-keyserver-url",VERIFY_SHOW_KEYSERVER},
1875
{"show-validity",VERIFY_SHOW_VALIDITY},
1876
{"show-long-keyid",VERIFY_SHOW_LONG_KEYID},
1880
if(!parse_options(pargs.r.ret_str,&opt.verify_options,vopts))
1883
log_error(_("%s:%d: invalid verify options\n"),
1884
configname,configlineno);
1886
log_error(_("invalid verify options\n"));
1890
case oTempDir: opt.temp_dir=pargs.r.ret_str; break;
1892
if(set_exec_path(pargs.r.ret_str,0))
1893
log_error(_("unable to set exec-path to %s\n"),pargs.r.ret_str);
1895
opt.exec_path_set=1;
1898
add_notation_data( pargs.r.ret_str, 0 );
1899
add_notation_data( pargs.r.ret_str, 1 );
1901
case oSigNotation: add_notation_data( pargs.r.ret_str, 0 ); break;
1902
case oCertNotation: add_notation_data( pargs.r.ret_str, 1 ); break;
1904
opt.list_options|=LIST_SHOW_NOTATION;
1905
opt.verify_options|=VERIFY_SHOW_NOTATION;
1907
case oNoShowNotation:
1908
opt.list_options&=~LIST_SHOW_NOTATION;
1909
opt.verify_options&=~VERIFY_SHOW_NOTATION;
1911
case oUtf8Strings: utf8_strings = 1; break;
1912
case oNoUtf8Strings: utf8_strings = 0; break;
1913
case oDisableCipherAlgo:
1915
int algo = gcry_cipher_map_name (pargs.r.ret_str);
1916
gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO,
1917
&algo, sizeof algo);
1920
case oDisablePubkeyAlgo:
1922
int algo = gcry_pk_map_name (pargs.r.ret_str);
1923
gcry_pk_ctl (GCRYCTL_DISABLE_ALGO,
1924
&algo, sizeof algo );
1927
case oNoSigCache: opt.no_sig_cache = 1; break;
1928
case oNoSigCreateCheck: opt.no_sig_create_check = 1; break;
1929
case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
1930
case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
1931
case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
1932
case oNoAllowFreeformUID: opt.allow_freeform_uid = 0; break;
1933
case oNoLiteral: opt.no_literal = 1; break;
1934
case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
1935
case oHonorHttpProxy:
1936
opt.keyserver_options.honor_http_proxy = 1;
1937
deprecated_warning(configname,configlineno,
1938
"--honor-http-proxy",
1939
"--keyserver-options ",
1940
"honor-http-proxy");
1942
case oFastListMode: opt.fast_list_mode = 1; break;
1943
case oFixedListMode: opt.fixed_list_mode = 1; break;
1944
case oListOnly: opt.list_only=1; break;
1945
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
1946
case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
1947
case oIgnoreCrcError: opt.ignore_crc_error = 1; break;
1948
case oIgnoreMDCError: opt.ignore_mdc_error = 1; break;
1949
case oNoRandomSeedFile: use_random_seed = 0; break;
1950
case oAutoKeyRetrieve:
1951
case oNoAutoKeyRetrieve:
1952
opt.keyserver_options.auto_key_retrieve=
1953
(pargs.r_opt==oAutoKeyRetrieve);
1954
deprecated_warning(configname,configlineno,
1955
pargs.r_opt==oAutoKeyRetrieve?"--auto-key-retrieve":
1956
"--no-auto-key-retrieve","--keyserver-options ",
1957
pargs.r_opt==oAutoKeyRetrieve?"auto-key-retrieve":
1958
"no-auto-key-retrieve");
1960
case oShowSessionKey: opt.show_session_key = 1; break;
1961
case oOverrideSessionKey:
1962
opt.override_session_key = pargs.r.ret_str;
1964
case oMergeOnly: opt.merge_only = 1; break;
1965
case oAllowSecretKeyImport: /* obsolete */ break;
1966
case oTryAllSecrets: opt.try_all_secrets = 1; break;
1967
case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
1968
case oEnableSpecialFilenames:
1969
iobuf_enable_special_filenames (1);
1971
case oNoExpensiveTrustChecks: opt.no_expensive_trust_checks=1; break;
1972
case oAutoCheckTrustDB: opt.no_auto_check_trustdb=0; break;
1973
case oNoAutoCheckTrustDB: opt.no_auto_check_trustdb=1; break;
1974
case oPreservePermissions: opt.preserve_permissions=1; break;
1975
case oDefaultPreferenceList:
1976
opt.def_preference_list = pargs.r.ret_str;
1978
case oPersonalCipherPreferences:
1979
pers_cipher_list=pargs.r.ret_str;
1981
case oPersonalDigestPreferences:
1982
pers_digest_list=pargs.r.ret_str;
1984
case oPersonalCompressPreferences:
1985
pers_compress_list=pargs.r.ret_str;
1987
case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
1988
case oDisplay: opt.display = pargs.r.ret_str; break;
1989
case oTTYname: opt.ttyname = pargs.r.ret_str; break;
1990
case oTTYtype: opt.ttytype = pargs.r.ret_str; break;
1991
case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
