post release preparations
[gnupg.git] / g10 / keyedit.c
1 /* keyedit.c - keyedit stuff
2  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
3  *               2004 Free Software Foundation, Inc.
4  *
5  * This file is part of GnuPG.
6  *
7  * GnuPG is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * GnuPG is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
20  */
21
22 #include <config.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <errno.h>
27 #include <assert.h>
28 #include <ctype.h>
29
30 #include "options.h"
31 #include "packet.h"
32 #include "errors.h"
33 #include "iobuf.h"
34 #include "keydb.h"
35 #include "memory.h"
36 #include "photoid.h"
37 #include "util.h"
38 #include "main.h"
39 #include "trustdb.h"
40 #include "filter.h"
41 #include "ttyio.h"
42 #include "status.h"
43 #include "i18n.h"
44 #include "keyserver-internal.h"
45
46 static void show_prefs( PKT_user_id *uid, PKT_signature *selfsig, int verbose);
47 static void show_key_with_all_names( KBNODE keyblock, int only_marked,
48             int with_revoker, int with_fpr, int with_subkeys, int with_prefs );
49 static void show_key_and_fingerprint( KBNODE keyblock );
50 static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock, int photo );
51 static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
52 static int  menu_delsig( KBNODE pub_keyblock );
53 static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
54 static int menu_addrevoker( KBNODE pub_keyblock,
55                             KBNODE sec_keyblock, int sensitive );
56 static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock );
57 static int menu_set_primary_uid( KBNODE pub_keyblock, KBNODE sec_keyblock );
58 static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock );
59 static int menu_set_keyserver_url (const char *url,
60                                    KBNODE pub_keyblock, KBNODE sec_keyblock );
61 static int menu_select_uid( KBNODE keyblock, int idx );
62 static int menu_select_key( KBNODE keyblock, int idx );
63 static int count_uids( KBNODE keyblock );
64 static int count_uids_with_flag( KBNODE keyblock, unsigned flag );
65 static int count_keys_with_flag( KBNODE keyblock, unsigned flag );
66 static int count_selected_uids( KBNODE keyblock );
67 static int real_uids_left( KBNODE keyblock );
68 static int count_selected_keys( KBNODE keyblock );
69 static int menu_revsig( KBNODE keyblock );
70 static int menu_revuid( KBNODE keyblock, KBNODE sec_keyblock );
71 static int menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
72 static int enable_disable_key( KBNODE keyblock, int disable );
73 static void menu_showphoto( KBNODE keyblock );
74
75 static int update_trust=0;
76
77 #define CONTROL_D ('D' - 'A' + 1)
78
79 #define NODFLG_BADSIG (1<<0)  /* bad signature */
80 #define NODFLG_NOKEY  (1<<1)  /* no public key */
81 #define NODFLG_SIGERR (1<<2)  /* other sig error */
82
83 #define NODFLG_MARK_A (1<<4)  /* temporary mark */
84 #define NODFLG_DELSIG (1<<5)  /* to be deleted */
85
86 #define NODFLG_SELUID (1<<8)  /* indicate the selected userid */
87 #define NODFLG_SELKEY (1<<9)  /* indicate the selected key */
88 #define NODFLG_SELSIG (1<<10) /* indicate a selected signature */
89
90 struct sign_attrib {
91     int non_exportable,non_revocable;
92     struct revocation_reason_info *reason;
93     byte trust_depth,trust_value;
94     char *trust_regexp;
95 };
96
97
98 #ifdef ENABLE_CARD_SUPPORT
99 /* Given a node SEC_NODE with a secret key or subkey, locate the
100    corresponding public key from pub_keyblock. */
101 static PKT_public_key *
102 find_pk_from_sknode (KBNODE pub_keyblock, KBNODE sec_node)
103 {
104   KBNODE node = pub_keyblock;
105   PKT_secret_key *sk;
106   PKT_public_key *pk;
107   
108   if (sec_node->pkt->pkttype == PKT_SECRET_KEY
109       && node->pkt->pkttype == PKT_PUBLIC_KEY)
110     return node->pkt->pkt.public_key;
111   if (sec_node->pkt->pkttype != PKT_SECRET_SUBKEY)
112     return NULL;
113   sk = sec_node->pkt->pkt.secret_key;
114   for (; node; node = node->next)
115     if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
116       {
117         pk = node->pkt->pkt.public_key;
118         if (pk->keyid[0] == sk->keyid[0] && pk->keyid[1] == sk->keyid[1])
119           return pk;
120       }
121       
122   return NULL;
123 }
124 #endif /* ENABLE_CARD_SUPPORT */
125
126
127 /* TODO: Fix duplicated code between here and the check-sigs/list-sigs
128    code in keylist.c. */
129 static int
130 print_and_check_one_sig_colon( KBNODE keyblock, KBNODE node,
131                                int *inv_sigs, int *no_key, int *oth_err,
132                                int *is_selfsig, int print_without_key )
133 {
134   PKT_signature *sig = node->pkt->pkt.signature;
135   int rc, sigrc;
136
137   /* TODO: Make sure a cached sig record here still has the pk that
138      issued it.  See also keylist.c:list_keyblock_print */
139
140   switch((rc=check_key_signature(keyblock,node,is_selfsig)))
141     {
142     case 0:
143       node->flag &= ~(NODFLG_BADSIG|NODFLG_NOKEY|NODFLG_SIGERR);
144       sigrc = '!';
145       break;
146     case G10ERR_BAD_SIGN:
147       node->flag = NODFLG_BADSIG;
148       sigrc = '-';
149       if( inv_sigs )
150         ++*inv_sigs;
151       break;
152     case G10ERR_NO_PUBKEY:
153     case G10ERR_UNU_PUBKEY:
154       node->flag = NODFLG_NOKEY;
155       sigrc = '?';
156       if( no_key )
157         ++*no_key;
158       break;
159     default:
160       node->flag = NODFLG_SIGERR;
161       sigrc = '%';
162       if( oth_err )
163         ++*oth_err;
164       break;
165     }
166
167   if( sigrc != '?' || print_without_key )
168     {
169       printf("sig:%c::%d:%08lX%08lX:%lu:%lu:",
170              sigrc,sig->pubkey_algo,(ulong)sig->keyid[1],(ulong)sig->keyid[2],
171              (ulong)sig->timestamp,(ulong)sig->expiredate);
172
173       if(sig->trust_depth || sig->trust_value)
174         printf("%d %d",sig->trust_depth,sig->trust_value);
175
176       printf(":");
177
178       if(sig->trust_regexp)
179         print_string(stdout,sig->trust_regexp,strlen(sig->trust_regexp),':');
180
181       printf("::%02x%c\n",sig->sig_class,sig->flags.exportable?'x':'l');
182
183       if(opt.show_subpackets)
184         print_subpackets_colon(sig);
185     }
186
187   return (sigrc == '!');
188 }
189
190
191 /****************
192  * Print information about a signature, check it and return true
193  * if the signature is okay. NODE must be a signature packet.
194  */
195 static int
196 print_and_check_one_sig( KBNODE keyblock, KBNODE node,
197                          int *inv_sigs, int *no_key, int *oth_err,
198                         int *is_selfsig, int print_without_key )
199 {
200     PKT_signature *sig = node->pkt->pkt.signature;
201     int rc, sigrc;
202     int is_rev = sig->sig_class == 0x30;
203
204     /* TODO: Make sure a cached sig record here still has the pk that
205        issued it.  See also keylist.c:list_keyblock_print */
206
207     switch( (rc = check_key_signature( keyblock, node, is_selfsig)) ) {
208       case 0:
209         node->flag &= ~(NODFLG_BADSIG|NODFLG_NOKEY|NODFLG_SIGERR);
210         sigrc = '!';
211         break;
212       case G10ERR_BAD_SIGN:
213         node->flag = NODFLG_BADSIG;
214         sigrc = '-';
215         if( inv_sigs )
216             ++*inv_sigs;
217         break;
218       case G10ERR_NO_PUBKEY:
219       case G10ERR_UNU_PUBKEY:
220         node->flag = NODFLG_NOKEY;
221         sigrc = '?';
222         if( no_key )
223             ++*no_key;
224         break;
225       default:
226         node->flag = NODFLG_SIGERR;
227         sigrc = '%';
228         if( oth_err )
229             ++*oth_err;
230         break;
231     }
232     if( sigrc != '?' || print_without_key ) {
233         tty_printf("%s%c%c %c%c%c%c%c%c %s %s",
234                    is_rev? "rev":"sig",sigrc,
235                    (sig->sig_class-0x10>0 &&
236                     sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
237                    sig->flags.exportable?' ':'L',
238                    sig->flags.revocable?' ':'R',
239                    sig->flags.policy_url?'P':' ',
240                    sig->flags.notation?'N':' ',
241                    sig->flags.expired?'X':' ',
242                    (sig->trust_depth>9)?'T':
243                    (sig->trust_depth>0)?'0'+sig->trust_depth:' ',
244                    keystr(sig->keyid),datestr_from_sig(sig));
245         if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
246           tty_printf(" %s",expirestr_from_sig(sig));
247         tty_printf("  ");
248         if( sigrc == '%' )
249             tty_printf("[%s] ", g10_errstr(rc) );
250         else if( sigrc == '?' )
251             ;
252         else if( *is_selfsig ) {
253             tty_printf( is_rev? _("[revocation]")
254                               : _("[self-signature]") );
255         }
256         else
257           {
258             size_t n;
259             char *p = get_user_id( sig->keyid, &n );
260             tty_print_utf8_string2(p, n, opt.screen_columns-keystrlen()-26-
261                                ((opt.list_options&LIST_SHOW_SIG_EXPIRE)?11:0));
262             m_free(p);
263           }
264         tty_printf("\n");
265
266         if(sig->flags.policy_url && (opt.list_options&LIST_SHOW_POLICY_URLS))
267           show_policy_url(sig,3,0);
268
269         if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
270           show_notation(sig,3,0,
271                         ((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
272                         ((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
273
274         if(sig->flags.pref_ks && (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
275           show_keyserver_url(sig,3,0);
276     }
277
278     return (sigrc == '!');
279 }
280
281
282
283 /****************
284  * Check the keysigs and set the flags to indicate errors.
285  * Returns true if error found.
