* getkey.c (get_seckey_byname2): If no explicit default key is set, don't
[gnupg.git] / g10 / keyedit.c
1 /* keyedit.c - keyedit stuff
2  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
3  *               2005 Free Software Foundation, Inc.
4  *
5  * This file is part of GnuPG.
6  *
7  * GnuPG is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * GnuPG is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
20  */
21
22 #include <config.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <errno.h>
27 #include <assert.h>
28 #include <ctype.h>
29
30 #include "options.h"
31 #include "packet.h"
32 #include "errors.h"
33 #include "iobuf.h"
34 #include "keydb.h"
35 #include "memory.h"
36 #include "photoid.h"
37 #include "util.h"
38 #include "main.h"
39 #include "trustdb.h"
40 #include "filter.h"
41 #include "ttyio.h"
42 #include "status.h"
43 #include "i18n.h"
44 #include "keyserver-internal.h"
45
46 static void show_prefs( PKT_user_id *uid, PKT_signature *selfsig, int verbose);
47 static void show_key_with_all_names( KBNODE keyblock, int only_marked,
48             int with_revoker, int with_fpr, int with_subkeys, int with_prefs );
49 static void show_key_and_fingerprint( KBNODE keyblock );
50 static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock, int photo );
51 static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
52 static int  menu_delsig( KBNODE pub_keyblock );
53 static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
54 static int menu_addrevoker( KBNODE pub_keyblock,
55                             KBNODE sec_keyblock, int sensitive );
56 static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock );
57 static int menu_set_primary_uid( KBNODE pub_keyblock, KBNODE sec_keyblock );
58 static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock );
59 static int menu_set_keyserver_url (const char *url,
60                                    KBNODE pub_keyblock, KBNODE sec_keyblock );
61 static int menu_select_uid( KBNODE keyblock, int idx );
62 static int menu_select_key( KBNODE keyblock, int idx );
63 static int count_uids( KBNODE keyblock );
64 static int count_uids_with_flag( KBNODE keyblock, unsigned flag );
65 static int count_keys_with_flag( KBNODE keyblock, unsigned flag );
66 static int count_selected_uids( KBNODE keyblock );
67 static int real_uids_left( KBNODE keyblock );
68 static int count_selected_keys( KBNODE keyblock );
69 static int menu_revsig( KBNODE keyblock );
70 static int menu_revuid( KBNODE keyblock, KBNODE sec_keyblock );
71 static int menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
72 static int menu_revsubkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
73 static int enable_disable_key( KBNODE keyblock, int disable );
74 static void menu_showphoto( KBNODE keyblock );
75
76 static int update_trust=0;
77
78 #define CONTROL_D ('D' - 'A' + 1)
79
80 #define NODFLG_BADSIG (1<<0)  /* bad signature */
81 #define NODFLG_NOKEY  (1<<1)  /* no public key */
82 #define NODFLG_SIGERR (1<<2)  /* other sig error */
83
84 #define NODFLG_MARK_A (1<<4)  /* temporary mark */
85 #define NODFLG_DELSIG (1<<5)  /* to be deleted */
86
87 #define NODFLG_SELUID (1<<8)  /* indicate the selected userid */
88 #define NODFLG_SELKEY (1<<9)  /* indicate the selected key */
89 #define NODFLG_SELSIG (1<<10) /* indicate a selected signature */
90
91 struct sign_attrib {
92     int non_exportable,non_revocable;
93     struct revocation_reason_info *reason;
94     byte trust_depth,trust_value;
95     char *trust_regexp;
96 };
97
98
99 #ifdef ENABLE_CARD_SUPPORT
100 /* Given a node SEC_NODE with a secret key or subkey, locate the
101    corresponding public key from pub_keyblock. */
102 static PKT_public_key *
103 find_pk_from_sknode (KBNODE pub_keyblock, KBNODE sec_node)
104 {
105   KBNODE node = pub_keyblock;
106   PKT_secret_key *sk;
107   PKT_public_key *pk;
108   
109   if (sec_node->pkt->pkttype == PKT_SECRET_KEY
110       && node->pkt->pkttype == PKT_PUBLIC_KEY)
111     return node->pkt->pkt.public_key;
112   if (sec_node->pkt->pkttype != PKT_SECRET_SUBKEY)
113     return NULL;
114   sk = sec_node->pkt->pkt.secret_key;
115   for (; node; node = node->next)
116     if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
117       {
118         pk = node->pkt->pkt.public_key;
119         if (pk->keyid[0] == sk->keyid[0] && pk->keyid[1] == sk->keyid[1])
120           return pk;
121       }
122       
123   return NULL;
124 }
125 #endif /* ENABLE_CARD_SUPPORT */
126
127
128 /* TODO: Fix duplicated code between here and the check-sigs/list-sigs
129    code in keylist.c. */
130 static int
131 print_and_check_one_sig_colon( KBNODE keyblock, KBNODE node,
132                                int *inv_sigs, int *no_key, int *oth_err,
133                                int *is_selfsig, int print_without_key )
134 {
135   PKT_signature *sig = node->pkt->pkt.signature;
136   int rc, sigrc;
137
138   /* TODO: Make sure a cached sig record here still has the pk that
139      issued it.  See also keylist.c:list_keyblock_print */
140
141   switch((rc=check_key_signature(keyblock,node,is_selfsig)))
142     {
143     case 0:
144       node->flag &= ~(NODFLG_BADSIG|NODFLG_NOKEY|NODFLG_SIGERR);
145       sigrc = '!';
146       break;
147     case G10ERR_BAD_SIGN:
148       node->flag = NODFLG_BADSIG;
149       sigrc = '-';
150       if( inv_sigs )
151         ++*inv_sigs;
152       break;
153     case G10ERR_NO_PUBKEY:
154     case G10ERR_UNU_PUBKEY:
155       node->flag = NODFLG_NOKEY;
156       sigrc = '?';
157       if( no_key )
158         ++*no_key;
159       break;
160     default:
161       node->flag = NODFLG_SIGERR;
162       sigrc = '%';
163       if( oth_err )
164         ++*oth_err;
165       break;
166     }
167
168   if( sigrc != '?' || print_without_key )
169     {
170       printf("sig:%c::%d:%08lX%08lX:%lu:%lu:",
171              sigrc,sig->pubkey_algo,(ulong)sig->keyid[0],(ulong)sig->keyid[1],
172              (ulong)sig->timestamp,(ulong)sig->expiredate);
173
174       if(sig->trust_depth || sig->trust_value)
175         printf("%d %d",sig->trust_depth,sig->trust_value);
176
177       printf(":");
178
179       if(sig->trust_regexp)
180         print_string(stdout,sig->trust_regexp,strlen(sig->trust_regexp),':');
181
182       printf("::%02x%c\n",sig->sig_class,sig->flags.exportable?'x':'l');
183
184       if(opt.show_subpackets)
185         print_subpackets_colon(sig);
186     }
187
188   return (sigrc == '!');
189 }
190
191
192 /****************
193  * Print information about a signature, check it and return true
194  * if the signature is okay. NODE must be a signature packet.
195  */
196 static int
197 print_and_check_one_sig( KBNODE keyblock, KBNODE node,
198                          int *inv_sigs, int *no_key, int *oth_err,
199                         int *is_selfsig, int print_without_key )
200 {
201     PKT_signature *sig = node->pkt->pkt.signature;
202     int rc, sigrc;
203     int is_rev = sig->sig_class == 0x30;
204
205     /* TODO: Make sure a cached sig record here still has the pk that
206        issued it.  See also keylist.c:list_keyblock_print */
207
208     switch( (rc = check_key_signature( keyblock, node, is_selfsig)) ) {
209       case 0:
210         node->flag &= ~(NODFLG_BADSIG|NODFLG_NOKEY|NODFLG_SIGERR);
211         sigrc = '!';
212         break;
213       case G10ERR_BAD_SIGN:
214         node->flag = NODFLG_BADSIG;
215         sigrc = '-';
216         if( inv_sigs )
217             ++*inv_sigs;
218         break;
219       case G10ERR_NO_PUBKEY:
220       case G10ERR_UNU_PUBKEY:
221         node->flag = NODFLG_NOKEY;
222         sigrc = '?';
223         if( no_key )
224             ++*no_key;
225         break;
226       default:
227         node->flag = NODFLG_SIGERR;
228         sigrc = '%';
229         if( oth_err )
230             ++*oth_err;
231         break;
232     }
233     if( sigrc != '?' || print_without_key ) {
234         tty_printf("%s%c%c %c%c%c%c%c%c %s %s",
235                    is_rev? "rev":"sig",sigrc,
236                    (sig->sig_class-0x10>0 &&
237                     sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
238                    sig->flags.exportable?' ':'L',
239                    sig->flags.revocable?' ':'R',
240                    sig->flags.policy_url?'P':' ',
241                    sig->flags.notation?'N':' ',
242                    sig->flags.expired?'X':' ',
243                    (sig->trust_depth>9)?'T':
244                    (sig->trust_depth>0)?'0'+sig->trust_depth:' ',
245                    keystr(sig->keyid),datestr_from_sig(sig));
246         if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
247           tty_printf(" %s",expirestr_from_sig(sig));
248         tty_printf("  ");
249         if( sigrc == '%' )
250             tty_printf("[%s] ", g10_errstr(rc) );
251         else if( sigrc == '?' )
252             ;
253         else if( *is_selfsig ) {
254             tty_printf( is_rev? _("[revocation]")
255                               : _("[self-signature]") );
256         }
257         else
258           {
259             size_t n;
260             char *p = get_user_id( sig->keyid, &n );
261             tty_print_utf8_string2(p, n, opt.screen_columns-keystrlen()-26-
262                                ((opt.list_options&LIST_SHOW_SIG_EXPIRE)?11:0));
263             m_free(p);
264           }
265         tty_printf("\n");
266
267         if(sig->flags.policy_url && (opt.list_options&LIST_SHOW_POLICY_URLS))
268           show_policy_url(sig,3,0);
269
270         if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
271           show_notation(sig,3,0,
272                         ((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
273                         ((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
274
275         if(sig->flags.pref_ks && (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
276           show_keyserver_url(sig,3,0);
277     }
278
279     return (sigrc == '!');
280 }
281
282
283
284 /****************
285  * Check the keysigs and set the flags to indicate errors.
286  * Returns true if error found.
287  */
288 static int
289 check_all_keysigs( KBNODE keyblock, int only_selected )
290 {
291     KBNODE kbctx;
292     KBNODE node;
293     int inv_sigs = 0;
294     int no_key = 0;
295     int oth_err = 0;
296     int has_selfsig = 0;
297     int mis_selfsig = 0;
298     int selected = !only_selected;
299     int anyuid = 0;
300
301     for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
302         if( node->pkt->pkttype == PKT_USER_ID ) {
303             PKT_user_id *uid = node->pkt->pkt.user_id;
304
305             if( only_selected )
306                 selected = (node->flag & NODFLG_SELUID);
307             if( selected ) {
308                 tty_printf("uid  ");
309                 tty_print_utf8_string( uid->name, uid->len );
310                 tty_printf("\n");
311                 if( anyuid && !has_selfsig )
312                     mis_selfsig++;
313                 has_selfsig = 0;
314                 anyuid = 1;
315             }
316         }
317         else if( selected && node->pkt->pkttype == PKT_SIGNATURE
318                  && ( (node->pkt->pkt.signature->sig_class&~3) == 0x10
319                      || node->pkt->pkt.signature->sig_class == 0x30 )  ) {
320             int selfsig;
321
322             if( print_and_check_one_sig( keyblock, node, &inv_sigs,
323                                         &no_key, &oth_err, &selfsig, 0 ) ) {
324                 if( selfsig )
325                     has_selfsig = 1;
326             }
327             /* Hmmm: should we update the trustdb here? */
328         }
329     }
330     if( !has_selfsig )
331         mis_selfsig++;
332     if( inv_sigs == 1 )
333         tty_printf(_("1 bad signature\n") );
334     else if( inv_sigs )
335         tty_printf(_("%d bad signatures\n"), inv_sigs );
336     if( no_key == 1 )
337         tty_printf(_("1 signature not checked due to a missing key\n") );
338     else if( no_key )
339         tty_printf(_("%d signatures not checked due to missing keys\n"), no_key );
340     if( oth_err == 1 )
341         tty_printf(_("1 signature not checked due to an error\n") );
342     else if( oth_err )
343         tty_printf(_("%d signatures not checked due to errors\n"), oth_err );
344     if( mis_selfsig == 1 )
345         tty_printf(_("1 user ID without valid self-signature detected\n"));
346     else if( mis_selfsig  )
347         tty_printf(_("%d user IDs without valid self-signatures detected\n"),
348                                                                     mis_selfsig);
349
350     return inv_sigs || no_key || oth_err || mis_selfsig;
351 }
352
353
354 static int
355 sign_mk_attrib( PKT_signature *sig, void *opaque )
356 {
357     struct sign_attrib *attrib = opaque;
358     byte buf[8];
359
360     if( attrib->non_exportable ) {
361         buf[0] = 0; /* not exportable */
362         build_sig_subpkt( sig, SIGSUBPKT_EXPORTABLE, buf, 1 );
363     }
364
365     if( attrib->non_revocable ) {
366         buf[0] = 0; /* not revocable */
367         build_sig_subpkt( sig, SIGSUBPKT_REVOCABLE, buf, 1 );
368     }
369
370     if( attrib->reason )
371         revocation_reason_build_cb( sig, attrib->reason );
372
373     if(attrib->trust_depth)
374       {
375         /* Not critical.  If someone doesn't understand trust sigs,
376            this can still be a valid regular signature. */
377         buf[0] = attrib->trust_depth;
378         buf[1] = attrib->trust_value;
379         build_sig_subpkt(sig,SIGSUBPKT_TRUST,buf,2);
380
381         /* Critical.  If someone doesn't understands regexps, this
382            whole sig should be invalid.  Note the +1 for the length -
383            regexps are null terminated. */
384         if(attrib->trust_regexp)
385           build_sig_subpkt(sig,SIGSUBPKT_FLAG_CRITICAL|SIGSUBPKT_REGEXP,
386                            attrib->trust_regexp,
387                            strlen(attrib->trust_regexp)+1);
388       }
389
390     return 0;
391 }
392
393 static void
394 trustsig_prompt(byte *trust_value,byte *trust_depth,char **regexp)
395 {
396   char *p;
397
398   *trust_value=0;
399   *trust_depth=0;
400   *regexp=NULL;
401
402   /* Same string as pkclist.c:do_edit_ownertrust */
403   tty_printf(_("Please decide how far you trust this user to correctly verify"
404                " other users' keys\n(by looking at passports, checking"
405                " fingerprints from different sources, etc.)\n"));
406   tty_printf("\n");
407   tty_printf (_("  %d = I trust marginally\n"), 1);
408   tty_printf (_("  %d = I trust fully\n"), 2);
409   tty_printf("\n");
410
411   while(*trust_value==0)
412     {
413       p = cpr_get("trustsig_prompt.trust_value",_("Your selection? "));
414       trim_spaces(p);
415       cpr_kill_prompt();
416       /* 60 and 120 are as per RFC2440 */
417       if(p[0]=='1' && !p[1])
418         *trust_value=60;
419       else if(p[0]=='2' && !p[1])
420         *trust_value=120;
421       m_free(p);
422     }
423
424   tty_printf("\n");
425
426   tty_printf(_(
427               "Please enter the depth of this trust signature.\n"
428               "A depth greater than 1 allows the key you are signing to make\n"
429               "trust signatures on your behalf.\n"));
430   tty_printf("\n");
431
432   while(*trust_depth==0)
433     {
434       p = cpr_get("trustsig_prompt.trust_depth",_("Your selection? "));
435       trim_spaces(p);
436       cpr_kill_prompt();
437       *trust_depth=atoi(p);
438       m_free(p);
439     }
440
441   tty_printf("\n");
442
443   tty_printf(_("Please enter a domain to restrict this signature, "
444                "or enter for none.\n"));
445
446   tty_printf("\n");
447
448   p=cpr_get("trustsig_prompt.trust_regexp",_("Your selection? "));
449   trim_spaces(p);
450   cpr_kill_prompt();
451
452   if(strlen(p)>0)
453     {
454       char *q=p;
455       int regexplen=100,ind;
456
457       *regexp=m_alloc(regexplen);
458
459       /* Now mangle the domain the user entered into a regexp.  To do
460          this, \-escape everything that isn't alphanumeric, and attach
461          "<[^>]+[@.]" to the front, and ">$" to the end. */
462
463       strcpy(*regexp,"<[^>]+[@.]");
464       ind=strlen(*regexp);
465
466       while(*q)
467         {
468           if(!((*q>='A' && *q<='Z')
469                || (*q>='a' && *q<='z') || (*q>='0' && *q<='9')))
470             (*regexp)[ind++]='\\';
471
472           (*regexp)[ind++]=*q;
473
474           if((regexplen-ind)<3)
475             {
476               regexplen+=100;
477               *regexp=m_realloc(*regexp,regexplen);
478             }
479
480           q++;
481         }
482
483       (*regexp)[ind]='\0';
484       strcat(*regexp,">$");
485     }
486
487   m_free(p);
488   tty_printf("\n");
489 }
490
491 /****************
492  * Loop over all locusr and and sign the uids after asking.