1992
case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
1993
case oGroup: add_group(pargs.r.ret_str); break;
1994
case oStrict: opt.strict=1; log_set_strict(1); break;
1995
case oNoStrict: opt.strict=0; log_set_strict(0); break;
1997
case oMangleDosFilenames: opt.mangle_dos_filenames = 1; break;
1998
case oNoMangleDosFilenames: opt.mangle_dos_filenames = 0; break;
2000
case oEnableProgressFilter: opt.enable_progress_filter = 1; break;
2001
case oMultifile: multifile=1; break;
2003
default : pargs.err = configfp? 1:2; break;
2010
config_filename = configname; /* Keep a copy of the config
2015
xfree ( configname ); configname = NULL;
2016
if( log_get_errorcount(0) )
2022
fprintf(stderr, "%s %s; %s\n",
2023
strusage(11), strusage(13), strusage(14) );
2024
fprintf(stderr, "%s\n", strusage(15) );
2026
#ifdef IS_DEVELOPMENT_VERSION
2028
log_info("NOTE: THIS IS A DEVELOPMENT VERSION!\n");
2029
log_info("It is only intended for test purposes and should NOT be\n");
2030
log_info("used in a production environment or with production keys!\n");
2034
log_info ("WARNING: This version of gpg is not very matured and\n");
2035
log_info ("WARNING: only intended for testing. Please keep using\n");
2036
log_info ("WARNING: gpg 1.2.x, 1.3.x or 1.4.x for OpenPGP\n");
2038
/* FIXME: We should use the lggging to a file only in server mode;
2039
however we have not yet implemetyed that thus we try to get
2040
away with --batch as indication for logging to file required. */
2041
if (logfile && opt.batch)
2043
log_set_file (logfile);
2044
log_set_prefix (NULL, 1|2|4);
2047
if (opt.verbose > 2)
2048
log_info ("using character set `%s'\n", get_native_charset ());
2050
if( may_coredump && !opt.quiet )
2051
log_info(_("WARNING: program may create a core file!\n"));
2054
if (opt.set_filename)
2055
log_info(_("WARNING: %s overrides %s\n"),
2056
"--for-your-eyes-only","--set-filename");
2058
opt.set_filename="_CONSOLE";
2061
if (opt.no_literal) {
2062
log_info(_("NOTE: %s is not for normal use!\n"), "--no-literal");
2064
log_error(_("%s not allowed with %s!\n"),
2065
"--textmode", "--no-literal" );
2066
if (opt.set_filename)
2067
log_error(_("%s makes no sense with %s!\n"),
2068
eyes_only?"--for-your-eyes-only":"--set-filename",
2072
if (opt.set_filesize)
2073
log_info(_("NOTE: %s is not for normal use!\n"), "--set-filesize");
2077
gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
2078
set_debug (debug_level);
2080
/* Do these after the switch(), so they can override settings. */
2085
if(cmd==aSign && !detached_sig)
2087
log_info(_("you can only make detached or clear signatures "
2088
"while in --pgp2 mode\n"));
2091
else if(cmd==aSignEncr || cmd==aSignSym)
2093
log_info(_("you can't sign and encrypt at the "
2094
"same time while in --pgp2 mode\n"));
2097
else if(argc==0 && (cmd==aSign || cmd==aEncr || cmd==aSym))
2099
log_info(_("you must use files (and not a pipe) when "
2100
"working with --pgp2 enabled.\n"));
2103
else if(cmd==aEncr || cmd==aSym)
2105
/* Everything else should work without IDEA (except using
2106
a secret key encrypted with IDEA and setting an IDEA
2107
preference, but those have their own error
2110
if(openpgp_cipher_test_algo (CIPHER_ALGO_IDEA))
2112
log_info(_("encrypting a message in --pgp2 mode requires "
2113
"the IDEA cipher\n"));
2114
idea_cipher_warn(1);
2119
/* This only sets IDEA for symmetric encryption
2120
since it is set via select_algo_from_prefs for
2122
xfree (def_cipher_string);
2123
def_cipher_string = xstrdup ("idea");
2126
/* PGP2 can't handle the output from the textmode
2127
filter, so we disable it for anything that could
2128
create a literal packet (only encryption and
2129
symmetric encryption, since we disable signing
2136
compliance_failure();
2139
opt.force_v4_certs = 0;
2140
opt.sk_comments = 0;
2141
opt.escape_from = 1;
2142
opt.force_v3_sigs = 1;
2143
opt.pgp2_workarounds = 1;
2144
opt.ask_sig_expire = 0;
2145
opt.ask_cert_expire = 0;
2146
xfree (def_digest_string);
2147
def_digest_string = xstrdup ("md5");
2148
opt.def_compress_algo = 1;
2155
opt.force_v3_sigs=1;
2156
opt.ask_sig_expire=0;
2162
opt.force_v3_sigs=1;
2163
opt.ask_sig_expire=0;
2170
/* must do this after dropping setuid, because string_to...