286  */
287 static int
288 check_all_keysigs( KBNODE keyblock, int only_selected )
289 {
290     KBNODE kbctx;
291     KBNODE node;
292     int inv_sigs = 0;
293     int no_key = 0;
294     int oth_err = 0;
295     int has_selfsig = 0;
296     int mis_selfsig = 0;
297     int selected = !only_selected;
298     int anyuid = 0;
299
300     for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
301         if( node->pkt->pkttype == PKT_USER_ID ) {
302             PKT_user_id *uid = node->pkt->pkt.user_id;
303
304             if( only_selected )
305                 selected = (node->flag & NODFLG_SELUID);
306             if( selected ) {
307                 tty_printf("uid  ");
308                 tty_print_utf8_string( uid->name, uid->len );
309                 tty_printf("\n");
310                 if( anyuid && !has_selfsig )
311                     mis_selfsig++;
312                 has_selfsig = 0;
313                 anyuid = 1;
314             }
315         }
316         else if( selected && node->pkt->pkttype == PKT_SIGNATURE
317                  && ( (node->pkt->pkt.signature->sig_class&~3) == 0x10
318                      || node->pkt->pkt.signature->sig_class == 0x30 )  ) {
319             int selfsig;
320
321             if( print_and_check_one_sig( keyblock, node, &inv_sigs,
322                                         &no_key, &oth_err, &selfsig, 0 ) ) {
323                 if( selfsig )
324                     has_selfsig = 1;
325             }
326             /* Hmmm: should we update the trustdb here? */
327         }
328     }
329     if( !has_selfsig )
330         mis_selfsig++;
331     if( inv_sigs == 1 )
332         tty_printf(_("1 bad signature\n") );
333     else if( inv_sigs )
334         tty_printf(_("%d bad signatures\n"), inv_sigs );
335     if( no_key == 1 )
336         tty_printf(_("1 signature not checked due to a missing key\n") );
337     else if( no_key )
338         tty_printf(_("%d signatures not checked due to missing keys\n"), no_key );
339     if( oth_err == 1 )
340         tty_printf(_("1 signature not checked due to an error\n") );
341     else if( oth_err )
342         tty_printf(_("%d signatures not checked due to errors\n"), oth_err );
343     if( mis_selfsig == 1 )
344         tty_printf(_("1 user ID without valid self-signature detected\n"));
345     else if( mis_selfsig  )
346         tty_printf(_("%d user IDs without valid self-signatures detected\n"),
347                                                                     mis_selfsig);
348
349     return inv_sigs || no_key || oth_err || mis_selfsig;
350 }
351
352
353 static int
354 sign_mk_attrib( PKT_signature *sig, void *opaque )
355 {
356     struct sign_attrib *attrib = opaque;
357     byte buf[8];
358
359     if( attrib->non_exportable ) {
360         buf[0] = 0; /* not exportable */
361         build_sig_subpkt( sig, SIGSUBPKT_EXPORTABLE, buf, 1 );
362     }
363
364     if( attrib->non_revocable ) {
365         buf[0] = 0; /* not revocable */
366         build_sig_subpkt( sig, SIGSUBPKT_REVOCABLE, buf, 1 );
367     }
368
369     if( attrib->reason )
370         revocation_reason_build_cb( sig, attrib->reason );
371
372     if(attrib->trust_depth)
373       {
374         /* Not critical.  If someone doesn't understand trust sigs,
375            this can still be a valid regular signature. */
376         buf[0] = attrib->trust_depth;
377         buf[1] = attrib->trust_value;
378         build_sig_subpkt(sig,SIGSUBPKT_TRUST,buf,2);
379
380         /* Critical.  If someone doesn't understands regexps, this
381            whole sig should be invalid.  Note the +1 for the length -
382            regexps are null terminated. */
383         if(attrib->trust_regexp)
384           build_sig_subpkt(sig,SIGSUBPKT_FLAG_CRITICAL|SIGSUBPKT_REGEXP,
385                            attrib->trust_regexp,
386                            strlen(attrib->trust_regexp)+1);
387       }
388
389     return 0;
390 }
391
392 static void
393 trustsig_prompt(byte *trust_value,byte *trust_depth,char **regexp)
394 {
395   char *p;
396
397   *trust_value=0;
398   *trust_depth=0;
399   *regexp=NULL;
400
401   tty_printf("\n");
402   /* Same string as pkclist.c:do_edit_ownertrust */
403   tty_printf(_(
404                "Please decide how far you trust this user to correctly\n"
405                "verify other users' keys (by looking at passports,\n"
406                "checking fingerprints from different sources...)?\n\n"));
407   tty_printf (_("   (%d) I trust marginally\n"), 1);
408   tty_printf (_("   (%d) I trust fully\n"), 2);
409   tty_printf("\n");
410
411   while(*trust_value==0)
412     {
413       p = cpr_get("trustsig_prompt.trust_value",_("Your selection? "));
414       trim_spaces(p);
415       cpr_kill_prompt();
416       /* 60 and 120 are as per RFC2440 */
417       if(p[0]=='1' && !p[1])
418         *trust_value=60;
419       else if(p[0]=='2' && !p[1])
420         *trust_value=120;
421       m_free(p);
422     }
423
424   tty_printf("\n");
425
426   tty_printf(_(
427               "Please enter the depth of this trust signature.\n"
428               "A depth greater than 1 allows the key you are signing to make\n"
429               "trust signatures on your behalf.\n"));
430   tty_printf("\n");
431
432   while(*trust_depth==0)
433     {
434       p = cpr_get("trustsig_prompt.trust_depth",_("Your selection? "));
435       trim_spaces(p);
436       cpr_kill_prompt();
437       *trust_depth=atoi(p);
438       m_free(p);
439     }
440
441   tty_printf("\n");
442
443   tty_printf(_("Please enter a domain to restrict this signature, "
444                "or enter for none.\n"));
445
446   tty_printf("\n");
447
448   p=cpr_get("trustsig_prompt.trust_regexp",_("Your selection? "));
449   trim_spaces(p);
450   cpr_kill_prompt();
451
452   if(strlen(p)>0)
453     {
454       char *q=p;
455       int regexplen=100,ind;
456
457       *regexp=m_alloc(regexplen);
458
459       /* Now mangle the domain the user entered into a regexp.  To do
460          this, \-escape everything that isn't alphanumeric, and attach
461          "<[^>]+[@.]" to the front, and ">$" to the end. */
462
463       strcpy(*regexp,"<[^>]+[@.]");
464       ind=strlen(*regexp);
465
466       while(*q)
467         {
468           if(!((*q>='A' && *q<='Z')
469                || (*q>='a' && *q<='z') || (*q>='0' && *q<='9')))
470             (*regexp)[ind++]='\\';
471
472           (*regexp)[ind++]=*q;
473
474           if((regexplen-ind)<3)
475             {
476               regexplen+=100;
477               *regexp=m_realloc(*regexp,regexplen);
478             }
479
480           q++;
481         }
482
483       (*regexp)[ind]='\0';
484       strcat(*regexp,">$");
485     }
486
487   m_free(p);
488   tty_printf("\n");
489 }
490
491 /****************
492  * Loop over all locusr and and sign the uids after asking.
493  * If no user id is marked, all user ids will be signed;
494  * if some user_ids are marked those will be signed.
495  */
496 static int
497 sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
498            int local, int nonrevocable, int trust )
499 {
500     int rc = 0;
501     SK_LIST sk_list = NULL;
502     SK_LIST sk_rover = NULL;
503     PKT_secret_key *sk = NULL;
504     KBNODE node, uidnode;
505     PKT_public_key *primary_pk=NULL;
506     int select_all = !count_selected_uids(keyblock);
507     int all_v3=1;
508
509     /* Are there any non-v3 sigs on this key already? */
510     if(PGP2)
511       for(node=keyblock;node;node=node->next)
512         if(node->pkt->pkttype==PKT_SIGNATURE &&
513            node->pkt->pkt.signature->version>3)
514           {
515             all_v3=0;
516             break;
517           }
518
519     /* build a list of all signators.
520      *    
521      * We use the CERT flag to request the primary which must always
522      * be one which is capable of signing keys.  I can't see a reason
523      * why to sign keys using a subkey.  Implementation of USAGE_CERT
524      * is just a hack in getkey.c and does not mean that a subkey
525      * marked as certification capable will be used */
526     rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT);
527     if( rc )
528         goto leave;
529
530     /* loop over all signators */
531     for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
532         u32 sk_keyid[2],pk_keyid[2];
533         size_t n;
534         char *p,*trust_regexp=NULL;
535         int force_v4=0,class=0,selfsig=0;
536         u32 duration=0,timestamp=0;
537         byte trust_depth=0,trust_value=0;
538
539         if(local || nonrevocable || trust ||
540            opt.cert_policy_url || opt.cert_notation_data)
541           force_v4=1;
542
543         /* we have to use a copy of the sk, because make_keysig_packet
544          * may remove the protection from sk and if we did other
545          * changes to the secret key, we would save the unprotected
546          * version */
547         if( sk )
548             free_secret_key(sk);
549         sk = copy_secret_key( NULL, sk_rover->sk );
550         keyid_from_sk( sk, sk_keyid );
551         /* set mark A for all selected user ids */
552         for( node=keyblock; node; node = node->next ) {
553             if( select_all || (node->flag & NODFLG_SELUID) )
554                 node->flag |= NODFLG_MARK_A;
555             else
556                 node->flag &= ~NODFLG_MARK_A;
557         }
558         /* reset mark for uids which are already signed */
559         uidnode = NULL;
560         for( node=keyblock; node; node = node->next ) {
561             if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
562                 primary_pk=node->pkt->pkt.public_key;
563                 keyid_from_pk( primary_pk, pk_keyid );
564
565                 /* Is this a self-sig? */
566                 if(pk_keyid[0]==sk_keyid[0] && pk_keyid[1]==sk_keyid[1])
567                   {
568                     selfsig=1;
569                     /* Do not force a v4 sig here, otherwise it would
570                        be difficult to remake a v3 selfsig.  If this
571                        is a v3->v4 promotion case, then we set
572                        force_v4 later anyway. */
573                     force_v4=0;
574                   }
575             }
576             else if( node->pkt->pkttype == PKT_USER_ID ) {
577                 uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
578                 if(uidnode)
579                   {
580                     char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
581                                               uidnode->pkt->pkt.user_id->len,
582                                               0);
583
584                     if(uidnode->pkt->pkt.user_id->is_revoked)
585                       {
586                         tty_printf(_("User ID \"%s\" is revoked."),user);
587
588                         if(selfsig)
589                           tty_printf("\n");
590                         else if(opt.expert)
591                           {
592                             tty_printf("\n");
593                             /* No, so remove the mark and continue */
594                             if(!cpr_get_answer_is_yes("sign_uid.revoke_okay",
595                                                       _("Are you sure you "
596                                                         "still want to sign "
597                                                         "it? (y/N) ")))
598                               {
599                                 uidnode->flag &= ~NODFLG_MARK_A;
600                                 uidnode=NULL;
601                               }
602                           }
603                         else
604                           {
605                             uidnode->flag &= ~NODFLG_MARK_A;
606                             uidnode=NULL;
607                             tty_printf(_("  Unable to sign.\n"));
608                           }
609                       }
610                     else if(uidnode->pkt->pkt.user_id->is_expired)
611                       {
612                         tty_printf(_("User ID \"%s\" is expired."),user);
613
614                         if(selfsig)
615                           tty_printf("\n");
616                         else if(opt.expert)
617                           {
618                             tty_printf("\n");
619                             /* No, so remove the mark and continue */
620                             if(!cpr_get_answer_is_yes("sign_uid.expire_okay",
621                                                       _("Are you sure you "
622                                                         "still want to sign "
623                                                         "it? (y/N) ")))
624                               {
625                                 uidnode->flag &= ~NODFLG_MARK_A;
626                                 uidnode=NULL;
627                               }
628                           }
629                         else
630                           {
631                             uidnode->flag &= ~NODFLG_MARK_A;
632                             uidnode=NULL;
633                             tty_printf(_("  Unable to sign.\n"));
634                           }
635                       }
636                     else if(!uidnode->pkt->pkt.user_id->created && !selfsig)
637                       {
638                         tty_printf(_("User ID \"%s\" is not self-signed."),
639                                    user);
640
641                         if(opt.expert)
642                           {
643                             tty_printf("\n");
644                             /* No, so remove the mark and continue */
645                             if(!cpr_get_answer_is_yes("sign_uid.nosig_okay",
646                                                       _("Are you sure you "
647                                                         "still want to sign "
648                                                         "it? (y/N) ")))
649                               {
650                                 uidnode->flag &= ~NODFLG_MARK_A;
651                                 uidnode=NULL;
652                               }
653                           }
654                         else
655                           {
656                             uidnode->flag &= ~NODFLG_MARK_A;
657                             uidnode=NULL;
658                             tty_printf(_("  Unable to sign.\n"));
659                           }
660                       }
661
662                     m_free(user);
663                   }
664             }
665             else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
666                 && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
667                 if( sk_keyid[0] == node->pkt->pkt.signature->keyid[0]
668                     && sk_keyid[1] == node->pkt->pkt.signature->keyid[1] ) {
669                     char buf[50];
670                     char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
671                                               uidnode->pkt->pkt.user_id->len,
672                                               0);
673
674                     /* It's a v3 self-sig.  Make it into a v4 self-sig? */
675                     if(node->pkt->pkt.signature->version<4 && selfsig)
676                       {
677                         tty_printf(_("The self-signature on \"%s\"\n"
678                                      "is a PGP 2.x-style signature.\n"),user);
679  
680                         /* Note that the regular PGP2 warning below
681                            still applies if there are no v4 sigs on
682                            this key at all. */
683
684                         if(opt.expert)
685                           if(cpr_get_answer_is_yes("sign_uid.v4_promote_okay",
686                                                    _("Do you want to promote "
687                                                      "it to an OpenPGP self-"
688                                                      "signature? (y/N) ")))
689                             {
690                               force_v4=1;
691                               node->flag|=NODFLG_DELSIG;
692                               m_free(user);
693                               continue;
694                             }
695                       }
696
697                     /* Is the current signature expired? */
698                     if(node->pkt->pkt.signature->flags.expired)
699                       {
700                         tty_printf(_("Your current signature on \"%s\"\n"
701                                      "has expired.\n"),user);
702
703                         if(cpr_get_answer_is_yes("sign_uid.replace_expired_okay",
704                                                  _("Do you want to issue a "
705                                                    "new signature to replace "
706                                                    "the expired one? (y/N) ")))
707                           {
708                             /* Mark these for later deletion.  We
709                                don't want to delete them here, just in
710                                case the replacement signature doesn't
711                                happen for some reason.  We only delete
712                                these after the replacement is already
713                                in place. */
714
715                             node->flag|=NODFLG_DELSIG;
716                             m_free(user);
717                             continue;
718                           }
719                       }
720
721                     if(!node->pkt->pkt.signature->flags.exportable && !local)
722                       {
723                         /* It's a local sig, and we want to make a
724                            exportable sig. */
725                         tty_printf(_("Your current signature on \"%s\"\n"