493  * If no user id is marked, all user ids will be signed;
494  * if some user_ids are marked those will be signed.
495  */
496 static int
497 sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
498            int local, int nonrevocable, int trust )
499 {
500     int rc = 0;
501     SK_LIST sk_list = NULL;
502     SK_LIST sk_rover = NULL;
503     PKT_secret_key *sk = NULL;
504     KBNODE node, uidnode;
505     PKT_public_key *primary_pk=NULL;
506     int select_all = !count_selected_uids(keyblock);
507     int all_v3=1;
508
509     /* Are there any non-v3 sigs on this key already? */
510     if(PGP2)
511       for(node=keyblock;node;node=node->next)
512         if(node->pkt->pkttype==PKT_SIGNATURE &&
513            node->pkt->pkt.signature->version>3)
514           {
515             all_v3=0;
516             break;
517           }
518
519     /* build a list of all signators.
520      *    
521      * We use the CERT flag to request the primary which must always
522      * be one which is capable of signing keys.  I can't see a reason
523      * why to sign keys using a subkey.  Implementation of USAGE_CERT
524      * is just a hack in getkey.c and does not mean that a subkey
525      * marked as certification capable will be used */
526     rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT);
527     if( rc )
528         goto leave;
529
530     /* loop over all signators */
531     for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
532         u32 sk_keyid[2],pk_keyid[2];
533         char *p,*trust_regexp=NULL;
534         int force_v4=0,class=0,selfsig=0;
535         u32 duration=0,timestamp=0;
536         byte trust_depth=0,trust_value=0;
537
538         if(local || nonrevocable || trust ||
539            opt.cert_policy_url || opt.cert_notation_data)
540           force_v4=1;
541
542         /* we have to use a copy of the sk, because make_keysig_packet
543          * may remove the protection from sk and if we did other
544          * changes to the secret key, we would save the unprotected
545          * version */
546         if( sk )
547             free_secret_key(sk);
548         sk = copy_secret_key( NULL, sk_rover->sk );
549         keyid_from_sk( sk, sk_keyid );
550         /* set mark A for all selected user ids */
551         for( node=keyblock; node; node = node->next ) {
552             if( select_all || (node->flag & NODFLG_SELUID) )
553                 node->flag |= NODFLG_MARK_A;
554             else
555                 node->flag &= ~NODFLG_MARK_A;
556         }
557         /* reset mark for uids which are already signed */
558         uidnode = NULL;
559         for( node=keyblock; node; node = node->next ) {
560             if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
561                 primary_pk=node->pkt->pkt.public_key;
562                 keyid_from_pk( primary_pk, pk_keyid );
563
564                 /* Is this a self-sig? */
565                 if(pk_keyid[0]==sk_keyid[0] && pk_keyid[1]==sk_keyid[1])
566                   {
567                     selfsig=1;
568                     /* Do not force a v4 sig here, otherwise it would
569                        be difficult to remake a v3 selfsig.  If this
570                        is a v3->v4 promotion case, then we set
571                        force_v4 later anyway. */
572                     force_v4=0;
573                   }
574             }
575             else if( node->pkt->pkttype == PKT_USER_ID ) {
576                 uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
577                 if(uidnode)
578                   {
579                     char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
580                                               uidnode->pkt->pkt.user_id->len,
581                                               0);
582
583                     if(uidnode->pkt->pkt.user_id->is_revoked)
584                       {
585                         tty_printf(_("User ID \"%s\" is revoked."),user);
586
587                         if(selfsig)
588                           tty_printf("\n");
589                         else if(opt.expert)
590                           {
591                             tty_printf("\n");
592                             /* No, so remove the mark and continue */
593                             if(!cpr_get_answer_is_yes("sign_uid.revoke_okay",
594                                                       _("Are you sure you "
595                                                         "still want to sign "
596                                                         "it? (y/N) ")))
597                               {
598                                 uidnode->flag &= ~NODFLG_MARK_A;
599                                 uidnode=NULL;
600                               }
601                           }
602                         else
603                           {
604                             uidnode->flag &= ~NODFLG_MARK_A;
605                             uidnode=NULL;
606                             tty_printf(_("  Unable to sign.\n"));
607                           }
608                       }
609                     else if(uidnode->pkt->pkt.user_id->is_expired)
610                       {
611                         tty_printf(_("User ID \"%s\" is expired."),user);
612
613                         if(selfsig)
614                           tty_printf("\n");
615                         else if(opt.expert)
616                           {
617                             tty_printf("\n");
618                             /* No, so remove the mark and continue */
619                             if(!cpr_get_answer_is_yes("sign_uid.expire_okay",
620                                                       _("Are you sure you "
621                                                         "still want to sign "
622                                                         "it? (y/N) ")))
623                               {
624                                 uidnode->flag &= ~NODFLG_MARK_A;
625                                 uidnode=NULL;
626                               }
627                           }
628                         else
629                           {
630                             uidnode->flag &= ~NODFLG_MARK_A;
631                             uidnode=NULL;
632                             tty_printf(_("  Unable to sign.\n"));
633                           }
634                       }
635                     else if(!uidnode->pkt->pkt.user_id->created && !selfsig)
636                       {
637                         tty_printf(_("User ID \"%s\" is not self-signed."),
638                                    user);
639
640                         if(opt.expert)
641                           {
642                             tty_printf("\n");
643                             /* No, so remove the mark and continue */
644                             if(!cpr_get_answer_is_yes("sign_uid.nosig_okay",
645                                                       _("Are you sure you "
646                                                         "still want to sign "
647                                                         "it? (y/N) ")))
648                               {
649                                 uidnode->flag &= ~NODFLG_MARK_A;
650                                 uidnode=NULL;
651                               }
652                           }
653                         else
654                           {
655                             uidnode->flag &= ~NODFLG_MARK_A;
656                             uidnode=NULL;
657                             tty_printf(_("  Unable to sign.\n"));
658                           }
659                       }
660
661                     m_free(user);
662                   }
663             }
664             else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
665                 && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
666                 if( sk_keyid[0] == node->pkt->pkt.signature->keyid[0]
667                     && sk_keyid[1] == node->pkt->pkt.signature->keyid[1] ) {
668                     char buf[50];
669                     char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
670                                               uidnode->pkt->pkt.user_id->len,
671                                               0);
672
673                     /* It's a v3 self-sig.  Make it into a v4 self-sig? */
674                     if(node->pkt->pkt.signature->version<4 && selfsig)
675                       {
676                         tty_printf(_("The self-signature on \"%s\"\n"
677                                      "is a PGP 2.x-style signature.\n"),user);
678  
679                         /* Note that the regular PGP2 warning below
680                            still applies if there are no v4 sigs on
681                            this key at all. */
682
683                         if(opt.expert)
684                           if(cpr_get_answer_is_yes("sign_uid.v4_promote_okay",
685                                                    _("Do you want to promote "
686                                                      "it to an OpenPGP self-"
687                                                      "signature? (y/N) ")))
688                             {
689                               force_v4=1;
690                               node->flag|=NODFLG_DELSIG;
691                               m_free(user);
692                               continue;
693                             }
694                       }
695
696                     /* Is the current signature expired? */
697                     if(node->pkt->pkt.signature->flags.expired)
698                       {
699                         tty_printf(_("Your current signature on \"%s\"\n"
700                                      "has expired.\n"),user);
701
702                         if(cpr_get_answer_is_yes("sign_uid.replace_expired_okay",
703                                                  _("Do you want to issue a "
704                                                    "new signature to replace "
705                                                    "the expired one? (y/N) ")))
706                           {
707                             /* Mark these for later deletion.  We
708                                don't want to delete them here, just in
709                                case the replacement signature doesn't
710                                happen for some reason.  We only delete
711                                these after the replacement is already
712                                in place. */
713
714                             node->flag|=NODFLG_DELSIG;
715                             m_free(user);
716                             continue;
717                           }
718                       }
719
720                     if(!node->pkt->pkt.signature->flags.exportable && !local)
721                       {
722                         /* It's a local sig, and we want to make a
723                            exportable sig. */
724                         tty_printf(_("Your current signature on \"%s\"\n"
725                                      "is a local signature.\n"),user);
726
727                         if(cpr_get_answer_is_yes("sign_uid.local_promote_okay",
728                                                  _("Do you want to promote "
729                                                    "it to a full exportable "
730                                                    "signature? (y/N) ")))
731                           {
732                             /* Mark these for later deletion.  We
733                                don't want to delete them here, just in
734                                case the replacement signature doesn't
735                                happen for some reason.  We only delete
736                                these after the replacement is already
737                                in place. */
738
739                             node->flag|=NODFLG_DELSIG;
740                             m_free(user);
741                             continue;
742                           }
743                       }
744
745                     /* Fixme: see whether there is a revocation in which
746                      * case we should allow to sign it again. */
747                     if (!node->pkt->pkt.signature->flags.exportable && local)
748                       tty_printf(_(
749                               "\"%s\" was already locally signed by key %s\n"),
750                                  user,keystr_from_sk(sk));
751                     else
752                       tty_printf(_("\"%s\" was already signed by key %s\n"),
753                                  user,keystr_from_sk(sk));
754
755                     if(opt.expert
756                        && cpr_get_answer_is_yes("sign_uid.dupe_okay",
757                                                 _("Do you want to sign it "
758                                                   "again anyway? (y/N) ")))
759                       {
760                         /* Don't delete the old sig here since this is
761                            an --expert thing. */
762                         m_free(user);
763                         continue;
764                       }
765
766                     sprintf (buf, "%08lX%08lX",
767                              (ulong)sk->keyid[0], (ulong)sk->keyid[1] );
768                     write_status_text (STATUS_ALREADY_SIGNED, buf);
769                     uidnode->flag &= ~NODFLG_MARK_A; /* remove mark */
770
771                     m_free(user);
772                 }
773             }
774         }
775
776         /* check whether any uids are left for signing */
777         if( !count_uids_with_flag(keyblock, NODFLG_MARK_A) )
778           {
779             tty_printf(_("Nothing to sign with key %s\n"),keystr_from_sk(sk));
780             continue;
781           }
782
783         /* Ask whether we really should sign these user id(s) */
784         tty_printf("\n");
785         show_key_with_all_names( keyblock, 1, 0, 1, 0, 0 );
786         tty_printf("\n");
787
788         if(primary_pk->expiredate && !selfsig)
789           {
790             u32 now=make_timestamp();
791
792             if(primary_pk->expiredate<=now)
793               {
794                 tty_printf(_("This key has expired!"));
795
796                 if(opt.expert)
797                   {
798                     tty_printf("  ");
799                     if(!cpr_get_answer_is_yes("sign_uid.expired_okay",
800                                               _("Are you sure you still "
801                                                 "want to sign it? (y/N) ")))
802                       continue;
803                   }
804                 else
805                   {
806                     tty_printf(_("  Unable to sign.\n"));
807                     continue;
808                   }
809               }
810             else
811               {
812                 char *answer;
813
814                 tty_printf(_("This key is due to expire on %s.\n"),
815                            expirestr_from_pk(primary_pk));
816
817                 answer=cpr_get("sign_uid.expire",
818                                _("Do you want your signature to "
819                                  "expire at the same time? (Y/n) "));
820                 if(answer_is_yes_no_default(answer,1))
821                   {
822                     /* This fixes the signature timestamp we're going
