1 /* getkey.c - Get a key from the database
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
3 * 2004 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
38 #define MAX_PK_CACHE_ENTRIES PK_UID_CACHE_SIZE
39 #define MAX_UID_CACHE_ENTRIES PK_UID_CACHE_SIZE
41 #if MAX_PK_CACHE_ENTRIES < 2
42 #error We need the cache for key creation
49 KBNODE found_key; /* pointer into some keyblock */
53 KEYDB_HANDLE kr_handle;
56 KEYDB_SEARCH_DESC items[1];
68 typedef struct keyid_list {
69 struct keyid_list *next;
74 #if MAX_PK_CACHE_ENTRIES
75 typedef struct pk_cache_entry {
76 struct pk_cache_entry *next;
80 static pk_cache_entry_t pk_cache;
81 static int pk_cache_entries; /* number of entries in pk cache */
82 static int pk_cache_disabled;
85 #if MAX_UID_CACHE_ENTRIES < 5
86 #error we really need the userid cache
88 typedef struct user_id_db {
89 struct user_id_db *next;
94 static user_id_db_t user_id_db;
95 static int uid_cache_entries; /* number of entries in uid cache */
97 static void merge_selfsigs( KBNODE keyblock );
98 static int lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode );
105 for(i=0; i < DIM(lkup_stats); i++ ) {
106 if( lkup_stats[i].any )
108 "lookup stats: mode=%-2d ok=%-6d nokey=%-6d err=%-6d\n",
110 lkup_stats[i].okay_count,
111 lkup_stats[i].nokey_count,
112 lkup_stats[i].error_count );
119 cache_public_key( PKT_public_key *pk )
121 #if MAX_PK_CACHE_ENTRIES
125 if( pk_cache_disabled )
131 if( is_ELGAMAL(pk->pubkey_algo)
132 || pk->pubkey_algo == PUBKEY_ALGO_DSA
133 || is_RSA(pk->pubkey_algo) ) {
134 keyid_from_pk( pk, keyid );
137 return; /* don't know how to get the keyid */
139 for( ce = pk_cache; ce; ce = ce->next )
140 if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] ) {
142 log_debug("cache_public_key: already in cache\n");
146 if( pk_cache_entries >= MAX_PK_CACHE_ENTRIES ) {
147 /* fixme: use another algorithm to free some cache slots */
149 if( opt.verbose > 1 )
150 log_info(_("too many entries in pk cache - disabled\n"));
154 ce = m_alloc( sizeof *ce );
157 ce->pk = copy_public_key( NULL, pk );
158 ce->keyid[0] = keyid[0];
159 ce->keyid[1] = keyid[1];
165 * Return the user ID from the given keyblock.
166 * We use the primary uid flag which has been set by the merge_selfsigs
167 * function. The returned value is only valid as long as then given
168 * keyblock is not changed
171 get_primary_uid ( KBNODE keyblock, size_t *uidlen )
176 for (k=keyblock; k; k=k->next ) {
177 if ( k->pkt->pkttype == PKT_USER_ID
178 && !k->pkt->pkt.user_id->attrib_data
179 && k->pkt->pkt.user_id->is_primary ) {
180 *uidlen = k->pkt->pkt.user_id->len;
181 return k->pkt->pkt.user_id->name;
184 /* fixme: returning translatable constants instead of a user ID is
185 * not good because they are probably not utf-8 encoded. */
186 s = _("[User id not found]");
187 *uidlen = strlen (s);
193 release_keyid_list ( keyid_list_t k )
196 keyid_list_t k2 = k->next;
203 * Store the association of keyid and userid
204 * Feed only public keys to this function.
207 cache_user_id( KBNODE keyblock )
212 keyid_list_t keyids = NULL;
215 for (k=keyblock; k; k = k->next ) {
216 if ( k->pkt->pkttype == PKT_PUBLIC_KEY
217 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
218 keyid_list_t a = m_alloc_clear ( sizeof *a );
219 /* Hmmm: For a long list of keyids it might be an advantage
220 * to append the keys */
221 keyid_from_pk( k->pkt->pkt.public_key, a->keyid );
222 /* first check for duplicates */
223 for(r=user_id_db; r; r = r->next ) {
224 keyid_list_t b = r->keyids;
225 for ( b = r->keyids; b; b = b->next ) {
226 if( b->keyid[0] == a->keyid[0]
227 && b->keyid[1] == a->keyid[1] ) {
229 log_debug("cache_user_id: already in cache\n");
230 release_keyid_list ( keyids );
236 /* now put it into the cache */
242 BUG (); /* No key no fun */
245 uid = get_primary_uid ( keyblock, &uidlen );
247 if( uid_cache_entries >= MAX_UID_CACHE_ENTRIES ) {
248 /* fixme: use another algorithm to free some cache slots */
250 user_id_db = r->next;
251 release_keyid_list ( r->keyids );
255 r = m_alloc( sizeof *r + uidlen-1 );
258 memcpy(r->name, uid, r->len);
259 r->next = user_id_db;
266 getkey_disable_caches()
268 #if MAX_PK_CACHE_ENTRIES
270 pk_cache_entry_t ce, ce2;
272 for( ce = pk_cache; ce; ce = ce2 ) {
274 free_public_key( ce->pk );
278 pk_cache_entries = 0;
282 /* fixme: disable user id cache ? */
287 pk_from_block ( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE keyblock )
289 KBNODE a = ctx->found_key ? ctx->found_key : keyblock;
291 assert ( a->pkt->pkttype == PKT_PUBLIC_KEY
292 || a->pkt->pkttype == PKT_PUBLIC_SUBKEY );
294 copy_public_key ( pk, a->pkt->pkt.public_key );
298 sk_from_block ( GETKEY_CTX ctx,
299 PKT_secret_key *sk, KBNODE keyblock )
301 KBNODE a = ctx->found_key ? ctx->found_key : keyblock;
303 assert ( a->pkt->pkttype == PKT_SECRET_KEY
304 || a->pkt->pkttype == PKT_SECRET_SUBKEY );
306 copy_secret_key( sk, a->pkt->pkt.secret_key);
311 * Get a public key and store it into the allocated pk
312 * can be called with PK set to NULL to just read it into some
313 * internal structures.
316 get_pubkey( PKT_public_key *pk, u32 *keyid )
321 #if MAX_PK_CACHE_ENTRIES
324 /* Try to get it from the cache. We don't do this when pk is
325 NULL as it does not guarantee that the user IDs are
328 for( ce = pk_cache; ce; ce = ce->next )
330 if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] )
332 copy_public_key( pk, ce->pk );
338 /* more init stuff */
340 pk = m_alloc_clear( sizeof *pk );
346 { struct getkey_ctx_s ctx;
348 memset( &ctx, 0, sizeof ctx );
349 ctx.exact = 1; /* use the key ID exactly as given */
350 ctx.not_allocated = 1;
351 ctx.kr_handle = keydb_new (0);
353 ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
354 ctx.items[0].u.kid[0] = keyid[0];
355 ctx.items[0].u.kid[1] = keyid[1];
356 ctx.req_algo = pk->req_algo;
357 ctx.req_usage = pk->req_usage;
358 rc = lookup( &ctx, &kb, 0 );
360 pk_from_block ( &ctx, pk, kb );
362 get_pubkey_end( &ctx );
363 release_kbnode ( kb );
368 rc = G10ERR_NO_PUBKEY;
372 cache_public_key( pk );
379 /* Get a public key and store it into the allocated pk. This function
380 differs from get_pubkey() in that it does not do a check of the key
381 to avoid recursion. It should be used only in very certain cases.
