* passphrase.c (agent_get_passphrase): Use keystrs for agent strings, and
[gnupg.git] / g10 / keyedit.c
1 /* keyedit.c - keyedit stuff
2  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
3  *               2004 Free Software Foundation, Inc.
4  *
5  * This file is part of GnuPG.
6  *
7  * GnuPG is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * GnuPG is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
20  */
21
22 #include <config.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <errno.h>
27 #include <assert.h>
28 #include <ctype.h>
29
30 #include "options.h"
31 #include "packet.h"
32 #include "errors.h"
33 #include "iobuf.h"
34 #include "keydb.h"
35 #include "memory.h"
36 #include "photoid.h"
37 #include "util.h"
38 #include "main.h"
39 #include "trustdb.h"
40 #include "filter.h"
41 #include "ttyio.h"
42 #include "status.h"
43 #include "i18n.h"
44 #include "keyserver-internal.h"
45
46 static void show_prefs( PKT_user_id *uid, PKT_signature *selfsig, int verbose);
47 static void show_key_with_all_names( KBNODE keyblock, int only_marked,
48             int with_revoker, int with_fpr, int with_subkeys, int with_prefs );
49 static void show_key_and_fingerprint( KBNODE keyblock );
50 static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock, int photo );
51 static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
52 static int  menu_delsig( KBNODE pub_keyblock );
53 static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
54 static int menu_addrevoker( KBNODE pub_keyblock,
55                             KBNODE sec_keyblock, int sensitive );
56 static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock );
57 static int menu_set_primary_uid( KBNODE pub_keyblock, KBNODE sec_keyblock );
58 static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock );
59 static int menu_set_keyserver_url (const char *url,
60                                    KBNODE pub_keyblock, KBNODE sec_keyblock );
61 static int menu_select_uid( KBNODE keyblock, int idx );
62 static int menu_select_key( KBNODE keyblock, int idx );
63 static int count_uids( KBNODE keyblock );
64 static int count_uids_with_flag( KBNODE keyblock, unsigned flag );
65 static int count_keys_with_flag( KBNODE keyblock, unsigned flag );
66 static int count_selected_uids( KBNODE keyblock );
67 static int real_uids_left( KBNODE keyblock );
68 static int count_selected_keys( KBNODE keyblock );
69 static int menu_revsig( KBNODE keyblock );
70 static int menu_revuid( KBNODE keyblock, KBNODE sec_keyblock );
71 static int menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
72 static int enable_disable_key( KBNODE keyblock, int disable );
73 static void menu_showphoto( KBNODE keyblock );
74
75 static int update_trust=0;
76
77 #define CONTROL_D ('D' - 'A' + 1)
78
79 #define NODFLG_BADSIG (1<<0)  /* bad signature */
80 #define NODFLG_NOKEY  (1<<1)  /* no public key */
81 #define NODFLG_SIGERR (1<<2)  /* other sig error */
82
83 #define NODFLG_MARK_A (1<<4)  /* temporary mark */
84 #define NODFLG_DELSIG (1<<5)  /* to be deleted */
85
86 #define NODFLG_SELUID (1<<8)  /* indicate the selected userid */
87 #define NODFLG_SELKEY (1<<9)  /* indicate the selected key */
88 #define NODFLG_SELSIG (1<<10) /* indicate a selected signature */
89
90 struct sign_attrib {
91     int non_exportable,non_revocable;
92     struct revocation_reason_info *reason;
93     byte trust_depth,trust_value;
94     char *trust_regexp;
95 };
96
97
98 #ifdef ENABLE_CARD_SUPPORT
99 /* Given a node SEC_NODE with a secret key or subkey, locate the
100    corresponding public key from pub_keyblock. */
101 static PKT_public_key *
102 find_pk_from_sknode (KBNODE pub_keyblock, KBNODE sec_node)
103 {
104   KBNODE node = pub_keyblock;
105   PKT_secret_key *sk;
106   PKT_public_key *pk;
107   
108   if (sec_node->pkt->pkttype == PKT_SECRET_KEY
109       && node->pkt->pkttype == PKT_PUBLIC_KEY)
110     return node->pkt->pkt.public_key;
111   if (sec_node->pkt->pkttype != PKT_SECRET_SUBKEY)
112     return NULL;
113   sk = sec_node->pkt->pkt.secret_key;
114   for (; node; node = node->next)
115     if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
116       {
117         pk = node->pkt->pkt.public_key;
118         if (pk->keyid[0] == sk->keyid[0] && pk->keyid[1] == sk->keyid[1])
119           return pk;
120       }
121       
122   return NULL;
123 }
124 #endif /* ENABLE_CARD_SUPPORT */
125
126
127 /* TODO: Fix duplicated code between here and the check-sigs/list-sigs
128    code in keylist.c. */
129 static int
130 print_and_check_one_sig_colon( KBNODE keyblock, KBNODE node,
131                                int *inv_sigs, int *no_key, int *oth_err,
132                                int *is_selfsig, int print_without_key )
133 {
134   PKT_signature *sig = node->pkt->pkt.signature;
135   int rc, sigrc;
136
137   /* TODO: Make sure a cached sig record here still has the pk that
138      issued it.  See also keylist.c:list_keyblock_print */
139
140   switch((rc=check_key_signature(keyblock,node,is_selfsig)))
141     {
142     case 0:
143       node->flag &= ~(NODFLG_BADSIG|NODFLG_NOKEY|NODFLG_SIGERR);
144       sigrc = '!';
145       break;
146     case G10ERR_BAD_SIGN:
147       node->flag = NODFLG_BADSIG;
148       sigrc = '-';
149       if( inv_sigs )
150         ++*inv_sigs;
151       break;
152     case G10ERR_NO_PUBKEY:
153     case G10ERR_UNU_PUBKEY:
154       node->flag = NODFLG_NOKEY;
155       sigrc = '?';
156       if( no_key )
157         ++*no_key;
158       break;
159     default:
160       node->flag = NODFLG_SIGERR;
161       sigrc = '%';
162       if( oth_err )
163         ++*oth_err;
164       break;
165     }
166
167   if( sigrc != '?' || print_without_key )
168     {
169       printf("sig:%c::%d:%08lX%08lX:%lu:%lu:",
170              sigrc,sig->pubkey_algo,(ulong)sig->keyid[0],(ulong)sig->keyid[1],
171              (ulong)sig->timestamp,(ulong)sig->expiredate);
172
173       if(sig->trust_depth || sig->trust_value)
174         printf("%d %d",sig->trust_depth,sig->trust_value);
175
176       printf(":");
177
178       if(sig->trust_regexp)
179         print_string(stdout,sig->trust_regexp,strlen(sig->trust_regexp),':');
180
181       printf("::%02x%c\n",sig->sig_class,sig->flags.exportable?'x':'l');
182
183       if(opt.show_subpackets)
184         print_subpackets_colon(sig);
185     }
186
187   return (sigrc == '!');
188 }
189
190
191 /****************
192  * Print information about a signature, check it and return true
193  * if the signature is okay. NODE must be a signature packet.
194  */
195 static int
196 print_and_check_one_sig( KBNODE keyblock, KBNODE node,
197                          int *inv_sigs, int *no_key, int *oth_err,
198                         int *is_selfsig, int print_without_key )
199 {
200     PKT_signature *sig = node->pkt->pkt.signature;
201     int rc, sigrc;
202     int is_rev = sig->sig_class == 0x30;
203
204     /* TODO: Make sure a cached sig record here still has the pk that
205        issued it.  See also keylist.c:list_keyblock_print */
206
207     switch( (rc = check_key_signature( keyblock, node, is_selfsig)) ) {
208       case 0:
209         node->flag &= ~(NODFLG_BADSIG|NODFLG_NOKEY|NODFLG_SIGERR);
210         sigrc = '!';
211         break;
212       case G10ERR_BAD_SIGN:
213         node->flag = NODFLG_BADSIG;
214         sigrc = '-';
215         if( inv_sigs )
216             ++*inv_sigs;
217         break;
218       case G10ERR_NO_PUBKEY:
219       case G10ERR_UNU_PUBKEY:
220         node->flag = NODFLG_NOKEY;
221         sigrc = '?';
222         if( no_key )
223             ++*no_key;
224         break;
225       default:
226         node->flag = NODFLG_SIGERR;
227         sigrc = '%';
228         if( oth_err )
229             ++*oth_err;
230         break;
231     }
232     if( sigrc != '?' || print_without_key ) {
233         tty_printf("%s%c%c %c%c%c%c%c%c %s %s",
234                    is_rev? "rev":"sig",sigrc,
235                    (sig->sig_class-0x10>0 &&
236                     sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
237                    sig->flags.exportable?' ':'L',
238                    sig->flags.revocable?' ':'R',
239                    sig->flags.policy_url?'P':' ',
240                    sig->flags.notation?'N':' ',
241                    sig->flags.expired?'X':' ',
242                    (sig->trust_depth>9)?'T':
243                    (sig->trust_depth>0)?'0'+sig->trust_depth:' ',
244                    keystr(sig->keyid),datestr_from_sig(sig));
245         if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
246           tty_printf(" %s",expirestr_from_sig(sig));
247         tty_printf("  ");
248         if( sigrc == '%' )
249             tty_printf("[%s] ", g10_errstr(rc) );
250         else if( sigrc == '?' )
251             ;
252         else if( *is_selfsig ) {
253             tty_printf( is_rev? _("[revocation]")
254                               : _("[self-signature]") );
255         }
256         else
257           {
258             size_t n;
259             char *p = get_user_id( sig->keyid, &n );
260             tty_print_utf8_string2(p, n, opt.screen_columns-keystrlen()-26-
261                                ((opt.list_options&LIST_SHOW_SIG_EXPIRE)?11:0));
262             m_free(p);
263           }
264         tty_printf("\n");
265
266         if(sig->flags.policy_url && (opt.list_options&LIST_SHOW_POLICY_URLS))
267           show_policy_url(sig,3,0);
268
269         if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
270           show_notation(sig,3,0,
271                         ((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
272                         ((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
273
274         if(sig->flags.pref_ks && (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
275           show_keyserver_url(sig,3,0);
276     }
277
278     return (sigrc == '!');
279 }
280
281
282
283 /****************
284  * Check the keysigs and set the flags to indicate errors.
285  * Returns true if error found.
286  */
287 static int
288 check_all_keysigs( KBNODE keyblock, int only_selected )
289 {
290     KBNODE kbctx;
291     KBNODE node;
292     int inv_sigs = 0;
293     int no_key = 0;
294     int oth_err = 0;
295     int has_selfsig = 0;
296     int mis_selfsig = 0;
297     int selected = !only_selected;
298     int anyuid = 0;
299
300     for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
301         if( node->pkt->pkttype == PKT_USER_ID ) {
302             PKT_user_id *uid = node->pkt->pkt.user_id;
303
304             if( only_selected )
305                 selected = (node->flag & NODFLG_SELUID);
306             if( selected ) {
307                 tty_printf("uid  ");
308                 tty_print_utf8_string( uid->name, uid->len );
309                 tty_printf("\n");
310                 if( anyuid && !has_selfsig )
311                     mis_selfsig++;
312                 has_selfsig = 0;
313                 anyuid = 1;
314             }
315         }
316         else if( selected && node->pkt->pkttype == PKT_SIGNATURE
317                  && ( (node->pkt->pkt.signature->sig_class&~3) == 0x10
318                      || node->pkt->pkt.signature->sig_class == 0x30 )  ) {
319             int selfsig;
320
321             if( print_and_check_one_sig( keyblock, node, &inv_sigs,
322                                         &no_key, &oth_err, &selfsig, 0 ) ) {
323                 if( selfsig )
324                     has_selfsig = 1;
325             }
326             /* Hmmm: should we update the trustdb here? */
327         }
328     }
329     if( !has_selfsig )
330         mis_selfsig++;
331     if( inv_sigs == 1 )
332         tty_printf(_("1 bad signature\n") );
333     else if( inv_sigs )
334         tty_printf(_("%d bad signatures\n"), inv_sigs );
335     if( no_key == 1 )
336         tty_printf(_("1 signature not checked due to a missing key\n") );
337     else if( no_key )
338         tty_printf(_("%d signatures not checked due to missing keys\n"), no_key );
339     if( oth_err == 1 )
340         tty_printf(_("1 signature not checked due to an error\n") );
341     else if( oth_err )
342         tty_printf(_("%d signatures not checked due to errors\n"), oth_err );
343     if( mis_selfsig == 1 )
344         tty_printf(_("1 user ID without valid self-signature detected\n"));
345     else if( mis_selfsig  )
346         tty_printf(_("%d user IDs without valid self-signatures detected\n"),
347                                                                     mis_selfsig);
348
349     return inv_sigs || no_key || oth_err || mis_selfsig;
350 }
351
352
353 static int
354 sign_mk_attrib( PKT_signature *sig, void *opaque )
355 {
356     struct sign_attrib *attrib = opaque;
357     byte buf[8];
358
359     if( attrib->non_exportable ) {
360         buf[0] = 0; /* not exportable */
361         build_sig_subpkt( sig, SIGSUBPKT_EXPORTABLE, buf, 1 );
362     }
363
364     if( attrib->non_revocable ) {
365         buf[0] = 0; /* not revocable */
366         build_sig_subpkt( sig, SIGSUBPKT_REVOCABLE, buf, 1 );
367     }
368
369     if( attrib->reason )
370         revocation_reason_build_cb( sig, attrib->reason );
371
372     if(attrib->trust_depth)
373       {
374         /* Not critical.  If someone doesn't understand trust sigs,
375            this can still be a valid regular signature. */
376         buf[0] = attrib->trust_depth;
377         buf[1] = attrib->trust_value;
378         build_sig_subpkt(sig,SIGSUBPKT_TRUST,buf,2);
379
380         /* Critical.  If someone doesn't understands regexps, this
381            whole sig should be invalid.  Note the +1 for the length -
382            regexps are null terminated. */
383         if(attrib->trust_regexp)
384           build_sig_subpkt(sig,SIGSUBPKT_FLAG_CRITICAL|SIGSUBPKT_REGEXP,
385                            attrib->trust_regexp,
386                            strlen(attrib->trust_regexp)+1);
387       }
388
389     return 0;
390 }
391
392 static void
393 trustsig_prompt(byte *trust_value,byte *trust_depth,char **regexp)
394 {
395   char *p;
396
397   *trust_value=0;
398   *trust_depth=0;
399   *regexp=NULL;
400
401   tty_printf("\n");
402   /* Same string as pkclist.c:do_edit_ownertrust */
403   tty_printf(_(
404                "Please decide how far you trust this user to correctly\n"
405                "verify other users' keys (by looking at passports,\n"
406                "checking fingerprints from different sources...)?\n\n"));
407   tty_printf (_("   (%d) I trust marginally\n"), 1);
408   tty_printf (_("   (%d) I trust fully\n"), 2);
409   tty_printf("\n");
410
411   while(*trust_value==0)
412     {
413       p = cpr_get("trustsig_prompt.trust_value",_("Your selection? "));
414       trim_spaces(p);
415       cpr_kill_prompt();
416       /* 60 and 120 are as per RFC2440 */
417       if(p[0]=='1' && !p[1])
418         *trust_value=60;
419       else if(p[0]=='2' && !p[1])
420         *trust_value=120;
421       m_free(p);
422     }
423
424   tty_printf("\n");
425
426   tty_printf(_(
427               "Please enter the depth of this trust signature.\n"
428               "A depth greater than 1 allows the key you are signing to make\n"
429               "trust signatures on your behalf.\n"));
430   tty_printf("\n");
431
432   while(*trust_depth==0)
433     {
434       p = cpr_get("trustsig_prompt.trust_depth",_("Your selection? "));
435       trim_spaces(p);
436       cpr_kill_prompt();
437       *trust_depth=atoi(p);
438       m_free(p);
439     }
440
441   tty_printf("\n");
442
443   tty_printf(_("Please enter a domain to restrict this signature, "
444                "or enter for none.\n"));
445
446   tty_printf("\n");
447
448   p=cpr_get("trustsig_prompt.trust_regexp",_("Your selection? "));
449   trim_spaces(p);
450   cpr_kill_prompt();
451
452   if(strlen(p)>0)
453     {
454       char *q=p;
455       int regexplen=100,ind;
456
457       *regexp=m_alloc(regexplen);
458
459       /* Now mangle the domain the user entered into a regexp.  To do
460          this, \-escape everything that isn't alphanumeric, and attach
461          "<[^>]+[@.]" to the front, and ">$" to the end. */
462
463       strcpy(*regexp,"<[^>]+[@.]");
464       ind=strlen(*regexp);
465
466       while(*q)
467         {
468           if(!((*q>='A' && *q<='Z')
469                || (*q>='a' && *q<='z') || (*q>='0' && *q<='9')))
470             (*regexp)[ind++]='\\';
471
472           (*regexp)[ind++]=*q;
473
474           if((regexplen-ind)<3)
475             {
476               regexplen+=100;
477               *regexp=m_realloc(*regexp,regexplen);
478             }
479
480           q++;
481         }
482
483       (*regexp)[ind]='\0';
484       strcat(*regexp,">$");
485     }
486
487   m_free(p);
488   tty_printf("\n");
489 }
490
491 /****************
492  * Loop over all locusr and and sign the uids after asking.