823                        to make as now.  This is so the expiration date
824                        is exactly correct, and not a few seconds off
825                        (due to the time it takes to answer the
826                        questions, enter the passphrase, etc). */
827                     timestamp=now;
828                     duration=primary_pk->expiredate-now;
829                     force_v4=1;
830                   }
831
832                 cpr_kill_prompt();
833                 m_free(answer);
834               }
835           }
836
837         /* Only ask for duration if we haven't already set it to match
838            the expiration of the pk */
839         if(opt.ask_cert_expire && !duration && !selfsig)
840           duration=ask_expire_interval(1);
841
842         if(duration)
843           force_v4=1;
844
845         /* Is --pgp2 on, it's a v3 key, all the sigs on the key are
846            currently v3 and we're about to sign it with a v4 sig?  If
847            so, danger! */
848         if(PGP2 && all_v3 &&
849            (sk->version>3 || force_v4) && primary_pk->version<=3)
850           {
851             tty_printf(_("You may not make an OpenPGP signature on a "
852                          "PGP 2.x key while in --pgp2 mode.\n"));
853             tty_printf(_("This would make the key unusable in PGP 2.x.\n"));
854
855             if(opt.expert)
856               {
857                 if(!cpr_get_answer_is_yes("sign_uid.v4_on_v3_okay",
858                                           _("Are you sure you still "
859                                             "want to sign it? (y/N) ")))
860                   continue;
861
862                 all_v3=0;
863               }
864             else
865               continue;
866           }
867
868         if(selfsig)
869           ;
870         else
871           {
872             if(opt.batch || !opt.ask_cert_level)
873               class=0x10+opt.def_cert_level;
874             else
875               {
876                 char *answer;
877
878                 tty_printf(_("How carefully have you verified the key you are "
879                              "about to sign actually belongs\nto the person "
880                              "named above?  If you don't know what to "
881                              "answer, enter \"0\".\n"));
882                 tty_printf("\n");
883                 tty_printf(_("   (0) I will not answer.%s\n"),
884                            opt.def_cert_level==0?" (default)":"");
885                 tty_printf(_("   (1) I have not checked at all.%s\n"),
886                            opt.def_cert_level==1?" (default)":"");
887                 tty_printf(_("   (2) I have done casual checking.%s\n"),
888                            opt.def_cert_level==2?" (default)":"");
889                 tty_printf(_("   (3) I have done very careful checking.%s\n"),
890                            opt.def_cert_level==3?" (default)":"");
891                 tty_printf("\n");
892
893                 while(class==0)
894                   {
895                     answer = cpr_get("sign_uid.class",_("Your selection? "
896                                         "(enter `?' for more information): "));
897                     if(answer[0]=='\0')
898                       class=0x10+opt.def_cert_level; /* Default */
899                     else if(ascii_strcasecmp(answer,"0")==0)
900                       class=0x10; /* Generic */
901                     else if(ascii_strcasecmp(answer,"1")==0)
902                       class=0x11; /* Persona */
903                     else if(ascii_strcasecmp(answer,"2")==0)
904                       class=0x12; /* Casual */
905                     else if(ascii_strcasecmp(answer,"3")==0)
906                       class=0x13; /* Positive */
907                     else
908                       tty_printf(_("Invalid selection.\n"));
909
910                     m_free(answer);
911                   }
912               }
913
914             if(trust)
915               trustsig_prompt(&trust_value,&trust_depth,&trust_regexp);
916           }
917
918         p=get_user_id_native(sk_keyid);
919         tty_printf(_("Are you sure that you want to sign this key with your\n"
920                      "key \"%s\" (%s)\n"),p,keystr_from_sk(sk));
921         m_free(p);
922
923         if(selfsig)
924           {
925             tty_printf("\n");
926             tty_printf(_("This will be a self-signature.\n"));
927
928             if( local )
929               {
930                 tty_printf("\n");
931                 tty_printf(
932                          _("WARNING: the signature will not be marked "
933                            "as non-exportable.\n"));
934               }
935
936             if( nonrevocable )
937               {
938                 tty_printf("\n");
939                 tty_printf(
940                          _("WARNING: the signature will not be marked "
941                            "as non-revocable.\n"));
942               }
943           }
944         else
945           {
946             if( local )
947               {
948                 tty_printf("\n");
949                 tty_printf(
950                      _("The signature will be marked as non-exportable.\n"));
951               }
952
953             if( nonrevocable )
954               {
955                 tty_printf("\n");
956                 tty_printf(
957                       _("The signature will be marked as non-revocable.\n"));
958               }
959
960             switch(class)
961               {
962               case 0x11:
963                 tty_printf("\n");
964                 tty_printf(_("I have not checked this key at all.\n"));
965                 break;
966
967               case 0x12:
968                 tty_printf("\n");
969                 tty_printf(_("I have checked this key casually.\n"));
970                 break;
971
972               case 0x13:
973                 tty_printf("\n");
974                 tty_printf(_("I have checked this key very carefully.\n"));
975                 break;
976               }
977           }
978
979         tty_printf("\n");
980
981         if( opt.batch && opt.answer_yes )
982           ;
983         else if( !cpr_get_answer_is_yes("sign_uid.okay",
984                                         _("Really sign? (y/N) ")) )
985             continue;
986
987         /* now we can sign the user ids */
988       reloop: /* (must use this, because we are modifing the list) */
989         primary_pk = NULL;
990         for( node=keyblock; node; node = node->next ) {
991             if( node->pkt->pkttype == PKT_PUBLIC_KEY )
992                 primary_pk = node->pkt->pkt.public_key;
993             else if( node->pkt->pkttype == PKT_USER_ID
994                      && (node->flag & NODFLG_MARK_A) ) {
995                 PACKET *pkt;
996                 PKT_signature *sig;
997                 struct sign_attrib attrib;
998
999                 assert( primary_pk );
1000                 memset( &attrib, 0, sizeof attrib );
1001                 attrib.non_exportable = local;
1002                 attrib.non_revocable = nonrevocable;
1003                 attrib.trust_depth = trust_depth;
1004                 attrib.trust_value = trust_value;
1005                 attrib.trust_regexp = trust_regexp;
1006                 node->flag &= ~NODFLG_MARK_A;
1007
1008                 /* we force creation of a v4 signature for local
1009                  * signatures, otherwise we would not generate the
1010                  * subpacket with v3 keys and the signature becomes
1011                  * exportable */
1012
1013                 if(selfsig)
1014                   rc = make_keysig_packet( &sig, primary_pk,
1015                                            node->pkt->pkt.user_id,
1016                                            NULL,
1017                                            sk,
1018                                            0x13, 0, force_v4?4:0, 0, 0,
1019                                            keygen_add_std_prefs, primary_pk);
1020                 else
1021                   rc = make_keysig_packet( &sig, primary_pk,
1022                                            node->pkt->pkt.user_id,
1023                                            NULL,
1024                                            sk,
1025                                            class, 0, force_v4?4:0,
1026                                            timestamp, duration,
1027                                            sign_mk_attrib, &attrib );
1028                 if( rc ) {
1029                     log_error(_("signing failed: %s\n"), g10_errstr(rc));
1030                     goto leave;
1031                 }
1032
1033                 *ret_modified = 1; /* we changed the keyblock */
1034                 update_trust = 1;
1035
1036                 pkt = m_alloc_clear( sizeof *pkt );
1037                 pkt->pkttype = PKT_SIGNATURE;
1038                 pkt->pkt.signature = sig;
1039                 insert_kbnode( node, new_kbnode(pkt), PKT_SIGNATURE );
1040                 goto reloop;
1041             }
1042         }
1043
1044         /* Delete any sigs that got promoted */
1045         for( node=keyblock; node; node = node->next )
1046           if( node->flag & NODFLG_DELSIG)
1047             delete_kbnode(node);
1048     } /* end loop over signators */
1049
1050   leave:
1051     release_sk_list( sk_list );
1052     if( sk )
1053         free_secret_key(sk);
1054     return rc;
1055 }
1056
1057
1058
1059 /****************
1060  * Change the passphrase of the primary and all secondary keys.
1061  * We use only one passphrase for all keys.
1062  */
1063 static int
1064 change_passphrase( KBNODE keyblock )
1065 {
1066     int rc = 0;
1067     int changed=0;
1068     KBNODE node;
1069     PKT_secret_key *sk;
1070     char *passphrase = NULL;
1071     int no_primary_secrets = 0;
1072     int any;
1073
1074     node = find_kbnode( keyblock, PKT_SECRET_KEY );
1075     if( !node ) {
1076         log_error("Oops; secret key not found anymore!\n");
1077         goto leave;
1078     }
1079     sk = node->pkt->pkt.secret_key;
1080
1081     for (any = 0, node=keyblock; node; node = node->next) {
1082         if (node->pkt->pkttype == PKT_SECRET_KEY 
1083             || node->pkt->pkttype == PKT_SECRET_SUBKEY) {
1084             PKT_secret_key *tmpsk = node->pkt->pkt.secret_key;
1085             if (!(tmpsk->is_protected
1086                   && (tmpsk->protect.s2k.mode == 1001 
1087                       || tmpsk->protect.s2k.mode == 1002))) {
1088                 any = 1;
1089                 break;
1090             }
1091         }
1092     }
1093     if (!any) {
1094         tty_printf (_("Key has only stub or on-card key items - "
1095                       "no passphrase to change.\n"));
1096         goto leave;
1097     }
1098         
1099     /* See how to handle this key.  */
1100     switch( is_secret_key_protected( sk ) ) {
1101       case -1:
1102         rc = G10ERR_PUBKEY_ALGO;
1103         break;
1104       case 0:
1105         tty_printf(_("This key is not protected.\n"));
1106         break;
1107       default:
1108         if( sk->protect.s2k.mode == 1001 ) {
1109             tty_printf(_("Secret parts of primary key are not available.\n"));
1110             no_primary_secrets = 1;
1111         }
1112         else if( sk->protect.s2k.mode == 1002 ) {
1113             tty_printf(_("Secret parts of primary key are stored on-card.\n"));
1114             no_primary_secrets = 1;
1115         }
1116         else {
1117             tty_printf(_("Key is protected.\n"));
1118             rc = check_secret_key( sk, 0 );
1119             if( !rc )
1120                 passphrase = get_last_passphrase();
1121         }
1122         break;
1123     }
1124
1125     /* Unprotect all subkeys (use the supplied passphrase or ask)*/
1126     for(node=keyblock; !rc && node; node = node->next ) {
1127         if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1128             PKT_secret_key *subsk = node->pkt->pkt.secret_key;
1129             if ( !(subsk->is_protected
1130                    && (subsk->protect.s2k.mode == 1001 
1131                        || subsk->protect.s2k.mode == 1002))) {
1132                 set_next_passphrase( passphrase );
1133                 rc = check_secret_key( subsk, 0 );
1134                 if( !rc && !passphrase )
1135                     passphrase = get_last_passphrase();
1136             }
1137         }
1138     }
1139
1140     if( rc )
1141         tty_printf(_("Can't edit this key: %s\n"), g10_errstr(rc));
1142     else {
1143         DEK *dek = NULL;
1144         STRING2KEY *s2k = m_alloc_secure( sizeof *s2k );
1145         const char *errtext = NULL;
1146
1147         tty_printf(_("Enter the new passphrase for this secret key.\n\n") );
1148
1149         set_next_passphrase( NULL );
1150         for(;;) {
1151             s2k->mode = opt.s2k_mode;
1152             s2k->hash_algo = S2K_DIGEST_ALGO;
1153             dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo,
1154                                      s2k, 2, errtext, NULL);
1155             if( !dek ) {
1156                 errtext = N_("passphrase not correctly repeated; try again");
1157                 tty_printf ("%s.\n", _(errtext));
1158             }
1159             else if( !dek->keylen ) {
1160                 rc = 0;
1161                 tty_printf(_( "You don't want a passphrase -"
1162                             " this is probably a *bad* idea!\n\n"));
1163                 if( cpr_get_answer_is_yes("change_passwd.empty.okay",
1164                                _("Do you really want to do this? (y/N) ")))
1165                   {
1166                     changed++;
1167                     break;
1168                   }
1169             }
1170             else { /* okay */
1171                 rc = 0;
1172                 if( !no_primary_secrets ) {
1173                     sk->protect.algo = dek->algo;
1174                     sk->protect.s2k = *s2k;
1175                     rc = protect_secret_key( sk, dek );
1176                 }
1177                 for(node=keyblock; !rc && node; node = node->next ) {
1178                     if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1179                         PKT_secret_key *subsk = node->pkt->pkt.secret_key;
1180                         if ( !(subsk->is_protected
1181                                && (subsk->protect.s2k.mode == 1001 
1182                                    || subsk->protect.s2k.mode == 1002))) {
1183                             subsk->protect.algo = dek->algo;
1184                             subsk->protect.s2k = *s2k;
1185                             rc = protect_secret_key( subsk, dek );
1186                         }
1187                     }
1188                 }
1189                 if( rc )
1190                     log_error("protect_secret_key failed: %s\n",
1191                               g10_errstr(rc) );
1192                 else
1193                     changed++;
1194                 break;
1195             }
1196         }
1197         m_free(s2k);
1198         m_free(dek);
1199     }
1200
1201   leave:
1202     m_free( passphrase );
1203     set_next_passphrase( NULL );
1204     return changed && !rc;
1205 }
1206
1207
1208 /****************
1209  * There are some keys out (due to a bug in gnupg), where the sequence
1210  * of the packets is wrong.  This function fixes that.
1211  * Returns: true if the keyblock has been fixed.
1212  *
1213  * Note:  This function does not work if there is more than one user ID.