382 It will only retrieve primary keys. */
384 get_pubkey_fast (PKT_public_key *pk, u32 *keyid)
392 #if MAX_PK_CACHE_ENTRIES
393 { /* Try to get it from the cache */
396 for (ce = pk_cache; ce; ce = ce->next)
398 if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
401 copy_public_key (pk, ce->pk);
409 rc = keydb_search_kid (hd, keyid);
413 return G10ERR_NO_PUBKEY;
415 rc = keydb_get_keyblock (hd, &keyblock);
419 log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
420 return G10ERR_NO_PUBKEY;
423 assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY
424 || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY );
426 keyid_from_pk(keyblock->pkt->pkt.public_key,pkid);
427 if(keyid[0]==pkid[0] && keyid[1]==pkid[1])
428 copy_public_key (pk, keyblock->pkt->pkt.public_key );
432 release_kbnode (keyblock);
434 /* Not caching key here since it won't have all of the fields
442 get_pubkeyblock( u32 *keyid )
444 struct getkey_ctx_s ctx;
446 KBNODE keyblock = NULL;
448 memset( &ctx, 0, sizeof ctx );
449 /* no need to set exact here because we want the entire block */
450 ctx.not_allocated = 1;
451 ctx.kr_handle = keydb_new (0);
453 ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
454 ctx.items[0].u.kid[0] = keyid[0];
455 ctx.items[0].u.kid[1] = keyid[1];
456 rc = lookup( &ctx, &keyblock, 0 );
457 get_pubkey_end( &ctx );
459 return rc ? NULL : keyblock;
466 * Get a secret key and store it into sk
469 get_seckey( PKT_secret_key *sk, u32 *keyid )
472 struct getkey_ctx_s ctx;
475 memset( &ctx, 0, sizeof ctx );
476 ctx.exact = 1; /* use the key ID exactly as given */
477 ctx.not_allocated = 1;
478 ctx.kr_handle = keydb_new (1);
480 ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
481 ctx.items[0].u.kid[0] = keyid[0];
482 ctx.items[0].u.kid[1] = keyid[1];
483 ctx.req_algo = sk->req_algo;
484 ctx.req_usage = sk->req_usage;
485 rc = lookup( &ctx, &kb, 1 );
487 sk_from_block ( &ctx, sk, kb );
489 get_seckey_end( &ctx );
490 release_kbnode ( kb );
493 /* check the secret key (this may prompt for a passprase to
494 * unlock the secret key
496 rc = check_secret_key( sk, 0 );
504 * Check whether the secret key is available. This is just a fast
505 * check and does not tell us whether the secret key is valid. It
506 * merely tells other whether there is some secret key.
507 * Returns: 0 := key is available
508 * G10ERR_NO_SECKEY := not availabe
511 seckey_available( u32 *keyid )
514 KEYDB_HANDLE hd = keydb_new (1);
516 rc = keydb_search_kid (hd, keyid);
518 rc = G10ERR_NO_SECKEY;
525 * Return the type of the user id:
527 * Please use the constants KEYDB_SERCH_MODE_xxx
528 * 0 = Invalid user ID
530 * 2 = match a substring
531 * 3 = match an email address
532 * 4 = match a substring of an email address
533 * 5 = match an email address, but compare from end
534 * 6 = word match mode
535 * 10 = it is a short KEYID (don't care about keyid[0])
536 * 11 = it is a long KEYID
537 * 12 = it is a trustdb index (keyid is looked up)
538 * 16 = it is a 16 byte fingerprint
539 * 20 = it is a 20 byte fingerprint
540 * 21 = Unified fingerprint :fpr:pk_algo:
541 * (We don't use pk_algo yet)
544 * - If the username starts with 8,9,16 or 17 hex-digits (the first one
545 * must be in the range 0..9), this is considered a keyid; depending
546 * on the length a short or complete one.
547 * - If the username starts with 32,33,40 or 41 hex-digits (the first one
548 * must be in the range 0..9), this is considered a fingerprint.
549 * - If the username starts with a left angle, we assume it is a complete
550 * email address and look only at this part.
551 * - If the username starts with a colon we assume it is a unified
552 * key specfification.
553 * - If the username starts with a '.', we assume it is the ending
554 * part of an email address
555 * - If the username starts with an '@', we assume it is a part of an
557 * - If the userid start with an '=' an exact compare is done.
558 * - If the userid starts with a '*' a case insensitive substring search is
559 * done (This is the default).
560 * - If the userid starts with a '+' we will compare individual words
561 * and a match requires that all the words are in the userid.
562 * Words are delimited by white space or "()<>[]{}.@-+_,;/&!"
563 * (note that you can't search for these characters). Compare
564 * is not case sensitive.
568 classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
574 KEYDB_SEARCH_DESC dummy_desc;
579 /* clear the structure so that the mode field is set to zero unless
580 * we set it to the correct value right at the end of this function */
581 memset (desc, 0, sizeof *desc);
583 /* skip leading spaces. Fixme: what is with trailing spaces? */
584 for(s = name; *s && spacep (s); s++ )
588 case 0: /* empty string is an error */
591 case '.': /* an email address, compare from end */
592 mode = KEYDB_SEARCH_MODE_MAILEND;
597 case '<': /* an email address */
598 mode = KEYDB_SEARCH_MODE_MAIL;
602 case '@': /* part of an email address */
603 mode = KEYDB_SEARCH_MODE_MAILSUB;
608 case '=': /* exact compare */
609 mode = KEYDB_SEARCH_MODE_EXACT;
614 case '*': /* case insensitive substring search */
615 mode = KEYDB_SEARCH_MODE_SUBSTR;
620 case '+': /* compare individual words */
621 mode = KEYDB_SEARCH_MODE_WORDS;
626 case '#': /* local user id */
627 return 0; /* This is now obsolete and van't not be used anymore*/
629 case ':': /*Unified fingerprint */
634 se = strchr( ++s,':');
637 for (i=0,si=s; si < se; si++, i++ ) {
638 if ( !strchr("01234567890abcdefABCDEF", *si ) )
639 return 0; /* invalid digit */
641 if (i != 32 && i != 40)
642 return 0; /* invalid length of fpr*/
643 for (i=0,si=s; si < se; i++, si +=2)
644 desc->u.fpr[i] = hextobyte(si);
648 mode = KEYDB_SEARCH_MODE_FPR;
653 if (s[0] == '0' && s[1] == 'x') {
658 hexlength = strspn(s, "0123456789abcdefABCDEF");
659 if (hexlength >= 8 && s[hexlength] =='!') {
661 hexlength++; /* just for the following check */
664 /* check if a hexadecimal number is terminated by EOS or blank */
665 if (hexlength && s[hexlength] && !spacep(s+hexlength)) {
666 if (hexprefix) /* a "0x" prefix without correct */
667 return 0; /* termination is an error */
668 else /* The first chars looked like */
669 hexlength = 0; /* a hex number, but really were not. */
676 || (!hexprefix && hexlength == 9 && *s == '0')){
681 desc->u.kid[1] = strtoul( s, NULL, 16 );
682 mode = KEYDB_SEARCH_MODE_SHORT_KID;
684 else if (hexlength == 16
685 || (!hexprefix && hexlength == 17 && *s == '0')) {
691 desc->u.kid[0] = strtoul( buf, NULL, 16 );
692 desc->u.kid[1] = strtoul( s+8, NULL, 16 );
693 mode = KEYDB_SEARCH_MODE_LONG_KID;
695 else if (hexlength == 32 || (!hexprefix && hexlength == 33
697 /* md5 fingerprint */
701 memset(desc->u.fpr+16, 0, 4);
702 for (i=0; i < 16; i++, s+=2) {
703 int c = hextobyte(s);
708 mode = KEYDB_SEARCH_MODE_FPR16;
710 else if (hexlength == 40 || (!hexprefix && hexlength == 41
712 /* sha1/rmd160 fingerprint */
716 for (i=0; i < 20; i++, s+=2) {
717 int c = hextobyte(s);
722 mode = KEYDB_SEARCH_MODE_FPR20;
725 if (hexprefix) /* This was a hex number with a prefix */
726 return 0; /* and a wrong length */
730 mode = KEYDB_SEARCH_MODE_SUBSTR; /* default mode */
740 skip_unusable(void *dummy,u32 *keyid,PKT_user_id *uid)
745 keyblock=get_pubkeyblock(keyid);
748 log_error("error checking usability status of %s\n",keystr(keyid));
752 /* Is the user ID in question revoked/expired? */
757 for(node=keyblock;node;node=node->next)
759 if(node->pkt->pkttype==PKT_USER_ID)
761 if(cmp_user_ids(uid,node->pkt->pkt.user_id)==0
762 && (node->pkt->pkt.user_id->is_revoked
763 || node->pkt->pkt.user_id->is_expired))
773 unusable=pk_is_disabled(keyblock->pkt->pkt.public_key);
776 release_kbnode(keyblock);
781 * Try to get the pubkey by the userid. This function looks for the
782 * first pubkey certificate which has the given name in a user_id.
783 * if pk/sk has the pubkey algo set, the function will only return
784 * a pubkey with that algo.
785 * The caller should provide storage for either the pk or the sk.
786 * If ret_kb is not NULL the function will return the keyblock there.