493  * If no user id is marked, all user ids will be signed;
494  * if some user_ids are marked those will be signed.
495  */
496 static int
497 sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
498            int local, int nonrevocable, int trust )
499 {
500     int rc = 0;
501     SK_LIST sk_list = NULL;
502     SK_LIST sk_rover = NULL;
503     PKT_secret_key *sk = NULL;
504     KBNODE node, uidnode;
505     PKT_public_key *primary_pk=NULL;
506     int select_all = !count_selected_uids(keyblock);
507     int all_v3=1;
508
509     /* Are there any non-v3 sigs on this key already? */
510     if(PGP2)
511       for(node=keyblock;node;node=node->next)
512         if(node->pkt->pkttype==PKT_SIGNATURE &&
513            node->pkt->pkt.signature->version>3)
514           {
515             all_v3=0;
516             break;
517           }
518
519     /* build a list of all signators.
520      *    
521      * We use the CERT flag to request the primary which must always
522      * be one which is capable of signing keys.  I can't see a reason
523      * why to sign keys using a subkey.  Implementation of USAGE_CERT
524      * is just a hack in getkey.c and does not mean that a subkey
525      * marked as certification capable will be used */
526     rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT);
527     if( rc )
528         goto leave;
529
530     /* loop over all signators */
531     for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
532         u32 sk_keyid[2],pk_keyid[2];
533         size_t n;
534         char *p,*trust_regexp=NULL;
535         int force_v4=0,class=0,selfsig=0;
536         u32 duration=0,timestamp=0;
537         byte trust_depth=0,trust_value=0;
538
539         if(local || nonrevocable || trust ||
540            opt.cert_policy_url || opt.cert_notation_data)
541           force_v4=1;
542
543         /* we have to use a copy of the sk, because make_keysig_packet
544          * may remove the protection from sk and if we did other
545          * changes to the secret key, we would save the unprotected
546          * version */
547         if( sk )
548             free_secret_key(sk);
549         sk = copy_secret_key( NULL, sk_rover->sk );
550         keyid_from_sk( sk, sk_keyid );
551         /* set mark A for all selected user ids */
552         for( node=keyblock; node; node = node->next ) {
553             if( select_all || (node->flag & NODFLG_SELUID) )
554                 node->flag |= NODFLG_MARK_A;
555             else
556                 node->flag &= ~NODFLG_MARK_A;
557         }
558         /* reset mark for uids which are already signed */
559         uidnode = NULL;
560         for( node=keyblock; node; node = node->next ) {
561             if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
562                 primary_pk=node->pkt->pkt.public_key;
563                 keyid_from_pk( primary_pk, pk_keyid );
564
565                 /* Is this a self-sig? */
566                 if(pk_keyid[0]==sk_keyid[0] && pk_keyid[1]==sk_keyid[1])
567                   {
568                     selfsig=1;
569                     /* Do not force a v4 sig here, otherwise it would
570                        be difficult to remake a v3 selfsig.  If this
571                        is a v3->v4 promotion case, then we set
572                        force_v4 later anyway. */
573                     force_v4=0;
574                   }
575             }
576             else if( node->pkt->pkttype == PKT_USER_ID ) {
577                 uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
578                 if(uidnode)
579                   {
580                     char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
581                                               uidnode->pkt->pkt.user_id->len,
582                                               0);
583
584                     if(uidnode->pkt->pkt.user_id->is_revoked)
585                       {
586                         tty_printf(_("User ID \"%s\" is revoked."),user);
587
588                         if(selfsig)
589                           tty_printf("\n");
590                         else if(opt.expert)
591                           {
592                             tty_printf("\n");
593                             /* No, so remove the mark and continue */
594                             if(!cpr_get_answer_is_yes("sign_uid.revoke_okay",
595                                                       _("Are you sure you "
596                                                         "still want to sign "
597                                                         "it? (y/N) ")))
598                               {
599                                 uidnode->flag &= ~NODFLG_MARK_A;
600                                 uidnode=NULL;
601                               }
602                           }
603                         else
604                           {
605                             uidnode->flag &= ~NODFLG_MARK_A;
606                             uidnode=NULL;
607                             tty_printf(_("  Unable to sign.\n"));
608                           }
609                       }
610                     else if(uidnode->pkt->pkt.user_id->is_expired)
611                       {
612                         tty_printf(_("User ID \"%s\" is expired."),user);
613
614                         if(selfsig)
615                           tty_printf("\n");
616                         else if(opt.expert)
617                           {
618                             tty_printf("\n");
619                             /* No, so remove the mark and continue */
620                             if(!cpr_get_answer_is_yes("sign_uid.expire_okay",
621                                                       _("Are you sure you "
622                                                         "still want to sign "
623                                                         "it? (y/N) ")))
624                               {
625                                 uidnode->flag &= ~NODFLG_MARK_A;
626                                 uidnode=NULL;
627                               }
628                           }
629                         else
630                           {
631                             uidnode->flag &= ~NODFLG_MARK_A;
632                             uidnode=NULL;
633                             tty_printf(_("  Unable to sign.\n"));
634                           }
635                       }
636                     else if(!uidnode->pkt->pkt.user_id->created && !selfsig)
637                       {
638                         tty_printf(_("User ID \"%s\" is not self-signed."),
639                                    user);
640
641                         if(opt.expert)
642                           {
643                             tty_printf("\n");
644                             /* No, so remove the mark and continue */
645                             if(!cpr_get_answer_is_yes("sign_uid.nosig_okay",
646                                                       _("Are you sure you "
647                                                         "still want to sign "
648                                                         "it? (y/N) ")))
649                               {
650                                 uidnode->flag &= ~NODFLG_MARK_A;
651                                 uidnode=NULL;
652                               }
653                           }
654                         else
655                           {
656                             uidnode->flag &= ~NODFLG_MARK_A;
657                             uidnode=NULL;
658                             tty_printf(_("  Unable to sign.\n"));
659                           }
660                       }
661
662                     m_free(user);
663                   }
664             }
665             else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
666                 && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
667                 if( sk_keyid[0] == node->pkt->pkt.signature->keyid[0]
668                     && sk_keyid[1] == node->pkt->pkt.signature->keyid[1] ) {
669                     char buf[50];
670                     char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
671                                               uidnode->pkt->pkt.user_id->len,
672                                               0);
673
674                     /* It's a v3 self-sig.  Make it into a v4 self-sig? */
675                     if(node->pkt->pkt.signature->version<4 && selfsig)
676                       {
677                         tty_printf(_("The self-signature on \"%s\"\n"
678                                      "is a PGP 2.x-style signature.\n"),user);
679  
680                         /* Note that the regular PGP2 warning below
681                            still applies if there are no v4 sigs on
682                            this key at all. */
683
684                         if(opt.expert)
685                           if(cpr_get_answer_is_yes("sign_uid.v4_promote_okay",
686                                                    _("Do you want to promote "
687                                                      "it to an OpenPGP self-"
688                                                      "signature? (y/N) ")))
689                             {
690                               force_v4=1;
691                               node->flag|=NODFLG_DELSIG;
692                               m_free(user);
693                               continue;
694                             }
695                       }
696
697                     /* Is the current signature expired? */
698                     if(node->pkt->pkt.signature->flags.expired)
699                       {
700                         tty_printf(_("Your current signature on \"%s\"\n"
701                                      "has expired.\n"),user);
702
703                         if(cpr_get_answer_is_yes("sign_uid.replace_expired_okay",
704                                                  _("Do you want to issue a "
705                                                    "new signature to replace "
706                                                    "the expired one? (y/N) ")))
707                           {
708                             /* Mark these for later deletion.  We
709                                don't want to delete them here, just in
710                                case the replacement signature doesn't
711                                happen for some reason.  We only delete
712                                these after the replacement is already
713                                in place. */
714
715                             node->flag|=NODFLG_DELSIG;
716                             m_free(user);
717                             continue;
718                           }
719                       }
720
721                     if(!node->pkt->pkt.signature->flags.exportable && !local)
722                       {
723                         /* It's a local sig, and we want to make a
724                            exportable sig. */
725                         tty_printf(_("Your current signature on \"%s\"\n"
726                                      "is a local signature.\n"),user);
727
728                         if(cpr_get_answer_is_yes("sign_uid.local_promote_okay",
729                                                  _("Do you want to promote "
730                                                    "it to a full exportable "
731                                                    "signature? (y/N) ")))
732                           {
733                             /* Mark these for later deletion.  We
734                                don't want to delete them here, just in
735                                case the replacement signature doesn't
736                                happen for some reason.  We only delete
737                                these after the replacement is already
738                                in place. */
739
740                             node->flag|=NODFLG_DELSIG;
741                             m_free(user);
742                             continue;
743                           }
744                       }
745
746                     /* Fixme: see whether there is a revocation in which
747                      * case we should allow to sign it again. */
748                     if (!node->pkt->pkt.signature->flags.exportable && local)
749                       tty_printf(_(
750                               "\"%s\" was already locally signed by key %s\n"),
751                                  user,keystr_from_sk(sk));
752                     else
753                       tty_printf(_("\"%s\" was already signed by key %s\n"),
754                                  user,keystr_from_sk(sk));
755
756                     if(opt.expert
757                        && cpr_get_answer_is_yes("sign_uid.dupe_okay",
758                                                 _("Do you want to sign it "
759                                                   "again anyway? (y/N) ")))
760                       {
761                         /* Don't delete the old sig here since this is
762                            an --expert thing. */
763                         m_free(user);
764                         continue;
765                       }
766
767                     sprintf (buf, "%08lX%08lX",
768                              (ulong)sk->keyid[0], (ulong)sk->keyid[1] );
769                     write_status_text (STATUS_ALREADY_SIGNED, buf);
770                     uidnode->flag &= ~NODFLG_MARK_A; /* remove mark */
771
772                     m_free(user);
773                 }
774             }
775         }
776
777         /* check whether any uids are left for signing */
778         if( !count_uids_with_flag(keyblock, NODFLG_MARK_A) )
779           {
780             tty_printf(_("Nothing to sign with key %s\n"),keystr_from_sk(sk));
781             continue;
782           }
783
784         /* Ask whether we really should sign these user id(s) */
785         tty_printf("\n");
786         show_key_with_all_names( keyblock, 1, 0, 1, 0, 0 );
787         tty_printf("\n");
788
789         if(primary_pk->expiredate && !selfsig)
790           {
791             u32 now=make_timestamp();
792
793             if(primary_pk->expiredate<=now)
794               {
795                 tty_printf(_("This key has expired!"));
796
797                 if(opt.expert)
798                   {
799                     tty_printf("  ");
800                     if(!cpr_get_answer_is_yes("sign_uid.expired_okay",
801                                               _("Are you sure you still "
802                                                 "want to sign it? (y/N) ")))
803                       continue;
804                   }
805                 else
806                   {
807                     tty_printf(_("  Unable to sign.\n"));
808                     continue;
809                   }
810               }
811             else
812               {
813                 char *answer;
814
815                 tty_printf(_("This key is due to expire on %s.\n"),
816                            expirestr_from_pk(primary_pk));
817
818                 answer=cpr_get("sign_uid.expire",
819                                _("Do you want your signature to "
820                                  "expire at the same time? (Y/n) "));