726                                      "is a local signature.\n"),user);
727
728                         if(cpr_get_answer_is_yes("sign_uid.local_promote_okay",
729                                                  _("Do you want to promote "
730                                                    "it to a full exportable "
731                                                    "signature? (y/N) ")))
732                           {
733                             /* Mark these for later deletion.  We
734                                don't want to delete them here, just in
735                                case the replacement signature doesn't
736                                happen for some reason.  We only delete
737                                these after the replacement is already
738                                in place. */
739
740                             node->flag|=NODFLG_DELSIG;
741                             m_free(user);
742                             continue;
743                           }
744                       }
745
746                     /* Fixme: see whether there is a revocation in which
747                      * case we should allow to sign it again. */
748                     if (!node->pkt->pkt.signature->flags.exportable && local)
749                       tty_printf(_(
750                               "\"%s\" was already locally signed by key %s\n"),
751                                  user,keystr_from_sk(sk));
752                     else
753                       tty_printf(_("\"%s\" was already signed by key %s\n"),
754                                  user,keystr_from_sk(sk));
755
756                     if(opt.expert
757                        && cpr_get_answer_is_yes("sign_uid.dupe_okay",
758                                                 _("Do you want to sign it "
759                                                   "again anyway? (y/N) ")))
760                       {
761                         /* Don't delete the old sig here since this is
762                            an --expert thing. */
763                         m_free(user);
764                         continue;
765                       }
766
767                     sprintf (buf, "%08lX%08lX",
768                              (ulong)sk->keyid[0], (ulong)sk->keyid[1] );
769                     write_status_text (STATUS_ALREADY_SIGNED, buf);
770                     uidnode->flag &= ~NODFLG_MARK_A; /* remove mark */
771
772                     m_free(user);
773                 }
774             }
775         }
776
777         /* check whether any uids are left for signing */
778         if( !count_uids_with_flag(keyblock, NODFLG_MARK_A) )
779           {
780             tty_printf(_("Nothing to sign with key %s\n"),keystr_from_sk(sk));
781             continue;
782           }
783
784         /* Ask whether we really should sign these user id(s) */
785         tty_printf("\n");
786         show_key_with_all_names( keyblock, 1, 0, 1, 0, 0 );
787         tty_printf("\n");
788
789         if(primary_pk->expiredate && !selfsig)
790           {
791             u32 now=make_timestamp();
792
793             if(primary_pk->expiredate<=now)
794               {
795                 tty_printf(_("This key has expired!"));
796
797                 if(opt.expert)
798                   {
799                     tty_printf("  ");
800                     if(!cpr_get_answer_is_yes("sign_uid.expired_okay",
801                                               _("Are you sure you still "
802                                                 "want to sign it? (y/N) ")))
803                       continue;
804                   }
805                 else
806                   {
807                     tty_printf(_("  Unable to sign.\n"));
808                     continue;
809                   }
810               }
811             else
812               {
813                 char *answer;
814
815                 tty_printf(_("This key is due to expire on %s.\n"),
816                            expirestr_from_pk(primary_pk));
817
818                 answer=cpr_get("sign_uid.expire",
819                                _("Do you want your signature to "
820                                  "expire at the same time? (Y/n) "));
821                 if(answer_is_yes_no_default(answer,1))
822                   {
823                     /* This fixes the signature timestamp we're going
824                        to make as now.  This is so the expiration date
825                        is exactly correct, and not a few seconds off
826                        (due to the time it takes to answer the
827                        questions, enter the passphrase, etc). */
828                     timestamp=now;
829                     duration=primary_pk->expiredate-now;
830                     force_v4=1;
831                   }
832
833                 cpr_kill_prompt();
834                 m_free(answer);
835               }
836           }
837
838         /* Only ask for duration if we haven't already set it to match
839            the expiration of the pk */
840         if(opt.ask_cert_expire && !duration && !selfsig)
841           duration=ask_expire_interval(1);
842
843         if(duration)
844           force_v4=1;
845
846         /* Is --pgp2 on, it's a v3 key, all the sigs on the key are
847            currently v3 and we're about to sign it with a v4 sig?  If
848            so, danger! */
849         if(PGP2 && all_v3 &&
850            (sk->version>3 || force_v4) && primary_pk->version<=3)
851           {
852             tty_printf(_("You may not make an OpenPGP signature on a "
853                          "PGP 2.x key while in --pgp2 mode.\n"));
854             tty_printf(_("This would make the key unusable in PGP 2.x.\n"));
855
856             if(opt.expert)
857               {
858                 if(!cpr_get_answer_is_yes("sign_uid.v4_on_v3_okay",
859                                           _("Are you sure you still "
860                                             "want to sign it? (y/N) ")))
861                   continue;
862
863                 all_v3=0;
864               }
865             else
866               continue;
867           }
868
869         if(selfsig)
870           ;
871         else
872           {
873             if(opt.batch || !opt.ask_cert_level)
874               class=0x10+opt.def_cert_level;
875             else
876               {
877                 char *answer;
878
879                 tty_printf(_("How carefully have you verified the key you are "
880                              "about to sign actually belongs\nto the person "
881                              "named above?  If you don't know what to "
882                              "answer, enter \"0\".\n"));
883                 tty_printf("\n");
884                 tty_printf(_("   (0) I will not answer.%s\n"),
885                            opt.def_cert_level==0?" (default)":"");
886                 tty_printf(_("   (1) I have not checked at all.%s\n"),
887                            opt.def_cert_level==1?" (default)":"");
888                 tty_printf(_("   (2) I have done casual checking.%s\n"),
889                            opt.def_cert_level==2?" (default)":"");
890                 tty_printf(_("   (3) I have done very careful checking.%s\n"),
891                            opt.def_cert_level==3?" (default)":"");
892                 tty_printf("\n");
893
894                 while(class==0)
895                   {
896                     answer = cpr_get("sign_uid.class",_("Your selection? "
897                                         "(enter '?' for more information): "));
898                     if(answer[0]=='\0')
899                       class=0x10+opt.def_cert_level; /* Default */
900                     else if(ascii_strcasecmp(answer,"0")==0)
901                       class=0x10; /* Generic */
902                     else if(ascii_strcasecmp(answer,"1")==0)
903                       class=0x11; /* Persona */
904                     else if(ascii_strcasecmp(answer,"2")==0)
905                       class=0x12; /* Casual */
906                     else if(ascii_strcasecmp(answer,"3")==0)
907                       class=0x13; /* Positive */
908                     else
909                       tty_printf(_("Invalid selection.\n"));
910
911                     m_free(answer);
912                   }
913               }
914
915             if(trust)
916               trustsig_prompt(&trust_value,&trust_depth,&trust_regexp);
917           }
918
919         tty_printf(_("Are you really sure that you want to sign this key\n"
920                      "with your key: \""));
921         p = get_user_id( sk_keyid, &n );
922         tty_print_utf8_string( p, n );
923         m_free(p); p = NULL;
924         tty_printf("\" (%s)\n",keystr_from_sk(sk));
925
926         if(selfsig)
927           {
928             tty_printf(_("\nThis will be a self-signature.\n"));
929
930             if( local )
931               tty_printf(
932                          _("\nWARNING: the signature will not be marked "
933                            "as non-exportable.\n"));
934
935             if( nonrevocable )
936               tty_printf(
937                          _("\nWARNING: the signature will not be marked "
938                            "as non-revocable.\n"));
939           }
940         else
941           {
942             if( local )
943               tty_printf(
944                      _("\nThe signature will be marked as non-exportable.\n"));
945
946             if( nonrevocable )
947               tty_printf(
948                       _("\nThe signature will be marked as non-revocable.\n"));
949
950             switch(class)
951               {
952               case 0x11:
953                 tty_printf(_("\nI have not checked this key at all.\n"));
954                 break;
955
956               case 0x12:
957                 tty_printf(_("\nI have checked this key casually.\n"));
958                 break;
959
960               case 0x13:
961                 tty_printf(_("\nI have checked this key very carefully.\n"));
962                 break;
963               }
964           }
965
966         tty_printf("\n");
967
968         if( opt.batch && opt.answer_yes )
969           ;
970         else if( !cpr_get_answer_is_yes("sign_uid.okay", _("Really sign? ")) )
971             continue;
972
973         /* now we can sign the user ids */
974       reloop: /* (must use this, because we are modifing the list) */
975         primary_pk = NULL;
976         for( node=keyblock; node; node = node->next ) {
977             if( node->pkt->pkttype == PKT_PUBLIC_KEY )
978                 primary_pk = node->pkt->pkt.public_key;
979             else if( node->pkt->pkttype == PKT_USER_ID
980                      && (node->flag & NODFLG_MARK_A) ) {
981                 PACKET *pkt;
982                 PKT_signature *sig;
983                 struct sign_attrib attrib;
984
985                 assert( primary_pk );
986                 memset( &attrib, 0, sizeof attrib );
987                 attrib.non_exportable = local;
988                 attrib.non_revocable = nonrevocable;
989                 attrib.trust_depth = trust_depth;
990                 attrib.trust_value = trust_value;
991                 attrib.trust_regexp = trust_regexp;
992                 node->flag &= ~NODFLG_MARK_A;
993
994                 /* we force creation of a v4 signature for local
995                  * signatures, otherwise we would not generate the
996                  * subpacket with v3 keys and the signature becomes
997                  * exportable */
998
999                 if(selfsig)
1000                   rc = make_keysig_packet( &sig, primary_pk,
1001                                            node->pkt->pkt.user_id,
1002                                            NULL,
1003                                            sk,
1004                                            0x13, 0, force_v4?4:0, 0, 0,
1005                                            keygen_add_std_prefs, primary_pk);
1006                 else
1007                   rc = make_keysig_packet( &sig, primary_pk,
1008                                            node->pkt->pkt.user_id,
1009                                            NULL,
1010                                            sk,
1011                                            class, 0, force_v4?4:0,
1012                                            timestamp, duration,
1013                                            sign_mk_attrib, &attrib );
1014                 if( rc ) {
1015                     log_error(_("signing failed: %s\n"), g10_errstr(rc));
1016                     goto leave;
1017                 }
1018
1019                 *ret_modified = 1; /* we changed the keyblock */
1020                 update_trust = 1;
1021
1022                 pkt = m_alloc_clear( sizeof *pkt );
1023                 pkt->pkttype = PKT_SIGNATURE;
1024                 pkt->pkt.signature = sig;
1025                 insert_kbnode( node, new_kbnode(pkt), PKT_SIGNATURE );
1026                 goto reloop;
1027             }
1028         }
1029
1030         /* Delete any sigs that got promoted */
1031         for( node=keyblock; node; node = node->next )
1032           if( node->flag & NODFLG_DELSIG)
1033             delete_kbnode(node);
1034     } /* end loop over signators */
1035
1036   leave:
1037     release_sk_list( sk_list );
1038     if( sk )
1039         free_secret_key(sk);
1040     return rc;
1041 }
1042
1043
1044
1045 /****************
1046  * Change the passphrase of the primary and all secondary keys.
1047  * We use only one passphrase for all keys.
1048  */
1049 static int
1050 change_passphrase( KBNODE keyblock )
1051 {
1052     int rc = 0;
1053     int changed=0;
1054     KBNODE node;
1055     PKT_secret_key *sk;
1056     char *passphrase = NULL;
1057     int no_primary_secrets = 0;
1058
1059     node = find_kbnode( keyblock, PKT_SECRET_KEY );
1060     if( !node ) {
1061         log_error("Oops; secret key not found anymore!\n");
1062         goto leave;
1063     }
1064     sk = node->pkt->pkt.secret_key;
1065
1066     switch( is_secret_key_protected( sk ) ) {
1067       case -1:
1068         rc = G10ERR_PUBKEY_ALGO;
1069         break;
1070       case 0:
1071         tty_printf(_("This key is not protected.\n"));
1072         break;
1073       default:
1074         if( sk->protect.s2k.mode == 1001 ) {
1075             tty_printf(_("Secret parts of primary key are not available.\n"));
1076             no_primary_secrets = 1;
1077         }
1078         else {
1079             tty_printf(_("Key is protected.\n"));
1080             rc = check_secret_key( sk, 0 );
1081             if( !rc )
1082                 passphrase = get_last_passphrase();
1083         }
1084         break;
1085     }
1086
1087     /* unprotect all subkeys (use the supplied passphrase or ask)*/
1088     for(node=keyblock; !rc && node; node = node->next ) {
1089         if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1090             PKT_secret_key *subsk = node->pkt->pkt.secret_key;
1091             set_next_passphrase( passphrase );
1092             rc = check_secret_key( subsk, 0 );
1093             if( !rc && !passphrase )
1094                 passphrase = get_last_passphrase();
1095         }
1096     }
1097
1098     if( rc )
1099         tty_printf(_("Can't edit this key: %s\n"), g10_errstr(rc));
1100     else {
1101         DEK *dek = NULL;
1102         STRING2KEY *s2k = m_alloc_secure( sizeof *s2k );
1103         const char *errtext = NULL;
1104
1105         tty_printf(_("Enter the new passphrase for this secret key.\n\n") );
1106
1107         set_next_passphrase( NULL );
1108         for(;;) {
1109             s2k->mode = opt.s2k_mode;
1110             s2k->hash_algo = S2K_DIGEST_ALGO;
1111             dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo,
1112                                      s2k, 2, errtext, NULL);
1113             if( !dek ) {
1114                 errtext = N_("passphrase not correctly repeated; try again");
1115                 tty_printf ("%s.\n", _(errtext));
1116             }
1117             else if( !dek->keylen ) {
1118                 rc = 0;
1119                 tty_printf(_( "You don't want a passphrase -"
1120                             " this is probably a *bad* idea!\n\n"));
1121                 if( cpr_get_answer_is_yes("change_passwd.empty.okay",
1122                                _("Do you really want to do this? ")))
1123                   {
1124                     changed++;
1125                     break;
1126                   }
1127             }
1128             else { /* okay */
1129                 rc = 0;
1130                 if( !no_primary_secrets ) {
1131                     sk->protect.algo = dek->algo;
1132                     sk->protect.s2k = *s2k;
1133                     rc = protect_secret_key( sk, dek );
1134                 }
1135                 for(node=keyblock; !rc && node; node = node->next ) {
1136                     if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1137                         PKT_secret_key *subsk = node->pkt->pkt.secret_key;
1138                         subsk->protect.algo = dek->algo;
1139                         subsk->protect.s2k = *s2k;
1140                         rc = protect_secret_key( subsk, dek );
1141                     }
1142                 }
1143                 if( rc )
1144                     log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );
1145                 else
1146                     changed++;
1147                 break;
1148             }
1149         }
1150         m_free(s2k);
1151         m_free(dek);
1152     }
1153
1154   leave:
1155     m_free( passphrase );
1156     set_next_passphrase( NULL );
1157     return changed && !rc;
1158 }
1159
1160
1161 /****************
1162  * There are some keys out (due to a bug in gnupg), where the sequence
1163  * of the packets is wrong.  This function fixes that.