790 key_byname( GETKEY_CTX *retctx, STRLIST namelist,
791 PKT_public_key *pk, PKT_secret_key *sk,
792 int secmode, int include_unusable,
793 KBNODE *ret_kb, KEYDB_HANDLE *ret_kdbhd )
799 KBNODE help_kb = NULL;
801 if( retctx ) {/* reset the returned context in case of error */
802 assert (!ret_kdbhd); /* not allowed because the handle is
803 stored in the context */
809 /* build the search context */
810 for(n=0, r=namelist; r; r = r->next )
812 ctx = m_alloc_clear (sizeof *ctx + (n-1)*sizeof ctx->items );
815 for(n=0, r=namelist; r; r = r->next, n++ ) {
816 classify_user_id (r->d, &ctx->items[n]);
818 if (ctx->items[n].exact)
820 if (!ctx->items[n].mode) {
822 return G10ERR_INV_USER_ID;
825 && ctx->items[n].mode!=KEYDB_SEARCH_MODE_SHORT_KID
826 && ctx->items[n].mode!=KEYDB_SEARCH_MODE_LONG_KID
827 && ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR16
828 && ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR20
829 && ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR)
830 ctx->items[n].skipfnc=skip_unusable;
833 ctx->kr_handle = keydb_new (secmode);
839 ctx->req_algo = sk->req_algo;
840 ctx->req_usage = sk->req_usage;
842 rc = lookup( ctx, ret_kb, 1 );
844 sk_from_block ( ctx, sk, *ret_kb );
849 ctx->req_algo = pk->req_algo;
850 ctx->req_usage = pk->req_usage;
852 rc = lookup( ctx, ret_kb, 0 );
854 pk_from_block ( ctx, pk, *ret_kb );
858 release_kbnode ( help_kb );
860 if (retctx) /* caller wants the context */
864 *ret_kdbhd = ctx->kr_handle;
865 ctx->kr_handle = NULL;
867 get_pubkey_end (ctx);
874 * Find a public key from NAME and returh the keyblock or the key.
875 * If ret_kdb is not NULL, the KEYDB handle used to locate this keyblock is
876 * returned and the caller is responsible for closing it.
879 get_pubkey_byname (PKT_public_key *pk,
880 const char *name, KBNODE *ret_keyblock,
881 KEYDB_HANDLE *ret_kdbhd, int include_unusable )
884 STRLIST namelist = NULL;
886 add_to_strlist( &namelist, name );
887 rc = key_byname( NULL, namelist, pk, NULL, 0,
888 include_unusable, ret_keyblock, ret_kdbhd);
889 free_strlist( namelist );
894 get_pubkey_bynames( GETKEY_CTX *retctx, PKT_public_key *pk,
895 STRLIST names, KBNODE *ret_keyblock )
897 return key_byname( retctx, names, pk, NULL, 0, 1, ret_keyblock, NULL);
901 get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock )
905 rc = lookup( ctx, ret_keyblock, 0 );
906 if ( !rc && pk && ret_keyblock )
907 pk_from_block ( ctx, pk, *ret_keyblock );
914 get_pubkey_end( GETKEY_CTX ctx )
917 memset (&ctx->kbpos, 0, sizeof ctx->kbpos);
918 keydb_release (ctx->kr_handle);
919 if( !ctx->not_allocated )
928 * Search for a key with the given fingerprint.
930 * We should replace this with the _byname function. Thiscsan be done
931 * by creating a userID conforming to the unified fingerprint style.
934 get_pubkey_byfprint( PKT_public_key *pk,
935 const byte *fprint, size_t fprint_len)
939 if( fprint_len == 20 || fprint_len == 16 ) {
940 struct getkey_ctx_s ctx;
943 memset( &ctx, 0, sizeof ctx );
945 ctx.not_allocated = 1;
946 ctx.kr_handle = keydb_new (0);
948 ctx.items[0].mode = fprint_len==16? KEYDB_SEARCH_MODE_FPR16
949 : KEYDB_SEARCH_MODE_FPR20;
950 memcpy( ctx.items[0].u.fpr, fprint, fprint_len );
951 rc = lookup( &ctx, &kb, 0 );
953 pk_from_block ( &ctx, pk, kb );
954 release_kbnode ( kb );
955 get_pubkey_end( &ctx );
958 rc = G10ERR_GENERAL; /* Oops */
963 /* Get a public key and store it into the allocated pk. This function
964 differs from get_pubkey_byfprint() in that it does not do a check
965 of the key to avoid recursion. It should be used only in very
966 certain cases. PK may be NULL to check just for the existance of
969 get_pubkey_byfprint_fast (PKT_public_key *pk,
970 const byte *fprint, size_t fprint_len)
975 byte fprbuf[MAX_FINGERPRINT_LEN];
978 for (i=0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++)
979 fprbuf[i] = fprint[i];
980 while (i < MAX_FINGERPRINT_LEN)
984 rc = keydb_search_fpr (hd, fprbuf);
988 return G10ERR_NO_PUBKEY;
990 rc = keydb_get_keyblock (hd, &keyblock);
994 log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
995 return G10ERR_NO_PUBKEY;
998 assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY
999 || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY );
1001 copy_public_key (pk, keyblock->pkt->pkt.public_key );
1002 release_kbnode (keyblock);
1004 /* Not caching key here since it won't have all of the fields
1011 * Search for a key with the given fingerprint and return the
1012 * complete keyblock which may have more than only this key.
1015 get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
1020 if( fprint_len == 20 || fprint_len == 16 ) {
1021 struct getkey_ctx_s ctx;
1023 memset( &ctx, 0, sizeof ctx );
1024 ctx.not_allocated = 1;
1025 ctx.kr_handle = keydb_new (0);
1027 ctx.items[0].mode = fprint_len==16? KEYDB_SEARCH_MODE_FPR16
1028 : KEYDB_SEARCH_MODE_FPR20;
1029 memcpy( ctx.items[0].u.fpr, fprint, fprint_len );
1030 rc = lookup( &ctx, ret_keyblock, 0 );
1031 get_pubkey_end( &ctx );
1034 rc = G10ERR_GENERAL; /* Oops */
1041 * Get a secret key by name and store it into sk
1042 * If NAME is NULL use the default key
1045 get_seckey_byname2( GETKEY_CTX *retctx,
1046 PKT_secret_key *sk, const char *name, int unprotect,
1049 STRLIST namelist = NULL;
1052 if( !name && opt.def_secret_key && *opt.def_secret_key ) {
1053 add_to_strlist( &namelist, opt.def_secret_key );
1054 rc = key_byname( retctx, namelist, NULL, sk, 1, 1, retblock, NULL );
1056 else if( !name ) { /* use the first one as default key */
1057 struct getkey_ctx_s ctx;
1060 assert (!retctx ); /* do we need this at all */
1062 memset( &ctx, 0, sizeof ctx );
1063 ctx.not_allocated = 1;
1064 ctx.kr_handle = keydb_new (1);
1066 ctx.items[0].mode = KEYDB_SEARCH_MODE_FIRST;
1067 rc = lookup( &ctx, &kb, 1 );
1069 sk_from_block ( &ctx, sk, kb );
1070 release_kbnode ( kb );
1071 get_seckey_end( &ctx );
1074 add_to_strlist( &namelist, name );
1075 rc = key_byname( retctx, namelist, NULL, sk, 1, 1, retblock, NULL );
1078 free_strlist( namelist );
1080 if( !rc && unprotect )
1081 rc = check_secret_key( sk, 0 );
1087 get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock )
1089 return get_seckey_byname2 ( NULL, sk, name, unlock, NULL );
1094 get_seckey_bynames( GETKEY_CTX *retctx, PKT_secret_key *sk,
1095 STRLIST names, KBNODE *ret_keyblock )
1097 return key_byname( retctx, names, NULL, sk, 1, 1, ret_keyblock, NULL );
1102 get_seckey_next( GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_keyblock )
1106 rc = lookup( ctx, ret_keyblock, 1 );
1107 if ( !rc && sk && ret_keyblock )
1108 sk_from_block ( ctx, sk, *ret_keyblock );
1115 get_seckey_end( GETKEY_CTX ctx )
1117 get_pubkey_end( ctx );
1122 * Search for a key with the given fingerprint.
1124 * We should replace this with the _byname function. Thiscsan be done
1125 * by creating a userID conforming to the unified fingerprint style.
1128 get_seckey_byfprint( PKT_secret_key *sk,
1129 const byte *fprint, size_t fprint_len)
1133 if( fprint_len == 20 || fprint_len == 16 ) {
1134 struct getkey_ctx_s ctx;
1137 memset( &ctx, 0, sizeof ctx );
1139 ctx.not_allocated = 1;
1140 ctx.kr_handle = keydb_new (1);
1142 ctx.items[0].mode = fprint_len==16? KEYDB_SEARCH_MODE_FPR16
1143 : KEYDB_SEARCH_MODE_FPR20;
1144 memcpy( ctx.items[0].u.fpr, fprint, fprint_len );
1145 rc = lookup( &ctx, &kb, 1 );
1147 sk_from_block ( &ctx, sk, kb );
1148 release_kbnode ( kb );
1149 get_pubkey_end( &ctx );
1152 rc = G10ERR_GENERAL; /* Oops */
1157 /************************************************
1158 ************* Merging stuff ********************
1159 ************************************************/
1162 * merge all selfsignatures with the keys.