1214  */
1215 static int
1216 fix_keyblock( KBNODE keyblock )
1217 {
1218     KBNODE node, last, subkey;
1219     int fixed=0;
1220
1221     /* locate key signatures of class 0x10..0x13 behind sub key packets */
1222     for( subkey=last=NULL, node = keyblock; node;
1223                                             last=node, node = node->next ) {
1224         switch( node->pkt->pkttype ) {
1225           case PKT_PUBLIC_SUBKEY:
1226           case PKT_SECRET_SUBKEY:
1227             if( !subkey )
1228                 subkey = last; /* actually it is the one before the subkey */
1229             break;
1230           case PKT_SIGNATURE:
1231             if( subkey ) {
1232                 PKT_signature *sig = node->pkt->pkt.signature;
1233                 if( sig->sig_class >= 0x10 && sig->sig_class <= 0x13 ) {
1234                     log_info(_(
1235                         "moving a key signature to the correct place\n"));
1236                     last->next = node->next;
1237                     node->next = subkey->next;
1238                     subkey->next = node;
1239                     node = last;
1240                     fixed=1;
1241                 }
1242             }
1243             break;
1244           default: break;
1245         }
1246     }
1247
1248     return fixed;
1249 }
1250
1251 static int
1252 parse_sign_type(const char *str,int *localsig,int *nonrevokesig,int *trustsig)
1253 {
1254   const char *p=str;
1255
1256   while(*p)
1257     {
1258       if(ascii_strncasecmp(p,"l",1)==0)
1259         {
1260           *localsig=1;
1261           p++;
1262         }
1263       else if(ascii_strncasecmp(p,"nr",2)==0)
1264         {
1265           *nonrevokesig=1;
1266           p+=2;
1267         }
1268       else if(ascii_strncasecmp(p,"t",1)==0)
1269         {
1270           *trustsig=1;
1271           p++;
1272         }
1273       else
1274         return 0;
1275     }
1276
1277   return 1;
1278 }
1279
1280 /****************
1281  * Menu driven key editor.  If seckey_check is true, then a secret key
1282  * that matches username will be looked for.  If it is false, not all
1283  * commands will be available.
1284  *
1285  * Note: to keep track of some selection we use node->mark MARKBIT_xxxx.
1286  */
1287
1288 /* Need an SK for this command */
1289 #define KEYEDIT_NEED_SK 1
1290 /* Cannot be viewing the SK for this command */
1291 #define KEYEDIT_NOT_SK  2
1292 /* Must be viewing the SK for this command */
1293 #define KEYEDIT_ONLY_SK 4
1294 /* Match the tail of the string */
1295 #define KEYEDIT_TAIL_MATCH 8
1296
1297 enum cmdids
1298   {
1299     cmdNONE = 0,
1300     cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
1301     cmdREVSIG, cmdREVKEY, cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG,
1302     cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY,
1303     cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF,
1304     cmdEXPIRE, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF, cmdSETPREF,
1305     cmdPREFKS, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, cmdCHKTRUST,
1306     cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdNOP
1307   };
1308
1309 static struct
1310 {
1311   const char *name;
1312   enum cmdids id;
1313   int flags;
1314   const char *desc;
1315 } cmds[] =
1316   { 
1317     { "quit"    , cmdQUIT      , 0, N_("quit this menu") },
1318     { "q"       , cmdQUIT      , 0, NULL   },
1319     { "save"    , cmdSAVE      , 0, N_("save and quit") },
1320     { "help"    , cmdHELP      , 0, N_("show this help") },
1321     { "?"       , cmdHELP      , 0, NULL   },
1322     { "fpr"     , cmdFPR       , 0, N_("show key fingerprint") },
1323     { "list"    , cmdLIST      , 0, N_("list key and user IDs") },
1324     { "l"       , cmdLIST      , 0, NULL   },
1325     { "uid"     , cmdSELUID    , 0, N_("select user ID N") },
1326     { "key"     , cmdSELKEY    , 0, N_("select subkey N") },
1327     { "check"   , cmdCHECK     , 0, N_("check signatures") },
1328     { "c"       , cmdCHECK     , 0, NULL },
1329     { "sign"    , cmdSIGN      , KEYEDIT_NOT_SK|KEYEDIT_TAIL_MATCH,
1330       N_("sign selected user IDs [* see below for related commands]") },
1331     { "s"       , cmdSIGN      , KEYEDIT_NOT_SK, NULL },
1332     /* "lsign" and friends will never match since "sign" comes first
1333        and it is a tail match.  They are just here so they show up in
1334        the help menu. */
1335     { "lsign"   , cmdNOP       , 0, N_("sign selected user IDs locally") },
1336     { "tsign"   , cmdNOP       , 0,
1337       N_("sign selected user IDs with a trust signature") },
1338     { "nrsign"  , cmdNOP       , 0,
1339       N_("sign selected user IDs with a non-revocable signature") },
1340
1341     { "debug"   , cmdDEBUG     , 0, NULL },
1342     { "adduid"  , cmdADDUID    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1343       N_("add a user ID") },
1344     { "addphoto", cmdADDPHOTO  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1345       N_("add a photo ID") },
1346     { "deluid"  , cmdDELUID    , KEYEDIT_NOT_SK,
1347       N_("delete selected user IDs") },
1348     /* delphoto is really deluid in disguise */
1349     { "delphoto", cmdDELUID    , KEYEDIT_NOT_SK, NULL },
1350
1351     { "addkey"  , cmdADDKEY    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1352       N_("add a subkey") },
1353
1354 #ifdef ENABLE_CARD_SUPPORT
1355     { "addcardkey", cmdADDCARDKEY , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1356       N_("add a key to a smartcard") },
1357     { "keytocard", cmdKEYTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK, 
1358       N_("move a key to a smartcard")},
1359     { "bkuptocard", cmdBKUPTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK, 
1360       N_("move a backup key to a smartcard")},
1361 #endif /*ENABLE_CARD_SUPPORT*/
1362
1363     { "delkey"  , cmdDELKEY    , KEYEDIT_NOT_SK,
1364       N_("delete selected subkeys") },
1365     { "addrevoker",cmdADDREVOKER,KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1366       N_("add a revocation key") },
1367     { "delsig"  , cmdDELSIG    , KEYEDIT_NOT_SK,
1368       N_("delete signatures from the selected user IDs") },
1369     { "expire"  , cmdEXPIRE    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1370       N_("change the expiration date for the key or selected subkeys") },
1371     { "primary" , cmdPRIMARY   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1372       N_("flag the selected user ID as primary")},
1373     { "toggle"  , cmdTOGGLE    , KEYEDIT_NEED_SK,
1374       N_("toggle between the secret and public key listings") },
1375     { "t"       , cmdTOGGLE    , KEYEDIT_NEED_SK, NULL },
1376     { "pref"    , cmdPREF      , KEYEDIT_NOT_SK,
1377       N_("list preferences (expert)")},
1378     { "showpref", cmdSHOWPREF  , KEYEDIT_NOT_SK,
1379       N_("list preferences (verbose)") },
1380     { "setpref" , cmdSETPREF   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1381       N_("set preference list for the selected user IDs") },
1382     /* Alias */
1383     { "updpref" , cmdSETPREF   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
1384
1385     { "keyserver",cmdPREFKS    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1386       N_("set preferred keyserver URL for the selected user IDs")},
1387     { "passwd"  , cmdPASSWD    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1388       N_("change the passphrase") },
1389     /* Alias */
1390     { "password", cmdPASSWD    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
1391
1392     { "trust"   , cmdTRUST     , KEYEDIT_NOT_SK, N_("change the ownertrust") },
1393     { "revsig"  , cmdREVSIG    , KEYEDIT_NOT_SK,
1394       N_("revoke signatures on the selected user IDs") },
1395     { "revuid"  , cmdREVUID    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1396       N_("revoke selected user IDs") },
1397     /* Alias */
1398     { "revphoto", cmdREVUID    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
1399
1400     { "revkey"  , cmdREVKEY    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1401       N_("revoke key or selected subkeys") },
1402     { "enable"  , cmdENABLEKEY , KEYEDIT_NOT_SK, N_("enable key") },
1403     { "disable" , cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key") },
1404     { "showphoto",cmdSHOWPHOTO , 0, N_("show selected photo IDs") },
1405     { NULL, cmdNONE, 0, NULL }
1406   };
1407
1408 void
1409 keyedit_menu( const char *username, STRLIST locusr,
1410               STRLIST commands, int quiet, int seckey_check )
1411 {
1412     enum cmdids cmd = 0;
1413     int rc = 0;
1414     KBNODE keyblock = NULL;
1415     KEYDB_HANDLE kdbhd = NULL;
1416     KBNODE sec_keyblock = NULL;
1417     KEYDB_HANDLE sec_kdbhd = NULL;
1418     KBNODE cur_keyblock;
1419     char *answer = NULL;
1420     int redisplay = 1;
1421     int modified = 0;
1422     int sec_modified = 0;
1423     int toggle;
1424     int have_commands = !!commands;
1425
1426     if ( opt.command_fd != -1 )
1427         ;
1428     else if( opt.batch && !have_commands )
1429       {
1430         log_error(_("can't do this in batch mode\n"));
1431         goto leave;
1432       }
1433
1434 #ifdef HAVE_W32_SYSTEM
1435     /* Due to Windows peculiarities we need to make sure that the
1436        trustdb stale check is done before we open another file
1437        (i.e. by searching for a key).  In theory we could make sure
1438        that the files are closed after use but the open/close caches
1439        inhibits that and flushing the cache right before the stale
1440        check is not easy to implement.  Thus we take the easy way out
1441        and run the stale check as early as possible.  Note, that for
1442        non- W32 platforms it is run indirectly trough a call to
1443        get_validity ().  */
1444     check_trustdb_stale ();
1445 #endif
1446
1447     /* Get the public key */
1448     rc = get_pubkey_byname (NULL, username, &keyblock, &kdbhd, 1);
1449     if( rc )
1450         goto leave;
1451     if( fix_keyblock( keyblock ) )
1452         modified++;
1453     if( collapse_uids( &keyblock ) )
1454         modified++;
1455     reorder_keyblock(keyblock);
1456
1457     if(seckey_check)
1458       {/* see whether we have a matching secret key */
1459         PKT_public_key *pk = keyblock->pkt->pkt.public_key;
1460
1461         sec_kdbhd = keydb_new (1);
1462         {
1463             byte afp[MAX_FINGERPRINT_LEN];
1464             size_t an;
1465
1466             fingerprint_from_pk (pk, afp, &an);
1467             while (an < MAX_FINGERPRINT_LEN) 
1468                 afp[an++] = 0;
1469             rc = keydb_search_fpr (sec_kdbhd, afp);
1470         }
1471         if (!rc)
1472           {
1473             rc = keydb_get_keyblock (sec_kdbhd, &sec_keyblock);
1474             if (rc)
1475               {
1476                 log_error (_("error reading secret keyblock \"%s\": %s\n"),
1477                            username, g10_errstr(rc));
1478               }
1479             else
1480               {
1481                 merge_keys_and_selfsig( sec_keyblock );
1482                 if( fix_keyblock( sec_keyblock ) )
1483                   sec_modified++;
1484               }
1485           }
1486
1487         if (rc) {
1488             sec_keyblock = NULL;
1489             keydb_release (sec_kdbhd); sec_kdbhd = NULL;
1490             rc = 0;
1491         }
1492
1493         if( sec_keyblock && !quiet )
1494           tty_printf(_("Secret key is available.\n"));
1495     }
1496
1497     toggle = 0;
1498     cur_keyblock = keyblock;
1499     for(;;) { /* main loop */
1500         int i, arg_number, photo;
1501         const char *arg_string = "";
1502         char *p;
1503         PKT_public_key *pk=keyblock->pkt->pkt.public_key;
1504
1505         tty_printf("\n");
1506         if( redisplay && !quiet )
1507           {
1508             show_key_with_all_names( cur_keyblock, 0, 1, 0, 1, 0 );
1509             tty_printf("\n");
1510             redisplay = 0;
1511           }
1512         do {
1513             m_free(answer);
1514             if( have_commands ) {
1515                 if( commands ) {
1516                     answer = m_strdup( commands->d );
1517                     commands = commands->next;
1518                 }
1519                 else if( opt.batch ) {
1520                     answer = m_strdup("quit");
1521                 }
1522                 else
1523                     have_commands = 0;
1524             }
1525             if( !have_commands ) {
1526                 answer = cpr_get_no_help("keyedit.prompt", _("Command> "));
1527                 cpr_kill_prompt();
1528             }
1529             trim_spaces(answer);
1530         } while( *answer == '#' );
1531
1532         arg_number = 0; /* Yes, here is the init which egcc complains about */
1533         photo = 0; /* This too */
1534         if( !*answer )
1535             cmd = cmdLIST;
1536         else if( *answer == CONTROL_D )
1537             cmd = cmdQUIT;
1538         else if( digitp(answer ) ) {
1539             cmd = cmdSELUID;
1540             arg_number = atoi(answer);
1541         }
1542         else {
1543             if( (p=strchr(answer,' ')) ) {
1544                 *p++ = 0;
1545                 trim_spaces(answer);
1546                 trim_spaces(p);
1547                 arg_number = atoi(p);
1548                 arg_string = p;
1549             }
1550
1551             for(i=0; cmds[i].name; i++ )
1552               {
1553                 if(cmds[i].flags & KEYEDIT_TAIL_MATCH)
1554                   {
1555                     size_t l=strlen(cmds[i].name);
1556                     size_t a=strlen(answer);
1557                     if(a>=l)
1558                       {
1559                         if(ascii_strcasecmp(&answer[a-l],cmds[i].name)==0)
1560                           {
1561                             answer[a-l]='\0';
1562                             break;
1563                           }
1564                       }
1565                   }
1566                 else if( !ascii_strcasecmp( answer, cmds[i].name ) )
1567                   break;
1568               }
1569             if((cmds[i].flags & KEYEDIT_NEED_SK) && !sec_keyblock )
1570               {
1571                 tty_printf(_("Need the secret key to do this.\n"));
1572                 cmd = cmdNOP;
1573               }
1574             else if(((cmds[i].flags & KEYEDIT_NOT_SK) && sec_keyblock
1575                      && toggle)
1576                     ||((cmds[i].flags & KEYEDIT_ONLY_SK) && sec_keyblock
1577                        && !toggle))
1578               {
1579                 tty_printf(_("Please use the command \"toggle\" first.\n"));
1580                 cmd = cmdNOP;
1581               }
1582             else
1583               cmd = cmds[i].id;
1584         }
1585         switch( cmd )
1586           {
1587           case cmdHELP:
1588             for(i=0; cmds[i].name; i++ )
1589               {
1590                 if((cmds[i].flags & KEYEDIT_NEED_SK) && !sec_keyblock )
1591                   ; /* skip if we do not have the secret key */
1592                 else if( cmds[i].desc )
1593                   tty_printf("%-11s %s\n", cmds[i].name, _(cmds[i].desc) );
1594               }
1595
1596             tty_printf("\n");
1597             tty_printf(_(
1598 "* The `sign' command may be prefixed with an `l' for local "
1599 "signatures (lsign),\n"
1600 "  a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
1601 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"));
1602
1603             break;
1604
1605           case cmdLIST:
1606             redisplay = 1;
1607             break;
1608
1609           case cmdFPR:
1610             show_key_and_fingerprint( keyblock );
1611             break;
1612
1613           case cmdSELUID:
1614             if( menu_select_uid( cur_keyblock, arg_number ) )
1615                 redisplay = 1;
1616             break;
1617
1618           case cmdSELKEY:
1619             if( menu_select_key( cur_keyblock, arg_number ) )
1620                 redisplay = 1;
1621             break;
1622
1623           case cmdCHECK:
1624             /* we can only do this with the public key becuase the
1625              * check functions can't cope with secret keys and it
1626              * is questionable whether this would make sense at all */
1627             check_all_keysigs( keyblock, count_selected_uids(keyblock) );
1628             break;
1629
1630           case cmdSIGN: /* sign (only the public key) */
1631             {
1632               int localsig=0,nonrevokesig=0,trustsig=0;
1633
1634               if( pk->is_revoked )
1635                 {
1636                   tty_printf(_("Key is revoked."));
1637
1638                   if(opt.expert)
1639                     {
1640                       tty_printf("  ");
1641                       if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
1642                                                 _("Are you sure you still want"
1643                                                   " to sign it? (y/N) ")))
1644                         break;
1645                     }
1646                   else
1647                     {
1648                       tty_printf(_("  Unable to sign.\n"));
1649                       break;
1650                     }
1651                 }
1652
1653               if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock)
1654                   && !have_commands )
1655                 {
1656                   if( !cpr_get_answer_is_yes("keyedit.sign_all.okay",
1657                                              _("Really sign all user IDs?"