821                 if(answer_is_yes_no_default(answer,1))
822                   {
823                     /* This fixes the signature timestamp we're going
824                        to make as now.  This is so the expiration date
825                        is exactly correct, and not a few seconds off
826                        (due to the time it takes to answer the
827                        questions, enter the passphrase, etc). */
828                     timestamp=now;
829                     duration=primary_pk->expiredate-now;
830                     force_v4=1;
831                   }
832
833                 cpr_kill_prompt();
834                 m_free(answer);
835               }
836           }
837
838         /* Only ask for duration if we haven't already set it to match
839            the expiration of the pk */
840         if(opt.ask_cert_expire && !duration && !selfsig)
841           duration=ask_expire_interval(1);
842
843         if(duration)
844           force_v4=1;
845
846         /* Is --pgp2 on, it's a v3 key, all the sigs on the key are
847            currently v3 and we're about to sign it with a v4 sig?  If
848            so, danger! */
849         if(PGP2 && all_v3 &&
850            (sk->version>3 || force_v4) && primary_pk->version<=3)
851           {
852             tty_printf(_("You may not make an OpenPGP signature on a "
853                          "PGP 2.x key while in --pgp2 mode.\n"));
854             tty_printf(_("This would make the key unusable in PGP 2.x.\n"));
855
856             if(opt.expert)
857               {
858                 if(!cpr_get_answer_is_yes("sign_uid.v4_on_v3_okay",
859                                           _("Are you sure you still "
860                                             "want to sign it? (y/N) ")))
861                   continue;
862
863                 all_v3=0;
864               }
865             else
866               continue;
867           }
868
869         if(selfsig)
870           ;
871         else
872           {
873             if(opt.batch || !opt.ask_cert_level)
874               class=0x10+opt.def_cert_level;
875             else
876               {
877                 char *answer;
878
879                 tty_printf(_("How carefully have you verified the key you are "
880                              "about to sign actually belongs\nto the person "
881                              "named above?  If you don't know what to "
882                              "answer, enter \"0\".\n"));
883                 tty_printf("\n");
884                 tty_printf(_("   (0) I will not answer.%s\n"),
885                            opt.def_cert_level==0?" (default)":"");
886                 tty_printf(_("   (1) I have not checked at all.%s\n"),
887                            opt.def_cert_level==1?" (default)":"");
888                 tty_printf(_("   (2) I have done casual checking.%s\n"),
889                            opt.def_cert_level==2?" (default)":"");
890                 tty_printf(_("   (3) I have done very careful checking.%s\n"),
891                            opt.def_cert_level==3?" (default)":"");
892                 tty_printf("\n");
893
894                 while(class==0)
895                   {
896                     answer = cpr_get("sign_uid.class",_("Your selection? "
897                                         "(enter '?' for more information): "));
898                     if(answer[0]=='\0')
899                       class=0x10+opt.def_cert_level; /* Default */
900                     else if(ascii_strcasecmp(answer,"0")==0)
901                       class=0x10; /* Generic */
902                     else if(ascii_strcasecmp(answer,"1")==0)
903                       class=0x11; /* Persona */
904                     else if(ascii_strcasecmp(answer,"2")==0)
905                       class=0x12; /* Casual */
906                     else if(ascii_strcasecmp(answer,"3")==0)
907                       class=0x13; /* Positive */
908                     else
909                       tty_printf(_("Invalid selection.\n"));
910
911                     m_free(answer);
912                   }
913               }
914
915             if(trust)
916               trustsig_prompt(&trust_value,&trust_depth,&trust_regexp);
917           }
918
919         tty_printf(_("Are you really sure that you want to sign this key\n"
920                      "with your key: \""));
921         p = get_user_id( sk_keyid, &n );
922         tty_print_utf8_string( p, n );
923         m_free(p); p = NULL;
924         tty_printf("\" (%s)\n",keystr_from_sk(sk));
925
926         if(selfsig)
927           {
928             tty_printf(_("\nThis will be a self-signature.\n"));
929
930             if( local )
931               tty_printf(
932                          _("\nWARNING: the signature will not be marked "
933                            "as non-exportable.\n"));
934
935             if( nonrevocable )
936               tty_printf(
937                          _("\nWARNING: the signature will not be marked "
938                            "as non-revocable.\n"));
939           }
940         else
941           {
942             if( local )
943               tty_printf(
944                      _("\nThe signature will be marked as non-exportable.\n"));
945
946             if( nonrevocable )
947               tty_printf(
948                       _("\nThe signature will be marked as non-revocable.\n"));
949
950             switch(class)
951               {
952               case 0x11:
953                 tty_printf(_("\nI have not checked this key at all.\n"));
954                 break;
955
956               case 0x12:
957                 tty_printf(_("\nI have checked this key casually.\n"));
958                 break;
959
960               case 0x13:
961                 tty_printf(_("\nI have checked this key very carefully.\n"));
962                 break;
963               }
964           }
965
966         tty_printf("\n");
967
968         if( opt.batch && opt.answer_yes )
969           ;
970         else if( !cpr_get_answer_is_yes("sign_uid.okay", _("Really sign? ")) )
971             continue;
972
973         /* now we can sign the user ids */
974       reloop: /* (must use this, because we are modifing the list) */
975         primary_pk = NULL;
976         for( node=keyblock; node; node = node->next ) {
977             if( node->pkt->pkttype == PKT_PUBLIC_KEY )
978                 primary_pk = node->pkt->pkt.public_key;
979             else if( node->pkt->pkttype == PKT_USER_ID
980                      && (node->flag & NODFLG_MARK_A) ) {
981                 PACKET *pkt;
982                 PKT_signature *sig;
983                 struct sign_attrib attrib;
984
985                 assert( primary_pk );
986                 memset( &attrib, 0, sizeof attrib );
987                 attrib.non_exportable = local;
988                 attrib.non_revocable = nonrevocable;
989                 attrib.trust_depth = trust_depth;
990                 attrib.trust_value = trust_value;
991                 attrib.trust_regexp = trust_regexp;
992                 node->flag &= ~NODFLG_MARK_A;
993
994                 /* we force creation of a v4 signature for local
995                  * signatures, otherwise we would not generate the
996                  * subpacket with v3 keys and the signature becomes
997                  * exportable */
998
999                 if(selfsig)
1000                   rc = make_keysig_packet( &sig, primary_pk,
1001                                            node->pkt->pkt.user_id,
1002                                            NULL,
1003                                            sk,
1004                                            0x13, 0, force_v4?4:0, 0, 0,
1005                                            keygen_add_std_prefs, primary_pk);
1006                 else
1007                   rc = make_keysig_packet( &sig, primary_pk,
1008                                            node->pkt->pkt.user_id,
1009                                            NULL,
1010                                            sk,
1011                                            class, 0, force_v4?4:0,
1012                                            timestamp, duration,
1013                                            sign_mk_attrib, &attrib );
1014                 if( rc ) {
1015                     log_error(_("signing failed: %s\n"), g10_errstr(rc));
1016                     goto leave;
1017                 }
1018
1019                 *ret_modified = 1; /* we changed the keyblock */
1020                 update_trust = 1;
1021
1022                 pkt = m_alloc_clear( sizeof *pkt );
1023                 pkt->pkttype = PKT_SIGNATURE;
1024                 pkt->pkt.signature = sig;
1025                 insert_kbnode( node, new_kbnode(pkt), PKT_SIGNATURE );
1026                 goto reloop;
1027             }
1028         }
1029
1030         /* Delete any sigs that got promoted */
1031         for( node=keyblock; node; node = node->next )
1032           if( node->flag & NODFLG_DELSIG)
1033             delete_kbnode(node);
1034     } /* end loop over signators */
1035
1036   leave:
1037     release_sk_list( sk_list );
1038     if( sk )
1039         free_secret_key(sk);
1040     return rc;
1041 }
1042
1043
1044
1045 /****************
1046  * Change the passphrase of the primary and all secondary keys.
1047  * We use only one passphrase for all keys.
1048  */
1049 static int
1050 change_passphrase( KBNODE keyblock )
1051 {
1052     int rc = 0;
1053     int changed=0;
1054     KBNODE node;
1055     PKT_secret_key *sk;
1056     char *passphrase = NULL;
1057     int no_primary_secrets = 0;
1058
1059     node = find_kbnode( keyblock, PKT_SECRET_KEY );
1060     if( !node ) {
1061         log_error("Oops; secret key not found anymore!\n");
1062         goto leave;
1063     }
1064     sk = node->pkt->pkt.secret_key;
1065
1066     switch( is_secret_key_protected( sk ) ) {
1067       case -1:
1068         rc = G10ERR_PUBKEY_ALGO;
1069         break;
1070       case 0:
1071         tty_printf(_("This key is not protected.\n"));
1072         break;
1073       default:
1074         if( sk->protect.s2k.mode == 1001 ) {
1075             tty_printf(_("Secret parts of primary key are not available.\n"));
1076             no_primary_secrets = 1;
1077         }
1078         else {
1079             tty_printf(_("Key is protected.\n"));
1080             rc = check_secret_key( sk, 0 );
1081             if( !rc )
1082                 passphrase = get_last_passphrase();
1083         }
1084         break;
1085     }
1086
1087     /* unprotect all subkeys (use the supplied passphrase or ask)*/
1088     for(node=keyblock; !rc && node; node = node->next ) {
1089         if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1090             PKT_secret_key *subsk = node->pkt->pkt.secret_key;
1091             set_next_passphrase( passphrase );
1092             rc = check_secret_key( subsk, 0 );
1093             if( !rc && !passphrase )
1094                 passphrase = get_last_passphrase();
1095         }
1096     }
1097
1098     if( rc )
1099         tty_printf(_("Can't edit this key: %s\n"), g10_errstr(rc));
1100     else {
1101         DEK *dek = NULL;
1102         STRING2KEY *s2k = m_alloc_secure( sizeof *s2k );
1103         const char *errtext = NULL;
1104
1105         tty_printf(_("Enter the new passphrase for this secret key.\n\n") );
1106
1107         set_next_passphrase( NULL );
1108         for(;;) {
1109             s2k->mode = opt.s2k_mode;
1110             s2k->hash_algo = S2K_DIGEST_ALGO;
1111             dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo,
1112                                      s2k, 2, errtext, NULL);
1113             if( !dek ) {
1114                 errtext = N_("passphrase not correctly repeated; try again");
1115                 tty_printf ("%s.\n", _(errtext));
1116             }
1117             else if( !dek->keylen ) {
1118                 rc = 0;
1119                 tty_printf(_( "You don't want a passphrase -"
1120                             " this is probably a *bad* idea!\n\n"));
1121                 if( cpr_get_answer_is_yes("change_passwd.empty.okay",
1122                                _("Do you really want to do this? ")))
1123                   {
1124                     changed++;
1125                     break;
1126                   }
1127             }
1128             else { /* okay */
1129                 rc = 0;
1130                 if( !no_primary_secrets ) {
1131                     sk->protect.algo = dek->algo;
1132                     sk->protect.s2k = *s2k;
1133                     rc = protect_secret_key( sk, dek );
1134                 }
1135                 for(node=keyblock; !rc && node; node = node->next ) {
1136                     if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1137                         PKT_secret_key *subsk = node->pkt->pkt.secret_key;
1138                         subsk->protect.algo = dek->algo;
1139                         subsk->protect.s2k = *s2k;
1140                         rc = protect_secret_key( subsk, dek );
1141                     }
1142                 }
1143                 if( rc )
1144                     log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );
1145                 else
1146                     changed++;
1147                 break;
1148             }
1149         }
1150         m_free(s2k);
1151         m_free(dek);
1152     }
1153
1154   leave:
1155     m_free( passphrase );
1156     set_next_passphrase( NULL );
1157     return changed && !rc;
1158 }
1159
1160
1161 /****************
1162  * There are some keys out (due to a bug in gnupg), where the sequence
1163  * of the packets is wrong.  This function fixes that.
1164  * Returns: true if the keyblock has been fixed.
1165  *
1166  * Note:  This function does not work if there is more than one user ID.
1167  */
1168 static int
1169 fix_keyblock( KBNODE keyblock )
1170 {
1171     KBNODE node, last, subkey;
1172     int fixed=0;
1173
1174     /* locate key signatures of class 0x10..0x13 behind sub key packets */
1175     for( subkey=last=NULL, node = keyblock; node;
1176                                             last=node, node = node->next ) {
1177         switch( node->pkt->pkttype ) {
1178           case PKT_PUBLIC_SUBKEY:
1179           case PKT_SECRET_SUBKEY:
1180             if( !subkey )
1181                 subkey = last; /* actually it is the one before the subkey */
1182             break;
1183           case PKT_SIGNATURE:
1184             if( subkey ) {
1185                 PKT_signature *sig = node->pkt->pkt.signature;
1186                 if( sig->sig_class >= 0x10 && sig->sig_class <= 0x13 ) {
1187                     log_info(_(
1188                         "moving a key signature to the correct place\n"));
1189                     last->next = node->next;
1190                     node->next = subkey->next;
1191                     subkey->next = node;
1192                     node = last;
1193                     fixed=1;
1194                 }
1195             }
1196             break;
1197           default: break;
1198         }
1199     }
1200
1201     return fixed;
1202 }
1203
1204 /****************
1205  * Menu driven key editor.  If seckey_check is true, then a secret key
1206  * that matches username will be looked for.  If it is false, not all
1207  * commands will be available.
1208  *
1209  * Note: to keep track of some selection we use node->mark MARKBIT_xxxx.