1163 * FIXME: replace this at least for the public key parts
1164 * by merge_selfsigs.
1165 * It is still used in keyedit.c and
1166 * at 2 or 3 other places - check whether it is really needed.
1167 * It might be needed by the key edit and import stuff because
1168 * the keylock is changed.
1171 merge_keys_and_selfsig( KBNODE keyblock )
1173 PKT_public_key *pk = NULL;
1174 PKT_secret_key *sk = NULL;
1177 u32 kid[2] = { 0, 0 };
1180 if (keyblock && keyblock->pkt->pkttype == PKT_PUBLIC_KEY ) {
1181 /* divert to our new function */
1182 merge_selfsigs (keyblock);
1185 /* still need the old one because the new one can't handle secret keys */
1187 for(k=keyblock; k; k = k->next ) {
1188 if( k->pkt->pkttype == PKT_PUBLIC_KEY
1189 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
1190 pk = k->pkt->pkt.public_key; sk = NULL;
1191 if( pk->version < 4 )
1192 pk = NULL; /* not needed for old keys */
1193 else if( k->pkt->pkttype == PKT_PUBLIC_KEY )
1194 keyid_from_pk( pk, kid );
1195 else if( !pk->expiredate ) { /* and subkey */
1196 /* insert the expiration date here */
1197 /*FIXME!!! pk->expiredate = subkeys_expiretime( k, kid );*/
1201 else if( k->pkt->pkttype == PKT_SECRET_KEY
1202 || k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1203 pk = NULL; sk = k->pkt->pkt.secret_key;
1204 if( sk->version < 4 )
1206 else if( k->pkt->pkttype == PKT_SECRET_KEY )
1207 keyid_from_sk( sk, kid );
1210 else if( (pk || sk ) && k->pkt->pkttype == PKT_SIGNATURE
1211 && (sig=k->pkt->pkt.signature)->sig_class >= 0x10
1212 && sig->sig_class <= 0x30 && sig->version > 3
1213 && !(sig->sig_class == 0x18 || sig->sig_class == 0x28)
1214 && sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1] ) {
1215 /* okay this is a self-signature which can be used.
1216 * This is not used for subkey binding signature, becuase this
1218 * FIXME: We should only use this if the signature is valid
1219 * but this is time consuming - we must provide another
1220 * way to handle this
1225 p = parse_sig_subpkt( sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL );
1227 ed = p? pk->timestamp + buffer_to_u32(p):0;
1228 if( sig->timestamp > sigdate ) {
1229 pk->expiredate = ed;
1230 sigdate = sig->timestamp;
1234 ed = p? sk->timestamp + buffer_to_u32(p):0;
1235 if( sig->timestamp > sigdate ) {
1236 sk->expiredate = ed;
1237 sigdate = sig->timestamp;
1242 if(pk && (pk->expiredate==0 ||
1243 (pk->max_expiredate && pk->expiredate>pk->max_expiredate)))
1244 pk->expiredate=pk->max_expiredate;
1246 if(sk && (sk->expiredate==0 ||
1247 (sk->max_expiredate && sk->expiredate>sk->max_expiredate)))
1248 sk->expiredate=sk->max_expiredate;
1253 * Apply information from SIGNODE (which is the valid self-signature
1254 * associated with that UID) to the UIDNODE:
1255 * - wether the UID has been revoked
1256 * - assumed creation date of the UID
1257 * - temporary store the keyflags here
1258 * - temporary store the key expiration time here
1259 * - mark whether the primary user ID flag hat been set.
1260 * - store the preferences
1263 fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
1265 PKT_user_id *uid = uidnode->pkt->pkt.user_id;
1266 PKT_signature *sig = signode->pkt->pkt.signature;
1267 const byte *p, *sym, *hash, *zip;
1268 size_t n, nsym, nhash, nzip;
1270 uid->created = 0; /* not created == invalid */
1271 if ( IS_UID_REV ( sig ) ) {
1272 uid->is_revoked = 1;
1273 return; /* has been revoked */
1276 uid->created = sig->timestamp; /* this one is okay */
1277 uid->selfsigversion = sig->version;
1278 /* If we got this far, it's not expired :) */
1279 uid->is_expired = 0;
1280 uid->expiredate = sig->expiredate;
1282 /* store the key flags in the helper variable for later processing */
1283 uid->help_key_usage = 0;
1284 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
1286 /* first octet of the keyflags */
1288 uid->help_key_usage |= PUBKEY_USAGE_SIG;
1290 uid->help_key_usage |= PUBKEY_USAGE_ENC;
1291 /* Note: we do not set the CERT flag here because it can be assumed
1292 * that thre is no real policy to set it. */
1294 uid->help_key_usage |= PUBKEY_USAGE_AUTH;
1297 /* ditto or the key expiration */
1298 uid->help_key_expire = 0;
1299 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
1301 uid->help_key_expire = keycreated + buffer_to_u32(p);
1304 /* Set the primary user ID flag - we will later wipe out some
1305 * of them to only have one in our keyblock */
1306 uid->is_primary = 0;
1307 p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL );
1309 uid->is_primary = 2;
1310 /* We could also query this from the unhashed area if it is not in
1311 * the hased area and then later try to decide which is the better
1312 * there should be no security problem with this.
1313 * For now we only look at the hashed one.
1316 /* Now build the preferences list. These must come from the
1317 hashed section so nobody can modify the ciphers a key is
1318 willing to accept. */
1319 p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_SYM, &n );
1320 sym = p; nsym = p?n:0;
1321 p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_HASH, &n );
1322 hash = p; nhash = p?n:0;
1323 p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_COMPR, &n );
1324 zip = p; nzip = p?n:0;
1326 m_free (uid->prefs);
1327 n = nsym + nhash + nzip;
1331 uid->prefs = m_alloc (sizeof (*uid->prefs) * (n+1));
1333 for (; nsym; nsym--, n++) {
1334 uid->prefs[n].type = PREFTYPE_SYM;
1335 uid->prefs[n].value = *sym++;
1337 for (; nhash; nhash--, n++) {
1338 uid->prefs[n].type = PREFTYPE_HASH;
1339 uid->prefs[n].value = *hash++;
1341 for (; nzip; nzip--, n++) {
1342 uid->prefs[n].type = PREFTYPE_ZIP;
1343 uid->prefs[n].value = *zip++;
1345 uid->prefs[n].type = PREFTYPE_NONE; /* end of list marker */
1346 uid->prefs[n].value = 0;
1349 /* see whether we have the MDC feature */
1350 uid->mdc_feature = 0;
1351 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n);
1352 if (p && n && (p[0] & 0x01))
1353 uid->mdc_feature = 1;
1355 /* and the keyserver modify flag */
1357 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n);
1358 if (p && n && (p[0] & 0x80))
1363 merge_selfsigs_main( KBNODE keyblock, int *r_revoked, u32 *r_revokedate )
1365 PKT_public_key *pk = NULL;
1368 u32 sigdate, uiddate, uiddate2;
1369 KBNODE signode, uidnode, uidnode2;
1370 u32 curtime = make_timestamp ();
1371 unsigned int key_usage = 0;
1372 u32 keytimestamp = 0;
1374 int key_expire_seen = 0;
1375 byte sigversion = 0;
1379 if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY )
1381 pk = keyblock->pkt->pkt.public_key;
1382 keytimestamp = pk->timestamp;
1384 keyid_from_pk( pk, kid );
1385 pk->main_keyid[0] = kid[0];
1386 pk->main_keyid[1] = kid[1];
1388 if ( pk->version < 4 ) {
1389 /* before v4 the key packet itself contains the expiration
1390 * date and there was no way to change it, so we start with
1391 * the one from the key packet */
1392 key_expire = pk->max_expiredate;
1393 key_expire_seen = 1;
1396 /* first pass: find the latest direct key self-signature.
1397 * We assume that the newest one overrides all others
1400 /* In case this key was already merged */
1406 sigdate = 0; /* helper to find the latest signature */
1407 for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next ) {
1408 if ( k->pkt->pkttype == PKT_SIGNATURE ) {
1409 PKT_signature *sig = k->pkt->pkt.signature;
1410 if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) {
1411 if ( check_key_signature( keyblock, k, NULL ) )
1412 ; /* signature did not verify */
1413 else if ( IS_KEY_REV (sig) ){
1414 /* key has been revoked - there is no way to override
1415 * such a revocation, so we theoretically can stop now.