2171
* may try to load an module */
2172
if( def_cipher_string ) {
2173
opt.def_cipher_algo = gcry_cipher_map_name (def_cipher_string);
2174
if(opt.def_cipher_algo==0 &&
2175
(ascii_strcasecmp(def_cipher_string,"idea")==0
2176
|| ascii_strcasecmp(def_cipher_string,"s1")==0))
2177
idea_cipher_warn(1);
2178
xfree (def_cipher_string); def_cipher_string = NULL;
2179
if( openpgp_cipher_test_algo (opt.def_cipher_algo) )
2180
log_error(_("selected cipher algorithm is invalid\n"));
2182
if( def_digest_string ) {
2183
opt.def_digest_algo = gcry_md_map_name (def_digest_string);
2184
xfree (def_digest_string); def_digest_string = NULL;
2185
if( openpgp_md_test_algo (opt.def_digest_algo) )
2186
log_error(_("selected digest algorithm is invalid\n"));
2188
if( def_compress_string ) {
2189
opt.def_compress_algo = string_to_compress_algo(def_compress_string);
2190
xfree (def_compress_string); def_compress_string = NULL;
2191
if( check_compress_algo(opt.def_compress_algo) )
2192
log_error(_("selected compression algorithm is invalid\n"));
2194
if( cert_digest_string ) {
2195
opt.cert_digest_algo = gcry_md_map_name (cert_digest_string);
2196
xfree (cert_digest_string); cert_digest_string = NULL;
2197
if( openpgp_md_test_algo(opt.cert_digest_algo) )
2198
log_error(_("selected certification digest algorithm is invalid\n"));
2200
if( s2k_cipher_string ) {
2201
opt.s2k_cipher_algo = gcry_cipher_map_name (s2k_cipher_string);
2202
xfree (s2k_cipher_string); s2k_cipher_string = NULL;
2203
if( openpgp_cipher_test_algo (opt.s2k_cipher_algo) )
2204
log_error(_("selected cipher algorithm is invalid\n"));
2206
if( s2k_digest_string ) {
2207
opt.s2k_digest_algo = gcry_md_map_name (s2k_digest_string);
2208
xfree (s2k_digest_string); s2k_digest_string = NULL;
2209
if( openpgp_md_test_algo (opt.s2k_digest_algo) )
2210
log_error(_("selected digest algorithm is invalid\n"));
2212
if( opt.completes_needed < 1 )
2213
log_error(_("completes-needed must be greater than 0\n"));
2214
if( opt.marginals_needed < 2 )
2215
log_error(_("marginals-needed must be greater than 1\n"));
2216
if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
2217
log_error(_("max-cert-depth must be in range 1 to 255\n"));
2218
switch( opt.s2k_mode ) {
2220
log_info(_("NOTE: simple S2K mode (0) is strongly discouraged\n"));
2222
case 1: case 3: break;
2224
log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
2227
if(opt.def_cert_check_level<0 || opt.def_cert_check_level>3)
2228
log_error(_("invalid default-check-level; must be 0, 1, 2, or 3\n"));
2230
/* This isn't actually needed, but does serve to error out if the
2231
string is invalid. */
2232
if(opt.def_preference_list &&
2233
keygen_set_std_prefs(opt.def_preference_list,0))
2234
log_error(_("invalid default preferences\n"));
2236
/* We provide defaults for the personal digest list */
2237
if(!pers_digest_list)
2238
pers_digest_list="h2";
2240
if(pers_cipher_list &&
2241
keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM))
2242
log_error(_("invalid personal cipher preferences\n"));
2244
if(pers_digest_list &&
2245
keygen_set_std_prefs(pers_digest_list,PREFTYPE_HASH))
2246
log_error(_("invalid personal digest preferences\n"));
2248
if(pers_compress_list &&
2249
keygen_set_std_prefs(pers_compress_list,PREFTYPE_ZIP))
2250
log_error(_("invalid personal compress preferences\n"));
2252
/* We don't support all possible commands with multifile yet */
2263
cmdname="--clearsign";
2266
cmdname="--detach-sign";
2269
cmdname="--symmetric";
2280
log_error(_("%s does not yet work with %s\n"),cmdname,"--multifile");
2283
if( log_get_errorcount(0) )
2286
/* Check our chosen algorithms against the list of legal
2291
const char *badalg=NULL;
2292
preftype_t badtype=PREFTYPE_NONE;
2294
if (opt.def_cipher_algo
2295