1210  */
1211
1212 void
1213 keyedit_menu( const char *username, STRLIST locusr,
1214               STRLIST commands, int quiet, int seckey_check )
1215 {
1216     enum cmdids { cmdNONE = 0,
1217            cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
1218            cmdTSIGN, cmdLSIGN, cmdNRSIGN, cmdNRLSIGN, cmdREVSIG, cmdREVKEY,
1219            cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG, cmdSAVE, cmdADDUID,
1220            cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY, cmdADDREVOKER,
1221            cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE,
1222            cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF, cmdSETPREF, cmdUPDPREF,
1223            cmdPREFKS, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, cmdCHKTRUST,
1224            cmdADDCARDKEY, cmdKEYTOCARD,
1225    cmdNOP };
1226     static struct { const char *name;
1227                     enum cmdids id;
1228                     int need_sk;
1229                     int not_with_sk;  /* but 2 == must use SK */
1230                     const char *desc;
1231                   } cmds[] = { 
1232         { N_("quit")    , cmdQUIT      , 0,0, N_("quit this menu") },
1233         { N_("q")       , cmdQUIT      , 0,0, NULL   },
1234         { N_("save")    , cmdSAVE      , 0,0, N_("save and quit") },
1235         { N_("help")    , cmdHELP      , 0,0, N_("show this help") },
1236         {    "?"        , cmdHELP      , 0,0, NULL   },
1237         { N_("fpr")     , cmdFPR       , 0,0, N_("show fingerprint") },
1238         { N_("list")    , cmdLIST      , 0,0, N_("list key and user IDs") },
1239         { N_("l")       , cmdLIST      , 0,0, NULL   },
1240         { N_("uid")     , cmdSELUID    , 0,0, N_("select user ID N") },
1241         { N_("key")     , cmdSELKEY    , 0,0, N_("select secondary key N") },
1242         { N_("check")   , cmdCHECK     , 0,0, N_("list signatures") },
1243         { N_("c")       , cmdCHECK     , 0,0, NULL },
1244         { N_("sign")    , cmdSIGN      , 0,1, N_("sign the key") },
1245         { N_("s")       , cmdSIGN      , 0,1, NULL },
1246         { N_("tsign")   , cmdTSIGN     , 0,1, N_("make a trust signature")},
1247         { N_("lsign")   , cmdLSIGN     , 0,1, N_("sign the key locally") },
1248         { N_("nrsign")  , cmdNRSIGN    , 0,1, N_("sign the key non-revocably") },
1249         { N_("nrlsign") , cmdNRLSIGN   , 0,1, N_("sign the key locally and non-revocably") },
1250         { N_("debug")   , cmdDEBUG     , 0,0, NULL },
1251         { N_("adduid")  , cmdADDUID    , 1,1, N_("add a user ID") },
1252         { N_("addphoto"), cmdADDPHOTO  , 1,1, N_("add a photo ID") },
1253         { N_("deluid")  , cmdDELUID    , 0,1, N_("delete user ID") },
1254         /* delphoto is really deluid in disguise */
1255         { N_("delphoto"), cmdDELUID    , 0,1, NULL },
1256         { N_("addkey")  , cmdADDKEY    , 1,1, N_("add a secondary key") },
1257 #ifdef ENABLE_CARD_SUPPORT
1258         { N_("addcardkey"), cmdADDCARDKEY , 1,1, N_("add a key to a smartcard") },
1259         { N_("keytocard"), cmdKEYTOCARD , 1,2, N_("move a key to a smartcard")},
1260 #endif /*ENABLE_CARD_SUPPORT*/
1261         { N_("delkey")  , cmdDELKEY    , 0,1, N_("delete a secondary key") },
1262         { N_("addrevoker"),cmdADDREVOKER,1,1, N_("add a revocation key") },
1263         { N_("delsig")  , cmdDELSIG    , 0,1, N_("delete signatures") },
1264         { N_("expire")  , cmdEXPIRE    , 1,1, N_("change the expire date") },
1265         { N_("primary") , cmdPRIMARY   , 1,1, N_("flag user ID as primary")},
1266         { N_("toggle")  , cmdTOGGLE    , 1,0, N_("toggle between secret "
1267                                                  "and public key listing") },
1268         { N_("t"     )  , cmdTOGGLE    , 1,0, NULL },
1269         { N_("pref")    , cmdPREF      , 0,1, N_("list preferences (expert)")},
1270         { N_("showpref"), cmdSHOWPREF  , 0,1, N_("list preferences (verbose)") },
1271         { N_("setpref") , cmdSETPREF   , 1,1, N_("set preference list") },
1272         { N_("updpref") , cmdUPDPREF   , 1,1, N_("updated preferences") },
1273         { N_("keyserver"),cmdPREFKS    , 1,1, N_("set preferred keyserver URL")},
1274         { N_("passwd")  , cmdPASSWD    , 1,1, N_("change the passphrase") },
1275         { N_("trust")   , cmdTRUST     , 0,1, N_("change the ownertrust") },
1276         { N_("revsig")  , cmdREVSIG    , 0,1, N_("revoke signatures") },
1277         { N_("revuid")  , cmdREVUID    , 1,1, N_("revoke a user ID") },
1278         { N_("revkey")  , cmdREVKEY    , 1,1, N_("revoke a secondary key") },
1279         { N_("disable") , cmdDISABLEKEY, 0,1, N_("disable a key") },
1280         { N_("enable")  , cmdENABLEKEY , 0,1, N_("enable a key") },
1281         { N_("showphoto"),cmdSHOWPHOTO , 0,0, N_("show photo ID") },
1282         { NULL, cmdNONE, 0, 0, NULL } };
1283     enum cmdids cmd = 0;
1284     int rc = 0;
1285     KBNODE keyblock = NULL;
1286     KEYDB_HANDLE kdbhd = NULL;
1287     KBNODE sec_keyblock = NULL;
1288     KEYDB_HANDLE sec_kdbhd = NULL;
1289     KBNODE cur_keyblock;
1290     char *answer = NULL;
1291     int redisplay = 1;
1292     int modified = 0;
1293     int sec_modified = 0;
1294     int toggle;
1295     int have_commands = !!commands;
1296
1297     if ( opt.command_fd != -1 )
1298         ;
1299     else if( opt.batch && !have_commands  ) {
1300         log_error(_("can't do that in batchmode\n"));
1301         goto leave;
1302     }
1303
1304     /* get the public key */
1305     rc = get_pubkey_byname (NULL, username, &keyblock, &kdbhd, 1);
1306     if( rc )
1307         goto leave;
1308     if( fix_keyblock( keyblock ) )
1309         modified++;
1310     if( collapse_uids( &keyblock ) )
1311         modified++;
1312     reorder_keyblock(keyblock);
1313
1314     if(seckey_check)
1315       {/* see whether we have a matching secret key */
1316         PKT_public_key *pk = keyblock->pkt->pkt.public_key;
1317
1318         sec_kdbhd = keydb_new (1);
1319         {
1320             byte afp[MAX_FINGERPRINT_LEN];
1321             size_t an;
1322
1323             fingerprint_from_pk (pk, afp, &an);
1324             while (an < MAX_FINGERPRINT_LEN) 
1325                 afp[an++] = 0;
1326             rc = keydb_search_fpr (sec_kdbhd, afp);
1327         }
1328         if (!rc) {
1329             rc = keydb_get_keyblock (sec_kdbhd, &sec_keyblock);
1330             if (rc) {
1331                 log_error (_("error reading secret keyblock `%s': %s\n"),
1332                                                 username, g10_errstr(rc));
1333             }
1334             else {
1335                 merge_keys_and_selfsig( sec_keyblock );
1336                 if( fix_keyblock( sec_keyblock ) )
1337                     sec_modified++;
1338             }
1339         }
1340
1341         if (rc) {
1342             sec_keyblock = NULL;
1343             keydb_release (sec_kdbhd); sec_kdbhd = NULL;
1344             rc = 0;
1345         }
1346
1347         if( sec_keyblock && !quiet )
1348           tty_printf(_("Secret key is available.\n"));
1349     }
1350
1351     toggle = 0;
1352     cur_keyblock = keyblock;
1353     for(;;) { /* main loop */
1354         int i, arg_number, photo;
1355         const char *arg_string = "";
1356         char *p;
1357         PKT_public_key *pk=keyblock->pkt->pkt.public_key;
1358
1359         tty_printf("\n");
1360         if( redisplay && !quiet )
1361           {
1362             show_key_with_all_names( cur_keyblock, 0, 1, 0, 1, 0 );
1363             tty_printf("\n");
1364             redisplay = 0;
1365           }
1366         do {
1367             m_free(answer);
1368             if( have_commands ) {
1369                 if( commands ) {
1370                     answer = m_strdup( commands->d );
1371                     commands = commands->next;
1372                 }
1373                 else if( opt.batch ) {
1374                     answer = m_strdup("quit");
1375                 }
1376                 else
1377                     have_commands = 0;
1378             }
1379             if( !have_commands ) {
1380                 answer = cpr_get_no_help("keyedit.prompt", _("Command> "));
1381                 cpr_kill_prompt();
1382             }
1383             trim_spaces(answer);
1384         } while( *answer == '#' );
1385
1386         arg_number = 0; /* Yes, here is the init which egcc complains about */
1387         photo = 0; /* This too */
1388         if( !*answer )
1389             cmd = cmdLIST;
1390         else if( *answer == CONTROL_D )
1391             cmd = cmdQUIT;
1392         else if( digitp(answer ) ) {
1393             cmd = cmdSELUID;
1394             arg_number = atoi(answer);
1395         }
1396         else {
1397             if( (p=strchr(answer,' ')) ) {
1398                 *p++ = 0;
1399                 trim_spaces(answer);
1400                 trim_spaces(p);
1401                 arg_number = atoi(p);
1402                 arg_string = p;
1403             }
1404
1405             for(i=0; cmds[i].name; i++ ) {
1406                 if( !ascii_strcasecmp( answer, cmds[i].name ) )
1407                     break;
1408             }
1409             if( cmds[i].need_sk && !sec_keyblock ) {
1410                 tty_printf(_("Need the secret key to do this.\n"));
1411                 cmd = cmdNOP;
1412             }
1413             else if(  (cmds[i].not_with_sk == 1 && sec_keyblock && toggle)
1414                     ||(cmds[i].not_with_sk == 2 && sec_keyblock && !toggle)) {
1415                 tty_printf(_("Please use the command \"toggle\" first.\n"));
1416                 cmd = cmdNOP;
1417             }
1418             else
1419                 cmd = cmds[i].id;
1420         }
1421         switch( cmd )  {
1422           case cmdHELP:
1423             for(i=0; cmds[i].name; i++ ) {
1424               if( cmds[i].need_sk && !sec_keyblock )
1425                 ; /* skip if we do not have the secret key */
1426               else if( cmds[i].desc )
1427                 tty_printf("%-10s %s\n", cmds[i].name, _(cmds[i].desc) );
1428             }
1429             break;
1430
1431           case cmdLIST:
1432             redisplay = 1;
1433             break;
1434
1435           case cmdFPR:
1436             show_key_and_fingerprint( keyblock );
1437             break;
1438
1439           case cmdSELUID:
1440             if( menu_select_uid( cur_keyblock, arg_number ) )
1441                 redisplay = 1;
1442             break;
1443
1444           case cmdSELKEY:
1445             if( menu_select_key( cur_keyblock, arg_number ) )
1446                 redisplay = 1;
1447             break;
1448
1449           case cmdCHECK:
1450             /* we can only do this with the public key becuase the
1451              * check functions can't cope with secret keys and it
1452              * is questionable whether this would make sense at all */
1453             check_all_keysigs( keyblock, count_selected_uids(keyblock) );
1454             break;
1455
1456           case cmdSIGN: /* sign (only the public key) */
1457           case cmdLSIGN: /* sign (only the public key) */
1458           case cmdNRSIGN: /* sign (only the public key) */
1459           case cmdNRLSIGN: /* sign (only the public key) */
1460           case cmdTSIGN:
1461             if( pk->is_revoked )
1462               {
1463                 tty_printf(_("Key is revoked."));
1464
1465                 if(opt.expert)
1466                   {
1467                     tty_printf("  ");
1468                     if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
1469                                               _("Are you sure you still want "
1470                                                 "to sign it? (y/N) ")))
1471                       break;
1472                   }
1473                 else
1474                   {
1475                     tty_printf(_("  Unable to sign.\n"));
1476                     break;
1477                   }
1478               }
1479
1480             if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {
1481                 if( !cpr_get_answer_is_yes("keyedit.sign_all.okay",
1482                                            _("Really sign all user IDs? ")) ) {
1483                     tty_printf(_("Hint: Select the user IDs to sign\n"));
1484                     break;
1485                 }
1486             }
1487
1488             sign_uids( keyblock, locusr, &modified,
1489                        (cmd == cmdLSIGN) || (cmd == cmdNRLSIGN),
1490                        (cmd == cmdNRSIGN) || (cmd==cmdNRLSIGN),
1491                        (cmd == cmdTSIGN));
1492             break;
1493
1494           case cmdDEBUG:
1495             dump_kbnode( cur_keyblock );
1496             break;
1497
1498           case cmdTOGGLE:
1499             toggle = !toggle;
1500             cur_keyblock = toggle? sec_keyblock : keyblock;
1501             redisplay = 1;
1502             break;
1503
1504           case cmdADDPHOTO:
1505             if (RFC2440 || RFC1991 || PGP2)
1506               {
1507                 tty_printf(
1508                    _("This command is not allowed while in %s mode.\n"),
1509                    RFC2440?"OpenPGP":PGP2?"PGP2":"RFC-1991");
1510                 break;
1511               }
1512             photo=1;
1513             /* fall through */
1514
1515           case cmdADDUID:
1516             if( menu_adduid( keyblock, sec_keyblock, photo ) )
1517               {
1518                 update_trust = 1;
1519                 redisplay = 1;
1520                 sec_modified = modified = 1;
1521                 merge_keys_and_selfsig( sec_keyblock );
1522                 merge_keys_and_selfsig( keyblock );
1523               }
1524             break;
1525
1526           case cmdDELUID: {
1527                 int n1;
1528
1529                 if( !(n1=count_selected_uids(keyblock)) )
1530                     tty_printf(_("You must select at least one user ID.\n"));
1531                 else if( real_uids_left(keyblock) < 1 )
1532                     tty_printf(_("You can't delete the last user ID!\n"));
1533                 else if( cpr_get_answer_is_yes(
1534                             "keyedit.remove.uid.okay",
1535                         n1 > 1? _("Really remove all selected user IDs? ")
1536                               : _("Really remove this user ID? ")
1537                        ) ) {
1538                     menu_deluid( keyblock, sec_keyblock );
1539                     redisplay = 1;
1540                     modified = 1;
1541                     if( sec_keyblock )
1542                        sec_modified = 1;
1543                 }
1544             }
1545             break;
1546
1547           case cmdDELSIG: {
1548                 int n1;
1549
1550                 if( !(n1=count_selected_uids(keyblock)) )
1551                     tty_printf(_("You must select at least one user ID.\n"));
1552                 else if( menu_delsig( keyblock ) ) {
1553                     /* no redisplay here, because it may scroll away some
1554                      * status output of delsig */
1555                     modified = 1;
1556                 }
1557             }
1558             break;
1559
1560           case cmdADDKEY:
1561             if( generate_subkeypair( keyblock, sec_keyblock ) ) {
1562                 redisplay = 1;
1563                 sec_modified = modified = 1;
1564                 merge_keys_and_selfsig( sec_keyblock );
1565                 merge_keys_and_selfsig( keyblock );
1566             }
1567             break;
1568
1569 #ifdef ENABLE_CARD_SUPPORT
1570           case cmdADDCARDKEY:
1571             if (card_generate_subkey (keyblock, sec_keyblock)) {
1572                 redisplay = 1;
1573                 sec_modified = modified = 1;
1574                 merge_keys_and_selfsig( sec_keyblock );
1575                 merge_keys_and_selfsig( keyblock );
1576             }
1577             break;
1578
1579         case cmdKEYTOCARD:
1580           {
1581             KBNODE node=NULL;
1582             switch ( count_selected_keys (sec_keyblock) )
1583               {
1584               case 0:
1585                 if (cpr_get_answer_is_yes("keyedit.keytocard.use_primary",
1586                                           _("Really move the primary key? ")))
1587                   node = sec_keyblock;
1588                 break;
1589               case 1:
1590                 for (node = sec_keyblock; node; node = node->next )
1591                   {
1592                     if (node->pkt->pkttype == PKT_SECRET_SUBKEY 
1593                         && node->flag & NODFLG_SELKEY)
1594                       break;
1595                   }
1596                 break;
1597               default:
1598                 tty_printf(_("You must select exactly one key.\n"));
1599                 break;
1600               }
1601             if (node)
1602               {
1603                 PKT_public_key *xxpk = find_pk_from_sknode (keyblock, node);
1604                 if (card_store_subkey (node, xxpk?xxpk->pubkey_usage:0))
1605                   {
1606                     redisplay = 1;
1607                     sec_modified = 1;
1608                   }
1609               }
1610           }
1611           break;
1612 #endif /* ENABLE_CARD_SUPPORT */
1613
1614           case cmdDELKEY: {
1615                 int n1;
1616
1617                 if( !(n1=count_selected_keys( keyblock )) )
1618                     tty_printf(_("You must select at least one key.\n"));
1619                 else if( !cpr_get_answer_is_yes( "keyedit.remove.subkey.okay",
1620                        n1 > 1?