1416 * We should not cope with expiration times for revocations
1417 * here because we have to assume that an attacker can
1418 * generate all kinds of signatures. However due to the
1419 * fact that the key has been revoked it does not harm
1420 * either and by continuing we gather some more info on
1424 *r_revokedate = sig->timestamp;
1426 else if ( IS_KEY_SIG (sig) ) {
1427 /* Add any revocation keys onto the pk. This is
1428 particularly interesting since we normally only
1429 get data from the most recent 1F signature, but
1430 you need multiple 1F sigs to properly handle
1431 revocation keys (PGP does it this way, and a
1432 revocation key could be sensitive and hence in a
1433 different signature). */
1438 m_realloc(pk->revkey,sizeof(struct revocation_key)*
1439 (pk->numrevkeys+sig->numrevkeys));
1441 for(i=0;i<sig->numrevkeys;i++)
1442 memcpy(&pk->revkey[pk->numrevkeys++],
1444 sizeof(struct revocation_key));
1447 if( sig->timestamp >= sigdate ) {
1448 if(sig->flags.expired)
1449 ; /* signature has expired - ignore it */
1451 sigdate = sig->timestamp;
1453 if( sig->version > sigversion )
1454 sigversion = sig->version;
1463 /* Remove dupes from the revocation keys */
1467 int i,j,x,changed=0;
1469 for(i=0;i<pk->numrevkeys;i++)
1471 for(j=i+1;j<pk->numrevkeys;j++)
1473 if(memcmp(&pk->revkey[i],&pk->revkey[j],
1474 sizeof(struct revocation_key))==0)
1478 for(x=j;x<pk->numrevkeys-1;x++)
1479 pk->revkey[x]=pk->revkey[x+1];
1489 pk->revkey=m_realloc(pk->revkey,
1490 pk->numrevkeys*sizeof(struct revocation_key));
1494 /* some information from a direct key signature take precedence
1495 * over the same information given in UID sigs.
1497 PKT_signature *sig = signode->pkt->pkt.signature;
1501 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
1503 /* first octet of the keyflags */
1505 key_usage |= PUBKEY_USAGE_SIG;
1507 key_usage |= PUBKEY_USAGE_ENC;
1509 key_usage |= PUBKEY_USAGE_AUTH;
1512 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
1514 key_expire = keytimestamp + buffer_to_u32(p);
1515 key_expire_seen = 1;
1518 /* mark that key as valid: one direct key signature should
1519 * render a key as valid */
1523 /* pass 1.5: look for key revocation signatures that were not made
1524 by the key (i.e. did a revocation key issue a revocation for
1525 us?). Only bother to do this if there is a revocation key in
1526 the first place and we're not revoked already. */
1528 if(!*r_revoked && pk->revkey)
1529 for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next )
1531 if ( k->pkt->pkttype == PKT_SIGNATURE )
1533 PKT_signature *sig = k->pkt->pkt.signature;
1535 if(IS_KEY_REV(sig) &&
1536 (sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1]))
1538 int rc=check_revocation_keys(pk,sig);
1542 *r_revokedate=sig->timestamp;
1543 /* don't continue checking since we can't be any
1544 more revoked than this */
1547 else if(rc==G10ERR_NO_PUBKEY)
1548 pk->maybe_revoked=1;
1550 /* A failure here means the sig did not verify, was
1551 not issued by a revocation key, or a revocation
1552 key loop was broken. If a revocation key isn't
1553 findable, however, the key might be revoked and
1554 we don't know it. */
1556 /* TODO: In the future handle subkey and cert
1557 revocations? PGP doesn't, but it's in 2440. */
1562 /* second pass: look at the self-signature of all user IDs */
1563 signode = uidnode = NULL;
1564 sigdate = 0; /* helper to find the latest signature in one user ID */
1565 for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next ) {
1566 if ( k->pkt->pkttype == PKT_USER_ID ) {
1567 if ( uidnode && signode )
1569 fixup_uidnode ( uidnode, signode, keytimestamp );
1576 else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode ) {
1577 PKT_signature *sig = k->pkt->pkt.signature;
1578 if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) {
1579 if ( check_key_signature( keyblock, k, NULL ) )
1580 ; /* signature did not verify */
1581 else if ( (IS_UID_SIG (sig) || IS_UID_REV (sig))
1582 && sig->timestamp >= sigdate ) {
1583 /* Note: we allow to invalidate cert revocations
1584 * by a newer signature. An attacker can't use this
1585 * because a key should be revoced with a key revocation.
1586 * The reason why we have to allow for that is that at
1587 * one time an email address may become invalid but later
1588 * the same email address may become valid again (hired,
1589 * fired, hired again).
1591 if(sig->flags.expired)
1593 uidnode->pkt->pkt.user_id->is_expired=1;
1598 uidnode->pkt->pkt.user_id->is_expired=0;
1602 sigdate = sig->timestamp;
1603 uidnode->pkt->pkt.user_id->expiredate=sig->expiredate;
1604 if( sig->version > sigversion )
1605 sigversion = sig->version;
1610 if ( uidnode && signode ) {
1611 fixup_uidnode ( uidnode, signode, keytimestamp );
1615 /* If the key isn't valid yet, and we have
1616 --allow-non-selfsigned-uid set, then force it valid. */
1617 if(!pk->is_valid && opt.allow_non_selfsigned_uid)
1620 log_info(_("Invalid key %s made valid by"
1621 " --allow-non-selfsigned-uid\n"),keystr_from_pk(pk));
1625 /* The key STILL isn't valid, so try and find an ultimately
1626 trusted signature. */
1631 for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k=k->next)
1633 if ( k->pkt->pkttype == PKT_USER_ID )
1635 else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode )
1637 PKT_signature *sig = k->pkt->pkt.signature;
1639 if(sig->keyid[0] != kid[0] || sig->keyid[1]!=kid[1])
1641 PKT_public_key *ultimate_pk;
1643 ultimate_pk=m_alloc_clear(sizeof(*ultimate_pk));
1645 /* We don't want to use the full get_pubkey to
1646 avoid infinite recursion in certain cases.
1647 There is no reason to check that an ultimately
1648 trusted key is still valid - if it has been
1649 revoked or the user should also renmove the
1650 ultimate trust flag. */
1651 if(get_pubkey_fast(ultimate_pk,sig->keyid)==0
1652 && check_key_signature2(keyblock,k,ultimate_pk,
1653 NULL,NULL,NULL,NULL)==0
1654 && get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
1656 free_public_key(ultimate_pk);
1661 free_public_key(ultimate_pk);
1667 /* Record the highest selfsig version so we know if this is a v3
1668 key through and through, or a v3 key with a v4 selfsig
1669 somewhere. This is useful in a few places to know if the key
1670 must be treated as PGP2-style or OpenPGP-style. Note that a
1671 selfsig revocation with a higher version number will also raise
1672 this value. This is okay since such a revocation must be
1673 issued by the user (i.e. it cannot be issued by someone else to
1674 modify the key behavior.) */
1676 pk->selfsigversion=sigversion;
1678 /* Now that we had a look at all user IDs we can now get some information
1679 * from those user IDs.