1658                                                " (y/N) ")))
1659                     {
1660                       tty_printf(_("Hint: Select the user IDs to sign\n"));
1661                       break;
1662                     }
1663                 }
1664
1665               /* What sort of signing are we doing? */
1666               if(!parse_sign_type(answer,&localsig,&nonrevokesig,&trustsig))
1667                 {
1668                   tty_printf(_("Unknown signature type `%s'\n"),answer);
1669                   break;
1670                 }
1671
1672               sign_uids(keyblock, locusr, &modified,
1673                         localsig, nonrevokesig, trustsig);
1674             }
1675             break;
1676
1677           case cmdDEBUG:
1678             dump_kbnode( cur_keyblock );
1679             break;
1680
1681           case cmdTOGGLE:
1682             toggle = !toggle;
1683             cur_keyblock = toggle? sec_keyblock : keyblock;
1684             redisplay = 1;
1685             break;
1686
1687           case cmdADDPHOTO:
1688             if (RFC2440 || RFC1991 || PGP2)
1689               {
1690                 tty_printf(
1691                    _("This command is not allowed while in %s mode.\n"),
1692                    RFC2440?"OpenPGP":PGP2?"PGP2":"RFC-1991");
1693                 break;
1694               }
1695             photo=1;
1696             /* fall through */
1697
1698           case cmdADDUID:
1699             if( menu_adduid( keyblock, sec_keyblock, photo ) )
1700               {
1701                 update_trust = 1;
1702                 redisplay = 1;
1703                 sec_modified = modified = 1;
1704                 merge_keys_and_selfsig( sec_keyblock );
1705                 merge_keys_and_selfsig( keyblock );
1706               }
1707             break;
1708
1709           case cmdDELUID: {
1710                 int n1;
1711
1712                 if( !(n1=count_selected_uids(keyblock)) )
1713                     tty_printf(_("You must select at least one user ID.\n"));
1714                 else if( real_uids_left(keyblock) < 1 )
1715                     tty_printf(_("You can't delete the last user ID!\n"));
1716                 else if( cpr_get_answer_is_yes("keyedit.remove.uid.okay",
1717                 n1 > 1? _("Really remove all selected user IDs? (y/N) ")
1718                             : _("Really remove this user ID? (y/N) ")
1719                        ) ) {
1720                     menu_deluid( keyblock, sec_keyblock );
1721                     redisplay = 1;
1722                     modified = 1;
1723                     if( sec_keyblock )
1724                        sec_modified = 1;
1725                 }
1726             }
1727             break;
1728
1729           case cmdDELSIG: {
1730                 int n1;
1731
1732                 if( !(n1=count_selected_uids(keyblock)) )
1733                     tty_printf(_("You must select at least one user ID.\n"));
1734                 else if( menu_delsig( keyblock ) ) {
1735                     /* no redisplay here, because it may scroll away some
1736                      * status output of delsig */
1737                     modified = 1;
1738                 }
1739             }
1740             break;
1741
1742           case cmdADDKEY:
1743             if( generate_subkeypair( keyblock, sec_keyblock ) ) {
1744                 redisplay = 1;
1745                 sec_modified = modified = 1;
1746                 merge_keys_and_selfsig( sec_keyblock );
1747                 merge_keys_and_selfsig( keyblock );
1748             }
1749             break;
1750
1751 #ifdef ENABLE_CARD_SUPPORT
1752           case cmdADDCARDKEY:
1753             if (card_generate_subkey (keyblock, sec_keyblock)) {
1754                 redisplay = 1;
1755                 sec_modified = modified = 1;
1756                 merge_keys_and_selfsig( sec_keyblock );
1757                 merge_keys_and_selfsig( keyblock );
1758             }
1759             break;
1760
1761         case cmdKEYTOCARD:
1762           {
1763             KBNODE node=NULL;
1764             switch ( count_selected_keys (sec_keyblock) )
1765               {
1766               case 0:
1767                 if (cpr_get_answer_is_yes("keyedit.keytocard.use_primary",
1768                                      _("Really move the primary key? (y/N) ")))
1769                   node = sec_keyblock;
1770                 break;
1771               case 1:
1772                 for (node = sec_keyblock; node; node = node->next )
1773                   {
1774                     if (node->pkt->pkttype == PKT_SECRET_SUBKEY 
1775                         && node->flag & NODFLG_SELKEY)
1776                       break;
1777                   }
1778                 break;
1779               default:
1780                 tty_printf(_("You must select exactly one key.\n"));
1781                 break;
1782               }
1783             if (node)
1784               {
1785                 PKT_public_key *xxpk = find_pk_from_sknode (keyblock, node);
1786                 if (card_store_subkey (node, xxpk?xxpk->pubkey_usage:0))
1787                   {
1788                     redisplay = 1;
1789                     sec_modified = 1;
1790                   }
1791               }
1792           }
1793           break;
1794
1795         case cmdBKUPTOCARD:
1796           {
1797             /* Ask for a filename, check whether this is really a
1798                backup key as generated by the card generation, parse
1799                that key and store it on card. */
1800             KBNODE node;
1801             const char *fname;
1802             PACKET *pkt;
1803             IOBUF a;
1804
1805             fname = arg_string;
1806             if (!*fname)
1807               {
1808                 tty_printf (_("Command expects a filename argument\n"));
1809                 break;
1810               }
1811
1812             /* Open that file.  */
1813             a = iobuf_open (fname);
1814             if (a && is_secured_file (iobuf_get_fd (a)))
1815               {
1816                 iobuf_close (a);
1817                 a = NULL;
1818                 errno = EPERM;
1819               }
1820             if (!a)
1821               {
1822                 tty_printf (_("Can't open `%s': %s\n"),
1823                             fname, strerror(errno));
1824                 break;
1825               }
1826             
1827             /* Parse and check that file.  */
1828             pkt = xmalloc (sizeof *pkt);
1829             init_packet (pkt);
1830             rc = parse_packet (a, pkt);
1831             iobuf_close (a);
1832             iobuf_ioctl (NULL, 2, 0, (char*)fname); /* (invalidate cache).  */
1833             if (!rc 
1834                 && pkt->pkttype != PKT_SECRET_KEY 
1835                 && pkt->pkttype != PKT_SECRET_SUBKEY)
1836               rc = G10ERR_NO_SECKEY;
1837             if (rc)
1838               {
1839                 tty_printf(_("Error reading backup key from `%s': %s\n"),
1840                            fname, g10_errstr (rc));
1841                 free_packet (pkt);
1842                 xfree (pkt);
1843                 break;
1844               }
1845             node = new_kbnode (pkt);
1846
1847             /* Store it.  */
1848             if (card_store_subkey (node, 0))
1849               {
1850                 redisplay = 1;
1851                 sec_modified = 1;
1852               }
1853             release_kbnode (node);
1854           }
1855           break;
1856
1857 #endif /* ENABLE_CARD_SUPPORT */
1858
1859           case cmdDELKEY: {
1860                 int n1;
1861
1862                 if( !(n1=count_selected_keys( keyblock )) )
1863                     tty_printf(_("You must select at least one key.\n"));
1864                 else if( !cpr_get_answer_is_yes( "keyedit.remove.subkey.okay",
1865                        n1 > 1?
1866                    _("Do you really want to delete the selected keys? (y/N) "):
1867                         _("Do you really want to delete this key? (y/N) ")
1868                        ))
1869                     ;
1870                 else {
1871                     menu_delkey( keyblock, sec_keyblock );
1872                     redisplay = 1;
1873                     modified = 1;
1874                     if( sec_keyblock )
1875                        sec_modified = 1;
1876                 }
1877             }
1878             break;
1879
1880           case cmdADDREVOKER:
1881             {
1882               int sensitive=0;
1883
1884               if(arg_string && ascii_strcasecmp(arg_string,"sensitive")==0)
1885                 sensitive=1;
1886               if( menu_addrevoker( keyblock, sec_keyblock, sensitive ) ) {
1887                 redisplay = 1;
1888                 sec_modified = modified = 1;
1889                 merge_keys_and_selfsig( sec_keyblock );
1890                 merge_keys_and_selfsig( keyblock );
1891               }
1892             }
1893             break;
1894
1895           case cmdREVUID: {
1896                 int n1;
1897
1898                 if( !(n1=count_selected_uids(keyblock)) )
1899                     tty_printf(_("You must select at least one user ID.\n"));
1900                 else if( cpr_get_answer_is_yes(
1901                             "keyedit.revoke.uid.okay",
1902                        n1 > 1? _("Really revoke all selected user IDs? (y/N) ")
1903                              : _("Really revoke this user ID? (y/N) ")
1904                        ) ) {
1905                   if(menu_revuid(keyblock,sec_keyblock))
1906                     {
1907                       modified=1;
1908                       redisplay=1;
1909                     }
1910                 }
1911             }
1912             break;
1913
1914           case cmdREVKEY:
1915             {
1916               int n1;
1917
1918               if( !(n1=count_selected_keys( keyblock )) )
1919                 {
1920                   if(cpr_get_answer_is_yes("keyedit.revoke.subkey.okay",
1921                                            _("Do you really want to revoke"
1922                                              " the entire key? (y/N) ")))
1923                     {
1924                       if(menu_revkey(keyblock,sec_keyblock))
1925                         modified=1;
1926
1927                       redisplay=1;
1928                     }
1929                 }
1930               else if(cpr_get_answer_is_yes("keyedit.revoke.subkey.okay",
1931                                             n1 > 1?
1932                                             _("Do you really want to revoke"
1933                                               " the selected subkeys? (y/N) "):
1934                                             _("Do you really want to revoke"
1935                                               " this subkey? (y/N) ")))
1936                 {
1937                   if( menu_revsubkey( keyblock, sec_keyblock ) )
1938                     modified = 1;
1939
1940                   redisplay = 1;
1941                 }
1942
1943               if(modified)
1944                 merge_keys_and_selfsig( keyblock );
1945             }
1946             break;
1947
1948           case cmdEXPIRE:
1949             if( menu_expire( keyblock, sec_keyblock ) )
1950               {
1951                 merge_keys_and_selfsig( sec_keyblock );
1952                 merge_keys_and_selfsig( keyblock );
1953                 sec_modified = 1;
1954                 modified = 1;
1955                 redisplay = 1;
1956               }
1957             break;
1958
1959           case cmdPRIMARY:
1960             if( menu_set_primary_uid ( keyblock, sec_keyblock ) ) {
1961                 merge_keys_and_selfsig( keyblock );
1962                 modified = 1;
1963                 redisplay = 1;
1964             }
1965             break;
1966
1967           case cmdPASSWD:
1968             if( change_passphrase( sec_keyblock ) )
1969                 sec_modified = 1;
1970             break;
1971
1972           case cmdTRUST:
1973             if(opt.trust_model==TM_EXTERNAL)
1974               {
1975                 tty_printf(_("Owner trust may not be set while "
1976                              "using an user provided trust database\n"));
1977                 break;
1978               }
1979
1980             show_key_with_all_names( keyblock, 0, 0, 0, 1, 0 );
1981             tty_printf("\n");
1982             if( edit_ownertrust( find_kbnode( keyblock,
1983                                  PKT_PUBLIC_KEY )->pkt->pkt.public_key, 1 ) ) {
1984                 redisplay = 1;
1985                 /* No real need to set update_trust here as
1986                    edit_ownertrust() calls revalidation_mark()
1987                    anyway. */
1988                 update_trust=1;
1989             }
1990             break;
1991
1992           case cmdPREF:
1993             show_key_with_all_names( keyblock, 0, 0, 0, 0, 1 );
1994             break;
1995
1996           case cmdSHOWPREF:
1997             show_key_with_all_names( keyblock, 0, 0, 0, 0, 2 );
1998             break;
1999
2000           case cmdSETPREF:
2001             {
2002               PKT_user_id *tempuid;
2003
2004               keygen_set_std_prefs(!*arg_string?"default" : arg_string, 0);
2005
2006               tempuid=keygen_get_std_prefs();
2007               tty_printf(_("Set preference list to:\n"));
2008               show_prefs(tempuid,NULL,1);
2009               free_user_id(tempuid);
2010
2011               if(cpr_get_answer_is_yes("keyedit.setpref.okay",
2012                                        count_selected_uids (keyblock)?