&& !algo_available (PREFTYPE_SYM,opt.def_cipher_algo,NULL))
2297
badalg = gcry_cipher_algo_name (opt.def_cipher_algo);
2298
badtype = PREFTYPE_SYM;
2300
else if (opt.def_digest_algo
2301
&& !algo_available (PREFTYPE_HASH,opt.def_digest_algo,NULL))
2303
badalg = gcry_md_algo_name (opt.def_digest_algo);
2304
badtype = PREFTYPE_HASH;
2306
else if (opt.cert_digest_algo
2307
&& !algo_available (PREFTYPE_HASH,opt.cert_digest_algo,NULL))
2309
badalg = gcry_md_algo_name (opt.cert_digest_algo);
2310
badtype = PREFTYPE_HASH;
2312
else if (opt.def_compress_algo!=-1
2313
&& !algo_available (PREFTYPE_ZIP,opt.def_compress_algo,NULL))
2315
badalg = compress_algo_to_string (opt.def_compress_algo);
2316
badtype = PREFTYPE_ZIP;
2324
log_info(_("you may not use cipher algorithm \"%s\" "
2325
"while in %s mode\n"),
2326
badalg,compliance_option_string());
2329
log_info(_("you may not use digest algorithm \"%s\" "
2330
"while in %s mode\n"),
2331
badalg,compliance_option_string());
2334
log_info(_("you may not use compression algorithm \"%s\" "
2335
"while in %s mode\n"),
2336
badalg,compliance_option_string());
2342
compliance_failure();
2346
/* set the random seed file */
2347
if( use_random_seed ) {
2348
char *p = make_filename(opt.homedir, "random_seed", NULL );
2349
gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
2353
if( !cmd && opt.fingerprint && !with_fpr ) {
2354
set_cmd( &cmd, aListKeys);
2357
/* Compression algorithm 0 means no compression at all */
2358
if( opt.def_compress_algo == 0)
2361
/* kludge to let -sat generate a clear text signature */
2362
if( opt.textmode == 2 && !detached_sig && opt.armor && cmd == aSign )
2365
if( opt.verbose > 1 )
2366
set_packet_list_mode(1);
2368
/* Add the keyrings, but not for some special commands. Also
2369
avoid adding the secret keyring for a couple of commands to
2370
avoid unneeded access in case the secrings are stored on a
2372
if( cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfList )
2374
if (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys
2375
&& cmd != aVerify && cmd != aSym)
2377
if (!sec_nrings || default_keyring) /* add default secret rings */
2378
keydb_add_resource ("secring" EXTSEP_S "gpg", 0, 1);
2379
for (sl = sec_nrings; sl; sl = sl->next)
2380
keydb_add_resource ( sl->d, 0, 1 );
2382
if( !nrings || default_keyring ) /* add default ring */
2383
keydb_add_resource ("pubring" EXTSEP_S "gpg", 0, 0);
2384
for(sl = nrings; sl; sl = sl->next )
2385
keydb_add_resource ( sl->d, sl->flags, 0 );
2387
FREE_STRLIST(nrings);
2388
FREE_STRLIST(sec_nrings);
2391
if( pwfd != -1 ) /* read the passphrase now. */
2392
read_passphrase_from_fd( pwfd );
2394
fname = argc? *argv : NULL;
2409
case aExportOwnerTrust: rc = setup_trustdb( 0, trustdb_name ); break;
2410
case aListTrustDB: rc = setup_trustdb( argc? 1:0, trustdb_name ); break;
2411
default: rc = setup_trustdb(1, trustdb_name ); break;
2414
log_error(_("failed to initialize the TrustDB: %s\n"), gpg_strerror (rc));
2423
if (!opt.quiet && any_explicit_recipient)
2424
log_info (_("WARNING: recipients (-r) given "
2425
"without using public key encryption\n"));
2432
case aStore: /* only store the file */
2434
wrong_args(_("--store [filename]"));
2435
if( (rc = encode_store(fname)) )
2436
log_error ("\b%s: store failed: %s\n",
2437
print_fname_stdin(fname), gpg_strerror (rc) );
2439
case aSym: /* encrypt the given file only with the symmetric cipher */
2441
wrong_args(_("--symmetric [filename]"));
2442
if( (rc = encode_symmetric(fname)) )
2443
log_error ("\b%s: symmetric encryption failed: %s\n",
2444
print_fname_stdin(fname), gpg_strerror (rc) );
2447
case aEncr: /* encrypt the given file */
2449
encode_crypt_files(argc, argv, remusr);
2453
wrong_args(_("--encrypt [filename]"));
2454
if( (rc = encode_crypt(fname,remusr)) )
2455