1683 /* find the latest user ID with key flags set */
1684 uiddate = 0; /* helper to find the latest user ID */
1685 for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
1687 if ( k->pkt->pkttype == PKT_USER_ID ) {
1688 PKT_user_id *uid = k->pkt->pkt.user_id;
1689 if ( uid->help_key_usage && uid->created > uiddate ) {
1690 key_usage = uid->help_key_usage;
1691 uiddate = uid->created;
1696 if ( !key_usage ) { /* no key flags at all: get it from the algo */
1697 key_usage = openpgp_pk_algo_usage ( pk->pubkey_algo );
1699 else { /* check that the usage matches the usage as given by the algo */
1700 int x = openpgp_pk_algo_usage ( pk->pubkey_algo );
1701 if ( x ) /* mask it down to the actual allowed usage */
1704 pk->pubkey_usage = key_usage;
1706 if ( !key_expire_seen ) {
1707 /* find the latest valid user ID with a key expiration set
1708 * Note, that this may be a different one from the above because
1709 * some user IDs may have no expiration date set */
1711 for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
1713 if ( k->pkt->pkttype == PKT_USER_ID ) {
1714 PKT_user_id *uid = k->pkt->pkt.user_id;
1715 if ( uid->help_key_expire && uid->created > uiddate ) {
1716 key_expire = uid->help_key_expire;
1717 uiddate = uid->created;
1723 /* Currently only v3 keys have a maximum expiration date, but I'll
1724 bet v5 keys get this feature again. */
1725 if(key_expire==0 || (pk->max_expiredate && key_expire>pk->max_expiredate))
1726 key_expire=pk->max_expiredate;
1728 pk->has_expired = key_expire >= curtime? 0 : key_expire;
1729 pk->expiredate = key_expire;
1731 /* Fixme: we should see how to get rid of the expiretime fields but
1732 * this needs changes at other places too. */
1734 /* and now find the real primary user ID and delete all others */
1735 uiddate = uiddate2 = 0;
1736 uidnode = uidnode2 = NULL;
1737 for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next ) {
1738 if ( k->pkt->pkttype == PKT_USER_ID &&
1739 !k->pkt->pkt.user_id->attrib_data) {
1740 PKT_user_id *uid = k->pkt->pkt.user_id;
1741 if (uid->is_primary)
1743 if(uid->created > uiddate)
1745 uiddate = uid->created;
1748 else if(uid->created==uiddate && uidnode)
1750 /* The dates are equal, so we need to do a
1751 different (and arbitrary) comparison. This
1752 should rarely, if ever, happen. It's good to
1753 try and guarantee that two different GnuPG
1754 users with two different keyrings at least pick
1755 the same primary. */
1756 if(cmp_user_ids(uid,uidnode->pkt->pkt.user_id)>0)
1762 if(uid->created > uiddate2)
1764 uiddate2 = uid->created;
1767 else if(uid->created==uiddate2 && uidnode2)
1769 if(cmp_user_ids(uid,uidnode2->pkt->pkt.user_id)>0)
1776 for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
1778 if ( k->pkt->pkttype == PKT_USER_ID &&
1779 !k->pkt->pkt.user_id->attrib_data) {
1780 PKT_user_id *uid = k->pkt->pkt.user_id;
1782 uid->is_primary = 0;
1786 else if( uidnode2 ) {
1787 /* none is flagged primary - use the latest user ID we have,
1788 and disambiguate with the arbitrary packet comparison. */
1789 uidnode2->pkt->pkt.user_id->is_primary = 1;
1793 /* None of our uids were self-signed, so pick the one that
1794 sorts first to be the primary. This is the best we can do
1795 here since there are no self sigs to date the uids. */
1799 for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
1802 if(k->pkt->pkttype==PKT_USER_ID
1803 && !k->pkt->pkt.user_id->attrib_data)
1808 uidnode->pkt->pkt.user_id->is_primary=1;
1813 if(cmp_user_ids(k->pkt->pkt.user_id,
1814 uidnode->pkt->pkt.user_id)>0)
1816 uidnode->pkt->pkt.user_id->is_primary=0;
1818 uidnode->pkt->pkt.user_id->is_primary=1;
1821 k->pkt->pkt.user_id->is_primary=0; /* just to be
1831 merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
1833 PKT_public_key *mainpk = NULL, *subpk = NULL;
1839 u32 curtime = make_timestamp ();
1840 unsigned int key_usage = 0;
1841 u32 keytimestamp = 0;
1846 if ( subnode->pkt->pkttype != PKT_PUBLIC_SUBKEY )
1848 mainpk = keyblock->pkt->pkt.public_key;
1849 if ( mainpk->version < 4 )
1850 return; /* (actually this should never happen) */
1851 keyid_from_pk( mainpk, mainkid );
1852 subpk = subnode->pkt->pkt.public_key;
1853 keytimestamp = subpk->timestamp;
1855 subpk->is_valid = 0;
1856 subpk->main_keyid[0] = mainpk->main_keyid[0];
1857 subpk->main_keyid[1] = mainpk->main_keyid[1];
1859 /* find the latest key binding self-signature. */
1861 sigdate = 0; /* helper to find the latest signature */
1862 for(k=subnode->next; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
1864 if ( k->pkt->pkttype == PKT_SIGNATURE ) {
1865 sig = k->pkt->pkt.signature;
1866 if ( sig->keyid[0] == mainkid[0] && sig->keyid[1]==mainkid[1] ) {
1867 if ( check_key_signature( keyblock, k, NULL ) )
1868 ; /* signature did not verify */
1869 else if ( IS_SUBKEY_REV (sig) ) {
1870 /* Note that this means that the date on a
1871 revocation sig does not matter - even if the
1872 binding sig is dated after the revocation sig,
1873 the subkey is still marked as revoked. This
1874 seems ok, as it is just as easy to make new
1875 subkeys rather than re-sign old ones as the
1876 problem is in the distribution. Plus, PGP (7)
1877 does this the same way. */
1878 subpk->is_revoked = 1;
1879 subpk->revokedate = sig->timestamp;
1880 /* although we could stop now, we continue to
1881 * figure out other information like the old expiration
1884 else if ( IS_SUBKEY_SIG (sig) && sig->timestamp >= sigdate ) {
1885 if(sig->flags.expired)
1886 ; /* signature has expired - ignore it */
1888 sigdate = sig->timestamp;
1896 /* no valid key binding */
1900 sig = signode->pkt->pkt.signature;
1902 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
1904 /* first octet of the keyflags */
1906 key_usage |= PUBKEY_USAGE_SIG;
1908 key_usage |= PUBKEY_USAGE_ENC;
1910 key_usage |= PUBKEY_USAGE_AUTH;
1912 if ( !key_usage ) { /* no key flags at all: get it from the algo */
1913 key_usage = openpgp_pk_algo_usage ( subpk->pubkey_algo );
1915 else { /* check that the usage matches the usage as given by the algo */
1916 int x = openpgp_pk_algo_usage ( subpk->pubkey_algo );
1917 if ( x ) /* mask it down to the actual allowed usage */
1920 subpk->pubkey_usage = key_usage;
1922 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
1924 key_expire = keytimestamp + buffer_to_u32(p);
1927 subpk->has_expired = key_expire >= curtime? 0 : key_expire;
1928 subpk->expiredate = key_expire;
1930 /* algo doesn't exist */
1931 if(check_pubkey_algo(subpk->pubkey_algo))
1934 subpk->is_valid = 1;
1940 * Merge information from the self-signatures with the key, so that
1941 * we can later use them more easy.
1942 * The function works by first applying the self signatures to the
1943 * primary key and the to each subkey.
1944 * Here are the rules we use to decide which inormation from which
1945 * self-signature is used:
1946 * We check all self signatures or validity and ignore all invalid signatures.
1947 * All signatures are then ordered by their creation date ....
1948 * For the primary key:
1952 merge_selfsigs( KBNODE keyblock )
1957 PKT_public_key *main_pk;
1961 if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY ) {
1962 if (keyblock->pkt->pkttype == PKT_SECRET_KEY ) {
1963 log_error ("expected public key but found secret key "
1965 /* we better exit here becuase a public key is expected at
1966 other places too. FIXME: Figure this out earlier and
1967 don't get to here at all */
1973 merge_selfsigs_main ( keyblock, &revoked, &revokedate );
1975 /* now merge in the data from each of the subkeys */
1976 for(k=keyblock; k; k = k->next ) {
1977 if ( k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
1978 merge_selfsigs_subkey ( keyblock, k );
1982 main_pk = keyblock->pkt->pkt.public_key;
1983 if ( revoked || main_pk->has_expired || !main_pk->is_valid ) {
1984 /* if the primary key is revoked, expired, or invalid we
1985 * better set the appropriate flags on that key and all
1987 for(k=keyblock; k; k = k->next ) {
1988 if ( k->pkt->pkttype == PKT_PUBLIC_KEY
1989 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
1990 PKT_public_key *pk = k->pkt->pkt.public_key;
1991 if(!main_pk->is_valid)
1993 if(revoked && !pk->is_revoked)
1995 pk->is_revoked = revoked;
1996 pk->revokedate = revokedate;
1998 if(main_pk->has_expired)
1999 pk->has_expired = main_pk->has_expired;
2005 /* set the preference list of all keys to those of the primary real
2006 * user ID. Note: we use these preferences when we don't know by
2007 * which user ID the key has been selected.
2008 * fixme: we should keep atoms of commonly used preferences or
2009 * use reference counting to optimize the preference lists storage.
2010 * FIXME: it might be better to use the intersection of
2012 * Do a similar thing for the MDC feature flag.