1164  * Returns: true if the keyblock has been fixed.
1165  *
1166  * Note:  This function does not work if there is more than one user ID.
1167  */
1168 static int
1169 fix_keyblock( KBNODE keyblock )
1170 {
1171     KBNODE node, last, subkey;
1172     int fixed=0;
1173
1174     /* locate key signatures of class 0x10..0x13 behind sub key packets */
1175     for( subkey=last=NULL, node = keyblock; node;
1176                                             last=node, node = node->next ) {
1177         switch( node->pkt->pkttype ) {
1178           case PKT_PUBLIC_SUBKEY:
1179           case PKT_SECRET_SUBKEY:
1180             if( !subkey )
1181                 subkey = last; /* actually it is the one before the subkey */
1182             break;
1183           case PKT_SIGNATURE:
1184             if( subkey ) {
1185                 PKT_signature *sig = node->pkt->pkt.signature;
1186                 if( sig->sig_class >= 0x10 && sig->sig_class <= 0x13 ) {
1187                     log_info(_(
1188                         "moving a key signature to the correct place\n"));
1189                     last->next = node->next;
1190                     node->next = subkey->next;
1191                     subkey->next = node;
1192                     node = last;
1193                     fixed=1;
1194                 }
1195             }
1196             break;
1197           default: break;
1198         }
1199     }
1200
1201     return fixed;
1202 }
1203
1204 /****************
1205  * Menu driven key editor.  If seckey_check is true, then a secret key
1206  * that matches username will be looked for.  If it is false, not all
1207  * commands will be available.
1208  *
1209  * Note: to keep track of some selection we use node->mark MARKBIT_xxxx.
1210  */
1211
1212 void
1213 keyedit_menu( const char *username, STRLIST locusr,
1214               STRLIST commands, int quiet, int seckey_check )
1215 {
1216     enum cmdids { cmdNONE = 0,
1217            cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
1218            cmdTSIGN, cmdLSIGN, cmdNRSIGN, cmdNRLSIGN, cmdREVSIG, cmdREVKEY,
1219            cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG, cmdSAVE, cmdADDUID,
1220            cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY, cmdADDREVOKER,
1221            cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE,
1222            cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF, cmdSETPREF, cmdUPDPREF,
1223            cmdPREFKS, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, cmdCHKTRUST,
1224            cmdADDCARDKEY, cmdKEYTOCARD,
1225    cmdNOP };
1226     static struct { const char *name;
1227                     enum cmdids id;
1228                     int need_sk;
1229                     int not_with_sk;  /* but 2 == must use SK */
1230                     const char *desc;
1231                   } cmds[] = { 
1232         { N_("quit")    , cmdQUIT      , 0,0, N_("quit this menu") },
1233         { N_("q")       , cmdQUIT      , 0,0, NULL   },
1234         { N_("save")    , cmdSAVE      , 0,0, N_("save and quit") },
1235         { N_("help")    , cmdHELP      , 0,0, N_("show this help") },
1236         {    "?"        , cmdHELP      , 0,0, NULL   },
1237         { N_("fpr")     , cmdFPR       , 0,0, N_("show fingerprint") },
1238         { N_("list")    , cmdLIST      , 0,0, N_("list key and user IDs") },
1239         { N_("l")       , cmdLIST      , 0,0, NULL   },
1240         { N_("uid")     , cmdSELUID    , 0,0, N_("select user ID N") },
1241         { N_("key")     , cmdSELKEY    , 0,0, N_("select secondary key N") },
1242         { N_("check")   , cmdCHECK     , 0,0, N_("list signatures") },
1243         { N_("c")       , cmdCHECK     , 0,0, NULL },
1244         { N_("sign")    , cmdSIGN      , 0,1, N_("sign the key") },
1245         { N_("s")       , cmdSIGN      , 0,1, NULL },
1246         { N_("tsign")   , cmdTSIGN     , 0,1, N_("make a trust signature")},
1247         { N_("lsign")   , cmdLSIGN     , 0,1, N_("sign the key locally") },
1248         { N_("nrsign")  , cmdNRSIGN    , 0,1, N_("sign the key non-revocably") },
1249         { N_("nrlsign") , cmdNRLSIGN   , 0,1, N_("sign the key locally and non-revocably") },
1250         { N_("debug")   , cmdDEBUG     , 0,0, NULL },
1251         { N_("adduid")  , cmdADDUID    , 1,1, N_("add a user ID") },
1252         { N_("addphoto"), cmdADDPHOTO  , 1,1, N_("add a photo ID") },
1253         { N_("deluid")  , cmdDELUID    , 0,1, N_("delete user ID") },
1254         /* delphoto is really deluid in disguise */
1255         { N_("delphoto"), cmdDELUID    , 0,1, NULL },
1256         { N_("addkey")  , cmdADDKEY    , 1,1, N_("add a secondary key") },
1257 #ifdef ENABLE_CARD_SUPPORT
1258         { N_("addcardkey"), cmdADDCARDKEY , 1,1, N_("add a key to a smartcard") },
1259         { N_("keytocard"), cmdKEYTOCARD , 1,2, N_("move a key to a smartcard")},
1260 #endif /*ENABLE_CARD_SUPPORT*/
1261         { N_("delkey")  , cmdDELKEY    , 0,1, N_("delete a secondary key") },
1262         { N_("addrevoker"),cmdADDREVOKER,1,1, N_("add a revocation key") },
1263         { N_("delsig")  , cmdDELSIG    , 0,1, N_("delete signatures") },
1264         { N_("expire")  , cmdEXPIRE    , 1,1, N_("change the expire date") },
1265         { N_("primary") , cmdPRIMARY   , 1,1, N_("flag user ID as primary")},
1266         { N_("toggle")  , cmdTOGGLE    , 1,0, N_("toggle between secret "
1267                                                  "and public key listing") },
1268         { N_("t"     )  , cmdTOGGLE    , 1,0, NULL },
1269         { N_("pref")    , cmdPREF      , 0,1, N_("list preferences (expert)")},
1270         { N_("showpref"), cmdSHOWPREF  , 0,1, N_("list preferences (verbose)") },
1271         { N_("setpref") , cmdSETPREF   , 1,1, N_("set preference list") },
1272         { N_("updpref") , cmdUPDPREF   , 1,1, N_("updated preferences") },
1273         { N_("keyserver"),cmdPREFKS    , 1,1, N_("set preferred keyserver URL")},
1274         { N_("passwd")  , cmdPASSWD    , 1,1, N_("change the passphrase") },
1275         { N_("trust")   , cmdTRUST     , 0,1, N_("change the ownertrust") },
1276         { N_("revsig")  , cmdREVSIG    , 0,1, N_("revoke signatures") },
1277         { N_("revuid")  , cmdREVUID    , 1,1, N_("revoke a user ID") },
1278         { N_("revkey")  , cmdREVKEY    , 1,1, N_("revoke a secondary key") },
1279         { N_("disable") , cmdDISABLEKEY, 0,1, N_("disable a key") },
1280         { N_("enable")  , cmdENABLEKEY , 0,1, N_("enable a key") },
1281         { N_("showphoto"),cmdSHOWPHOTO , 0,0, N_("show photo ID") },
1282         { NULL, cmdNONE, 0, 0, NULL } };
1283     enum cmdids cmd = 0;
1284     int rc = 0;
1285     KBNODE keyblock = NULL;
1286     KEYDB_HANDLE kdbhd = NULL;
1287     KBNODE sec_keyblock = NULL;
1288     KEYDB_HANDLE sec_kdbhd = NULL;
1289     KBNODE cur_keyblock;
1290     char *answer = NULL;
1291     int redisplay = 1;
1292     int modified = 0;
1293     int sec_modified = 0;
1294     int toggle;
1295     int have_commands = !!commands;
1296
1297     if ( opt.command_fd != -1 )
1298         ;
1299     else if( opt.batch && !have_commands  ) {
1300         log_error(_("can't do that in batchmode\n"));
1301         goto leave;
1302     }
1303
1304     /* get the public key */
1305     rc = get_pubkey_byname (NULL, username, &keyblock, &kdbhd, 1);
1306     if( rc )
1307         goto leave;
1308     if( fix_keyblock( keyblock ) )
1309         modified++;
1310     if( collapse_uids( &keyblock ) )
1311         modified++;
1312     reorder_keyblock(keyblock);
1313
1314     if(seckey_check)
1315       {/* see whether we have a matching secret key */
1316         PKT_public_key *pk = keyblock->pkt->pkt.public_key;
1317
1318         sec_kdbhd = keydb_new (1);
1319         {
1320             byte afp[MAX_FINGERPRINT_LEN];
1321             size_t an;
1322
1323             fingerprint_from_pk (pk, afp, &an);
1324             while (an < MAX_FINGERPRINT_LEN) 
1325                 afp[an++] = 0;
1326             rc = keydb_search_fpr (sec_kdbhd, afp);
1327         }
1328         if (!rc) {
1329             rc = keydb_get_keyblock (sec_kdbhd, &sec_keyblock);
1330             if (rc) {
1331                 log_error (_("error reading secret keyblock `%s': %s\n"),
1332                                                 username, g10_errstr(rc));
1333             }
1334             else {
1335                 merge_keys_and_selfsig( sec_keyblock );
1336                 if( fix_keyblock( sec_keyblock ) )
1337                     sec_modified++;
1338             }
1339         }
1340
1341         if (rc) {
1342             sec_keyblock = NULL;
1343             keydb_release (sec_kdbhd); sec_kdbhd = NULL;
1344             rc = 0;
1345         }
1346
1347         if( sec_keyblock && !quiet )
1348           tty_printf(_("Secret key is available.\n"));
1349     }
1350
1351     toggle = 0;
1352     cur_keyblock = keyblock;
1353     for(;;) { /* main loop */
1354         int i, arg_number, photo;
1355         const char *arg_string = "";
1356         char *p;
1357         PKT_public_key *pk=keyblock->pkt->pkt.public_key;
1358
1359         tty_printf("\n");
1360         if( redisplay && !quiet )
1361           {
1362             show_key_with_all_names( cur_keyblock, 0, 1, 0, 1, 0 );
1363             tty_printf("\n");
1364             redisplay = 0;
1365           }
1366         do {
1367             m_free(answer);
1368             if( have_commands ) {
1369                 if( commands ) {
1370                     answer = m_strdup( commands->d );
1371                     commands = commands->next;
1372                 }
1373                 else if( opt.batch ) {
1374                     answer = m_strdup("quit");
1375                 }
1376                 else
1377                     have_commands = 0;
1378             }
1379             if( !have_commands ) {
1380                 answer = cpr_get_no_help("keyedit.prompt", _("Command> "));
1381                 cpr_kill_prompt();
1382             }
1383             trim_spaces(answer);
1384         } while( *answer == '#' );
1385
1386         arg_number = 0; /* Yes, here is the init which egcc complains about */
1387         photo = 0; /* This too */
1388         if( !*answer )
1389             cmd = cmdLIST;
1390         else if( *answer == CONTROL_D )
1391             cmd = cmdQUIT;
1392         else if( digitp(answer ) ) {
1393             cmd = cmdSELUID;
1394             arg_number = atoi(answer);
1395         }
1396         else {
1397             if( (p=strchr(answer,' ')) ) {
1398                 *p++ = 0;
1399                 trim_spaces(answer);
1400                 trim_spaces(p);
1401                 arg_number = atoi(p);
1402                 arg_string = p;
1403             }
1404
1405             for(i=0; cmds[i].name; i++ ) {
1406                 if( !ascii_strcasecmp( answer, cmds[i].name ) )
1407                     break;
1408             }
1409             if( cmds[i].need_sk && !sec_keyblock ) {
1410                 tty_printf(_("Need the secret key to do this.\n"));
1411                 cmd = cmdNOP;
1412             }
1413             else if(  (cmds[i].not_with_sk == 1 && sec_keyblock && toggle)
1414                     ||(cmds[i].not_with_sk == 2 && sec_keyblock && !toggle)) {
1415                 tty_printf(_("Please use the command \"toggle\" first.\n"));
1416                 cmd = cmdNOP;
1417             }
1418             else
1419                 cmd = cmds[i].id;
1420         }
1421         switch( cmd )  {
1422           case cmdHELP:
1423             for(i=0; cmds[i].name; i++ ) {
1424               if( cmds[i].need_sk && !sec_keyblock )
1425                 ; /* skip if we do not have the secret key */
1426               else if( cmds[i].desc )
1427                 tty_printf("%-10s %s\n", cmds[i].name, _(cmds[i].desc) );
1428             }
1429             break;
1430
1431           case cmdLIST:
1432             redisplay = 1;
1433             break;
1434
1435           case cmdFPR:
1436             show_key_and_fingerprint( keyblock );
1437             break;
1438
1439           case cmdSELUID:
1440             if( menu_select_uid( cur_keyblock, arg_number ) )
1441                 redisplay = 1;
1442             break;
1443
1444           case cmdSELKEY:
1445             if( menu_select_key( cur_keyblock, arg_number ) )
1446                 redisplay = 1;
1447             break;
1448
1449           case cmdCHECK:
1450             /* we can only do this with the public key becuase the
1451              * check functions can't cope with secret keys and it
1452              * is questionable whether this would make sense at all */
1453             check_all_keysigs( keyblock, count_selected_uids(keyblock) );
1454             break;
1455
1456           case cmdSIGN: /* sign (only the public key) */
1457           case cmdLSIGN: /* sign (only the public key) */
1458           case cmdNRSIGN: /* sign (only the public key) */
1459           case cmdNRLSIGN: /* sign (only the public key) */
1460           case cmdTSIGN:
1461             if( pk->is_revoked )
1462               {
1463                 tty_printf(_("Key is revoked."));
1464
1465                 if(opt.expert)
1466                   {
1467                     tty_printf("  ");
1468                     if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
1469                                               _("Are you sure you still want "
1470                                                 "to sign it? (y/N) ")))
1471                       break;
1472                   }
1473                 else
1474                   {
1475                     tty_printf(_("  Unable to sign.\n"));
1476                     break;
1477                   }
1478               }
1479
1480             if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {
1481                 if( !cpr_get_answer_is_yes("keyedit.sign_all.okay",
1482                                            _("Really sign all user IDs? ")) ) {
1483                     tty_printf(_("Hint: Select the user IDs to sign\n"));
1484                     break;
1485                 }
1486             }
1487
1488             sign_uids( keyblock, locusr, &modified,