2013                                        _("Really update the preferences"
2014                                          " for the selected user IDs? (y/N) "):
2015                                        _("Really update the preferences? (y/N) ")))
2016                 {
2017                   if ( menu_set_preferences (keyblock, sec_keyblock) )
2018                     {
2019                       merge_keys_and_selfsig (keyblock);
2020                       modified = 1;
2021                       redisplay = 1;
2022                     }
2023                 }
2024             }
2025             break;
2026
2027           case cmdPREFKS:
2028             if( menu_set_keyserver_url ( *arg_string?arg_string:NULL,
2029                                          keyblock, sec_keyblock ) )
2030               {
2031                 merge_keys_and_selfsig( keyblock );
2032                 modified = 1;
2033                 redisplay = 1;
2034               }
2035             break;
2036
2037           case cmdNOP:
2038             break;
2039
2040           case cmdREVSIG:
2041             if( menu_revsig( keyblock ) ) {
2042                 redisplay = 1;
2043                 modified = 1;
2044             }
2045             break;
2046
2047           case cmdENABLEKEY:
2048           case cmdDISABLEKEY:
2049             if( enable_disable_key( keyblock, cmd == cmdDISABLEKEY ) ) {
2050                 redisplay = 1;
2051                 modified = 1;
2052             }
2053             break;
2054
2055          case cmdSHOWPHOTO:
2056            menu_showphoto(keyblock);
2057            break;
2058
2059           case cmdQUIT:
2060             if( have_commands )
2061                 goto leave;
2062             if( !modified && !sec_modified )
2063                 goto leave;
2064             if( !cpr_get_answer_is_yes("keyedit.save.okay",
2065                                         _("Save changes? (y/N) ")) ) {
2066                 if( cpr_enabled()
2067                     || cpr_get_answer_is_yes("keyedit.cancel.okay",
2068                                              _("Quit without saving? (y/N) ")))
2069                     goto leave;
2070                 break;
2071             }
2072             /* fall thru */
2073           case cmdSAVE:
2074             if( modified || sec_modified  ) {
2075                 if( modified ) {
2076                     rc = keydb_update_keyblock (kdbhd, keyblock);
2077                     if( rc ) {
2078                         log_error(_("update failed: %s\n"), g10_errstr(rc) );
2079                         break;
2080                     }
2081                 }
2082                 if( sec_modified ) {
2083                     rc = keydb_update_keyblock (sec_kdbhd, sec_keyblock );
2084                     if( rc ) {
2085                         log_error( _("update secret failed: %s\n"),
2086                                    g10_errstr(rc) );
2087                         break;
2088                     }
2089                 }
2090             }
2091             else
2092                 tty_printf(_("Key not changed so no update needed.\n"));
2093
2094             if( update_trust )
2095               {
2096                 revalidation_mark ();
2097                 update_trust=0;
2098               }
2099             goto leave;
2100
2101           case cmdINVCMD:
2102           default:
2103             tty_printf("\n");
2104             tty_printf(_("Invalid command  (try \"help\")\n"));
2105             break;
2106         }
2107     } /* end main loop */
2108
2109   leave:
2110     release_kbnode( keyblock );
2111     release_kbnode( sec_keyblock );
2112     keydb_release (kdbhd);
2113     m_free(answer);
2114 }
2115
2116
2117 /****************
2118  * show preferences of a public keyblock.
2119  */
2120 static void
2121 show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
2122 {
2123     const prefitem_t fake={0,0};
2124     const prefitem_t *prefs;
2125     int i;
2126
2127     if( !uid )
2128         return;
2129
2130     if( uid->prefs )
2131         prefs=uid->prefs;
2132     else if(verbose)
2133         prefs=&fake;
2134     else
2135       return;
2136
2137     if (verbose) {
2138         int any, des_seen=0, sha1_seen=0, uncomp_seen=0;
2139
2140         tty_printf ("     ");
2141         tty_printf (_("Cipher: "));
2142         for(i=any=0; prefs[i].type; i++ ) {
2143             if( prefs[i].type == PREFTYPE_SYM ) {
2144                 const char *s = cipher_algo_to_string (prefs[i].value);
2145                 
2146                 if (any)
2147                     tty_printf (", ");
2148                 any = 1;
2149                 /* We don't want to display strings for experimental algos */
2150                 if (s && prefs[i].value < 100 )
2151                     tty_printf ("%s", s );
2152                 else
2153                     tty_printf ("[%d]", prefs[i].value);
2154                 if (prefs[i].value == CIPHER_ALGO_3DES )
2155                     des_seen = 1;
2156             }    
2157         }
2158         if (!des_seen) {
2159             if (any)
2160                 tty_printf (", ");
2161             tty_printf ("%s",cipher_algo_to_string(CIPHER_ALGO_3DES));
2162         }
2163         tty_printf ("\n     ");
2164         tty_printf (_("Digest: "));
2165         for(i=any=0; prefs[i].type; i++ ) {
2166             if( prefs[i].type == PREFTYPE_HASH ) {
2167                 const char *s = digest_algo_to_string (prefs[i].value);
2168                 
2169                 if (any)
2170                     tty_printf (", ");
2171                 any = 1;
2172                 /* We don't want to display strings for experimental algos */
2173                 if (s && prefs[i].value < 100 )
2174                     tty_printf ("%s", s );
2175                 else
2176                     tty_printf ("[%d]", prefs[i].value);
2177                 if (prefs[i].value == DIGEST_ALGO_SHA1 )
2178                     sha1_seen = 1;
2179             }
2180         }
2181         if (!sha1_seen) {
2182             if (any)
2183                 tty_printf (", ");
2184             tty_printf ("%s",digest_algo_to_string(DIGEST_ALGO_SHA1));
2185         }
2186         tty_printf ("\n     ");
2187         tty_printf (_("Compression: "));
2188         for(i=any=0; prefs[i].type; i++ ) {
2189             if( prefs[i].type == PREFTYPE_ZIP ) {
2190                 const char *s=compress_algo_to_string(prefs[i].value);
2191                 
2192                 if (any)
2193                     tty_printf (", ");
2194                 any = 1;
2195                 /* We don't want to display strings for experimental algos */
2196                 if (s && prefs[i].value < 100 )
2197                     tty_printf ("%s", s );
2198                 else
2199                     tty_printf ("[%d]", prefs[i].value);
2200                 if (prefs[i].value == COMPRESS_ALGO_NONE )
2201                     uncomp_seen = 1;
2202             }
2203         }
2204         if (!uncomp_seen) {
2205             if (any)
2206                 tty_printf (", ");
2207             else {
2208               tty_printf ("%s",compress_algo_to_string(COMPRESS_ALGO_ZIP));
2209               tty_printf (", ");
2210             }
2211             tty_printf ("%s",compress_algo_to_string(COMPRESS_ALGO_NONE));
2212         }
2213         if(uid->mdc_feature || !uid->ks_modify)
2214           {
2215             tty_printf ("\n     ");
2216             tty_printf (_("Features: "));
2217             any=0;
2218             if(uid->mdc_feature)
2219               {
2220                 tty_printf ("MDC");
2221                 any=1;
2222               }
2223             if(!uid->ks_modify)
2224               {
2225                 if(any)
2226                   tty_printf (", ");
2227                 tty_printf (_("Keyserver no-modify"));
2228               }
2229           }
2230         tty_printf("\n");
2231
2232         if(selfsig)
2233           {
2234             const byte *pref_ks;
2235             size_t pref_ks_len;
2236
2237             pref_ks=parse_sig_subpkt(selfsig->hashed,
2238                                      SIGSUBPKT_PREF_KS,&pref_ks_len);
2239             if(pref_ks && pref_ks_len)
2240               {
2241                 tty_printf ("     ");
2242                 tty_printf(_("Preferred keyserver: "));
2243                 tty_print_utf8_string(pref_ks,pref_ks_len);
2244                 tty_printf("\n");
2245               }
2246           }
2247     }
2248     else {
2249         tty_printf("    ");
2250         for(i=0; prefs[i].type; i++ ) {
2251             tty_printf( " %c%d", prefs[i].type == PREFTYPE_SYM   ? 'S' :
2252                                  prefs[i].type == PREFTYPE_HASH  ? 'H' :
2253                                  prefs[i].type == PREFTYPE_ZIP ? 'Z':'?',
2254                                  prefs[i].value);
2255         }
2256         if (uid->mdc_feature)
2257             tty_printf (" [mdc]");
2258         if (!uid->ks_modify)
2259             tty_printf (" [no-ks-modify]");
2260         tty_printf("\n");
2261     }
2262 }
2263
2264
2265 /* This is the version of show_key_with_all_names used when
2266    opt.with_colons is used.  It prints all available data in a easy to
2267    parse format and does not translate utf8 */
2268 static void
2269 show_key_with_all_names_colon (KBNODE keyblock)
2270 {
2271   KBNODE node;
2272   int i, j, ulti_hack=0;
2273   byte pk_version=0;
2274   PKT_public_key *primary=NULL;
2275
2276   /* the keys */
2277   for ( node = keyblock; node; node = node->next )
2278     {
2279       if (node->pkt->pkttype == PKT_PUBLIC_KEY
2280           || (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) )
2281         {
2282           PKT_public_key *pk = node->pkt->pkt.public_key;
2283           u32 keyid[2];
2284
2285           if (node->pkt->pkttype == PKT_PUBLIC_KEY)
2286             {
2287               pk_version = pk->version;
2288               primary=pk;
2289             }
2290
2291           keyid_from_pk (pk, keyid);
2292
2293           fputs (node->pkt->pkttype == PKT_PUBLIC_KEY?"pub:":"sub:", stdout);
2294           if (!pk->is_valid)
2295             putchar ('i');
2296           else if (pk->is_revoked)
2297             putchar ('r');
2298           else if (pk->has_expired)
2299             putchar ('e');
2300           else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks ))
2301             {
2302               int trust = get_validity_info (pk, NULL);
2303               if(trust=='u')
2304                 ulti_hack=1;
2305               putchar (trust);
2306             }
2307
2308           printf (":%u:%d:%08lX%08lX:%lu:%lu::",
2309                   nbits_from_pk (pk),
2310                   pk->pubkey_algo,
2311                   (ulong)keyid[0], (ulong)keyid[1],
2312                   (ulong)pk->timestamp,
2313                   (ulong)pk->expiredate );
2314           if (node->pkt->pkttype==PKT_PUBLIC_KEY
2315               && !(opt.fast_list_mode || opt.no_expensive_trust_checks ))
2316             putchar(get_ownertrust_info (pk));
2317           putchar(':');
2318           putchar('\n');
2319           
2320           print_fingerprint (pk, NULL, 0);
2321
2322           /* print the revoker record */
2323           if( !pk->revkey && pk->numrevkeys )
2324             BUG();
2325           else
2326             {
2327               for (i=0; i < pk->numrevkeys; i++)
2328                 {
2329                   byte *p;
2330
2331                   printf ("rvk:::%d::::::", pk->revkey[i].algid);
2332                   p = pk->revkey[i].fpr;
2333                   for (j=0; j < 20; j++, p++ )
2334                     printf ("%02X", *p);
2335                   printf (":%02x%s:\n", pk->revkey[i].class,
2336                           (pk->revkey[i].class&0x40)?"s":"");
2337                 }
2338             }
2339         }
2340     }
2341   
2342     /* the user ids */
2343     i = 0;
2344     for (node = keyblock; node; node = node->next) 
2345       {
2346         if ( node->pkt->pkttype == PKT_USER_ID )
2347           {
2348             PKT_user_id *uid = node->pkt->pkt.user_id;
2349
2350             ++i;
2351
2352             if(uid->attrib_data)
2353               printf("uat:");
2354             else
2355               printf("uid:");
2356
2357             if ( uid->is_revoked )
2358               printf("r::::::::");
2359             else if ( uid->is_expired )
2360               printf("e::::::::");
2361             else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
2362               printf("::::::::");
2363             else
2364               {
2365                 int uid_validity;
2366
2367                 if( primary && !ulti_hack )
2368                   uid_validity = get_validity_info( primary, uid );
2369                 else
2370                   uid_validity = 'u';
2371                 printf("%c::::::::",uid_validity);
2372               }
2373
2374             if(uid->attrib_data)
2375               printf ("%u %lu",uid->numattribs,uid->attrib_len);
2376             else
2377               print_string (stdout, uid->name, uid->len, ':');
2378
2379             putchar (':');
2380             /* signature class */
2381             putchar (':');
2382             /* capabilities */
2383             putchar (':');
2384             /* preferences */
2385             if (pk_version>3 || uid->selfsigversion>3)
2386               {
2387                 const prefitem_t *prefs = uid->prefs;
2388                 
2389                 for (j=0; prefs && prefs[j].type; j++)
2390                   {
2391                     if (j)
2392                       putchar (' ');
2393                     printf ("%c%d", prefs[j].type == PREFTYPE_SYM   ? 'S' :
2394                             prefs[j].type == PREFTYPE_HASH  ? 'H' :
2395                             prefs[j].type == PREFTYPE_ZIP ? 'Z':'?',
2396                             prefs[j].value);
2397                   } 
2398                 if (uid->mdc_feature)
2399                   printf (",mdc");
2400                 if (!uid->ks_modify)
2401                   printf (",no-ks-modify");
2402               } 
2403             putchar (':');
2404             /* flags */
2405             printf ("%d,", i);
2406             if (uid->is_primary)
2407               putchar ('p');
2408             if (uid->is_revoked)
2409               putchar ('r');
2410             if (uid->is_expired)
2411               putchar ('e');
2412             if ((node->flag & NODFLG_SELUID))
2413               putchar ('s');
2414             if ((node->flag & NODFLG_MARK_A))
2415               putchar ('m');
2416             putchar (':');
2417             putchar('\n');
2418           }
2419       }
2420 }
2421
2422
2423 /****************
2424  * Display the key a the user ids, if only_marked is true, do only
2425  * so for user ids with mark A flag set and dont display the index number
2426  */
2427 static void
2428 show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
2429                          int with_fpr, int with_subkeys, int with_prefs )
2430 {
2431     KBNODE node;
2432     int i;
2433     int do_warn = 0;
2434     byte pk_version=0;
2435     PKT_public_key *primary=NULL;
2436
2437     if (opt.with_colons)
2438       {
2439         show_key_with_all_names_colon (keyblock);
2440         return;
2441       }
2442
2443     /* the keys */
2444     for( node = keyblock; node; node = node->next ) {
2445         if( node->pkt->pkttype == PKT_PUBLIC_KEY