2016 for (k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next) {
2017 if (k->pkt->pkttype == PKT_USER_ID
2018 && !k->pkt->pkt.user_id->attrib_data
2019 && k->pkt->pkt.user_id->is_primary) {
2020 prefs = k->pkt->pkt.user_id->prefs;
2021 mdc_feature = k->pkt->pkt.user_id->mdc_feature;
2025 for(k=keyblock; k; k = k->next ) {
2026 if ( k->pkt->pkttype == PKT_PUBLIC_KEY
2027 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
2028 PKT_public_key *pk = k->pkt->pkt.public_key;
2031 pk->prefs = copy_prefs (prefs);
2032 pk->mdc_feature = mdc_feature;
2039 * Merge the secret keys from secblock into the pubblock thereby
2040 * replacing the public (sub)keys with their secret counterparts Hmmm:
2041 * It might be better to get away from the concept of entire secret
2042 * keys at all and have a way to store just the real secret parts
2046 merge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
2050 assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY );
2051 assert ( secblock->pkt->pkttype == PKT_SECRET_KEY );
2053 for (pub=pubblock; pub; pub = pub->next ) {
2054 if ( pub->pkt->pkttype == PKT_PUBLIC_KEY ) {
2055 PKT_public_key *pk = pub->pkt->pkt.public_key;
2056 PKT_secret_key *sk = secblock->pkt->pkt.secret_key;
2057 assert ( pub == pubblock ); /* only in the first node */
2058 /* there is nothing to compare in this case, so just replace
2059 * some information */
2060 copy_public_parts_to_secret_key ( pk, sk );
2061 free_public_key ( pk );
2062 pub->pkt->pkttype = PKT_SECRET_KEY;
2063 pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
2065 else if ( pub->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
2067 PKT_public_key *pk = pub->pkt->pkt.public_key;
2069 /* this is more complicated: it may happen that the sequence
2070 * of the subkeys dosn't match, so we have to find the
2071 * appropriate secret key */
2072 for (sec=secblock->next; sec; sec = sec->next ) {
2073 if ( sec->pkt->pkttype == PKT_SECRET_SUBKEY ) {
2074 PKT_secret_key *sk = sec->pkt->pkt.secret_key;
2075 if ( !cmp_public_secret_key ( pk, sk ) ) {
2076 copy_public_parts_to_secret_key ( pk, sk );
2077 free_public_key ( pk );
2078 pub->pkt->pkttype = PKT_SECRET_SUBKEY;
2079 pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
2085 BUG(); /* already checked in premerge */
2090 /* This function checks that for every public subkey a corresponding
2091 * secret subkey is available and deletes the public subkey otherwise.
2092 * We need this function because we can't delete it later when we
2093 * actually merge the secret parts into the pubring.
2094 * The function also plays some games with the node flags.
2097 premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
2101 assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY );
2102 assert ( secblock->pkt->pkttype == PKT_SECRET_KEY );
2104 for (pub=pubblock,last=NULL; pub; last = pub, pub = pub->next ) {
2105 pub->flag &= ~3; /* reset bits 0 and 1 */
2106 if ( pub->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
2108 PKT_public_key *pk = pub->pkt->pkt.public_key;
2110 for (sec=secblock->next; sec; sec = sec->next ) {
2111 if ( sec->pkt->pkttype == PKT_SECRET_SUBKEY ) {
2112 PKT_secret_key *sk = sec->pkt->pkt.secret_key;
2113 if ( !cmp_public_secret_key ( pk, sk ) ) {
2114 if ( sk->protect.s2k.mode == 1001 ) {
2115 /* The secret parts are not available so
2116 we can't use that key for signing etc.
2117 Fix the pubkey usage */
2118 pk->pubkey_usage &= ~(PUBKEY_USAGE_SIG
2119 |PUBKEY_USAGE_AUTH);
2121 /* transfer flag bits 0 and 1 to the pubblock */
2122 pub->flag |= (sec->flag &3);
2131 log_info (_("no secret subkey"
2132 " for public subkey %s - ignoring\n"),
2133 keystr_from_pk (pk));
2134 /* we have to remove the subkey in this case */
2136 /* find the next subkey */
2137 for (next=pub->next,ll=pub;
2138 next && pub->pkt->pkttype != PKT_PUBLIC_SUBKEY;
2139 ll = next, next = next->next )
2143 /* release this public subkey with all sigs */
2145 release_kbnode( pub );
2146 /* let the loop continue */
2151 /* We need to copy the found bits (0 and 1) from the secret key to
2152 the public key. This has already been done for the subkeys but
2153 got lost on the primary key - fix it here *. */
2154 pubblock->flag |= (secblock->flag & 3);
2160 /* See see whether the key fits
2161 * our requirements and in case we do not
2162 * request the primary key, we should select
2163 * a suitable subkey.
2164 * FIXME: Check against PGP 7 whether we still need a kludge
2165 * to favor type 16 keys over type 20 keys when type 20
2166 * has not been explitely requested.
2167 * Returns: True when a suitable key has been found.
2169 * We have to distinguish four cases: FIXME!
2170 * 1. No usage and no primary key requested
2171 * Examples for this case are that we have a keyID to be used
2172 * for decrytion or verification.
2173 * 2. No usage but primary key requested
2174 * This is the case for all functions which work on an
2175 * entire keyblock, e.g. for editing or listing
2176 * 3. Usage and primary key requested
2178 * 4. Usage but no primary key requested
2180 * FIXME: Tell what is going to happen here and something about the rationale
2181 * Note: We don't use this function if no specific usage is requested;
2182 * This way the getkey functions can be used for plain key listings.
2184 * CTX ist the keyblock we are investigating, if FOUNDK is not NULL this
2185 * is the key we actually found by looking at the keyid or a fingerprint and
2186 * may eitehr point to the primary or one of the subkeys.
2190 finish_lookup (GETKEY_CTX ctx)
2192 KBNODE keyblock = ctx->keyblock;
2194 KBNODE foundk = NULL;
2195 PKT_user_id *foundu = NULL;
2196 #define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC)
2197 unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
2198 /* Request the primary if we're certifying another key, and also
2199 if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
2200 do not understand signatures made by a signing subkey. PGP 8
2202 int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
2203 ((PGP6 || PGP7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
2206 u32 curtime = make_timestamp ();
2208 assert( keyblock->pkt->pkttype == PKT_PUBLIC_KEY );
2210 ctx->found_key = NULL;
2213 for (k=keyblock; k; k = k->next) {
2214 if ( (k->flag & 1) ) {
2215 assert ( k->pkt->pkttype == PKT_PUBLIC_KEY
2216 || k->pkt->pkttype == PKT_PUBLIC_SUBKEY );
2223 for (k=keyblock; k; k = k->next) {
2224 if ( (k->flag & 2) ) {
2225 assert (k->pkt->pkttype == PKT_USER_ID);
2226 foundu = k->pkt->pkt.user_id;
2232 log_debug( "finish_lookup: checking key %08lX (%s)(req_usage=%x)\n",
2233 (ulong)keyid_from_pk( keyblock->pkt->pkt.public_key, NULL),
2234 foundk? "one":"all", req_usage);
2237 latest_key = foundk? foundk:keyblock;
2242 PKT_public_key *pk = foundk->pkt->pkt.public_key;
2244 free_user_id (pk->user_id);
2245 pk->user_id = scopy_user_id (foundu);
2246 ctx->found_key = foundk;
2247 cache_user_id( keyblock );
2248 return 1; /* found */
2253 /* do not look at subkeys if a certification key is requested */
2254 if ((!foundk || foundk->pkt->pkttype == PKT_PUBLIC_SUBKEY) && !req_prim) {
2256 /* either start a loop or check just this one subkey */
2257 for (k=foundk?foundk:keyblock; k; k = nextk ) {
2260 if ( k->pkt->pkttype != PKT_PUBLIC_SUBKEY )
2263 nextk = NULL; /* what a hack */
2264 pk = k->pkt->pkt.public_key;
2266 log_debug( "\tchecking subkey %08lX\n",
2267 (ulong)keyid_from_pk( pk, NULL));
2268 if ( !pk->is_valid ) {
2270 log_debug( "\tsubkey not valid\n");
2273 if ( pk->is_revoked ) {
2275 log_debug( "\tsubkey has been revoked\n");
2278 if ( pk->has_expired ) {
2280 log_debug( "\tsubkey has expired\n");
2283 if ( pk->timestamp > curtime && !opt.ignore_valid_from ) {
2285 log_debug( "\tsubkey not yet valid\n");
2289 if ( !((pk->pubkey_usage&USAGE_MASK) & req_usage) ) {
2291 log_debug( "\tusage does not match: want=%x have=%x\n",
2292 req_usage, pk->pubkey_usage );
2297 log_debug( "\tsubkey looks fine\n");
2298 if ( pk->timestamp > latest_date ) {
2299 latest_date = pk->timestamp;
2305 /* Okay now try the primary key unless we want an exact
2306 * key ID match on a subkey */
2307 if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim) {
2309 if (DBG_CACHE && !foundk && !req_prim )
2310 log_debug( "\tno suitable subkeys found - trying primary\n");
2311 pk = keyblock->pkt->pkt.public_key;
2312 if ( !pk->is_valid ) {
2314 log_debug( "\tprimary key not valid\n");
2316 else if ( pk->is_revoked ) {
2318 log_debug( "\tprimary key has been revoked\n");
2320 else if ( pk->has_expired ) {
2322 log_debug( "\tprimary key has expired\n");
2324 else if ( !((pk->pubkey_usage&USAGE_MASK) & req_usage) ) {
2326 log_debug( "\tprimary key usage does not match: "
2327 "want=%x have=%x\n",
2328 req_usage, pk->pubkey_usage );
2332 log_debug( "\tprimary key may be used\n");
2333 latest_key = keyblock;
2334 latest_date = pk->timestamp;
2338 if ( !latest_key ) {
2340 log_debug("\tno suitable key found - giving up\n");
2346 log_debug( "\tusing key %08lX\n",
2347 (ulong)keyid_from_pk( latest_key->pkt->pkt.public_key, NULL) );
2350 PKT_public_key *pk = latest_key->pkt->pkt.public_key;
2352 free_user_id (pk->user_id);
2353 pk->user_id = scopy_user_id (foundu);
2356 ctx->found_key = latest_key;
2358 if (latest_key != keyblock && opt.verbose)
2361 m_strdup(keystr_from_pk(latest_key->pkt->pkt.public_key));
2362 log_info(_("using secondary key %s instead of primary key %s\n"),
2363 tempkeystr, keystr_from_pk(keyblock->pkt->pkt.public_key));
2367 cache_user_id( keyblock );
2369 return 1; /* found */
2374 lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
2377 KBNODE secblock = NULL; /* helper */
2378 int no_suitable_key = 0;
2381 while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems))) {
2382 /* If we are searching for the first key we have to make sure
2383 that the next interation does not no an implicit reset.