1489                        (cmd == cmdLSIGN) || (cmd == cmdNRLSIGN),
1490                        (cmd == cmdNRSIGN) || (cmd==cmdNRLSIGN),
1491                        (cmd == cmdTSIGN));
1492             break;
1493
1494           case cmdDEBUG:
1495             dump_kbnode( cur_keyblock );
1496             break;
1497
1498           case cmdTOGGLE:
1499             toggle = !toggle;
1500             cur_keyblock = toggle? sec_keyblock : keyblock;
1501             redisplay = 1;
1502             break;
1503
1504           case cmdADDPHOTO:
1505             if (RFC2440 || RFC1991 || PGP2)
1506               {
1507                 tty_printf(
1508                    _("This command is not allowed while in %s mode.\n"),
1509                    RFC2440?"OpenPGP":PGP2?"PGP2":"RFC-1991");
1510                 break;
1511               }
1512             photo=1;
1513             /* fall through */
1514
1515           case cmdADDUID:
1516             if( menu_adduid( keyblock, sec_keyblock, photo ) )
1517               {
1518                 update_trust = 1;
1519                 redisplay = 1;
1520                 sec_modified = modified = 1;
1521                 merge_keys_and_selfsig( sec_keyblock );
1522                 merge_keys_and_selfsig( keyblock );
1523               }
1524             break;
1525
1526           case cmdDELUID: {
1527                 int n1;
1528
1529                 if( !(n1=count_selected_uids(keyblock)) )
1530                     tty_printf(_("You must select at least one user ID.\n"));
1531                 else if( real_uids_left(keyblock) < 1 )
1532                     tty_printf(_("You can't delete the last user ID!\n"));
1533                 else if( cpr_get_answer_is_yes(
1534                             "keyedit.remove.uid.okay",
1535                         n1 > 1? _("Really remove all selected user IDs? ")
1536                               : _("Really remove this user ID? ")
1537                        ) ) {
1538                     menu_deluid( keyblock, sec_keyblock );
1539                     redisplay = 1;
1540                     modified = 1;
1541                     if( sec_keyblock )
1542                        sec_modified = 1;
1543                 }
1544             }
1545             break;
1546
1547           case cmdDELSIG: {
1548                 int n1;
1549
1550                 if( !(n1=count_selected_uids(keyblock)) )
1551                     tty_printf(_("You must select at least one user ID.\n"));
1552                 else if( menu_delsig( keyblock ) ) {
1553                     /* no redisplay here, because it may scroll away some
1554                      * status output of delsig */
1555                     modified = 1;
1556                 }
1557             }
1558             break;
1559
1560           case cmdADDKEY:
1561             if( generate_subkeypair( keyblock, sec_keyblock ) ) {
1562                 redisplay = 1;
1563                 sec_modified = modified = 1;
1564                 merge_keys_and_selfsig( sec_keyblock );
1565                 merge_keys_and_selfsig( keyblock );
1566             }
1567             break;
1568
1569 #ifdef ENABLE_CARD_SUPPORT
1570           case cmdADDCARDKEY:
1571             if (card_generate_subkey (keyblock, sec_keyblock)) {
1572                 redisplay = 1;
1573                 sec_modified = modified = 1;
1574                 merge_keys_and_selfsig( sec_keyblock );
1575                 merge_keys_and_selfsig( keyblock );
1576             }
1577             break;
1578
1579         case cmdKEYTOCARD:
1580           {
1581             KBNODE node=NULL;
1582             switch ( count_selected_keys (sec_keyblock) )
1583               {
1584               case 0:
1585                 if (cpr_get_answer_is_yes("keyedit.keytocard.use_primary",
1586                                           _("Really move the primary key? ")))
1587                   node = sec_keyblock;
1588                 break;
1589               case 1:
1590                 for (node = sec_keyblock; node; node = node->next )
1591                   {
1592                     if (node->pkt->pkttype == PKT_SECRET_SUBKEY 
1593                         && node->flag & NODFLG_SELKEY)
1594                       break;
1595                   }
1596                 break;
1597               default:
1598                 tty_printf(_("You must select exactly one key.\n"));
1599                 break;
1600               }
1601             if (node)
1602               {
1603                 PKT_public_key *xxpk = find_pk_from_sknode (keyblock, node);
1604                 if (card_store_subkey (node, xxpk?xxpk->pubkey_usage:0))
1605                   {
1606                     redisplay = 1;
1607                     sec_modified = 1;
1608                   }
1609               }
1610           }
1611           break;
1612 #endif /* ENABLE_CARD_SUPPORT */
1613
1614           case cmdDELKEY: {
1615                 int n1;
1616
1617                 if( !(n1=count_selected_keys( keyblock )) )
1618                     tty_printf(_("You must select at least one key.\n"));
1619                 else if( !cpr_get_answer_is_yes( "keyedit.remove.subkey.okay",
1620                        n1 > 1?
1621                         _("Do you really want to delete the selected keys? "):
1622                         _("Do you really want to delete this key? ")
1623                        ))
1624                     ;
1625                 else {
1626                     menu_delkey( keyblock, sec_keyblock );
1627                     redisplay = 1;
1628                     modified = 1;
1629                     if( sec_keyblock )
1630                        sec_modified = 1;
1631                 }
1632             }
1633             break;
1634
1635           case cmdADDREVOKER:
1636             {
1637               int sensitive=0;
1638
1639               if(arg_string && ascii_strcasecmp(arg_string,"sensitive")==0)
1640                 sensitive=1;
1641               if( menu_addrevoker( keyblock, sec_keyblock, sensitive ) ) {
1642                 redisplay = 1;
1643                 sec_modified = modified = 1;
1644                 merge_keys_and_selfsig( sec_keyblock );
1645                 merge_keys_and_selfsig( keyblock );
1646               }
1647             }
1648             break;
1649
1650           case cmdREVUID: {
1651                 int n1;
1652
1653                 if( !(n1=count_selected_uids(keyblock)) )
1654                     tty_printf(_("You must select at least one user ID.\n"));
1655                 else if( cpr_get_answer_is_yes(
1656                             "keyedit.revoke.uid.okay",
1657                         n1 > 1? _("Really revoke all selected user IDs? ")
1658                               : _("Really revoke this user ID? ")
1659                        ) ) {
1660                   if(menu_revuid(keyblock,sec_keyblock))
1661                     {
1662                       modified=1;
1663                       redisplay=1;
1664                     }
1665                 }
1666             }
1667             break;
1668
1669           case cmdREVKEY: {
1670                 int n1;
1671
1672                 if( !(n1=count_selected_keys( keyblock )) )
1673                     tty_printf(_("You must select at least one key.\n"));
1674                 else if( sec_keyblock && !cpr_get_answer_is_yes(
1675                             "keyedit.revoke.subkey.okay",
1676                        n1 > 1?
1677                         _("Do you really want to revoke the selected keys? "):
1678                         _("Do you really want to revoke this key? ")
1679                        ))
1680                     ;
1681                 else {
1682                     if( menu_revkey( keyblock, sec_keyblock ) ) {
1683                         modified = 1;
1684                         /*sec_modified = 1;*/
1685                     }
1686                     redisplay = 1;
1687                 }
1688             }
1689             break;
1690
1691           case cmdEXPIRE:
1692             if( menu_expire( keyblock, sec_keyblock ) ) {
1693                 merge_keys_and_selfsig( sec_keyblock );
1694                 merge_keys_and_selfsig( keyblock );
1695                 sec_modified = 1;
1696                 modified = 1;
1697                 redisplay = 1;
1698             }
1699             break;
1700
1701           case cmdPRIMARY:
1702             if( menu_set_primary_uid ( keyblock, sec_keyblock ) ) {
1703                 merge_keys_and_selfsig( keyblock );
1704                 modified = 1;
1705                 redisplay = 1;
1706             }
1707             break;
1708
1709           case cmdPASSWD:
1710             if( change_passphrase( sec_keyblock ) )
1711                 sec_modified = 1;
1712             break;
1713
1714           case cmdTRUST:
1715             if(opt.trust_model==TM_EXTERNAL)
1716               {
1717                 tty_printf(_("Owner trust may not be set while "
1718                              "using an user provided trust database\n"));
1719                 break;
1720               }
1721
1722             show_key_with_all_names( keyblock, 0, 0, 0, 1, 0 );
1723             tty_printf("\n");
1724             if( edit_ownertrust( find_kbnode( keyblock,
1725                                  PKT_PUBLIC_KEY )->pkt->pkt.public_key, 1 ) ) {
1726                 redisplay = 1;
1727                 /* No real need to set update_trust here as
1728                    edit_ownertrust() calls revalidation_mark()
1729                    anyway. */
1730                 update_trust=1;
1731             }
1732             break;
1733
1734           case cmdPREF:
1735             show_key_with_all_names( keyblock, 0, 0, 0, 0, 1 );
1736             break;
1737
1738           case cmdSHOWPREF:
1739             show_key_with_all_names( keyblock, 0, 0, 0, 0, 2 );
1740             break;
1741
1742           case cmdSETPREF:
1743             keygen_set_std_prefs ( !*arg_string? "default" : arg_string, 0);
1744             break;
1745
1746           case cmdUPDPREF: 
1747             {
1748               PKT_user_id *temp=keygen_get_std_prefs();
1749               tty_printf(_("Set preference list to:\n"));
1750               show_prefs(temp,NULL,1);
1751               m_free(temp);
1752             }
1753             if (cpr_get_answer_is_yes ("keyedit.updpref.okay",
1754                                         count_selected_uids (keyblock)?
1755                                         _("Really update the preferences"
1756                                           " for the selected user IDs? "):
1757                                        _("Really update the preferences? "))){
1758
1759                 if ( menu_set_preferences (keyblock, sec_keyblock) ) {
1760                     merge_keys_and_selfsig (keyblock);
1761                     modified = 1;
1762                     redisplay = 1;
1763                 }
1764             }
1765             break;
1766
1767           case cmdPREFKS:
1768             if( menu_set_keyserver_url ( *arg_string?arg_string:NULL,
1769                                          keyblock, sec_keyblock ) )
1770               {
1771                 merge_keys_and_selfsig( keyblock );
1772                 modified = 1;
1773                 redisplay = 1;
1774               }
1775             break;
1776
1777           case cmdNOP:
1778             break;
1779
1780           case cmdREVSIG:
1781             if( menu_revsig( keyblock ) ) {
1782                 redisplay = 1;
1783                 modified = 1;
1784             }
1785             break;
1786
1787           case cmdENABLEKEY:
1788           case cmdDISABLEKEY:
1789             if( enable_disable_key( keyblock, cmd == cmdDISABLEKEY ) ) {
1790                 redisplay = 1;
1791                 modified = 1;
1792             }
1793             break;
1794
1795          case cmdSHOWPHOTO:
1796            menu_showphoto(keyblock);
1797            break;
1798
1799           case cmdQUIT:
1800             if( have_commands )
1801                 goto leave;
1802             if( !modified && !sec_modified )
1803                 goto leave;
1804             if( !cpr_get_answer_is_yes("keyedit.save.okay",
1805                                         _("Save changes? ")) ) {
1806                 if( cpr_enabled()
1807                     || cpr_get_answer_is_yes("keyedit.cancel.okay",
1808                                              _("Quit without saving? ")) )
1809                     goto leave;
1810                 break;
1811             }
1812             /* fall thru */
1813           case cmdSAVE:
1814             if( modified || sec_modified  ) {
1815                 if( modified ) {
1816                     rc = keydb_update_keyblock (kdbhd, keyblock);
1817                     if( rc ) {
1818                         log_error(_("update failed: %s\n"), g10_errstr(rc) );
1819                         break;
1820                     }
1821                 }
1822                 if( sec_modified ) {
1823                     rc = keydb_update_keyblock (sec_kdbhd, sec_keyblock );
1824                     if( rc ) {
1825                         log_error( _("update secret failed: %s\n"),
1826                                    g10_errstr(rc) );
1827                         break;
1828                     }
1829                 }
1830             }
1831             else
1832                 tty_printf(_("Key not changed so no update needed.\n"));
1833
1834             if( update_trust )
1835               {
1836                 revalidation_mark ();
1837                 update_trust=0;
1838               }
1839             goto leave;
1840
1841           case cmdINVCMD:
1842           default:
1843             tty_printf("\n");
1844             tty_printf(_("Invalid command  (try \"help\")\n"));
1845             break;
1846         }
1847     } /* end main loop */
1848
1849   leave:
1850     release_kbnode( keyblock );
1851     release_kbnode( sec_keyblock );
1852     keydb_release (kdbhd);
1853     m_free(answer);
1854 }
1855
1856
1857 /****************
1858  * show preferences of a public keyblock.