1621                         _("Do you really want to delete the selected keys? "):
1622                         _("Do you really want to delete this key? ")
1623                        ))
1624                     ;
1625                 else {
1626                     menu_delkey( keyblock, sec_keyblock );
1627                     redisplay = 1;
1628                     modified = 1;
1629                     if( sec_keyblock )
1630                        sec_modified = 1;
1631                 }
1632             }
1633             break;
1634
1635           case cmdADDREVOKER:
1636             {
1637               int sensitive=0;
1638
1639               if(arg_string && ascii_strcasecmp(arg_string,"sensitive")==0)
1640                 sensitive=1;
1641               if( menu_addrevoker( keyblock, sec_keyblock, sensitive ) ) {
1642                 redisplay = 1;
1643                 sec_modified = modified = 1;
1644                 merge_keys_and_selfsig( sec_keyblock );
1645                 merge_keys_and_selfsig( keyblock );
1646               }
1647             }
1648             break;
1649
1650           case cmdREVUID: {
1651                 int n1;
1652
1653                 if( !(n1=count_selected_uids(keyblock)) )
1654                     tty_printf(_("You must select at least one user ID.\n"));
1655                 else if( cpr_get_answer_is_yes(
1656                             "keyedit.revoke.uid.okay",
1657                         n1 > 1? _("Really revoke all selected user IDs? ")
1658                               : _("Really revoke this user ID? ")
1659                        ) ) {
1660                   if(menu_revuid(keyblock,sec_keyblock))
1661                     {
1662                       modified=1;
1663                       redisplay=1;
1664                     }
1665                 }
1666             }
1667             break;
1668
1669           case cmdREVKEY: {
1670                 int n1;
1671
1672                 if( !(n1=count_selected_keys( keyblock )) )
1673                     tty_printf(_("You must select at least one key.\n"));
1674                 else if( sec_keyblock && !cpr_get_answer_is_yes(
1675                             "keyedit.revoke.subkey.okay",
1676                        n1 > 1?
1677                         _("Do you really want to revoke the selected keys? "):
1678                         _("Do you really want to revoke this key? ")
1679                        ))
1680                     ;
1681                 else {
1682                     if( menu_revkey( keyblock, sec_keyblock ) ) {
1683                         modified = 1;
1684                         /*sec_modified = 1;*/
1685                     }
1686                     redisplay = 1;
1687                 }
1688             }
1689             break;
1690
1691           case cmdEXPIRE:
1692             if( menu_expire( keyblock, sec_keyblock ) ) {
1693                 merge_keys_and_selfsig( sec_keyblock );
1694                 merge_keys_and_selfsig( keyblock );
1695                 sec_modified = 1;
1696                 modified = 1;
1697                 redisplay = 1;
1698             }
1699             break;
1700
1701           case cmdPRIMARY:
1702             if( menu_set_primary_uid ( keyblock, sec_keyblock ) ) {
1703                 merge_keys_and_selfsig( keyblock );
1704                 modified = 1;
1705                 redisplay = 1;
1706             }
1707             break;
1708
1709           case cmdPASSWD:
1710             if( change_passphrase( sec_keyblock ) )
1711                 sec_modified = 1;
1712             break;
1713
1714           case cmdTRUST:
1715             if(opt.trust_model==TM_EXTERNAL)
1716               {
1717                 tty_printf(_("Owner trust may not be set while "
1718                              "using an user provided trust database\n"));
1719                 break;
1720               }
1721
1722             show_key_with_all_names( keyblock, 0, 0, 0, 1, 0 );
1723             tty_printf("\n");
1724             if( edit_ownertrust( find_kbnode( keyblock,
1725                                  PKT_PUBLIC_KEY )->pkt->pkt.public_key, 1 ) ) {
1726                 redisplay = 1;
1727                 /* No real need to set update_trust here as
1728                    edit_ownertrust() calls revalidation_mark()
1729                    anyway. */
1730                 update_trust=1;
1731             }
1732             break;
1733
1734           case cmdPREF:
1735             show_key_with_all_names( keyblock, 0, 0, 0, 0, 1 );
1736             break;
1737
1738           case cmdSHOWPREF:
1739             show_key_with_all_names( keyblock, 0, 0, 0, 0, 2 );
1740             break;
1741
1742           case cmdSETPREF:
1743             keygen_set_std_prefs ( !*arg_string? "default" : arg_string, 0);
1744             break;
1745
1746           case cmdUPDPREF: 
1747             {
1748               PKT_user_id *temp=keygen_get_std_prefs();
1749               tty_printf(_("Set preference list to:\n"));
1750               show_prefs(temp,NULL,1);
1751               m_free(temp);
1752             }
1753             if (cpr_get_answer_is_yes ("keyedit.updpref.okay",
1754                                         count_selected_uids (keyblock)?
1755                                         _("Really update the preferences"
1756                                           " for the selected user IDs? "):
1757                                        _("Really update the preferences? "))){
1758
1759                 if ( menu_set_preferences (keyblock, sec_keyblock) ) {
1760                     merge_keys_and_selfsig (keyblock);
1761                     modified = 1;
1762                     redisplay = 1;
1763                 }
1764             }
1765             break;
1766
1767           case cmdPREFKS:
1768             if( menu_set_keyserver_url ( *arg_string?arg_string:NULL,
1769                                          keyblock, sec_keyblock ) )
1770               {
1771                 merge_keys_and_selfsig( keyblock );
1772                 modified = 1;
1773                 redisplay = 1;
1774               }
1775             break;
1776
1777           case cmdNOP:
1778             break;
1779
1780           case cmdREVSIG:
1781             if( menu_revsig( keyblock ) ) {
1782                 redisplay = 1;
1783                 modified = 1;
1784             }
1785             break;
1786
1787           case cmdENABLEKEY:
1788           case cmdDISABLEKEY:
1789             if( enable_disable_key( keyblock, cmd == cmdDISABLEKEY ) ) {
1790                 redisplay = 1;
1791                 modified = 1;
1792             }
1793             break;
1794
1795          case cmdSHOWPHOTO:
1796            menu_showphoto(keyblock);
1797            break;
1798
1799           case cmdQUIT:
1800             if( have_commands )
1801                 goto leave;
1802             if( !modified && !sec_modified )
1803                 goto leave;
1804             if( !cpr_get_answer_is_yes("keyedit.save.okay",
1805                                         _("Save changes? ")) ) {
1806                 if( cpr_enabled()
1807                     || cpr_get_answer_is_yes("keyedit.cancel.okay",
1808                                              _("Quit without saving? ")) )
1809                     goto leave;
1810                 break;
1811             }
1812             /* fall thru */
1813           case cmdSAVE:
1814             if( modified || sec_modified  ) {
1815                 if( modified ) {
1816                     rc = keydb_update_keyblock (kdbhd, keyblock);
1817                     if( rc ) {
1818                         log_error(_("update failed: %s\n"), g10_errstr(rc) );
1819                         break;
1820                     }
1821                 }
1822                 if( sec_modified ) {
1823                     rc = keydb_update_keyblock (sec_kdbhd, sec_keyblock );
1824                     if( rc ) {
1825                         log_error( _("update secret failed: %s\n"),
1826                                    g10_errstr(rc) );
1827                         break;
1828                     }
1829                 }
1830             }
1831             else
1832                 tty_printf(_("Key not changed so no update needed.\n"));
1833
1834             if( update_trust )
1835               {
1836                 revalidation_mark ();
1837                 update_trust=0;
1838               }
1839             goto leave;
1840
1841           case cmdINVCMD:
1842           default:
1843             tty_printf("\n");
1844             tty_printf(_("Invalid command  (try \"help\")\n"));
1845             break;
1846         }
1847     } /* end main loop */
1848
1849   leave:
1850     release_kbnode( keyblock );
1851     release_kbnode( sec_keyblock );
1852     keydb_release (kdbhd);
1853     m_free(answer);
1854 }
1855
1856
1857 /****************
1858  * show preferences of a public keyblock.
1859  */
1860 static void
1861 show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
1862 {
1863     const prefitem_t fake={0,0};
1864     const prefitem_t *prefs;
1865     int i;
1866
1867     if( !uid )
1868         return;
1869
1870     if( uid->prefs )
1871         prefs=uid->prefs;
1872     else if(verbose)
1873         prefs=&fake;
1874     else
1875       return;
1876
1877     if (verbose) {
1878         int any, des_seen=0, sha1_seen=0, uncomp_seen=0;
1879
1880         tty_printf ("     ");
1881         tty_printf (_("Cipher: "));
1882         for(i=any=0; prefs[i].type; i++ ) {
1883             if( prefs[i].type == PREFTYPE_SYM ) {
1884                 const char *s = cipher_algo_to_string (prefs[i].value);
1885                 
1886                 if (any)
1887                     tty_printf (", ");
1888                 any = 1;
1889                 /* We don't want to display strings for experimental algos */
1890                 if (s && prefs[i].value < 100 )
1891                     tty_printf ("%s", s );
1892                 else
1893                     tty_printf ("[%d]", prefs[i].value);
1894                 if (prefs[i].value == CIPHER_ALGO_3DES )
1895                     des_seen = 1;
1896             }    
1897         }
1898         if (!des_seen) {
1899             if (any)
1900                 tty_printf (", ");
1901             tty_printf ("%s",cipher_algo_to_string(CIPHER_ALGO_3DES));
1902         }
1903         tty_printf ("\n     ");
1904         tty_printf (_("Digest: "));
1905         for(i=any=0; prefs[i].type; i++ ) {
1906             if( prefs[i].type == PREFTYPE_HASH ) {
1907                 const char *s = digest_algo_to_string (prefs[i].value);
1908                 
1909                 if (any)
1910                     tty_printf (", ");
1911                 any = 1;
1912                 /* We don't want to display strings for experimental algos */
1913                 if (s && prefs[i].value < 100 )
1914                     tty_printf ("%s", s );
1915                 else
1916                     tty_printf ("[%d]", prefs[i].value);
1917                 if (prefs[i].value == DIGEST_ALGO_SHA1 )
1918                     sha1_seen = 1;
1919             }
1920         }
1921         if (!sha1_seen) {
1922             if (any)
1923                 tty_printf (", ");
1924             tty_printf ("%s",digest_algo_to_string(DIGEST_ALGO_SHA1));
1925         }
1926         tty_printf ("\n     ");
1927         tty_printf (_("Compression: "));
1928         for(i=any=0; prefs[i].type; i++ ) {
1929             if( prefs[i].type == PREFTYPE_ZIP ) {
1930                 const char *s=compress_algo_to_string(prefs[i].value);
1931                 
1932                 if (any)
1933                     tty_printf (", ");
1934                 any = 1;
1935                 /* We don't want to display strings for experimental algos */
1936                 if (s && prefs[i].value < 100 )
1937                     tty_printf ("%s", s );
1938                 else
1939                     tty_printf ("[%d]", prefs[i].value);
1940                 if (prefs[i].value == COMPRESS_ALGO_NONE )
1941                     uncomp_seen = 1;
1942             }
1943         }
1944         if (!uncomp_seen) {
1945             if (any)
1946                 tty_printf (", ");
1947             else {
1948               tty_printf ("%s",compress_algo_to_string(COMPRESS_ALGO_ZIP));
1949               tty_printf (", ");
1950             }
1951             tty_printf ("%s",compress_algo_to_string(COMPRESS_ALGO_NONE));
1952         }
1953         if(uid->mdc_feature || !uid->ks_modify)
1954           {
1955             tty_printf ("\n     ");
1956             tty_printf (_("Features: "));
1957             any=0;
1958             if(uid->mdc_feature)
1959               {
1960                 tty_printf ("MDC");
1961                 any=1;
1962               }
1963             if(!uid->ks_modify)
1964               {
1965                 if(any)
1966                   tty_printf (", ");
1967                 tty_printf (_("Keyserver no-modify"));
1968               }
1969           }
1970         tty_printf("\n");
1971
1972         if(selfsig)
1973           {
1974             const byte *pref_ks;
1975             size_t pref_ks_len;
1976
1977             pref_ks=parse_sig_subpkt(selfsig->hashed,
1978                                      SIGSUBPKT_PREF_KS,&pref_ks_len);
1979             if(pref_ks && pref_ks_len)
1980               {
1981                 tty_printf ("     ");
1982                 tty_printf(_("Preferred keyserver: "));
1983                 tty_print_utf8_string(pref_ks,pref_ks_len);
1984                 tty_printf("\n");
1985               }
1986           }
1987     }
1988     else {
1989         tty_printf("    ");
1990         for(i=0; prefs[i].type; i++ ) {
1991             tty_printf( " %c%d", prefs[i].type == PREFTYPE_SYM   ? 'S' :
1992                                  prefs[i].type == PREFTYPE_HASH  ? 'H' :
1993                                  prefs[i].type == PREFTYPE_ZIP ? 'Z':'?',
1994                                  prefs[i].value);
1995         }
1996         if (uid->mdc_feature)
1997             tty_printf (" [mdc]");
1998         if (!uid->ks_modify)
1999             tty_printf (" [no-ks-modify]");
2000         tty_printf("\n");
2001     }
2002 }
2003
2004
2005 /* This is the version of show_key_with_all_names used when
2006    opt.with_colons is used.  It prints all available data in a easy to
2007    parse format and does not translate utf8 */
2008 static void
2009 show_key_with_all_names_colon (KBNODE keyblock)
2010 {
2011   KBNODE node;
2012   int i, j, ulti_hack=0;
2013   byte pk_version=0;
2014   PKT_public_key *primary=NULL;
2015
2016   /* the keys */
2017   for ( node = keyblock; node; node = node->next )
2018     {
2019       if (node->pkt->pkttype == PKT_PUBLIC_KEY
2020           || (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) )
2021         {
2022           PKT_public_key *pk = node->pkt->pkt.public_key;
2023           u32 keyid[2];
2024
2025           if (node->pkt->pkttype == PKT_PUBLIC_KEY)
2026             {
2027               pk_version = pk->version;
2028               primary=pk;
2029             }
2030
2031           keyid_from_pk (pk, keyid);
2032
2033           fputs (node->pkt->pkttype == PKT_PUBLIC_KEY?"pub:":"sub:", stdout);
2034           if (!pk->is_valid)
2035             putchar ('i');
2036           else if (pk->is_revoked)
2037             putchar ('r');
2038           else if (pk->has_expired)
2039             putchar ('e');
2040           else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks ))
2041             {
2042               int trust = get_validity_info (pk, NULL);
2043               if(trust=='u')
2044                 ulti_hack=1;
2045               putchar (trust);
2046             }
2047
2048           printf (":%u:%d:%08lX%08lX:%lu:%lu::",
2049                   nbits_from_pk (pk),
2050                   pk->pubkey_algo,
2051                   (ulong)keyid[0], (ulong)keyid[1],
2052                   (ulong)pk->timestamp,
2053                   (ulong)pk->expiredate );
2054           if (node->pkt->pkttype==PKT_PUBLIC_KEY
2055               && !(opt.fast_list_mode || opt.no_expensive_trust_checks ))
2056             putchar(get_ownertrust_info (pk));
2057           putchar(':');
2058           putchar('\n');
2059           
2060           print_fingerprint (pk, NULL, 0);
2061
2062           /* print the revoker record */
2063           if( !pk->revkey && pk->numrevkeys )
2064             BUG();
2065           else
2066             {
2067               for (i=0; i < pk->numrevkeys; i++)
2068                 {
2069                   byte *p;
2070
2071                   printf ("rvk:::%d::::::", pk->revkey[i].algid);
2072                   p = pk->revkey[i].fpr;
2073                   for (j=0; j < 20; j++, p++ )
2074                     printf ("%02X", *p);
2075                   printf (":%02x%s:\n", pk->revkey[i].class,
2076                           (pk->revkey[i].class&0x40)?"s":"");
2077                 }
2078             }
2079         }
2080     }
2081   
2082     /* the user ids */
2083     i = 0;
2084     for (node = keyblock; node; node = node->next) 