2384 This can be triggered by an empty key ring. */
2385 if (ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST)
2386 ctx->items->mode = KEYDB_SEARCH_MODE_NEXT;
2388 rc = keydb_get_keyblock (ctx->kr_handle, &ctx->keyblock);
2390 log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
2396 /* find the correspondig public key and use this
2397 * this one for the selection process */
2399 KBNODE k = ctx->keyblock;
2401 if (k->pkt->pkttype != PKT_SECRET_KEY)
2404 keyid_from_sk (k->pkt->pkt.secret_key, aki);
2405 k = get_pubkeyblock (aki);
2409 log_info(_("key %s: secret key without public key"
2410 " - skipped\n"), keystr(aki));
2413 secblock = ctx->keyblock;
2416 premerge_public_with_secret ( ctx->keyblock, secblock );
2419 /* warning: node flag bits 0 and 1 should be preserved by
2420 * merge_selfsigs. For secret keys, premerge did tranfer the
2421 * keys to the keyblock */
2422 merge_selfsigs ( ctx->keyblock );
2423 if ( finish_lookup (ctx) ) {
2424 no_suitable_key = 0;
2426 merge_public_with_secret ( ctx->keyblock,
2428 release_kbnode (secblock);
2434 no_suitable_key = 1;
2437 /* release resources and continue search */
2439 release_kbnode( secblock );
2442 release_kbnode( ctx->keyblock );
2443 ctx->keyblock = NULL;
2447 if( rc && rc != -1 )
2448 log_error("keydb_search failed: %s\n", g10_errstr(rc));
2451 *ret_keyblock = ctx->keyblock; /* return the keyblock */
2452 ctx->keyblock = NULL;
2454 else if (rc == -1 && no_suitable_key)
2455 rc = secmode ? G10ERR_UNU_SECKEY : G10ERR_UNU_PUBKEY;
2457 rc = secmode ? G10ERR_NO_SECKEY : G10ERR_NO_PUBKEY;
2460 release_kbnode( secblock );
2463 release_kbnode( ctx->keyblock );
2464 ctx->keyblock = NULL;
2474 * FIXME: Replace by the generic function
2475 * It does not work as it is right now - it is used at
2476 * 2 places: a) to get the key for an anonyous recipient
2477 * b) to get the ultimately trusted keys.
2478 * The a) usage might have some problems.
2480 * set with_subkeys true to include subkeys
2481 * set with_spm true to include secret-parts-missing keys
2483 * Enumerate all primary secret keys. Caller must use these procedure:
2484 * 1) create a void pointer and initialize it to NULL
2485 * 2) pass this void pointer by reference to this function
2486 * and provide space for the secret key (pass a buffer for sk)
2487 * 3) call this function as long as it does not return -1
2489 * 4) Always call this function a last time with SK set to NULL,
2490 * so that can free it's context.
2493 enum_secret_keys( void **context, PKT_secret_key *sk,
2494 int with_subkeys, int with_spm )
2506 if( !c ) { /* make a new context */
2507 c = m_alloc_clear( sizeof *c );
2509 c->hd = keydb_new (1);
2515 if( !sk ) { /* free the context */
2516 keydb_release (c->hd);
2517 release_kbnode (c->keyblock);
2527 /* get the next secret key from the current keyblock */
2528 for (; c->node; c->node = c->node->next) {
2529 if ((c->node->pkt->pkttype == PKT_SECRET_KEY
2531 && c->node->pkt->pkttype == PKT_SECRET_SUBKEY) )
2532 && !(c->node->pkt->pkt.secret_key->protect.s2k.mode==1001
2534 copy_secret_key (sk, c->node->pkt->pkt.secret_key );
2535 c->node = c->node->next;
2536 return 0; /* found */
2539 release_kbnode (c->keyblock);
2540 c->keyblock = c->node = NULL;
2542 rc = c->first? keydb_search_first (c->hd) : keydb_search_next (c->hd);
2545 keydb_release (c->hd); c->hd = NULL;
2547 return -1; /* eof */
2550 rc = keydb_get_keyblock (c->hd, &c->keyblock);
2551 c->node = c->keyblock;
2554 return rc; /* error */
2559 /*********************************************
2560 *********** user ID printing helpers *******
2561 *********************************************/
2564 * Return a string with a printable representation of the user_id.
2565 * this string must be freed by m_free.
2568 get_user_id_string( u32 *keyid )
2573 /* try it two times; second pass reads from key resources */
2576 for(r=user_id_db; r; r = r->next )
2579 for (a=r->keyids; a; a= a->next )
2581 if( a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1] )
2583 p = m_alloc( keystrlen() + 1 + r->len + 1 );
2584 sprintf(p, "%s %.*s", keystr(keyid), r->len, r->name );
2589 } while( ++pass < 2 && !get_pubkey( NULL, keyid ) );
2590 p = m_alloc( keystrlen() + 5 );
2591 sprintf(p, "%s [?]", keystr(keyid));
2597 get_user_id_string_printable ( u32 *keyid )
2599 char *p = get_user_id_string( keyid );
2600 char *p2 = utf8_to_native( p, strlen(p), 0 );
2602 p = make_printable_string (p2, strlen (p2), 0);
2609 get_long_user_id_string( u32 *keyid )
2614 /* try it two times; second pass reads from key resources */
2616 for(r=user_id_db; r; r = r->next ) {
2618 for (a=r->keyids; a; a= a->next ) {
2619 if( a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1] ) {
2620 p = m_alloc( r->len + 20 );
2621 sprintf(p, "%08lX%08lX %.*s",
2622 (ulong)keyid[0], (ulong)keyid[1],
2628 } while( ++pass < 2 && !get_pubkey( NULL, keyid ) );
2630 sprintf(p, "%08lX%08lX [?]", (ulong)keyid[0], (ulong)keyid[1] );
2635 get_user_id( u32 *keyid, size_t *rn )
2641 /* try it two times; second pass reads from key resources */
2643 for(r=user_id_db; r; r = r->next ) {
2645 for (a=r->keyids; a; a= a->next ) {
2646 if( a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1] ) {
2647 p = m_alloc( r->len );
2648 memcpy(p, r->name, r->len );
2654 } while( ++pass < 2 && !get_pubkey( NULL, keyid ) );
2655 p = m_strdup( _("[User id not found]") );
2661 get_user_id_printable( u32 *keyid )
2664 char *p = get_user_id( keyid, &rn );
2665 char *p2 = utf8_to_native( p, rn, 0 );
2667 p = make_printable_string (p2, strlen (p2), 0);
2673 get_ctx_handle(GETKEY_CTX ctx)
2675 return ctx->kr_handle;
projects / gnupg.git / blob