log_error("%s: encryption failed: %s\n",
2456
print_fname_stdin(fname), gpg_strerror (rc) );
2460
case aSign: /* sign the given file */
2462
if( detached_sig ) { /* sign all files */
2463
for( ; argc; argc--, argv++ )
2464
add_to_strlist( &sl, *argv );
2468
wrong_args(_("--sign [filename]"));
2470
sl = xcalloc (1, sizeof *sl + strlen(fname));
2471
strcpy(sl->d, fname);
2474
if( (rc = sign_file( sl, detached_sig, locusr, 0, NULL, NULL)) )
2475
log_error("signing failed: %s\n", gpg_strerror (rc) );
2479
case aSignEncr: /* sign and encrypt the given file */
2481
wrong_args(_("--sign --encrypt [filename]"));
2483
sl = xcalloc (1, sizeof *sl + strlen(fname));
2484
strcpy(sl->d, fname);
2488
if( (rc = sign_file(sl, detached_sig, locusr, 1, remusr, NULL)) )
2489
log_error("%s: sign+encrypt failed: %s\n", print_fname_stdin(fname), gpg_strerror (rc) );
2493
case aSignSym: /* sign and conventionally encrypt the given file */
2495
wrong_args(_("--sign --symmetric [filename]"));
2496
rc = sign_symencrypt_file (fname, locusr);
2498
log_error("%s: sign+symmetric failed: %s\n",
2499
print_fname_stdin(fname), gpg_strerror (rc) );
2502
case aClearsign: /* make a clearsig */
2504
wrong_args(_("--clearsign [filename]"));
2505
if( (rc = clearsign_file(fname, locusr, NULL)) )
2506
log_error("%s: clearsign failed: %s\n",
2507
print_fname_stdin(fname), gpg_strerror (rc) );
2513
if( (rc = verify_files( argc, argv ) ))
2514
log_error("verify files failed: %s\n", gpg_strerror (rc) );
2518
if( (rc = verify_signatures( argc, argv ) ))
2519
log_error("verify signatures failed: %s\n", gpg_strerror (rc) );
2525
decrypt_messages(argc, argv);
2529
wrong_args(_("--decrypt [filename]"));
2530
if( (rc = decrypt_message( fname ) ))
2531
log_error("decrypt_message failed: %s\n", gpg_strerror (rc) );
2535
case aSignKey: /* sign the key given as argument */
2537
wrong_args(_("--sign-key user-id"));
2538
username = make_username( fname );
2539
keyedit_menu(fname, locusr, NULL, 1 );
2545
wrong_args(_("--lsign-key user-id"));
2546
username = make_username( fname );
2547
keyedit_menu(fname, locusr, NULL, 2 );
2553
wrong_args(_("--nrsign-key user-id"));
2554
username = make_username( fname );
2555
keyedit_menu(fname, locusr, NULL, 3 );
2561
wrong_args(_("--nrlsign-key user-id"));
2562
username = make_username( fname );
2563
keyedit_menu(fname, locusr, NULL, 4 );
2567
case aEditKey: /* Edit a key signature */
2569
wrong_args(_("--edit-key user-id [commands]"));
2570
username = make_username( fname );
2573
for( argc--, argv++ ; argc; argc--, argv++ )
2574
append_to_strlist( &sl, *argv );
2575
keyedit_menu( username, locusr, sl, 0 );
2579
keyedit_menu(username, locusr, NULL, 0 );
2584
case aDeleteSecretKeys:
2585
case aDeleteSecretAndPublicKeys:
2587
/* I'm adding these in reverse order as add_to_strlist2
2588
reverses them again, and it's easier to understand in the
2590
for( ; argc; argc-- )
2591
add_to_strlist2( &sl, argv[argc-1], utf8_strings );
2592
delete_keys(sl,cmd==aDeleteSecretKeys,cmd==aDeleteSecretAndPublicKeys);
2602
for( ; argc; argc--, argv++ )
2603
add_to_strlist2( &sl, *argv, utf8_strings );
2604
public_key_list( sl );
2607
case aListSecretKeys:
2609
for( ; argc; argc--, argv++ )
2610
add_to_strlist2( &sl, *argv, utf8_strings );
2611
secret_key_list( sl );
2615
case aKeygen: /* generate a key */
2618
wrong_args("--gen-key [parameterfile]");
2619
generate_keypair( argc? *argv : NULL, NULL );
2623
wrong_args("--gen-key");
2624
generate_keypair(NULL, NULL);
2629
opt.import_options |= IMPORT_FAST_IMPORT;
2631
import_keys( argc? argv:NULL, argc, NULL, opt.import_options );
2639
for( ; argc; argc--, argv++ )
2640
add_to_strlist2( &sl, *argv, utf8_strings );
2641
if( cmd == aSendKeys )
2642
rc=keyserver_export( sl );
2643
else if( cmd == aRecvKeys )
2644
rc=keyserver_import( sl );