2446             || (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY) ) {
2447             PKT_public_key *pk = node->pkt->pkt.public_key;
2448             const char *otrust="err",*trust="err";
2449
2450             if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
2451                 /* do it here, so that debug messages don't clutter the
2452                  * output */
2453                 static int did_warn = 0;
2454
2455                 trust = get_validity_string (pk, NULL);
2456                 otrust = get_ownertrust_string (pk);
2457
2458                 /* Show a warning once */
2459                 if (!did_warn
2460                     && (get_validity (pk, NULL) & TRUST_FLAG_PENDING_CHECK)) {
2461                     did_warn = 1;
2462                     do_warn = 1;
2463                 }
2464
2465                 pk_version=pk->version;
2466                 primary=pk;
2467             }
2468
2469             if(pk->is_revoked)
2470               {
2471                 char *user=get_user_id_string_native(pk->revoked.keyid);
2472                 const char *algo=pubkey_algo_to_string(pk->revoked.algo);
2473                 tty_printf(_("This key was revoked on %s by %s key %s\n"),
2474                            revokestr_from_pk(pk),algo?algo:"?",user);
2475                 m_free(user);
2476               }
2477
2478             if(with_revoker)
2479               {
2480                 if( !pk->revkey && pk->numrevkeys )
2481                   BUG();
2482                 else
2483                   for(i=0;i<pk->numrevkeys;i++)
2484                     {
2485                       u32 r_keyid[2];
2486                       char *user;
2487                       const char *algo=
2488                         pubkey_algo_to_string(pk->revkey[i].algid);
2489
2490                       keyid_from_fingerprint(pk->revkey[i].fpr,
2491                                              MAX_FINGERPRINT_LEN,r_keyid);
2492
2493                       user=get_user_id_string_native(r_keyid);
2494                       tty_printf(_("This key may be revoked by %s key %s"),
2495                                  algo?algo:"?",user);
2496
2497                       if(pk->revkey[i].class&0x40)
2498                         {
2499                           tty_printf(" ");
2500                           tty_printf(_("(sensitive)"));
2501                         }
2502
2503                       tty_printf ("\n");
2504                       m_free(user);
2505                     }
2506               }
2507
2508             keyid_from_pk(pk,NULL);
2509             tty_printf("%s%c %4u%c/%s  ",
2510                        node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
2511                        (node->flag & NODFLG_SELKEY)? '*':' ',
2512                        nbits_from_pk( pk ),
2513                        pubkey_letter( pk->pubkey_algo ),
2514                        keystr(pk->keyid));
2515
2516             tty_printf(_("created: %s"),datestr_from_pk(pk));
2517             tty_printf("  ");
2518             if(pk->is_revoked)
2519               tty_printf(_("revoked: %s"),revokestr_from_pk(pk));
2520             else if(pk->has_expired)
2521               tty_printf(_("expired: %s"),expirestr_from_pk(pk));
2522             else
2523               tty_printf(_("expires: %s"),expirestr_from_pk(pk));
2524             tty_printf("  ");
2525             tty_printf(_("usage: %s"),usagestr_from_pk(pk));
2526             tty_printf("\n");
2527
2528             if( node->pkt->pkttype == PKT_PUBLIC_KEY )
2529               {
2530                 if(opt.trust_model!=TM_ALWAYS)
2531                   {
2532                     tty_printf("%*s", (int)keystrlen()+13,"");
2533                     /* Ownertrust is only meaningful for the PGP or
2534                        classic trust models */
2535                     if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
2536                       {
2537                         int width=14-strlen(otrust);
2538                         if(width<=0)
2539                           width=1;
2540                         tty_printf(_("trust: %s"), otrust);
2541                         tty_printf("%*s",width,"");
2542                       }
2543                     
2544                     tty_printf(_("validity: %s"), trust );
2545                     tty_printf("\n");
2546                   }
2547                 if( node->pkt->pkttype == PKT_PUBLIC_KEY
2548                     && (get_ownertrust (pk)&TRUST_FLAG_DISABLED))
2549                   {
2550                     tty_printf("*** ");
2551                     tty_printf(_("This key has been disabled"));
2552                     tty_printf("\n");
2553                   }
2554               }
2555
2556             if( node->pkt->pkttype == PKT_PUBLIC_KEY && with_fpr )
2557               {
2558                 print_fingerprint ( pk, NULL, 2 );
2559                 tty_printf("\n");
2560               }
2561         }
2562         else if( node->pkt->pkttype == PKT_SECRET_KEY
2563             || (with_subkeys && node->pkt->pkttype == PKT_SECRET_SUBKEY) )
2564           {
2565             PKT_secret_key *sk = node->pkt->pkt.secret_key;
2566             tty_printf("%s%c %4u%c/%s  ",
2567                        node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
2568                        (node->flag & NODFLG_SELKEY)? '*':' ',
2569                        nbits_from_sk( sk ),
2570                        pubkey_letter( sk->pubkey_algo ),
2571                        keystr_from_sk(sk));
2572             tty_printf(_("created: %s"),datestr_from_sk(sk));
2573             tty_printf("  ");
2574             tty_printf(_("expires: %s"),expirestr_from_sk(sk));
2575             tty_printf("\n");
2576             if (sk->is_protected && sk->protect.s2k.mode == 1002)
2577               {
2578                 tty_printf("                     ");
2579                 tty_printf(_("card-no: ")); 
2580                 if (sk->protect.ivlen == 16
2581                     && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
2582                   { /* This is an OpenPGP card. */
2583                     for (i=8; i < 14; i++)
2584                       {
2585                         if (i == 10)
2586                           tty_printf (" ");
2587                         tty_printf ("%02X", sk->protect.iv[i]);
2588                       }
2589                   }
2590                 else
2591                   { /* Something is wrong: Print all. */
2592                     for (i=0; i < sk->protect.ivlen; i++)
2593                       tty_printf ("%02X", sk->protect.iv[i]);
2594                   }
2595                 tty_printf ("\n");
2596               }
2597           }
2598     }
2599     
2600     /* the user ids */
2601
2602     i = 0;
2603     for( node = keyblock; node; node = node->next )
2604       {
2605         if( node->pkt->pkttype == PKT_USER_ID )
2606           {
2607             PKT_user_id *uid = node->pkt->pkt.user_id;
2608             ++i;
2609             if( !only_marked || (only_marked && (node->flag & NODFLG_MARK_A)))
2610               {
2611                 if(!only_marked && primary)
2612                   tty_printf("%s ",uid_trust_string_fixed(primary,uid));
2613
2614                 if( only_marked )
2615                   tty_printf("     ");
2616                 else if( node->flag & NODFLG_SELUID )
2617                   tty_printf("(%d)* ", i);
2618                 else if( uid->is_primary )
2619                   tty_printf("(%d). ", i);
2620                 else
2621                   tty_printf("(%d)  ", i);
2622                 tty_print_utf8_string( uid->name, uid->len );
2623                 tty_printf("\n");
2624                 if( with_prefs )
2625                   {
2626                     if(pk_version>3 || uid->selfsigversion>3)
2627                       {
2628                         PKT_signature *selfsig=NULL;
2629                         KBNODE signode;
2630
2631                         for(signode=node->next;
2632                             signode && signode->pkt->pkttype==PKT_SIGNATURE;
2633                             signode=signode->next)
2634                           {
2635                             if(signode->pkt->pkt.signature->
2636                                flags.chosen_selfsig)
2637                               {
2638                                 selfsig=signode->pkt->pkt.signature;
2639                                 break;
2640                               }
2641                           }
2642
2643                         show_prefs (uid, selfsig, with_prefs == 2);
2644                       }
2645                     else
2646                       tty_printf(_("There are no preferences on a"
2647                                    " PGP 2.x-style user ID.\n"));
2648                   }
2649               }
2650           }
2651       }
2652
2653     if (do_warn)
2654         tty_printf (_("Please note that the shown key validity"
2655                       " is not necessarily correct\n"
2656                       "unless you restart the program.\n")); 
2657 }
2658
2659
2660 /* Display basic key information.  This fucntion is suitable to show
2661    information on the key without any dependencies on the trustdb or
2662    any other internal GnuPG stuff.  KEYBLOCK may either be a public or
2663    a secret key.*/
2664 void
2665 show_basic_key_info ( KBNODE keyblock )
2666 {
2667   KBNODE node;
2668   int i;
2669
2670   /* The primary key */
2671   for (node = keyblock; node; node = node->next)
2672     {
2673       if (node->pkt->pkttype == PKT_PUBLIC_KEY)
2674         {
2675           PKT_public_key *pk = node->pkt->pkt.public_key;
2676           
2677           /* Note, we use the same format string as in other show
2678              functions to make the translation job easier. */
2679           tty_printf ("%s  %4u%c/%s  ",
2680                       node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
2681                       nbits_from_pk( pk ),
2682                       pubkey_letter( pk->pubkey_algo ),
2683                       keystr_from_pk(pk));
2684           tty_printf(_("created: %s"),datestr_from_pk(pk));
2685           tty_printf("  ");
2686           tty_printf(_("expires: %s"),expirestr_from_pk(pk));
2687           tty_printf("\n");
2688           print_fingerprint ( pk, NULL, 3 );
2689           tty_printf("\n");
2690         }
2691       else if (node->pkt->pkttype == PKT_SECRET_KEY)
2692         {
2693           PKT_secret_key *sk = node->pkt->pkt.secret_key;
2694           tty_printf("%s  %4u%c/%s",
2695                      node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
2696                      nbits_from_sk( sk ),
2697                      pubkey_letter( sk->pubkey_algo ),
2698                      keystr_from_sk(sk));
2699           tty_printf(_("created: %s"),datestr_from_sk(sk));
2700           tty_printf("  ");
2701           tty_printf(_("expires: %s"),expirestr_from_sk(sk));
2702           tty_printf("\n");
2703           print_fingerprint (NULL, sk, 3 );
2704           tty_printf("\n");
2705         }
2706     }
2707
2708   /* The user IDs. */
2709   for (i=0, node = keyblock; node; node = node->next)
2710     {
2711       if (node->pkt->pkttype == PKT_USER_ID)
2712         {
2713           PKT_user_id *uid = node->pkt->pkt.user_id;
2714           ++i;
2715      
2716           tty_printf ("     ");
2717           if (uid->is_revoked)
2718             tty_printf("[%s] ",_("revoked"));
2719           else if ( uid->is_expired )
2720             tty_printf("[%s] ",_("expired"));
2721           tty_print_utf8_string (uid->name, uid->len);
2722           tty_printf ("\n");
2723         }
2724     }
2725 }
2726
2727 static void
2728 show_key_and_fingerprint( KBNODE keyblock )
2729 {
2730   KBNODE node;
2731   PKT_public_key *pk = NULL;
2732
2733   for( node = keyblock; node; node = node->next )
2734     {
2735       if( node->pkt->pkttype == PKT_PUBLIC_KEY )
2736         {
2737           pk = node->pkt->pkt.public_key;
2738           tty_printf("pub   %4u%c/%s %s ",
2739                      nbits_from_pk( pk ),
2740                      pubkey_letter( pk->pubkey_algo ),
2741                      keystr_from_pk(pk),
2742                      datestr_from_pk(pk) );
2743         }
2744       else if( node->pkt->pkttype == PKT_USER_ID )
2745         {
2746           PKT_user_id *uid = node->pkt->pkt.user_id;
2747           tty_print_utf8_string( uid->name, uid->len );
2748           break;
2749         }
2750     }
2751   tty_printf("\n");
2752   if( pk )
2753     print_fingerprint( pk, NULL, 2 );
2754 }
2755
2756
2757 /* Show a warning if no uids on the key have the primary uid flag
2758    set. */
2759 static void
2760 no_primary_warning(KBNODE keyblock)
2761 {
2762   KBNODE node;
2763   int have_primary=0,uid_count=0;
2764
2765   /* TODO: if we ever start behaving differently with a primary or
2766      non-primary attribute ID, we will need to check for attributes
2767      here as well. */
2768
2769   for(node=keyblock; node; node = node->next)
2770     {
2771       if(node->pkt->pkttype==PKT_USER_ID
2772          && node->pkt->pkt.user_id->attrib_data==NULL)
2773         {
2774           uid_count++;
2775
2776           if(node->pkt->pkt.user_id->is_primary==2)
2777             {
2778               have_primary=1;
2779               break;
2780             }
2781         }
2782     }
2783
2784   if(uid_count>1 && !have_primary)
2785     log_info(_("WARNING: no user ID has been marked as primary.  This command"
2786                " may\n              cause a different user ID to become"
2787                " the assumed primary.\n"));
2788 }
2789
2790 /****************
2791  * Ask for a new user id, do the selfsignature and put it into
2792  * both keyblocks.
2793  * Return true if there is a new user id
2794  */
2795 static int
2796 menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
2797 {
2798     PKT_user_id *uid;
2799     PKT_public_key *pk=NULL;
2800     PKT_secret_key *sk=NULL;
2801     PKT_signature *sig=NULL;
2802     PACKET *pkt;
2803     KBNODE node;
2804     KBNODE pub_where=NULL, sec_where=NULL;
2805     int rc;
2806
2807     for( node = pub_keyblock; node; pub_where = node, node = node->next ) {
2808         if( node->pkt->pkttype == PKT_PUBLIC_KEY )
2809             pk = node->pkt->pkt.public_key;
2810         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2811             break;
2812     }
2813     if( !node ) /* no subkey */
2814         pub_where = NULL;
2815     for( node = sec_keyblock; node; sec_where = node, node = node->next ) {
2816         if( node->pkt->pkttype == PKT_SECRET_KEY )
2817             sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
2818         else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
2819             break;
2820     }
2821     if( !node ) /* no subkey */
2822         sec_where = NULL;
2823     assert(pk && sk);
2824
2825     if(photo) {
2826       int hasattrib=0;
2827
2828       for( node = pub_keyblock; node; node = node->next )
2829         if( node->pkt->pkttype == PKT_USER_ID &&
2830             node->pkt->pkt.user_id->attrib_data!=NULL)
2831           {
2832             hasattrib=1;
2833             break;
2834           }
2835
2836       /* It is legal but bad for compatibility to add a photo ID to a
2837          v3 key as it means that PGP2 will not be able to use that key
2838          anymore.  Also, PGP may not expect a photo on a v3 key.