1859  */
1860 static void
1861 show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
1862 {
1863     const prefitem_t fake={0,0};
1864     const prefitem_t *prefs;
1865     int i;
1866
1867     if( !uid )
1868         return;
1869
1870     if( uid->prefs )
1871         prefs=uid->prefs;
1872     else if(verbose)
1873         prefs=&fake;
1874     else
1875       return;
1876
1877     if (verbose) {
1878         int any, des_seen=0, sha1_seen=0, uncomp_seen=0;
1879         const byte *pref_ks;
1880         size_t pref_ks_len;
1881
1882         tty_printf ("     ");
1883         tty_printf (_("Cipher: "));
1884         for(i=any=0; prefs[i].type; i++ ) {
1885             if( prefs[i].type == PREFTYPE_SYM ) {
1886                 const char *s = cipher_algo_to_string (prefs[i].value);
1887                 
1888                 if (any)
1889                     tty_printf (", ");
1890                 any = 1;
1891                 /* We don't want to display strings for experimental algos */
1892                 if (s && prefs[i].value < 100 )
1893                     tty_printf ("%s", s );
1894                 else
1895                     tty_printf ("[%d]", prefs[i].value);
1896                 if (prefs[i].value == CIPHER_ALGO_3DES )
1897                     des_seen = 1;
1898             }    
1899         }
1900         if (!des_seen) {
1901             if (any)
1902                 tty_printf (", ");
1903             tty_printf ("%s",cipher_algo_to_string(CIPHER_ALGO_3DES));
1904         }
1905         tty_printf ("\n     ");
1906         tty_printf (_("Digest: "));
1907         for(i=any=0; prefs[i].type; i++ ) {
1908             if( prefs[i].type == PREFTYPE_HASH ) {
1909                 const char *s = digest_algo_to_string (prefs[i].value);
1910                 
1911                 if (any)
1912                     tty_printf (", ");
1913                 any = 1;
1914                 /* We don't want to display strings for experimental algos */
1915                 if (s && prefs[i].value < 100 )
1916                     tty_printf ("%s", s );
1917                 else
1918                     tty_printf ("[%d]", prefs[i].value);
1919                 if (prefs[i].value == DIGEST_ALGO_SHA1 )
1920                     sha1_seen = 1;
1921             }
1922         }
1923         if (!sha1_seen) {
1924             if (any)
1925                 tty_printf (", ");
1926             tty_printf ("%s",digest_algo_to_string(DIGEST_ALGO_SHA1));
1927         }
1928         tty_printf ("\n     ");
1929         tty_printf (_("Compression: "));
1930         for(i=any=0; prefs[i].type; i++ ) {
1931             if( prefs[i].type == PREFTYPE_ZIP ) {
1932                 const char *s=compress_algo_to_string(prefs[i].value);
1933                 
1934                 if (any)
1935                     tty_printf (", ");
1936                 any = 1;
1937                 /* We don't want to display strings for experimental algos */
1938                 if (s && prefs[i].value < 100 )
1939                     tty_printf ("%s", s );
1940                 else
1941                     tty_printf ("[%d]", prefs[i].value);
1942                 if (prefs[i].value == COMPRESS_ALGO_NONE )
1943                     uncomp_seen = 1;
1944             }
1945         }
1946         if (!uncomp_seen) {
1947             if (any)
1948                 tty_printf (", ");
1949             else {
1950               tty_printf ("%s",compress_algo_to_string(COMPRESS_ALGO_ZIP));
1951               tty_printf (", ");
1952             }
1953             tty_printf ("%s",compress_algo_to_string(COMPRESS_ALGO_NONE));
1954         }
1955         if(uid->mdc_feature || !uid->ks_modify)
1956           {
1957             tty_printf ("\n     ");
1958             tty_printf (_("Features: "));
1959             any=0;
1960             if(uid->mdc_feature)
1961               {
1962                 tty_printf ("MDC");
1963                 any=1;
1964               }
1965             if(!uid->ks_modify)
1966               {
1967                 if(any)
1968                   tty_printf (", ");
1969                 tty_printf (_("Keyserver no-modify"));
1970               }
1971           }
1972         tty_printf("\n");
1973
1974         pref_ks=parse_sig_subpkt(selfsig->hashed,
1975                                  SIGSUBPKT_PREF_KS,&pref_ks_len);
1976         if(pref_ks && pref_ks_len)
1977           {
1978             tty_printf ("     ");
1979             tty_printf(_("Preferred keyserver: "));
1980             tty_print_utf8_string(pref_ks,pref_ks_len);
1981             tty_printf("\n");
1982           }
1983     }
1984     else {
1985         tty_printf("    ");
1986         for(i=0; prefs[i].type; i++ ) {
1987             tty_printf( " %c%d", prefs[i].type == PREFTYPE_SYM   ? 'S' :
1988                                  prefs[i].type == PREFTYPE_HASH  ? 'H' :
1989                                  prefs[i].type == PREFTYPE_ZIP ? 'Z':'?',
1990                                  prefs[i].value);
1991         }
1992         if (uid->mdc_feature)
1993             tty_printf (" [mdc]");
1994         if (!uid->ks_modify)
1995             tty_printf (" [no-ks-modify]");
1996         tty_printf("\n");
1997     }
1998 }
1999
2000
2001 /* This is the version of show_key_with_all_names used when
2002    opt.with_colons is used.  It prints all available data in a easy to
2003    parse format and does not translate utf8 */
2004 static void
2005 show_key_with_all_names_colon (KBNODE keyblock)
2006 {
2007   KBNODE node;
2008   int i, j, ulti_hack=0;
2009   byte pk_version=0;
2010   PKT_public_key *primary=NULL;
2011
2012   /* the keys */
2013   for ( node = keyblock; node; node = node->next )
2014     {
2015       if (node->pkt->pkttype == PKT_PUBLIC_KEY
2016           || (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) )
2017         {
2018           PKT_public_key *pk = node->pkt->pkt.public_key;
2019           u32 keyid[2];
2020
2021           if (node->pkt->pkttype == PKT_PUBLIC_KEY)
2022             {
2023               pk_version = pk->version;
2024               primary=pk;
2025             }
2026
2027           keyid_from_pk (pk, keyid);
2028
2029           fputs (node->pkt->pkttype == PKT_PUBLIC_KEY?"pub:":"sub:", stdout);
2030           if (!pk->is_valid)
2031             putchar ('i');
2032           else if (pk->is_revoked)
2033             putchar ('r');
2034           else if (pk->has_expired)
2035             putchar ('e');
2036           else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks ))
2037             {
2038               int trust = get_validity_info (pk, NULL);
2039               if(trust=='u')
2040                 ulti_hack=1;
2041               putchar (trust);
2042             }
2043
2044           printf (":%u:%d:%08lX%08lX:%lu:%lu::",
2045                   nbits_from_pk (pk),
2046                   pk->pubkey_algo,
2047                   (ulong)keyid[0], (ulong)keyid[1],
2048                   (ulong)pk->timestamp,
2049                   (ulong)pk->expiredate );
2050           if (node->pkt->pkttype==PKT_PUBLIC_KEY
2051               && !(opt.fast_list_mode || opt.no_expensive_trust_checks ))
2052             putchar(get_ownertrust_info (pk));
2053           putchar(':');
2054           putchar('\n');
2055           
2056           print_fingerprint (pk, NULL, 0);
2057
2058           /* print the revoker record */
2059           if( !pk->revkey && pk->numrevkeys )
2060             BUG();
2061           else
2062             {
2063               for (i=0; i < pk->numrevkeys; i++)
2064                 {
2065                   byte *p;
2066
2067                   printf ("rvk:::%d::::::", pk->revkey[i].algid);
2068                   p = pk->revkey[i].fpr;
2069                   for (j=0; j < 20; j++, p++ )
2070                     printf ("%02X", *p);
2071                   printf (":%02x%s:\n", pk->revkey[i].class,
2072                           (pk->revkey[i].class&0x40)?"s":"");
2073                 }
2074             }
2075         }
2076     }
2077   
2078     /* the user ids */
2079     i = 0;
2080     for (node = keyblock; node; node = node->next) 
2081       {
2082         if ( node->pkt->pkttype == PKT_USER_ID )
2083           {
2084             PKT_user_id *uid = node->pkt->pkt.user_id;
2085
2086             ++i;
2087
2088             if(uid->attrib_data)
2089               printf("uat:");
2090             else
2091               printf("uid:");
2092
2093             if ( uid->is_revoked )
2094               printf("r::::::::");
2095             else if ( uid->is_expired )
2096               printf("e::::::::");
2097             else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
2098               printf("::::::::");
2099             else
2100               {
2101                 int uid_validity;
2102
2103                 if( primary && !ulti_hack )
2104                   uid_validity = get_validity_info( primary, uid );
2105                 else
2106                   uid_validity = 'u';
2107                 printf("%c::::::::",uid_validity);
2108               }
2109
2110             if(uid->attrib_data)
2111               printf ("%u %lu",uid->numattribs,uid->attrib_len);
2112             else
2113               print_string (stdout, uid->name, uid->len, ':');
2114
2115             putchar (':');
2116             /* signature class */
2117             putchar (':');
2118             /* capabilities */
2119             putchar (':');
2120             /* preferences */
2121             if (pk_version>3 || uid->selfsigversion>3)
2122               {
2123                 const prefitem_t *prefs = uid->prefs;
2124                 
2125                 for (j=0; prefs && prefs[j].type; j++)
2126                   {
2127                     if (j)
2128                       putchar (' ');
2129                     printf ("%c%d", prefs[j].type == PREFTYPE_SYM   ? 'S' :
2130                             prefs[j].type == PREFTYPE_HASH  ? 'H' :
2131                             prefs[j].type == PREFTYPE_ZIP ? 'Z':'?',
2132                             prefs[j].value);
2133                   } 
2134                 if (uid->mdc_feature)
2135                   printf (",mdc");
2136                 if (!uid->ks_modify)
2137                   printf (",no-ks-modify");
2138               } 
2139             putchar (':');
2140             /* flags */
2141             printf ("%d,", i);
2142             if (uid->is_primary)
2143               putchar ('p');
2144             if (uid->is_revoked)
2145               putchar ('r');
2146             if (uid->is_expired)
2147               putchar ('e');
2148             if ((node->flag & NODFLG_SELUID))
2149               putchar ('s');
2150             if ((node->flag & NODFLG_MARK_A))
2151               putchar ('m');
2152             putchar (':');
2153             putchar('\n');
2154           }
2155       }
2156 }
2157
2158
2159 /****************
2160  * Display the key a the user ids, if only_marked is true, do only
2161  * so for user ids with mark A flag set and dont display the index number
2162  */
2163 static void
2164 show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
2165                          int with_fpr, int with_subkeys, int with_prefs )
2166 {
2167     KBNODE node;
2168     int i;
2169     int do_warn = 0, indent=0;
2170     byte pk_version=0;
2171     PKT_public_key *primary=NULL;
2172
2173     if (opt.with_colons)
2174       {
2175         show_key_with_all_names_colon (keyblock);
2176         return;
2177       }
2178
2179     /* the keys */
2180     for( node = keyblock; node; node = node->next ) {
2181         if( node->pkt->pkttype == PKT_PUBLIC_KEY
2182             || (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY) ) {
2183             PKT_public_key *pk = node->pkt->pkt.public_key;
2184             const char *otrust="err",*trust="err";
2185
2186             if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
2187                 /* do it here, so that debug messages don't clutter the
2188                  * output */
2189                 static int did_warn = 0;
2190
2191                 trust = get_validity_string (pk, NULL);
2192                 otrust = get_ownertrust_string (pk);
2193
2194                 /* Show a warning once */
2195                 if (!did_warn
2196                     && (get_validity (pk, NULL) & TRUST_FLAG_PENDING_CHECK)) {
2197                     did_warn = 1;
2198                     do_warn = 1;
2199                 }
2200
2201                 pk_version=pk->version;
2202                 primary=pk;
2203             }
2204
2205             if(with_revoker) {
2206                 if( !pk->revkey && pk->numrevkeys )
2207                     BUG();
2208                 else
2209                     for(i=0;i<pk->numrevkeys;i++) {
2210                         u32 r_keyid[2];
2211                         char *user;
2212                         const char *algo=
2213                           pubkey_algo_to_string(pk->revkey[i].algid);
2214
2215                         keyid_from_fingerprint(pk->revkey[i].fpr,
2216                                                MAX_FINGERPRINT_LEN,r_keyid);
2217                         
2218                         user=get_user_id_string (r_keyid);
2219                         tty_printf (_("This key may be revoked by %s key "),
2220                                     algo?algo:"?");
2221                         tty_print_utf8_string (user, strlen (user));
2222                         if ((pk->revkey[i].class&0x40))
2223                           tty_printf (_(" (sensitive)"));
2224                         tty_printf ("\n");
2225                         m_free(user);
2226                       }