2646
rc=export_pubkeys( sl, opt.export_options );
2650
log_error(_("keyserver send failed: %s\n"),gpg_strerror (rc));
2651
else if(cmd==aRecvKeys)
2652
log_error(_("keyserver receive failed: %s\n"),gpg_strerror (rc));
2654
log_error(_("key export failed: %s\n"),gpg_strerror (rc));
2661
for( ; argc; argc--, argv++ )
2664
sl = append_to_strlist ( &sl, *argv );
2667
char *p = native_to_utf8 ( *argv );
2668
sl = append_to_strlist( &sl, p );
2673
rc=keyserver_search( sl );
2675
log_error(_("keyserver search failed: %s\n"),gpg_strerror (rc));
2681
for( ; argc; argc--, argv++ )
2682
add_to_strlist2( &sl, *argv, utf8_strings );
2683
rc=keyserver_refresh(sl);
2685
log_error(_("keyserver refresh failed: %s\n"),gpg_strerror (rc));
2691
for( ; argc; argc--, argv++ )
2692
add_to_strlist2( &sl, *argv, utf8_strings );
2693
export_seckeys( sl );
2697
case aExportSecretSub:
2699
for( ; argc; argc--, argv++ )
2700
add_to_strlist2( &sl, *argv, utf8_strings );
2701
export_secsubkeys( sl );
2707
wrong_args("--gen-revoke user-id");
2708
username = make_username(*argv);
2709
gen_revoke( username );
2715
wrong_args("--desig-revoke user-id");
2716
username = make_username(*argv);
2717
gen_desig_revoke( username );
2723
wrong_args("--dearmor [file]");
2724
rc = dearmor_file( argc? *argv: NULL );
2726
log_error(_("dearmoring failed: %s\n"), gpg_strerror (rc));
2731
wrong_args("--enarmor [file]");
2732
rc = enarmor_file( argc? *argv: NULL );
2734
log_error(_("enarmoring failed: %s\n"), gpg_strerror (rc));
2740
{ int mode = argc < 2 ? 0 : atoi(*argv);
2742
if( mode == 1 && argc == 2 ) {
2743
mpi_print( stdout, generate_public_prime( atoi(argv[1]) ), 1);
2745
else if( mode == 2 && argc == 3 ) {
2746
mpi_print( stdout, generate_elg_prime(
2748
atoi(argv[2]), NULL,NULL ), 1);
2750
else if( mode == 3 && argc == 3 ) {
2751
gcry_mpi_t *factors;
2752
mpi_print( stdout, generate_elg_prime(
2754
atoi(argv[2]), NULL,&factors ), 1);
2756
mpi_print( stdout, factors[0], 1 ); /* print q */
2758
else if( mode == 4 && argc == 3 ) {
2759
gcry_mpi_t g = mpi_alloc(1);
2760
mpi_print( stdout, generate_elg_prime(
2762
atoi(argv[2]), g, NULL ), 1);
2764
mpi_print( stdout, g, 1 );
2768
wrong_args("--gen-prime mode bits [qbits] ");
2776
int level = argc ? atoi(*argv):0;
2777
int count = argc > 1 ? atoi(argv[1]): 0;
2778
int endless = !count;
2780
if( argc < 1 || argc > 2 || level < 0 || level > 2 || count < 0 )
2781
wrong_args("--gen-random 0|1|2 [count]");
2783
while( endless || count ) {
2785
/* Wee need a multiple of 3, so that in case of
2786
armored output we get a correct string. No
2787
linefolding is done, as it is best to levae this to
2789
size_t n = !endless && count < 99? count : 99;
2791
p = gcry_random_bytes (n, level);
2792
#ifdef HAVE_DOSISH_SYSTEM
2793
setmode ( fileno(stdout), O_BINARY );
2796
char *tmp = make_radix64_string (p, n);
2797
fputs (tmp, stdout);
2804
fwrite( p, n, 1, stdout );
2817
wrong_args("--print-md algo [files]");
2819
int all_algos = (**argv=='*' && !(*argv)[1]);
2820
int algo = all_algos? 0 : gcry_md_map_name (*argv);
2822
if( !algo && !all_algos )
2823
log_error(_("invalid hash algorithm `%s'\n"), *argv );
2827
print_mds(NULL, algo);
2829
for(; argc; argc--, argv++ )
2830
print_mds(*argv, algo);
2836
case aPrintMDs: /* old option */
2840
for(; argc; argc--, argv++ )
2849
for( ; argc; argc--, argv++ )
2850
list_trustdb( *argv );
2854
case aUpdateTrustDB:
2856
wrong_args("--update-trustdb");
2861
/* Old versions allowed for arguments - ignore them */
2866
log_error("this command is not yet implemented.\n");
2867
log_error("A workaround is to use \"--export-ownertrust\", remove\n");
2868
log_error("the trustdb file and do an \"--import-ownertrust\".\n" );
2871
case aListTrustPath:
2873
wrong_args("--list-trust-path <user-ids>");