2085       {
2086         if ( node->pkt->pkttype == PKT_USER_ID )
2087           {
2088             PKT_user_id *uid = node->pkt->pkt.user_id;
2089
2090             ++i;
2091
2092             if(uid->attrib_data)
2093               printf("uat:");
2094             else
2095               printf("uid:");
2096
2097             if ( uid->is_revoked )
2098               printf("r::::::::");
2099             else if ( uid->is_expired )
2100               printf("e::::::::");
2101             else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
2102               printf("::::::::");
2103             else
2104               {
2105                 int uid_validity;
2106
2107                 if( primary && !ulti_hack )
2108                   uid_validity = get_validity_info( primary, uid );
2109                 else
2110                   uid_validity = 'u';
2111                 printf("%c::::::::",uid_validity);
2112               }
2113
2114             if(uid->attrib_data)
2115               printf ("%u %lu",uid->numattribs,uid->attrib_len);
2116             else
2117               print_string (stdout, uid->name, uid->len, ':');
2118
2119             putchar (':');
2120             /* signature class */
2121             putchar (':');
2122             /* capabilities */
2123             putchar (':');
2124             /* preferences */
2125             if (pk_version>3 || uid->selfsigversion>3)
2126               {
2127                 const prefitem_t *prefs = uid->prefs;
2128                 
2129                 for (j=0; prefs && prefs[j].type; j++)
2130                   {
2131                     if (j)
2132                       putchar (' ');
2133                     printf ("%c%d", prefs[j].type == PREFTYPE_SYM   ? 'S' :
2134                             prefs[j].type == PREFTYPE_HASH  ? 'H' :
2135                             prefs[j].type == PREFTYPE_ZIP ? 'Z':'?',
2136                             prefs[j].value);
2137                   } 
2138                 if (uid->mdc_feature)
2139                   printf (",mdc");
2140                 if (!uid->ks_modify)
2141                   printf (",no-ks-modify");
2142               } 
2143             putchar (':');
2144             /* flags */
2145             printf ("%d,", i);
2146             if (uid->is_primary)
2147               putchar ('p');
2148             if (uid->is_revoked)
2149               putchar ('r');
2150             if (uid->is_expired)
2151               putchar ('e');
2152             if ((node->flag & NODFLG_SELUID))
2153               putchar ('s');
2154             if ((node->flag & NODFLG_MARK_A))
2155               putchar ('m');
2156             putchar (':');
2157             putchar('\n');
2158           }
2159       }
2160 }
2161
2162
2163 /****************
2164  * Display the key a the user ids, if only_marked is true, do only
2165  * so for user ids with mark A flag set and dont display the index number
2166  */
2167 static void
2168 show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
2169                          int with_fpr, int with_subkeys, int with_prefs )
2170 {
2171     KBNODE node;
2172     int i;
2173     int do_warn = 0;
2174     byte pk_version=0;
2175     PKT_public_key *primary=NULL;
2176
2177     if (opt.with_colons)
2178       {
2179         show_key_with_all_names_colon (keyblock);
2180         return;
2181       }
2182
2183     /* the keys */
2184     for( node = keyblock; node; node = node->next ) {
2185         if( node->pkt->pkttype == PKT_PUBLIC_KEY
2186             || (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY) ) {
2187             PKT_public_key *pk = node->pkt->pkt.public_key;
2188             const char *otrust="err",*trust="err";
2189
2190             if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
2191                 /* do it here, so that debug messages don't clutter the
2192                  * output */
2193                 static int did_warn = 0;
2194
2195                 trust = get_validity_string (pk, NULL);
2196                 otrust = get_ownertrust_string (pk);
2197
2198                 /* Show a warning once */
2199                 if (!did_warn
2200                     && (get_validity (pk, NULL) & TRUST_FLAG_PENDING_CHECK)) {
2201                     did_warn = 1;
2202                     do_warn = 1;
2203                 }
2204
2205                 pk_version=pk->version;
2206                 primary=pk;
2207             }
2208
2209             if(with_revoker) {
2210                 if( !pk->revkey && pk->numrevkeys )
2211                     BUG();
2212                 else
2213                     for(i=0;i<pk->numrevkeys;i++) {
2214                         u32 r_keyid[2];
2215                         char *user;
2216                         const char *algo=
2217                           pubkey_algo_to_string(pk->revkey[i].algid);
2218
2219                         keyid_from_fingerprint(pk->revkey[i].fpr,
2220                                                MAX_FINGERPRINT_LEN,r_keyid);
2221                         
2222                         user=get_user_id_string (r_keyid);
2223                         tty_printf (_("This key may be revoked by %s key "),
2224                                     algo?algo:"?");
2225                         tty_print_utf8_string (user, strlen (user));
2226                         if ((pk->revkey[i].class&0x40))
2227                           tty_printf (_(" (sensitive)"));
2228                         tty_printf ("\n");
2229                         m_free(user);
2230                       }
2231             }
2232
2233             keyid_from_pk(pk,NULL);
2234             tty_printf("%s%c %4u%c/%s  ",
2235                        node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
2236                        (node->flag & NODFLG_SELKEY)? '*':' ',
2237                        nbits_from_pk( pk ),
2238                        pubkey_letter( pk->pubkey_algo ),
2239                        keystr(pk->keyid));
2240
2241             tty_printf(_("created: %s"),datestr_from_pk(pk));
2242             tty_printf("  ");
2243             if(pk->is_revoked)
2244               tty_printf("%s: %s",_("revoked"),revokestr_from_pk(pk));
2245             else if(pk->has_expired)
2246               tty_printf("%s: %s",_("expired"),expirestr_from_pk(pk));
2247             else
2248               tty_printf("%s: %s",_("expires"),expirestr_from_pk(pk));
2249             tty_printf("  ");
2250             tty_printf(_("usage: %s"),usagestr_from_pk(pk));
2251             tty_printf("\n");
2252
2253             if( node->pkt->pkttype == PKT_PUBLIC_KEY )
2254               {
2255                 if(opt.trust_model!=TM_ALWAYS)
2256                   {
2257                     tty_printf("%*s",keystrlen()+13,"");
2258                     /* Ownertrust is only meaningful for the PGP or
2259                        classic trust models */
2260                     if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
2261                       {
2262                         int width=14-strlen(otrust);
2263                         if(width<=0)
2264                           width=1;
2265                         tty_printf(_("trust: %s"), otrust);
2266                         tty_printf("%*s",width,"");
2267                       }
2268                     
2269                     tty_printf(_("validity: %s"), trust );
2270                     tty_printf("\n");
2271                   }
2272                 if( node->pkt->pkttype == PKT_PUBLIC_KEY
2273                     && (get_ownertrust (pk)&TRUST_FLAG_DISABLED))
2274                   {
2275                     tty_printf("*** ");
2276                     tty_printf(_("This key has been disabled"));
2277                     tty_printf("\n");
2278                   }
2279               }
2280
2281             if( node->pkt->pkttype == PKT_PUBLIC_KEY && with_fpr )
2282               {
2283                 print_fingerprint ( pk, NULL, 2 );
2284                 tty_printf("\n");
2285               }
2286         }
2287         else if( node->pkt->pkttype == PKT_SECRET_KEY
2288             || (with_subkeys && node->pkt->pkttype == PKT_SECRET_SUBKEY) )
2289           {
2290             PKT_secret_key *sk = node->pkt->pkt.secret_key;
2291             tty_printf("%s%c %4u%c/%s  ",
2292                        node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
2293                        (node->flag & NODFLG_SELKEY)? '*':' ',
2294                        nbits_from_sk( sk ),
2295                        pubkey_letter( sk->pubkey_algo ),
2296                        keystr_from_sk(sk));
2297             tty_printf(_("created: %s"),datestr_from_sk(sk));
2298             tty_printf("  ");
2299             tty_printf("%s: %s",_("expires"),expirestr_from_sk(sk));
2300             tty_printf("\n");
2301             if (sk->is_protected && sk->protect.s2k.mode == 1002)
2302               {
2303                 tty_printf("                     ");
2304                 tty_printf(_("card-no: ")); 
2305                 if (sk->protect.ivlen == 16
2306                     && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
2307                   { /* This is an OpenPGP card. */
2308                     for (i=8; i < 14; i++)
2309                       {
2310                         if (i == 10)
2311                           tty_printf (" ");
2312                         tty_printf ("%02X", sk->protect.iv[i]);
2313                       }
2314                   }
2315                 else
2316                   { /* Something is wrong: Print all. */
2317                     for (i=0; i < sk->protect.ivlen; i++)
2318                       tty_printf ("%02X", sk->protect.iv[i]);
2319                   }
2320                 tty_printf ("\n");
2321               }
2322           }
2323     }
2324     
2325     /* the user ids */
2326
2327     i = 0;
2328     for( node = keyblock; node; node = node->next ) {
2329         if( node->pkt->pkttype == PKT_USER_ID ) {
2330             PKT_user_id *uid = node->pkt->pkt.user_id;
2331             ++i;
2332             if( !only_marked || (only_marked && (node->flag & NODFLG_MARK_A))){
2333                 if(uid->is_revoked)
2334                   tty_printf("[%8.8s] ",_("revoked"));
2335                 else if(uid->is_expired)
2336                   tty_printf("[%8.8s] ",_("expired"));
2337                 else if(primary)
2338                   tty_printf("[%8.8s] ",
2339                              trust_value_to_string(get_validity(primary,uid)));
2340                 if( only_marked )
2341                    tty_printf("     ");
2342                 else if( node->flag & NODFLG_SELUID )
2343                    tty_printf("(%d)* ", i);
2344                 else if( uid->is_primary )
2345                    tty_printf("(%d). ", i);
2346                 else
2347                    tty_printf("(%d)  ", i);
2348                 tty_print_utf8_string( uid->name, uid->len );
2349                 tty_printf("\n");
2350                 if( with_prefs )
2351                   {
2352                     if(pk_version>3 || uid->selfsigversion>3)
2353                       {
2354                         PKT_signature *selfsig=NULL;
2355                         KBNODE signode;
2356
2357                         for(signode=node->next;
2358                             signode && signode->pkt->pkttype==PKT_SIGNATURE;
2359                             signode=signode->next)
2360                           {
2361                             if(signode->pkt->pkt.signature->
2362                                flags.chosen_selfsig)
2363                               {
2364                                 selfsig=signode->pkt->pkt.signature;
2365                                 break;
2366                               }
2367                           }
2368
2369                         show_prefs (uid, selfsig, with_prefs == 2);
2370                       }
2371                     else
2372                       tty_printf(_("There are no preferences on a "
2373                                    "PGP 2.x-style user ID.\n"));
2374                   }
2375             }
2376         }
2377     }
2378
2379     if (do_warn)
2380         tty_printf (_("Please note that the shown key validity "
2381                       "is not necessarily correct\n"
2382                       "unless you restart the program.\n")); 
2383 }
2384
2385
2386 /* Display basic key information.  This fucntion is suitable to show
2387    information on the key without any dependencies on the trustdb or
2388    any other internal GnuPG stuff.  KEYBLOCK may either be a public or
2389    a secret key.*/
2390 void
2391 show_basic_key_info ( KBNODE keyblock )
2392 {
2393   KBNODE node;
2394   int i;
2395
2396   /* The primary key */
2397   for (node = keyblock; node; node = node->next)
2398     {
2399       if (node->pkt->pkttype == PKT_PUBLIC_KEY)
2400         {
2401           PKT_public_key *pk = node->pkt->pkt.public_key;
2402           
2403           /* Note, we use the same format string as in other show
2404              functions to make the translation job easier. */
2405           tty_printf ("%s  %4u%c/%s  ",
2406                       node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
2407                       nbits_from_pk( pk ),
2408                       pubkey_letter( pk->pubkey_algo ),
2409                       keystr_from_pk(pk));
2410           tty_printf(_("created: %s"),datestr_from_pk(pk));
2411           tty_printf("  ");
2412           tty_printf("%s: %s",_("expires"),expirestr_from_pk(pk));
2413           tty_printf("\n");
2414           print_fingerprint ( pk, NULL, 3 );
2415           tty_printf("\n");
2416         }
2417       else if (node->pkt->pkttype == PKT_SECRET_KEY)
2418         {
2419           PKT_secret_key *sk = node->pkt->pkt.secret_key;
2420           tty_printf("%s  %4u%c/%s",
2421                      node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
2422                      nbits_from_sk( sk ),
2423                      pubkey_letter( sk->pubkey_algo ),
2424                      keystr_from_sk(sk));
2425           tty_printf(_("created: %s"),datestr_from_sk(sk));
2426           tty_printf("  ");
2427           tty_printf("%s: %s",_("expires"),expirestr_from_sk(sk));
2428           tty_printf("\n");
2429           print_fingerprint (NULL, sk, 3 );
2430           tty_printf("\n");
2431         }
2432     }
2433
2434   /* The user IDs. */
2435   for (i=0, node = keyblock; node; node = node->next)
2436     {
2437       if (node->pkt->pkttype == PKT_USER_ID)
2438         {
2439           PKT_user_id *uid = node->pkt->pkt.user_id;
2440           ++i;
2441      
2442           tty_printf ("     ");
2443           if (uid->is_revoked)
2444             tty_printf("[%s] ",_("revoked"));
2445           else if ( uid->is_expired )
2446             tty_printf("[%s] ",_("expired"));
2447           tty_print_utf8_string (uid->name, uid->len);
2448           tty_printf ("\n");
2449         }
2450     }
2451 }
2452
2453 static void
2454 show_key_and_fingerprint( KBNODE keyblock )
2455 {
2456   KBNODE node;
2457   PKT_public_key *pk = NULL;
2458
2459   for( node = keyblock; node; node = node->next )
2460     {
2461       if( node->pkt->pkttype == PKT_PUBLIC_KEY )
2462         {
2463           pk = node->pkt->pkt.public_key;
2464           tty_printf("pub   %4u%c/%s %s ",
2465                      nbits_from_pk( pk ),
2466                      pubkey_letter( pk->pubkey_algo ),
2467                      keystr_from_pk(pk),
2468                      datestr_from_pk(pk) );
2469         }
2470       else if( node->pkt->pkttype == PKT_USER_ID )
2471         {
2472           PKT_user_id *uid = node->pkt->pkt.user_id;
2473           tty_print_utf8_string( uid->name, uid->len );
2474           break;
2475         }
2476     }
2477   tty_printf("\n");
2478   if( pk )
2479     print_fingerprint( pk, NULL, 2 );
2480 }
2481
2482
2483 /* Show a warning if no uids on the key have the primary uid flag
2484    set. */
2485 static void
2486 no_primary_warning(KBNODE keyblock)
2487 {
2488   KBNODE node;
2489   int have_primary=0,uid_count=0;
2490
2491   /* TODO: if we ever start behaving differently with a primary or
2492      non-primary attribute ID, we will need to check for attributes
2493      here as well. */
2494
2495   for(node=keyblock; node; node = node->next)
2496     {
2497       if(node->pkt->pkttype==PKT_USER_ID
2498          && node->pkt->pkt.user_id->attrib_data==NULL)
2499         {
2500           uid_count++;
2501
2502           if(node->pkt->pkt.user_id->is_primary==2)
2503             {
2504               have_primary=1;
2505               break;
2506             }
2507         }
2508     }
2509
2510   if(uid_count>1 && !have_primary)
2511     log_info(_("WARNING: no user ID has been marked as primary.  This command"
2512                " may\n              cause a different user ID to become"
2513                " the assumed primary.\n"));
2514 }
2515
2516 /****************
2517  * Ask for a new user id, do the selfsignature and put it into
2518  * both keyblocks.