2227             }
2228
2229             keyid_from_pk(pk,NULL);
2230             tty_printf("%s%c %4u%c/%s  ",
2231                        node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
2232                        (node->flag & NODFLG_SELKEY)? '*':' ',
2233                        nbits_from_pk( pk ),
2234                        pubkey_letter( pk->pubkey_algo ),
2235                        keystr(pk->keyid));
2236
2237             tty_printf(_("created: %s"),datestr_from_pk(pk));
2238             tty_printf("  ");
2239             if(pk->is_revoked)
2240               tty_printf("%s: %s",_("revoked"),revokestr_from_pk(pk));
2241             else if(pk->has_expired)
2242               tty_printf("%s: %s",_("expired"),expirestr_from_pk(pk));
2243             else
2244               tty_printf("%s: %s",_("expires"),expirestr_from_pk(pk));
2245             tty_printf("  ");
2246             tty_printf(_("usage: %s"),usagestr_from_pk(pk));
2247             tty_printf("\n");
2248
2249             if( node->pkt->pkttype == PKT_PUBLIC_KEY )
2250               {
2251                 if(opt.trust_model!=TM_ALWAYS)
2252                   {
2253                     tty_printf("%*s",keystrlen()+13,"");
2254                     /* Ownertrust is only meaningful for the PGP or
2255                        classic trust models */
2256                     if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
2257                       {
2258                         int width=14-strlen(otrust);
2259                         if(width<=0)
2260                           width=1;
2261                         tty_printf(_("trust: %s"), otrust);
2262                         tty_printf("%*s",width,"");
2263                       }
2264                     
2265                     tty_printf(_("validity: %s"), trust );
2266                     tty_printf("\n");
2267                   }
2268                 if( node->pkt->pkttype == PKT_PUBLIC_KEY
2269                     && (get_ownertrust (pk)&TRUST_FLAG_DISABLED))
2270                   {
2271                     tty_printf("*** ");
2272                     tty_printf(_("This key has been disabled"));
2273                     tty_printf("\n");
2274                   }
2275               }
2276
2277             if( node->pkt->pkttype == PKT_PUBLIC_KEY && with_fpr )
2278               {
2279                 print_fingerprint ( pk, NULL, 2 );
2280                 tty_printf("\n");
2281               }
2282         }
2283         else if( node->pkt->pkttype == PKT_SECRET_KEY
2284             || (with_subkeys && node->pkt->pkttype == PKT_SECRET_SUBKEY) )
2285           {
2286             PKT_secret_key *sk = node->pkt->pkt.secret_key;
2287             tty_printf("%s%c %4u%c/%s  ",
2288                        node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
2289                        (node->flag & NODFLG_SELKEY)? '*':' ',
2290                        nbits_from_sk( sk ),
2291                        pubkey_letter( sk->pubkey_algo ),
2292                        keystr_from_sk(sk));
2293             tty_printf(_("created: %s"),datestr_from_sk(sk));
2294             tty_printf("  ");
2295             tty_printf("%s: %s",_("expires"),expirestr_from_sk(sk));
2296             tty_printf("\n");
2297             if (sk->is_protected && sk->protect.s2k.mode == 1002)
2298               {
2299                 tty_printf("                     ");
2300                 tty_printf(_("card-no: ")); 
2301                 if (sk->protect.ivlen == 16
2302                     && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
2303                   { /* This is an OpenPGP card. */
2304                     for (i=8; i < 14; i++)
2305                       {
2306                         if (i == 10)
2307                           tty_printf (" ");
2308                         tty_printf ("%02X", sk->protect.iv[i]);
2309                       }
2310                   }
2311                 else
2312                   { /* Something is wrong: Print all. */
2313                     for (i=0; i < sk->protect.ivlen; i++)
2314                       tty_printf ("%02X", sk->protect.iv[i]);
2315                   }
2316                 tty_printf ("\n");
2317               }
2318           }
2319     }
2320     
2321     /* the user ids */
2322
2323     for( node = keyblock; node; node = node->next )
2324       {
2325         if(node->pkt->pkttype == PKT_USER_ID
2326            && (node->pkt->pkt.user_id->is_revoked
2327                || node->pkt->pkt.user_id->is_expired))
2328           {
2329             indent=1;
2330             break;
2331           }
2332       }
2333
2334     i = 0;
2335     for( node = keyblock; node; node = node->next ) {
2336         if( node->pkt->pkttype == PKT_USER_ID ) {
2337             PKT_user_id *uid = node->pkt->pkt.user_id;
2338             ++i;
2339             if( !only_marked || (only_marked && (node->flag & NODFLG_MARK_A))){
2340                 if(uid->is_revoked)
2341                   tty_printf("[%8.8s] ",_("revoked"));
2342                 else if(uid->is_expired)
2343                   tty_printf("[%8.8s] ",_("expired"));
2344                 else if(opt.list_options&LIST_SHOW_UID_VALIDITY && primary)
2345                   tty_printf("[%8.8s] ",
2346                              trust_value_to_string(get_validity(primary,uid)));
2347                 else if(indent)
2348                   tty_printf("           ");
2349                 if( only_marked )
2350                    tty_printf("     ");
2351                 else if( node->flag & NODFLG_SELUID )
2352                    tty_printf("(%d)* ", i);
2353                 else if( uid->is_primary )
2354                    tty_printf("(%d). ", i);
2355                 else
2356                    tty_printf("(%d)  ", i);
2357                 tty_print_utf8_string( uid->name, uid->len );
2358                 tty_printf("\n");
2359                 if( with_prefs )
2360                   {
2361                     if(pk_version>3 || uid->selfsigversion>3)
2362                       {
2363                         PKT_signature *selfsig=NULL;
2364                         KBNODE signode;
2365
2366                         for(signode=node->next;
2367                             signode && signode->pkt->pkttype==PKT_SIGNATURE;
2368                             signode=signode->next)
2369                           {
2370                             if(signode->pkt->pkt.signature->
2371                                flags.chosen_selfsig)
2372                               {
2373                                 selfsig=signode->pkt->pkt.signature;
2374                                 break;
2375                               }
2376                           }
2377
2378                         show_prefs (uid, selfsig, with_prefs == 2);
2379                       }
2380                     else
2381                       tty_printf(_("There are no preferences on a "
2382                                    "PGP 2.x-style user ID.\n"));
2383                   }
2384             }
2385         }
2386     }
2387
2388     if (do_warn)
2389         tty_printf (_("Please note that the shown key validity "
2390                       "is not necessarily correct\n"
2391                       "unless you restart the program.\n")); 
2392 }
2393
2394
2395 /* Display basic key information.  This fucntion is suitable to show
2396    information on the key without any dependencies on the trustdb or
2397    any other internal GnuPG stuff.  KEYBLOCK may either be a public or
2398    a secret key.*/
2399 void
2400 show_basic_key_info ( KBNODE keyblock )
2401 {
2402   KBNODE node;
2403   int i;
2404
2405   /* The primary key */
2406   for (node = keyblock; node; node = node->next)
2407     {
2408       if (node->pkt->pkttype == PKT_PUBLIC_KEY)
2409         {
2410           PKT_public_key *pk = node->pkt->pkt.public_key;
2411           
2412           /* Note, we use the same format string as in other show
2413              functions to make the translation job easier. */
2414           tty_printf ("%s  %4u%c/%s  ",
2415                       node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
2416                       nbits_from_pk( pk ),
2417                       pubkey_letter( pk->pubkey_algo ),
2418                       keystr_from_pk(pk));
2419           tty_printf(_("created: %s"),datestr_from_pk(pk));
2420           tty_printf("  ");
2421           tty_printf("%s: %s",_("expires"),expirestr_from_pk(pk));
2422           tty_printf("\n");
2423           print_fingerprint ( pk, NULL, 3 );
2424           tty_printf("\n");
2425         }
2426       else if (node->pkt->pkttype == PKT_SECRET_KEY)
2427         {
2428           PKT_secret_key *sk = node->pkt->pkt.secret_key;
2429           tty_printf("%s  %4u%c/%s",
2430                      node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
2431                      nbits_from_sk( sk ),
2432                      pubkey_letter( sk->pubkey_algo ),
2433                      keystr_from_sk(sk));
2434           tty_printf(_("created: %s"),datestr_from_sk(sk));
2435           tty_printf("  ");
2436           tty_printf("%s: %s",_("expires"),expirestr_from_sk(sk));
2437           tty_printf("\n");
2438           print_fingerprint (NULL, sk, 3 );
2439           tty_printf("\n");
2440         }
2441     }
2442
2443   /* The user IDs. */
2444   for (i=0, node = keyblock; node; node = node->next)
2445     {
2446       if (node->pkt->pkttype == PKT_USER_ID)
2447         {
2448           PKT_user_id *uid = node->pkt->pkt.user_id;
2449           ++i;
2450      
2451           tty_printf ("     ");
2452           if (uid->is_revoked)
2453             tty_printf("[%s] ",_("revoked"));
2454           else if ( uid->is_expired )
2455             tty_printf("[%s] ",_("expired"));
2456           tty_print_utf8_string (uid->name, uid->len);
2457           tty_printf ("\n");
2458         }
2459     }
2460 }
2461
2462 static void
2463 show_key_and_fingerprint( KBNODE keyblock )
2464 {
2465   KBNODE node;
2466   PKT_public_key *pk = NULL;
2467
2468   for( node = keyblock; node; node = node->next )
2469     {
2470       if( node->pkt->pkttype == PKT_PUBLIC_KEY )
2471         {
2472           pk = node->pkt->pkt.public_key;
2473           tty_printf("pub   %4u%c/%s %s ",
2474                      nbits_from_pk( pk ),
2475                      pubkey_letter( pk->pubkey_algo ),
2476                      keystr_from_pk(pk),
2477                      datestr_from_pk(pk) );
2478         }
2479       else if( node->pkt->pkttype == PKT_USER_ID )
2480         {
2481           PKT_user_id *uid = node->pkt->pkt.user_id;
2482           tty_print_utf8_string( uid->name, uid->len );
2483           break;
2484         }
2485     }
2486   tty_printf("\n");
2487   if( pk )
2488     print_fingerprint( pk, NULL, 2 );
2489 }
2490
2491
2492 /* Show a warning if no uids on the key have the primary uid flag
2493    set. */
2494 static void
2495 no_primary_warning(KBNODE keyblock)
2496 {
2497   KBNODE node;
2498   int have_primary=0,uid_count=0;
2499
2500   /* TODO: if we ever start behaving differently with a primary or
2501      non-primary attribute ID, we will need to check for attributes
2502      here as well. */
2503
2504   for(node=keyblock; node; node = node->next)
2505     {
2506       if(node->pkt->pkttype==PKT_USER_ID
2507          && node->pkt->pkt.user_id->attrib_data==NULL)
2508         {
2509           uid_count++;
2510
2511           if(node->pkt->pkt.user_id->is_primary==2)
2512             {
2513               have_primary=1;
2514               break;
2515             }
2516         }
2517     }
2518
2519   if(uid_count>1 && !have_primary)
2520     log_info(_("WARNING: no user ID has been marked as primary.  This command"
2521                " may\n              cause a different user ID to become"
2522                " the assumed primary.\n"));
2523 }
2524
2525 /****************
2526  * Ask for a new user id, do the selfsignature and put it into
2527  * both keyblocks.
2528  * Return true if there is a new user id
2529  */
2530 static int
2531 menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
2532 {
2533     PKT_user_id *uid;
2534     PKT_public_key *pk=NULL;
2535     PKT_secret_key *sk=NULL;
2536     PKT_signature *sig=NULL;
2537     PACKET *pkt;
2538     KBNODE node;
2539     KBNODE pub_where=NULL, sec_where=NULL;
2540     int rc;
2541
2542     for( node = pub_keyblock; node; pub_where = node, node = node->next ) {
2543         if( node->pkt->pkttype == PKT_PUBLIC_KEY )
2544             pk = node->pkt->pkt.public_key;
2545         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2546             break;
2547     }
2548     if( !node ) /* no subkey */
2549         pub_where = NULL;
2550     for( node = sec_keyblock; node; sec_where = node, node = node->next ) {
2551         if( node->pkt->pkttype == PKT_SECRET_KEY )
2552             sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
2553         else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
2554             break;
2555     }
2556     if( !node ) /* no subkey */
2557         sec_where = NULL;
2558     assert(pk && sk);
2559
2560     if(photo) {
2561       int hasattrib=0;
2562
2563       for( node = pub_keyblock; node; node = node->next )
2564         if( node->pkt->pkttype == PKT_USER_ID &&
2565             node->pkt->pkt.user_id->attrib_data!=NULL)
2566           {
2567             hasattrib=1;
2568             break;
2569           }
2570
2571       /* It is legal but bad for compatibility to add a photo ID to a
2572          v3 key as it means that PGP2 will not be able to use that key
2573          anymore.  Also, PGP may not expect a photo on a v3 key.