2874
for( ; argc; argc--, argv++ ) {
2875
username = make_username( *argv );
2876
list_trust_path( username );
2881
case aExportOwnerTrust:
2883
wrong_args("--export-ownertrust");
2884
export_ownertrust();
2887
case aImportOwnerTrust:
2889
wrong_args("--import-ownertrust [file]");
2890
import_ownertrust( argc? *argv:NULL );
2895
wrong_args ("--pipemode");
2899
case aRebuildKeydbCaches:
2901
wrong_args ("--rebuild-keydb-caches");
2902
keydb_rebuild_caches ();
2907
wrong_args ("--card-status");
2908
card_status (stdout, NULL, 0);
2915
for (argc--, argv++ ; argc; argc--, argv++)
2916
append_to_strlist (&sl, *argv);
2928
change_pin ( atoi (*argv), 1);
2930
wrong_args ("--change-pin [no]");
2934
{ /* List options and default values in the GPG Conf format. */
2936
/* The following list is taken from gnupg/tools/gpgconf-comp.c. */
2937
/* Option flags. YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING
2938
FLAGS, AS THEY ARE PART OF THE EXTERNAL INTERFACE. */
2939
#define GC_OPT_FLAG_NONE 0UL
2940
/* The RUNTIME flag for an option indicates that the option can be
2941
changed at runtime. */
2942
#define GC_OPT_FLAG_RUNTIME (1UL << 3)
2943
/* The DEFAULT flag for an option indicates that the option has a
2945
#define GC_OPT_FLAG_DEFAULT (1UL << 4)
2946
/* The DEF_DESC flag for an option indicates that the option has a
2947
default, which is described by the value of the default field. */
2948
#define GC_OPT_FLAG_DEF_DESC (1UL << 5)
2949
/* The NO_ARG_DESC flag for an option indicates that the argument has
2950
a default, which is described by the value of the ARGDEF field. */
2951
#define GC_OPT_FLAG_NO_ARG_DESC (1UL << 6)
2953
if (!config_filename)
2954
config_filename = make_filename (opt.homedir, "gpg.conf", NULL);
2956
printf ("gpgconf-gpg.conf:%lu:\"%s\n",
2957
GC_OPT_FLAG_DEFAULT, config_filename);
2959
printf ("verbose:%lu:\n"
2961
"debug-level:%lu:\"none:\n"
2965
GC_OPT_FLAG_DEFAULT,
2967
printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
2976
wrong_args(_("[filename]"));
2977
/* Issue some output for the unix newbie */
2978
if( !fname && !opt.outfile && isatty( fileno(stdin) )
2979
&& isatty( fileno(stdout) ) && isatty( fileno(stderr) ) )
2980
log_info(_("Go ahead and type your message ...\n"));
2982
if( !(a = iobuf_open(fname)) )
2983
log_error(_("can't open `%s'\n"), print_fname_stdin(fname));
2986
if( !opt.no_armor ) {
2987
if( use_armor_filter( a ) ) {
2988
memset( &afx, 0, sizeof afx);
2989
iobuf_push_filter( a, armor_filter, &afx );
2992
if( cmd == aListPackets ) {
2993
set_packet_list_mode(1);
2996
rc = proc_packets(NULL, a );
2998
log_error("processing message failed: %s\n", gpg_strerror (rc) );
3005
FREE_STRLIST(remusr);
3006
FREE_STRLIST(locusr);
3008
return 8; /*NEVER REACHED*/
3011
/* Note: This function is used by signal handlers!. */
3013
emergency_cleanup (void)
3015
gcry_control (GCRYCTL_TERM_SECMEM );
3022
gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
3023
if (opt.debug & DBG_MEMSTAT_VALUE)
3025
gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
3026
gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
3029
gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
3030
emergency_cleanup ();
3031
rc = rc? rc : log_get_errorcount(0)? 2 :
3032
g10_errors_seen? 1 : 0;
3037
/* Pretty-print hex hashes. This assumes at least an 80-character
3038
display, but there are a few other similar assumptions in the
3041
print_hex( MD_HANDLE md, int algo, const char *fname )
3043
int i,n,count,indent=0;
3047
indent=printf("%s: ",fname);
3055
if(algo==DIGEST_ALGO_RMD160)
3056
indent+=printf("RMD160 = ");
3058
indent+=printf("%6s = ", gcry_md_algo_name (algo));
3064
p = gcry_md_read (md, algo);
3065
n = gcry_md_get_algo_dlen (algo);
3067
count+=printf("%02X",*p++);
3069
for(i=1;i<n;i++,p++)