2839          Don't bother to ask this if the key already has a photo - any
2840          damage has already been done at that point. -dms */
2841       if(pk->version==3 && !hasattrib)
2842         {
2843           if(opt.expert)
2844             {
2845               tty_printf(_("WARNING: This is a PGP2-style key.  "
2846                            "Adding a photo ID may cause some versions\n"
2847                            "         of PGP to reject this key.\n"));
2848
2849               if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay",
2850                                         _("Are you sure you still want "
2851                                           "to add it? (y/N) ")))
2852                 return 0;
2853             }
2854           else
2855             {
2856               tty_printf(_("You may not add a photo ID to "
2857                            "a PGP2-style key.\n"));
2858               return 0;
2859             }
2860         }
2861
2862       uid = generate_photo_id(pk);
2863     } else
2864       uid = generate_user_id();
2865     if( !uid )
2866         return 0;
2867
2868     rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0, 0, 0,
2869                              keygen_add_std_prefs, pk );
2870     free_secret_key( sk );
2871     if( rc ) {
2872         log_error("signing failed: %s\n", g10_errstr(rc) );
2873         free_user_id(uid);
2874         return 0;
2875     }
2876
2877     /* insert/append to secret keyblock */
2878     pkt = m_alloc_clear( sizeof *pkt );
2879     pkt->pkttype = PKT_USER_ID;
2880     pkt->pkt.user_id = scopy_user_id(uid);
2881     node = new_kbnode(pkt);
2882     if( sec_where )
2883         insert_kbnode( sec_where, node, 0 );
2884     else
2885         add_kbnode( sec_keyblock, node );
2886     pkt = m_alloc_clear( sizeof *pkt );
2887     pkt->pkttype = PKT_SIGNATURE;
2888     pkt->pkt.signature = copy_signature(NULL, sig);
2889     if( sec_where )
2890         insert_kbnode( node, new_kbnode(pkt), 0 );
2891     else
2892         add_kbnode( sec_keyblock, new_kbnode(pkt) );
2893     /* insert/append to public keyblock */
2894     pkt = m_alloc_clear( sizeof *pkt );
2895     pkt->pkttype = PKT_USER_ID;
2896     pkt->pkt.user_id = uid;
2897     node = new_kbnode(pkt);
2898     if( pub_where )
2899         insert_kbnode( pub_where, node, 0 );
2900     else
2901         add_kbnode( pub_keyblock, node );
2902     pkt = m_alloc_clear( sizeof *pkt );
2903     pkt->pkttype = PKT_SIGNATURE;
2904     pkt->pkt.signature = copy_signature(NULL, sig);
2905     if( pub_where )
2906         insert_kbnode( node, new_kbnode(pkt), 0 );
2907     else
2908         add_kbnode( pub_keyblock, new_kbnode(pkt) );
2909     return 1;
2910 }
2911
2912
2913 /****************
2914  * Remove all selected userids from the keyrings
2915  */
2916 static void
2917 menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock )
2918 {
2919     KBNODE node;
2920     int selected=0;
2921
2922     for( node = pub_keyblock; node; node = node->next ) {
2923         if( node->pkt->pkttype == PKT_USER_ID ) {
2924             selected = node->flag & NODFLG_SELUID;
2925             if( selected ) {
2926                 /* Only cause a trust update if we delete a
2927                    non-revoked user id */
2928                 if(!node->pkt->pkt.user_id->is_revoked)
2929                   update_trust=1;
2930                 delete_kbnode( node );
2931                 if( sec_keyblock ) {
2932                     KBNODE snode;
2933                     int s_selected = 0;
2934                     PKT_user_id *uid = node->pkt->pkt.user_id;
2935                     for( snode = sec_keyblock; snode; snode = snode->next ) {
2936                         if( snode->pkt->pkttype == PKT_USER_ID ) {
2937                             PKT_user_id *suid = snode->pkt->pkt.user_id;
2938
2939                             s_selected =
2940                                 (uid->len == suid->len
2941                                  && !memcmp( uid->name, suid->name, uid->len));
2942                             if( s_selected )
2943                                 delete_kbnode( snode );
2944                         }
2945                         else if( s_selected
2946                                  && snode->pkt->pkttype == PKT_SIGNATURE )
2947                             delete_kbnode( snode );
2948                         else if( snode->pkt->pkttype == PKT_SECRET_SUBKEY )
2949                             s_selected = 0;
2950                     }
2951                 }
2952             }
2953         }
2954         else if( selected && node->pkt->pkttype == PKT_SIGNATURE )
2955             delete_kbnode( node );
2956         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2957             selected = 0;
2958     }
2959     commit_kbnode( &pub_keyblock );
2960     if( sec_keyblock )
2961         commit_kbnode( &sec_keyblock );
2962 }
2963
2964
2965 static int
2966 menu_delsig( KBNODE pub_keyblock )
2967 {
2968     KBNODE node;
2969     PKT_user_id *uid = NULL;
2970     int changed=0;
2971
2972     for( node = pub_keyblock; node; node = node->next ) {
2973         if( node->pkt->pkttype == PKT_USER_ID ) {
2974             uid = (node->flag & NODFLG_SELUID)? node->pkt->pkt.user_id : NULL;
2975         }
2976         else if( uid && node->pkt->pkttype == PKT_SIGNATURE ) {
2977            int okay, valid, selfsig, inv_sig, no_key, other_err;
2978
2979             tty_printf("uid  ");
2980             tty_print_utf8_string( uid->name, uid->len );
2981             tty_printf("\n");
2982
2983             okay = inv_sig = no_key = other_err = 0;
2984             if(opt.with_colons)
2985               valid = print_and_check_one_sig_colon( pub_keyblock, node,
2986                                                &inv_sig, &no_key, &other_err,
2987                                                &selfsig, 1 );
2988             else
2989               valid = print_and_check_one_sig( pub_keyblock, node,
2990                                                &inv_sig, &no_key, &other_err,
2991                                                &selfsig, 1 );
2992
2993            if( valid ) {
2994                okay = cpr_get_answer_yes_no_quit(
2995                    "keyedit.delsig.valid",
2996                    _("Delete this good signature? (y/N/q)"));
2997
2998                /* Only update trust if we delete a good signature.
2999                   The other two cases do not affect trust. */
3000                if(okay)
3001                  update_trust=1;
3002            }
3003            else if( inv_sig || other_err )
3004                okay = cpr_get_answer_yes_no_quit(
3005                    "keyedit.delsig.invalid",
3006                    _("Delete this invalid signature? (y/N/q)"));
3007            else if( no_key )
3008                okay = cpr_get_answer_yes_no_quit(
3009                    "keyedit.delsig.unknown",
3010                    _("Delete this unknown signature? (y/N/q)"));
3011
3012             if( okay == -1 )
3013                 break;
3014            if( okay && selfsig && !cpr_get_answer_is_yes(
3015                                "keyedit.delsig.selfsig",
3016                               _("Really delete this self-signature? (y/N)") ))
3017                 okay = 0;
3018             if( okay ) {
3019                 delete_kbnode( node );
3020                 changed++;
3021             }
3022
3023         }
3024         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
3025             uid = NULL;
3026     }
3027
3028     if( changed ) {
3029         commit_kbnode( &pub_keyblock );
3030         tty_printf( changed == 1? _("Deleted %d signature.\n")
3031                                 : _("Deleted %d signatures.\n"), changed );
3032     }
3033     else
3034         tty_printf( _("Nothing deleted.\n") );
3035
3036     return changed;
3037 }
3038
3039
3040 /****************
3041  * Remove some of the secondary keys
3042  */
3043 static void
3044 menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
3045 {
3046     KBNODE node;
3047     int selected=0;
3048
3049     for( node = pub_keyblock; node; node = node->next ) {
3050         if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
3051             selected = node->flag & NODFLG_SELKEY;
3052             if( selected ) {
3053                 delete_kbnode( node );
3054                 if( sec_keyblock ) {
3055                     KBNODE snode;
3056                     int s_selected = 0;
3057                     u32 ki[2];
3058
3059                     keyid_from_pk( node->pkt->pkt.public_key, ki );
3060                     for( snode = sec_keyblock; snode; snode = snode->next ) {
3061                         if( snode->pkt->pkttype == PKT_SECRET_SUBKEY ) {
3062                             u32 ki2[2];
3063
3064                             keyid_from_sk( snode->pkt->pkt.secret_key, ki2 );
3065                             s_selected = (ki[0] == ki2[0] && ki[1] == ki2[1]);
3066                             if( s_selected )
3067                                 delete_kbnode( snode );
3068                         }
3069                         else if( s_selected
3070                                  && snode->pkt->pkttype == PKT_SIGNATURE )
3071                             delete_kbnode( snode );
3072                         else
3073                             s_selected = 0;
3074                     }
3075                 }
3076             }
3077         }
3078         else if( selected && node->pkt->pkttype == PKT_SIGNATURE )
3079             delete_kbnode( node );
3080         else
3081             selected = 0;
3082     }
3083     commit_kbnode( &pub_keyblock );
3084     if( sec_keyblock )
3085         commit_kbnode( &sec_keyblock );
3086
3087     /* No need to set update_trust here since signing keys are no
3088        longer used to certify other keys, so there is no change in
3089        trust when revoking/removing them */
3090 }
3091
3092
3093 /****************
3094  * Ask for a new revoker, do the selfsignature and put it into
3095  * both keyblocks.
3096  * Return true if there is a new revoker
3097  */
3098 static int
3099 menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
3100 {
3101   PKT_public_key *pk=NULL,*revoker_pk=NULL;
3102   PKT_secret_key *sk=NULL;
3103   PKT_signature *sig=NULL;
3104   PACKET *pkt;
3105   struct revocation_key revkey;
3106   size_t fprlen;
3107   int rc;
3108
3109   assert(pub_keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
3110   assert(sec_keyblock->pkt->pkttype==PKT_SECRET_KEY);
3111
3112   pk=pub_keyblock->pkt->pkt.public_key;
3113
3114   if(pk->numrevkeys==0 && pk->version==3)
3115     {
3116       /* It is legal but bad for compatibility to add a revoker to a
3117          v3 key as it means that PGP2 will not be able to use that key
3118          anymore.  Also, PGP may not expect a revoker on a v3 key.
3119          Don't bother to ask this if the key already has a revoker -
3120          any damage has already been done at that point. -dms */
3121       if(opt.expert)
3122         {
3123           tty_printf(_("WARNING: This is a PGP 2.x-style key.  "
3124                        "Adding a designated revoker may cause\n"
3125                        "         some versions of PGP to reject this key.\n"));
3126
3127           if(!cpr_get_answer_is_yes("keyedit.v3_revoker.okay",
3128                                     _("Are you sure you still want "
3129                                       "to add it? (y/N) ")))
3130             return 0;
3131         }
3132       else
3133         {
3134           tty_printf(_("You may not add a designated revoker to "
3135                        "a PGP 2.x-style key.\n"));
3136           return 0;
3137         }
3138     }
3139
3140   sk=copy_secret_key(NULL,sec_keyblock->pkt->pkt.secret_key);
3141
3142   for(;;)
3143     {
3144       char *answer;
3145
3146       if(revoker_pk)
3147         free_public_key(revoker_pk);
3148
3149       revoker_pk=m_alloc_clear(sizeof(*revoker_pk));
3150
3151       tty_printf("\n");
3152
3153       answer=cpr_get_utf8("keyedit.add_revoker",
3154                           _("Enter the user ID of the designated revoker: "));
3155       if(answer[0]=='\0' || answer[0]=='\004')
3156         {
3157           m_free(answer);
3158           goto fail;
3159         }
3160
3161       /* Note that I'm requesting SIG here and not CERT.  We're making
3162          a certification, but it is okay to be a subkey. */
3163       revoker_pk->req_usage=PUBKEY_USAGE_SIG;
3164       rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL,1);
3165       if(rc)
3166         {
3167           log_error (_("key \"%s\" not found: %s\n"),answer,g10_errstr(rc));
3168           m_free(answer);
3169           continue;
3170         }
3171
3172       m_free(answer);
3173
3174       fingerprint_from_pk(revoker_pk,revkey.fpr,&fprlen);
3175       if(fprlen!=20)
3176         {
3177           log_error(_("cannot appoint a PGP 2.x style key as a "
3178                       "designated revoker\n"));
3179           continue;
3180         }
3181
3182       revkey.class=0x80;
3183       if(sensitive)
3184         revkey.class|=0x40;
3185       revkey.algid=revoker_pk->pubkey_algo;
3186
3187       if(cmp_public_keys(revoker_pk,pk)==0)
3188         {
3189           /* This actually causes no harm (after all, a key that
3190              designates itself as a revoker is the same as a
3191              regular key), but it's easy enough to check. */
3192           log_error(_("you cannot appoint a key as its own "
3193                       "designated revoker\n"));
3194
3195           continue;
3196         }
3197
3198       keyid_from_pk(pk,NULL);
3199
3200       /* Does this revkey already exist? */
3201       if(!pk->revkey && pk->numrevkeys)
3202         BUG();
3203       else
3204         {
3205           int i;
3206
3207           for(i=0;i<pk->numrevkeys;i++)
3208             {
3209               if(memcmp(&pk->revkey[i],&revkey,
3210                         sizeof(struct revocation_key))==0)
3211                 {
3212                   char buf[50];
3213
3214                   log_error(_("this key has already been designated "
3215                               "as a revoker\n"));
3216
3217                   sprintf(buf,"%08lX%08lX",
3218                           (ulong)pk->keyid[0],(ulong)pk->keyid[1]);
3219                   write_status_text(STATUS_ALREADY_SIGNED,buf);
3220
3221                   break;
3222                 }
3223             }
3224
3225           if(i<pk->numrevkeys)
3226             continue;
3227         }
3228
3229       print_pubkey_info(NULL,revoker_pk);
3230       print_fingerprint(revoker_pk,NULL,2);
3231       tty_printf("\n");
3232
3233       tty_printf(_("WARNING: appointing a key as a designated revoker "
3234                    "cannot be undone!\n"));
3235
3236       tty_printf("\n");
3237
3238       if(!cpr_get_answer_is_yes("keyedit.add_revoker.okay",
3239                                 _("Are you sure you want to appoint this "
3240                                   "key as a designated revoker? (y/N) ")))
3241         continue;
3242
3243       free_public_key(revoker_pk);
3244       revoker_pk=NULL;
3245       break;
3246     }
3247
3248   /* The 1F signature must be at least v4 to carry the revocation key
3249      subpacket. */
3250   rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x1F, 0, 4, 0, 0,
3251                            keygen_add_revkey,&revkey );
3252   if( rc )
3253     {
3254       log_error("signing failed: %s\n", g10_errstr(rc)