2519  * Return true if there is a new user id
2520  */
2521 static int
2522 menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
2523 {
2524     PKT_user_id *uid;
2525     PKT_public_key *pk=NULL;
2526     PKT_secret_key *sk=NULL;
2527     PKT_signature *sig=NULL;
2528     PACKET *pkt;
2529     KBNODE node;
2530     KBNODE pub_where=NULL, sec_where=NULL;
2531     int rc;
2532
2533     for( node = pub_keyblock; node; pub_where = node, node = node->next ) {
2534         if( node->pkt->pkttype == PKT_PUBLIC_KEY )
2535             pk = node->pkt->pkt.public_key;
2536         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2537             break;
2538     }
2539     if( !node ) /* no subkey */
2540         pub_where = NULL;
2541     for( node = sec_keyblock; node; sec_where = node, node = node->next ) {
2542         if( node->pkt->pkttype == PKT_SECRET_KEY )
2543             sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
2544         else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
2545             break;
2546     }
2547     if( !node ) /* no subkey */
2548         sec_where = NULL;
2549     assert(pk && sk);
2550
2551     if(photo) {
2552       int hasattrib=0;
2553
2554       for( node = pub_keyblock; node; node = node->next )
2555         if( node->pkt->pkttype == PKT_USER_ID &&
2556             node->pkt->pkt.user_id->attrib_data!=NULL)
2557           {
2558             hasattrib=1;
2559             break;
2560           }
2561
2562       /* It is legal but bad for compatibility to add a photo ID to a
2563          v3 key as it means that PGP2 will not be able to use that key
2564          anymore.  Also, PGP may not expect a photo on a v3 key.
2565          Don't bother to ask this if the key already has a photo - any
2566          damage has already been done at that point. -dms */
2567       if(pk->version==3 && !hasattrib)
2568         {
2569           if(opt.expert)
2570             {
2571               tty_printf(_("WARNING: This is a PGP2-style key.  "
2572                            "Adding a photo ID may cause some versions\n"
2573                            "         of PGP to reject this key.\n"));
2574
2575               if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay",
2576                                         _("Are you sure you still want "
2577                                           "to add it? (y/N) ")))
2578                 return 0;
2579             }
2580           else
2581             {
2582               tty_printf(_("You may not add a photo ID to "
2583                            "a PGP2-style key.\n"));
2584               return 0;
2585             }
2586         }
2587
2588       uid = generate_photo_id(pk);
2589     } else
2590       uid = generate_user_id();
2591     if( !uid )
2592         return 0;
2593
2594     rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0, 0, 0,
2595                              keygen_add_std_prefs, pk );
2596     free_secret_key( sk );
2597     if( rc ) {
2598         log_error("signing failed: %s\n", g10_errstr(rc) );
2599         free_user_id(uid);
2600         return 0;
2601     }
2602
2603     /* insert/append to secret keyblock */
2604     pkt = m_alloc_clear( sizeof *pkt );
2605     pkt->pkttype = PKT_USER_ID;
2606     pkt->pkt.user_id = scopy_user_id(uid);
2607     node = new_kbnode(pkt);
2608     if( sec_where )
2609         insert_kbnode( sec_where, node, 0 );
2610     else
2611         add_kbnode( sec_keyblock, node );
2612     pkt = m_alloc_clear( sizeof *pkt );
2613     pkt->pkttype = PKT_SIGNATURE;
2614     pkt->pkt.signature = copy_signature(NULL, sig);
2615     if( sec_where )
2616         insert_kbnode( node, new_kbnode(pkt), 0 );
2617     else
2618         add_kbnode( sec_keyblock, new_kbnode(pkt) );
2619     /* insert/append to public keyblock */
2620     pkt = m_alloc_clear( sizeof *pkt );
2621     pkt->pkttype = PKT_USER_ID;
2622     pkt->pkt.user_id = uid;
2623     node = new_kbnode(pkt);
2624     if( pub_where )
2625         insert_kbnode( pub_where, node, 0 );
2626     else
2627         add_kbnode( pub_keyblock, node );
2628     pkt = m_alloc_clear( sizeof *pkt );
2629     pkt->pkttype = PKT_SIGNATURE;
2630     pkt->pkt.signature = copy_signature(NULL, sig);
2631     if( pub_where )
2632         insert_kbnode( node, new_kbnode(pkt), 0 );
2633     else
2634         add_kbnode( pub_keyblock, new_kbnode(pkt) );
2635     return 1;
2636 }
2637
2638
2639 /****************
2640  * Remove all selected userids from the keyrings
2641  */
2642 static void
2643 menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock )
2644 {
2645     KBNODE node;
2646     int selected=0;
2647
2648     for( node = pub_keyblock; node; node = node->next ) {
2649         if( node->pkt->pkttype == PKT_USER_ID ) {
2650             selected = node->flag & NODFLG_SELUID;
2651             if( selected ) {
2652                 /* Only cause a trust update if we delete a
2653                    non-revoked user id */
2654                 if(!node->pkt->pkt.user_id->is_revoked)
2655                   update_trust=1;
2656                 delete_kbnode( node );
2657                 if( sec_keyblock ) {
2658                     KBNODE snode;
2659                     int s_selected = 0;
2660                     PKT_user_id *uid = node->pkt->pkt.user_id;
2661                     for( snode = sec_keyblock; snode; snode = snode->next ) {
2662                         if( snode->pkt->pkttype == PKT_USER_ID ) {
2663                             PKT_user_id *suid = snode->pkt->pkt.user_id;
2664
2665                             s_selected =
2666                                 (uid->len == suid->len
2667                                  && !memcmp( uid->name, suid->name, uid->len));
2668                             if( s_selected )
2669                                 delete_kbnode( snode );
2670                         }
2671                         else if( s_selected
2672                                  && snode->pkt->pkttype == PKT_SIGNATURE )
2673                             delete_kbnode( snode );
2674                         else if( snode->pkt->pkttype == PKT_SECRET_SUBKEY )
2675                             s_selected = 0;
2676                     }
2677                 }
2678             }
2679         }
2680         else if( selected && node->pkt->pkttype == PKT_SIGNATURE )
2681             delete_kbnode( node );
2682         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2683             selected = 0;
2684     }
2685     commit_kbnode( &pub_keyblock );
2686     if( sec_keyblock )
2687         commit_kbnode( &sec_keyblock );
2688 }
2689
2690
2691 static int
2692 menu_delsig( KBNODE pub_keyblock )
2693 {
2694     KBNODE node;
2695     PKT_user_id *uid = NULL;
2696     int changed=0;
2697
2698     for( node = pub_keyblock; node; node = node->next ) {
2699         if( node->pkt->pkttype == PKT_USER_ID ) {
2700             uid = (node->flag & NODFLG_SELUID)? node->pkt->pkt.user_id : NULL;
2701         }
2702         else if( uid && node->pkt->pkttype == PKT_SIGNATURE ) {
2703            int okay, valid, selfsig, inv_sig, no_key, other_err;
2704
2705             tty_printf("uid  ");
2706             tty_print_utf8_string( uid->name, uid->len );
2707             tty_printf("\n");
2708
2709             okay = inv_sig = no_key = other_err = 0;
2710             if(opt.with_colons)
2711               valid = print_and_check_one_sig_colon( pub_keyblock, node,
2712                                                &inv_sig, &no_key, &other_err,
2713                                                &selfsig, 1 );
2714             else
2715               valid = print_and_check_one_sig( pub_keyblock, node,
2716                                                &inv_sig, &no_key, &other_err,
2717                                                &selfsig, 1 );
2718
2719            if( valid ) {
2720                okay = cpr_get_answer_yes_no_quit(
2721                    "keyedit.delsig.valid",
2722                    _("Delete this good signature? (y/N/q)"));
2723
2724                /* Only update trust if we delete a good signature.
2725                   The other two cases do not affect trust. */
2726                if(okay)
2727                  update_trust=1;
2728            }
2729            else if( inv_sig || other_err )
2730                okay = cpr_get_answer_yes_no_quit(
2731                    "keyedit.delsig.invalid",
2732                    _("Delete this invalid signature? (y/N/q)"));
2733            else if( no_key )
2734                okay = cpr_get_answer_yes_no_quit(
2735                    "keyedit.delsig.unknown",
2736                    _("Delete this unknown signature? (y/N/q)"));
2737
2738             if( okay == -1 )
2739                 break;
2740            if( okay && selfsig && !cpr_get_answer_is_yes(
2741                                "keyedit.delsig.selfsig",
2742                               _("Really delete this self-signature? (y/N)") ))
2743                 okay = 0;
2744             if( okay ) {
2745                 delete_kbnode( node );
2746                 changed++;
2747             }
2748
2749         }
2750         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2751             uid = NULL;
2752     }
2753
2754     if( changed ) {
2755         commit_kbnode( &pub_keyblock );
2756         tty_printf( changed == 1? _("Deleted %d signature.\n")
2757                                 : _("Deleted %d signatures.\n"), changed );
2758     }
2759     else
2760         tty_printf( _("Nothing deleted.\n") );
2761
2762     return changed;
2763 }
2764
2765
2766 /****************
2767  * Remove some of the secondary keys
2768  */
2769 static void
2770 menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
2771 {
2772     KBNODE node;
2773     int selected=0;
2774
2775     for( node = pub_keyblock; node; node = node->next ) {
2776         if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
2777             selected = node->flag & NODFLG_SELKEY;
2778             if( selected ) {
2779                 delete_kbnode( node );
2780                 if( sec_keyblock ) {
2781                     KBNODE snode;
2782                     int s_selected = 0;
2783                     u32 ki[2];
2784
2785                     keyid_from_pk( node->pkt->pkt.public_key, ki );
2786                     for( snode = sec_keyblock; snode; snode = snode->next ) {
2787                         if( snode->pkt->pkttype == PKT_SECRET_SUBKEY ) {
2788                             u32 ki2[2];
2789
2790                             keyid_from_sk( snode->pkt->pkt.secret_key, ki2 );
2791                             s_selected = (ki[0] == ki2[0] && ki[1] == ki2[1]);
2792                             if( s_selected )
2793                                 delete_kbnode( snode );
2794                         }
2795                         else if( s_selected
2796                                  && snode->pkt->pkttype == PKT_SIGNATURE )
2797                             delete_kbnode( snode );
2798                         else
2799                             s_selected = 0;
2800                     }
2801                 }
2802             }
2803         }
2804         else if( selected && node->pkt->pkttype == PKT_SIGNATURE )
2805             delete_kbnode( node );
2806         else
2807             selected = 0;
2808     }
2809     commit_kbnode( &pub_keyblock );
2810     if( sec_keyblock )
2811         commit_kbnode( &sec_keyblock );
2812
2813     /* No need to set update_trust here since signing keys are no
2814        longer used to certify other keys, so there is no change in
2815        trust when revoking/removing them */
2816 }
2817
2818
2819 /****************
2820  * Ask for a new revoker, do the selfsignature and put it into
2821  * both keyblocks.
2822  * Return true if there is a new revoker
2823  */
2824 static int
2825 menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
2826 {
2827   PKT_public_key *pk=NULL,*revoker_pk=NULL;
2828   PKT_secret_key *sk=NULL;
2829   PKT_signature *sig=NULL;
2830   PACKET *pkt;
2831   struct revocation_key revkey;
2832   size_t fprlen;
2833   int rc;
2834
2835   assert(pub_keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
2836   assert(sec_keyblock->pkt->pkttype==PKT_SECRET_KEY);
2837
2838   pk=pub_keyblock->pkt->pkt.public_key;
2839
2840   if(pk->numrevkeys==0 && pk->version==3)
2841     {
2842       /* It is legal but bad for compatibility to add a revoker to a
2843          v3 key as it means that PGP2 will not be able to use that key
2844          anymore.  Also, PGP may not expect a revoker on a v3 key.