3075
printf("\n%*s",indent," ");
3090
printf("\n%*s",indent," ");
3106
printf("\n%*s",indent," ");
3114
count+=printf("%02X",*p);
3121
print_hashline( MD_HANDLE md, int algo, const char *fname )
3127
for (p = fname; *p; p++ ) {
3128
if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' )
3129
printf("%%%02X", *p );
3135
printf("%d:", algo );
3136
p = gcry_md_read (md, algo );
3137
n = gcry_md_get_algo_dlen (algo);
3138
for(i=0; i < n ; i++, p++ )
3139
printf("%02X", *p );
3145
print_mds( const char *fname, int algo )
3154
#ifdef HAVE_DOSISH_SYSTEM
3155
setmode ( fileno(fp) , O_BINARY );
3159
fp = fopen( fname, "rb" );
3162
log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) );
3166
gcry_md_open (&md, 0, 0 );
3168
gcry_md_enable ( md, algo );
3170
gcry_md_enable (md, GCRY_MD_MD5 );
3171
gcry_md_enable (md, GCRY_MD_SHA1 );
3172
gcry_md_enable (md, GCRY_MD_RMD160 );
3174
gcry_md_enable (md, GCRY_MD_SHA256 );
3177
gcry_md_enable (md, GCRY_MD_SHA384 );
3178
gcry_md_enable (md, GCRY_MD_SHA512 );
3182
while( (n=fread( buf, 1, DIM(buf), fp )) )
3183
gcry_md_write (md, buf, n);
3185
log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) );
3188
if ( opt.with_colons ) {
3190
print_hashline( md, algo, fname );
3192
print_hashline( md, GCRY_MD_MD5, fname );
3193
print_hashline( md, GCRY_MD_SHA1, fname );
3194
print_hashline( md, GCRY_MD_RMD160, fname );
3196
print_hashline( md, GCRY_MD_SHA256, fname );
3199
print_hashline( md, GCRY_MD_SHA384, fname );
3200
print_hashline( md, GCRY_MD_SHA512, fname );
3206
print_hex(md,-algo,fname);
3208
print_hex( md, GCRY_MD_MD5, fname );
3209
print_hex( md, GCRY_MD_SHA1, fname );
3210
print_hex( md, GCRY_MD_RMD160, fname );
3212
print_hex( md, GCRY_MD_SHA256, fname );
3215
print_hex( md, GCRY_MD_SHA384, fname );
3216
print_hex( md, GCRY_MD_SHA512, fname );
3229
* Check the supplied name,value string and add it to the notation
3230
* data to be used for signatures. which==0 for sig notations, and 1
3231
* for cert notations.
3234
add_notation_data( const char *string, int which )
3237
STRLIST sl,*notation_data;
3243
notation_data=&opt.cert_notation_data;
3245
notation_data=&opt.sig_notation_data;
3247
if( *string == '!' ) {
3252
/* If and when the IETF assigns some official name tags, we'll
3253
have to add them here. */
3255
for( s=string ; *s != '='; s++ )
3260
if( !*s || (*s & 0x80) || (!isgraph(*s) && !isspace(*s)) )
3262
log_error(_("a notation name must have only printable characters "
3263
"or spaces, and end with an '='\n") );
3268
if(!saw_at && !opt.expert)
3271
_("a user notation name must contain the '@' character\n"));
3275
/* we only support printable text - therefore we enforce the use
3276
* of only printable characters (an empty value is valid) */
3277
for( s++; *s ; s++ ) {
3280
else if( iscntrl(*s) ) {
3281
log_error(_("a notation value must not use "
3282
"any control characters\n") );
3287
if( highbit ) /* must use UTF8 encoding */
3288
sl = add_to_strlist2( notation_data, string, utf8_strings );
3290
sl = add_to_strlist( notation_data, string );
3298
add_policy_url( const char *string, int which )
3309
for(i=0;i<strlen(string);i++)
3310
if(string[i]&0x80 || iscntrl(string[i]))
3313
if(i==0 || i<strlen(string))
3316
log_error(_("the given certification policy URL is invalid\n"));
3318
log_error(_("the given signature policy URL is invalid\n"));
3322
sl=add_to_strlist( &opt.cert_policy_url, string );
3324
sl=add_to_strlist( &opt.sig_policy_url, string );
3332
add_keyserver_url( const char *string, int which )
3343
for(i=0;i<strlen(string);i++)
3344
if(string[i]&0x80 || iscntrl(string[i]))
3347
if(i==0 || i<strlen(string))
3352
log_error(_("the given signature preferred"
3353
" keyserver URL is invalid\n"));
3359
sl=add_to_strlist( &opt.sig_keyserver_url, string );