2845          Don't bother to ask this if the key already has a revoker -
2846          any damage has already been done at that point. -dms */
2847       if(opt.expert)
2848         {
2849           tty_printf(_("WARNING: This is a PGP 2.x-style key.  "
2850                        "Adding a designated revoker may cause\n"
2851                        "         some versions of PGP to reject this key.\n"));
2852
2853           if(!cpr_get_answer_is_yes("keyedit.v3_revoker.okay",
2854                                     _("Are you sure you still want "
2855                                       "to add it? (y/N) ")))
2856             return 0;
2857         }
2858       else
2859         {
2860           tty_printf(_("You may not add a designated revoker to "
2861                        "a PGP 2.x-style key.\n"));
2862           return 0;
2863         }
2864     }
2865
2866   sk=copy_secret_key(NULL,sec_keyblock->pkt->pkt.secret_key);
2867
2868   for(;;)
2869     {
2870       char *answer;
2871
2872       if(revoker_pk)
2873         free_public_key(revoker_pk);
2874
2875       revoker_pk=m_alloc_clear(sizeof(*revoker_pk));
2876
2877       tty_printf("\n");
2878
2879       answer=cpr_get_utf8("keyedit.add_revoker",
2880                           _("Enter the user ID of the designated revoker: "));
2881       if(answer[0]=='\0' || answer[0]=='\004')
2882         {
2883           m_free(answer);
2884           goto fail;
2885         }
2886
2887       /* Note that I'm requesting SIG here and not CERT.  We're making
2888          a certification, but it is okay to be a subkey. */
2889       revoker_pk->req_usage=PUBKEY_USAGE_SIG;
2890       rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL,1);
2891       if(rc)
2892         {
2893           log_error (_("key `%s' not found: %s\n"),answer,g10_errstr(rc));
2894           m_free(answer);
2895           continue;
2896         }
2897
2898       m_free(answer);
2899
2900       fingerprint_from_pk(revoker_pk,revkey.fpr,&fprlen);
2901       if(fprlen!=20)
2902         {
2903           log_error(_("cannot appoint a PGP 2.x style key as a "
2904                       "designated revoker\n"));
2905           continue;
2906         }
2907
2908       revkey.class=0x80;
2909       if(sensitive)
2910         revkey.class|=0x40;
2911       revkey.algid=revoker_pk->pubkey_algo;
2912
2913       if(cmp_public_keys(revoker_pk,pk)==0)
2914         {
2915           /* This actually causes no harm (after all, a key that
2916              designates itself as a revoker is the same as a
2917              regular key), but it's easy enough to check. */
2918           log_error(_("you cannot appoint a key as its own "
2919                       "designated revoker\n"));
2920
2921           continue;
2922         }
2923
2924       keyid_from_pk(pk,NULL);
2925
2926       /* Does this revkey already exist? */
2927       if(!pk->revkey && pk->numrevkeys)
2928         BUG();
2929       else
2930         {
2931           int i;
2932
2933           for(i=0;i<pk->numrevkeys;i++)
2934             {
2935               if(memcmp(&pk->revkey[i],&revkey,
2936                         sizeof(struct revocation_key))==0)
2937                 {
2938                   char buf[50];
2939
2940                   log_error(_("this key has already been designated "
2941                               "as a revoker\n"));
2942
2943                   sprintf(buf,"%08lX%08lX",
2944                           (ulong)pk->keyid[0],(ulong)pk->keyid[1]);
2945                   write_status_text(STATUS_ALREADY_SIGNED,buf);
2946
2947                   break;
2948                 }
2949             }
2950
2951           if(i<pk->numrevkeys)
2952             continue;
2953         }
2954
2955       print_pubkey_info(NULL,revoker_pk);
2956       print_fingerprint(revoker_pk,NULL,2);
2957       tty_printf("\n");
2958
2959       tty_printf(_("WARNING: appointing a key as a designated revoker "
2960                    "cannot be undone!\n"));
2961
2962       tty_printf("\n");
2963
2964       if(!cpr_get_answer_is_yes("keyedit.add_revoker.okay",
2965                                 _("Are you sure you want to appoint this "
2966                                   "key as a designated revoker? (y/N): ")))
2967         continue;
2968
2969       free_public_key(revoker_pk);
2970       revoker_pk=NULL;
2971       break;
2972     }
2973
2974   /* The 1F signature must be at least v4 to carry the revocation key
2975      subpacket. */
2976   rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x1F, 0, 4, 0, 0,
2977                            keygen_add_revkey,&revkey );
2978   if( rc )
2979     {
2980       log_error("signing failed: %s\n", g10_errstr(rc) );
2981       goto fail;
2982     }
2983
2984   free_secret_key(sk);
2985   sk=NULL;
2986
2987   /* insert into secret keyblock */
2988   pkt = m_alloc_clear( sizeof *pkt );
2989   pkt->pkttype = PKT_SIGNATURE;
2990   pkt->pkt.signature = copy_signature(NULL, sig);
2991   insert_kbnode( sec_keyblock, new_kbnode(pkt), PKT_SIGNATURE );
2992
2993   /* insert into public keyblock */
2994   pkt = m_alloc_clear( sizeof *pkt );
2995   pkt->pkttype = PKT_SIGNATURE;
2996   pkt->pkt.signature = sig;
2997   insert_kbnode( pub_keyblock, new_kbnode(pkt), PKT_SIGNATURE );
2998
2999   return 1;
3000
3001  fail:
3002   if(sk)
3003     free_secret_key(sk);
3004   if(sig)
3005     free_seckey_enc(sig);
3006   if(revoker_pk)
3007     free_public_key(revoker_pk);
3008
3009   return 0;
3010 }
3011
3012
3013 static int
3014 menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
3015 {
3016     int n1, signumber, rc;
3017     u32 expiredate;
3018     int mainkey=0;
3019     PKT_secret_key *sk;    /* copy of the main sk */
3020     PKT_public_key *main_pk, *sub_pk;
3021     PKT_user_id *uid;
3022     KBNODE node;
3023     u32 keyid[2];
3024
3025     if( count_selected_keys( sec_keyblock ) ) {
3026         tty_printf(_("Please remove selections from the secret keys.\n"));
3027         return 0;
3028     }
3029
3030     n1 = count_selected_keys( pub_keyblock );
3031     if( n1 > 1 ) {
3032         tty_printf(_("Please select at most one secondary key.\n"));
3033         return 0;
3034     }
3035     else if( n1 )
3036         tty_printf(_("Changing expiration time for a secondary key.\n"));
3037     else
3038       {
3039         tty_printf(_("Changing expiration time for the primary key.\n"));
3040         mainkey=1;
3041         no_primary_warning(pub_keyblock);
3042       }
3043
3044     expiredate = ask_expiredate();
3045     node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
3046     sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
3047
3048     /* Now we can actually change the self signature(s) */
3049     main_pk = sub_pk = NULL;
3050     uid = NULL;
3051     signumber = 0;
3052     for( node=pub_keyblock; node; node = node->next ) {
3053         if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
3054             main_pk = node->pkt->pkt.public_key;
3055             keyid_from_pk( main_pk, keyid );
3056             main_pk->expiredate = expiredate;
3057         }
3058         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
3059                  && (node->flag & NODFLG_SELKEY ) ) {
3060             sub_pk = node->pkt->pkt.public_key;
3061             sub_pk->expiredate = expiredate;
3062         }
3063         else if( node->pkt->pkttype == PKT_USER_ID )
3064             uid = node->pkt->pkt.user_id;
3065         else if( main_pk && node->pkt->pkttype == PKT_SIGNATURE
3066                  && ( mainkey || sub_pk ) ) {
3067             PKT_signature *sig = node->pkt->pkt.signature;
3068             if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
3069                 && ( (mainkey && uid
3070                       && uid->created && (sig->sig_class&~3) == 0x10)
3071                      || (!mainkey && sig->sig_class == 0x18)  )
3072                 && sig->flags.chosen_selfsig )
3073               {
3074                 /* this is a selfsignature which is to be replaced */
3075                 PKT_signature *newsig;
3076                 PACKET *newpkt;
3077                 KBNODE sn;
3078                 int signumber2 = 0;
3079
3080                 signumber++;
3081
3082                 if( (mainkey && main_pk->version < 4)
3083                     || (!mainkey && sub_pk->version < 4 ) ) {
3084                     log_info(_(
3085                         "You can't change the expiration date of a v3 key\n"));
3086                     free_secret_key( sk );
3087                     return 0;
3088                 }
3089
3090                 /* find the corresponding secret self-signature */
3091                 for( sn=sec_keyblock; sn; sn = sn->next ) {
3092                     if( sn->pkt->pkttype == PKT_SIGNATURE ) {
3093                         PKT_signature *b = sn->pkt->pkt.signature;
3094                         if( keyid[0] == b->keyid[0] && keyid[1] == b->keyid[1]
3095                             && sig->sig_class == b->sig_class
3096                             && ++signumber2 == signumber )
3097                             break;
3098                     }
3099                 }
3100                 if( !sn )
3101                     log_info(_("No corresponding signature in secret ring\n"));
3102
3103                 if( mainkey )
3104                   rc = update_keysig_packet(&newsig, sig, main_pk, uid, NULL,
3105                                             sk, keygen_add_key_expire, main_pk);
3106                 else
3107                   rc = update_keysig_packet(&newsig, sig, main_pk, NULL, sub_pk,
3108                                             sk, keygen_add_key_expire, sub_pk );
3109                 if( rc ) {
3110                     log_error("make_keysig_packet failed: %s\n",
3111                                                     g10_errstr(rc));
3112                     free_secret_key( sk );
3113                     return 0;
3114                 }
3115                 /* replace the packet */
3116                 newpkt = m_alloc_clear( sizeof *newpkt );
3117                 newpkt->pkttype = PKT_SIGNATURE;
3118                 newpkt->pkt.signature = newsig;
3119                 free_packet( node->pkt );
3120                 m_free( node->pkt );
3121                 node->pkt = newpkt;
3122                 if( sn ) {
3123                     newpkt = m_alloc_clear( sizeof *newpkt );
3124                     newpkt->pkttype = PKT_SIGNATURE;
3125                     newpkt->pkt.signature = copy_signature( NULL, newsig );
3126                     free_packet( sn->pkt );
3127                     m_free( sn->pkt );
3128                     sn->pkt = newpkt;
3129                 }
3130                 sub_pk = NULL;
3131             }
3132         }
3133     }
3134
3135     free_secret_key( sk );
3136     update_trust=1;
3137     return 1;
3138 }
3139
3140 static int
3141 change_primary_uid_cb ( PKT_signature *sig, void *opaque )
3142 {
3143     byte buf[1];
3144
3145     /* first clear all primary uid flags so that we are sure none are
3146      * lingering around */
3147     delete_sig_subpkt (sig->hashed,   SIGSUBPKT_PRIMARY_UID);
3148     delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PRIMARY_UID);
3149
3150     /* if opaque is set,we want to set the primary id */
3151     if (opaque) { 
3152         buf[0] = 1;
3153         build_sig_subpkt (sig, SIGSUBPKT_PRIMARY_UID, buf, 1 );
3154     }
3155
3156     return 0;
3157 }
3158
3159
3160 /*
3161  * Set the primary uid flag for the selected UID.  We will also reset
3162  * all other primary uid flags.  For this to work with have to update
3163  * all the signature timestamps.  If we would do this with the current
3164  * time, we lose quite a lot of information, so we use a a kludge to
3165  * do this: Just increment the timestamp by one second which is
3166  * sufficient to updated a signature during import.
3167  */
3168 static int
3169 menu_set_primary_uid ( KBNODE pub_keyblock, KBNODE sec_keyblock )
3170 {
3171     PKT_secret_key *sk;    /* copy of the main sk */
3172     PKT_public_key *main_pk;
3173     PKT_user_id *uid;
3174     KBNODE node;
3175     u32 keyid[2];
3176     int selected;
3177     int attribute = 0;
3178     int modified = 0;
3179
3180     if ( count_selected_uids (pub_keyblock) != 1 ) {
3181         tty_printf(_("Please select exactly one user ID.\n"));
3182         return 0;
3183     }
3184
3185     node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
3186     sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
3187
3188     /* Now we can actually change the self signature(s) */
3189     main_pk = NULL;
3190     uid = NULL;
3191     selected = 0;
3192
3193     /* Is our selected uid an attribute packet? */
3194     for ( node=pub_keyblock; node; node = node->next )
3195       if (node->pkt->pkttype == PKT_USER_ID && node->flag & NODFLG_SELUID)
3196         attribute = (node->pkt->pkt.user_id->attrib_data!=NULL);
3197
3198     for ( node=pub_keyblock; node; node = node->next ) {
3199         if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
3200             break; /* ready */
3201
3202         if ( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
3203             main_pk = node->pkt->pkt.public_key;
3204             keyid_from_pk( main_pk, keyid );
3205         }
3206         else if ( node->pkt->pkttype == PKT_USER_ID ) {
3207             uid = node->pkt->pkt.user_id;
3208             selected = node->flag & NODFLG_SELUID;
3209         }
3210         else if ( main_pk && uid && node->pkt->pkttype == PKT_SIGNATURE ) {
3211             PKT_signature *sig = node->pkt->pkt.signature;
3212             if ( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
3213                  && (uid && (sig->sig_class&~3) == 0x10)
3214                  && attribute == (uid->attrib_data!=NULL)
3215                  && sig->flags.chosen_selfsig )
3216               {
3217               if(sig->version < 4) {
3218                 char *user=utf8_to_native(uid->name,strlen(uid->name),0);
3219
3220                 log_info(_("skipping v3 self-signature on user ID \"%s\"\n"),
3221                          user);
3222                 m_free(user);
3223               }
3224               else {
3225                 /* This is a selfsignature which is to be replaced.
3226                    We can just ignore v3 signatures because they are
3227                    not able to carry the primary ID flag.  We also
3228                    ignore self-sigs on user IDs that are not of the
3229                    same type that we are making primary.  That is, if
3230                    we are making a user ID primary, we alter user IDs.
3231                    If we are making an attribute packet primary, we
3232                    alter attribute packets. */
3233
3234                 /* FIXME: We must make sure that we only have one
3235                    self-signature per user ID here (not counting
3236                    revocations) */
3237                 PKT_signature *newsig;
3238                 PACKET *newpkt;
3239                 const byte *p;
3240                 int action;
3241
3242                 /* see whether this signature has the primary UID flag */
3243       &nbs