2574          Don't bother to ask this if the key already has a photo - any
2575          damage has already been done at that point. -dms */
2576       if(pk->version==3 && !hasattrib)
2577         {
2578           if(opt.expert)
2579             {
2580               tty_printf(_("WARNING: This is a PGP2-style key.  "
2581                            "Adding a photo ID may cause some versions\n"
2582                            "         of PGP to reject this key.\n"));
2583
2584               if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay",
2585                                         _("Are you sure you still want "
2586                                           "to add it? (y/N) ")))
2587                 return 0;
2588             }
2589           else
2590             {
2591               tty_printf(_("You may not add a photo ID to "
2592                            "a PGP2-style key.\n"));
2593               return 0;
2594             }
2595         }
2596
2597       uid = generate_photo_id(pk);
2598     } else
2599       uid = generate_user_id();
2600     if( !uid )
2601         return 0;
2602
2603     rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0, 0, 0,
2604                              keygen_add_std_prefs, pk );
2605     free_secret_key( sk );
2606     if( rc ) {
2607         log_error("signing failed: %s\n", g10_errstr(rc) );
2608         free_user_id(uid);
2609         return 0;
2610     }
2611
2612     /* insert/append to secret keyblock */
2613     pkt = m_alloc_clear( sizeof *pkt );
2614     pkt->pkttype = PKT_USER_ID;
2615     pkt->pkt.user_id = scopy_user_id(uid);
2616     node = new_kbnode(pkt);
2617     if( sec_where )
2618         insert_kbnode( sec_where, node, 0 );
2619     else
2620         add_kbnode( sec_keyblock, node );
2621     pkt = m_alloc_clear( sizeof *pkt );
2622     pkt->pkttype = PKT_SIGNATURE;
2623     pkt->pkt.signature = copy_signature(NULL, sig);
2624     if( sec_where )
2625         insert_kbnode( node, new_kbnode(pkt), 0 );
2626     else
2627         add_kbnode( sec_keyblock, new_kbnode(pkt) );
2628     /* insert/append to public keyblock */
2629     pkt = m_alloc_clear( sizeof *pkt );
2630     pkt->pkttype = PKT_USER_ID;
2631     pkt->pkt.user_id = uid;
2632     node = new_kbnode(pkt);
2633     if( pub_where )
2634         insert_kbnode( pub_where, node, 0 );
2635     else
2636         add_kbnode( pub_keyblock, node );
2637     pkt = m_alloc_clear( sizeof *pkt );
2638     pkt->pkttype = PKT_SIGNATURE;
2639     pkt->pkt.signature = copy_signature(NULL, sig);
2640     if( pub_where )
2641         insert_kbnode( node, new_kbnode(pkt), 0 );
2642     else
2643         add_kbnode( pub_keyblock, new_kbnode(pkt) );
2644     return 1;
2645 }
2646
2647
2648 /****************
2649  * Remove all selected userids from the keyrings
2650  */
2651 static void
2652 menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock )
2653 {
2654     KBNODE node;
2655     int selected=0;
2656
2657     for( node = pub_keyblock; node; node = node->next ) {
2658         if( node->pkt->pkttype == PKT_USER_ID ) {
2659             selected = node->flag & NODFLG_SELUID;
2660             if( selected ) {
2661                 /* Only cause a trust update if we delete a
2662                    non-revoked user id */
2663                 if(!node->pkt->pkt.user_id->is_revoked)
2664                   update_trust=1;
2665                 delete_kbnode( node );
2666                 if( sec_keyblock ) {
2667                     KBNODE snode;
2668                     int s_selected = 0;
2669                     PKT_user_id *uid = node->pkt->pkt.user_id;
2670                     for( snode = sec_keyblock; snode; snode = snode->next ) {
2671                         if( snode->pkt->pkttype == PKT_USER_ID ) {
2672                             PKT_user_id *suid = snode->pkt->pkt.user_id;
2673
2674                             s_selected =
2675                                 (uid->len == suid->len
2676                                  && !memcmp( uid->name, suid->name, uid->len));
2677                             if( s_selected )
2678                                 delete_kbnode( snode );
2679                         }
2680                         else if( s_selected
2681                                  && snode->pkt->pkttype == PKT_SIGNATURE )
2682                             delete_kbnode( snode );
2683                         else if( snode->pkt->pkttype == PKT_SECRET_SUBKEY )
2684                             s_selected = 0;
2685                     }
2686                 }
2687             }
2688         }
2689         else if( selected && node->pkt->pkttype == PKT_SIGNATURE )
2690             delete_kbnode( node );
2691         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2692             selected = 0;
2693     }
2694     commit_kbnode( &pub_keyblock );
2695     if( sec_keyblock )
2696         commit_kbnode( &sec_keyblock );
2697 }
2698
2699
2700 static int
2701 menu_delsig( KBNODE pub_keyblock )
2702 {
2703     KBNODE node;
2704     PKT_user_id *uid = NULL;
2705     int changed=0;
2706
2707     for( node = pub_keyblock; node; node = node->next ) {
2708         if( node->pkt->pkttype == PKT_USER_ID ) {
2709             uid = (node->flag & NODFLG_SELUID)? node->pkt->pkt.user_id : NULL;
2710         }
2711         else if( uid && node->pkt->pkttype == PKT_SIGNATURE ) {
2712            int okay, valid, selfsig, inv_sig, no_key, other_err;
2713
2714             tty_printf("uid  ");
2715             tty_print_utf8_string( uid->name, uid->len );
2716             tty_printf("\n");
2717
2718             okay = inv_sig = no_key = other_err = 0;
2719             if(opt.with_colons)
2720               valid = print_and_check_one_sig_colon( pub_keyblock, node,
2721                                                &inv_sig, &no_key, &other_err,
2722                                                &selfsig, 1 );
2723             else
2724               valid = print_and_check_one_sig( pub_keyblock, node,
2725                                                &inv_sig, &no_key, &other_err,
2726                                                &selfsig, 1 );
2727
2728            if( valid ) {
2729                okay = cpr_get_answer_yes_no_quit(
2730                    "keyedit.delsig.valid",
2731                    _("Delete this good signature? (y/N/q)"));
2732
2733                /* Only update trust if we delete a good signature.
2734                   The other two cases do not affect trust. */
2735                if(okay)
2736                  update_trust=1;
2737            }
2738            else if( inv_sig || other_err )
2739                okay = cpr_get_answer_yes_no_quit(
2740                    "keyedit.delsig.invalid",
2741                    _("Delete this invalid signature? (y/N/q)"));
2742            else if( no_key )
2743                okay = cpr_get_answer_yes_no_quit(
2744                    "keyedit.delsig.unknown",
2745                    _("Delete this unknown signature? (y/N/q)"));
2746
2747             if( okay == -1 )
2748                 break;
2749            if( okay && selfsig && !cpr_get_answer_is_yes(
2750                                "keyedit.delsig.selfsig",
2751                               _("Really delete this self-signature? (y/N)") ))
2752                 okay = 0;
2753             if( okay ) {
2754                 delete_kbnode( node );
2755                 changed++;
2756             }
2757
2758         }
2759         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2760             uid = NULL;
2761     }
2762
2763     if( changed ) {
2764         commit_kbnode( &pub_keyblock );
2765         tty_printf( changed == 1? _("Deleted %d signature.\n")
2766                                 : _("Deleted %d signatures.\n"), changed );
2767     }
2768     else
2769         tty_printf( _("Nothing deleted.\n") );
2770
2771     return changed;
2772 }
2773
2774
2775 /****************
2776  * Remove some of the secondary keys
2777  */
2778 static void
2779 menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
2780 {
2781     KBNODE node;
2782     int selected=0;
2783
2784     for( node = pub_keyblock; node; node = node->next ) {
2785         if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
2786             selected = node->flag & NODFLG_SELKEY;
2787             if( selected ) {
2788                 delete_kbnode( node );
2789                 if( sec_keyblock ) {
2790                     KBNODE snode;
2791                     int s_selected = 0;
2792                     u32 ki[2];
2793
2794                     keyid_from_pk( node->pkt->pkt.public_key, ki );
2795                     for( snode = sec_keyblock; snode; snode = snode->next ) {
2796                         if( snode->pkt->pkttype == PKT_SECRET_SUBKEY ) {
2797                             u32 ki2[2];
2798
2799                             keyid_from_sk( snode->pkt->pkt.secret_key, ki2 );
2800                             s_selected = (ki[0] == ki2[0] && ki[1] == ki2[1]);
2801                             if( s_selected )
2802                                 delete_kbnode( snode );
2803                         }
2804                         else if( s_selected
2805                                  && snode->pkt->pkttype == PKT_SIGNATURE )
2806                             delete_kbnode( snode );
2807                         else
2808                             s_selected = 0;
2809                     }
2810                 }
2811             }
2812         }
2813         else if( selected && node->pkt->pkttype == PKT_SIGNATURE )
2814             delete_kbnode( node );
2815         else
2816             selected = 0;
2817     }
2818     commit_kbnode( &pub_keyblock );
2819     if( sec_keyblock )
2820         commit_kbnode( &sec_keyblock );
2821
2822     /* No need to set update_trust here since signing keys are no
2823        longer used to certify other keys, so there is no change in
2824        trust when revoking/removing them */
2825 }
2826
2827
2828 /****************
2829  * Ask for a new revoker, do the selfsignature and put it into
2830  * both keyblocks.
2831  * Return true if there is a new revoker
2832  */
2833 static int
2834 menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
2835 {
2836   PKT_public_key *pk=NULL,*revoker_pk=NULL;
2837   PKT_secret_key *sk=NULL;
2838   PKT_signature *sig=NULL;
2839   PACKET *pkt;
2840   struct revocation_key revkey;
2841   size_t fprlen;
2842   int rc;
2843
2844   assert(pub_keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
2845   assert(sec_keyblock->pkt->pkttype==PKT_SECRET_KEY);
2846
2847   pk=pub_keyblock->pkt->pkt.public_key;
2848
2849   if(pk->numrevkeys==0 && pk->version==3)
2850     {
2851       /* It is legal but bad for compatibility to add a revoker to a
2852          v3 key as it means that PGP2 will not be able to use that key
2853          anymore.  Also, PGP may not expect a revoker on a v3 key.
2854          Don't bother to ask this if the key already has a revoker -
2855          any damage has already been done at that point. -dms */
2856       if(opt.expert)
2857         {
2858           tty_printf(_("WARNING: This is a PGP 2.x-style key.  "
2859                        "Adding a designated revoker may cause\n"
2860                        "         some versions of PGP to reject this key.\n"));
2861
2862           if(!cpr_get_answer_is_yes("keyedit.v3_revoker.okay",
2863                                     _("Are you sure you still want "
2864                                       "to add it? (y/N) ")))
2865             return 0;
2866         }
2867       else
2868         {
2869           tty_printf(_("You may not add a designated revoker to "
2870                        "a PGP 2.x-style key.\n"));
2871           return 0;
2872         }
2873     }
2874
2875   sk=copy_secret_key(NULL,sec_keyblock->pkt->pkt.secret_key);
2876
2877   for(;;)
2878     {
2879       char *answer;
2880
2881       if(revoker_pk)
2882         free_public_key(revoker_pk);
2883
2884       revoker_pk=m_alloc_clear(sizeof(*revoker_pk));
2885
2886       tty_printf("\n");
2887
2888       answer=cpr_get_utf8("keyedit.add_revoker",
2889                           _("Enter the user ID of the designated revoker: "));
2890       if(answer[0]=='\0' || answer[0]=='\004')
2891         {
2892           m_free(answer);
2893           goto fail;
2894         }
2895
2896       /* Note that I'm requesting SIG here and not CERT.  We're making
2897          a certification, but it is okay to be a subkey. */
2898       revoker_pk->req_usage=PUBKEY_USAGE_SIG;
2899       rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL,1);
2900       if(rc)
2901         {
2902           log_error (_("key `%s' not found: %s\n"),answer,g10_errstr(rc));
2903           m_free(answer);
2904           continue;
2905         }
2906
2907       m_free(answer);
2908
2909       fingerprint_from_pk(revoker_pk,revkey.fpr,&fprlen);
2910       if(fprlen!=20)
2911         {
2912           log_error(_("cannot appoint a PGP 2.x style key as a "
2913                       "designated revoker\n"));
2914           continue;
2915         }
2916
2917       revkey.class=0x80;
2918       if(sensitive)
2919         revkey.class|=0x40;
2920       revkey.algid=revoker_pk->pubkey_algo;
2921
2922       if(cmp_public_keys(revoker_pk,pk)==0)
2923         {
2924           /* This actually causes no harm (after all, a key that
2925              designates itself as a revoker is the same as a
2926              regular key), but it's easy enough to check. */
2927           log_error(_("you cannot appoint a key as its own "
2928                       "designated revoker\n"));
2929
2930           continue;
2931         }
2932
2933       keyid_from_pk(pk,NULL);
2934
2935       /* Does this revkey already exist? */
2936       if(!pk->revkey && pk->numrevkeys)
2937         BUG();
2938       else
2939         {
2940           int i;
2941
2942           for(i=0;i<pk->numrevkeys;i++)
2943             {
2944               if(memcmp(&pk->revkey[i],&revkey,
2945                         sizeof(struct revocation_key))==0)
2946                 {
2947                   char buf[50];
2948
2949                   log_error(_("this key has already been designated "
2950                               "as a revoker\n"));
2951
2952                   sprintf(buf,"%08lX%08lX",
2953                           (ulong)pk->keyid[0],(ulong)pk->keyid[1]);
2954                   write_status_text(STATUS_ALREADY_SIGNED,buf);
2955
2956                   break;
2957                 }
2958             }
2959
2960           if(i<pk->numrevkeys)
2961             continue;
2962         }
2963
2964       print_pubkey_info(NULL,revoker_pk);
2965       print_fingerprint(revoker_pk,NULL,2);
2966       tty_printf("\n");
2967
2968       tty_printf(_("WARNING: appointing a key as a designated revoker "
2969                    "cannot be undone!\n"));
2970
2971       tty_printf("\n");
2972
2973       if(!cpr_get_answer_is_yes("keyedit.add_revoker.okay",
2974                                 _("Are you sure you want to appoint this "
2975                                   "key as a designated revoker? (y/N): ")))
2976         continue;
2977
2978       free_public_key(revoker_pk);
2979       revoker_pk=NULL;
2980       break;
2981     }
2982
2983   /* The 1F signature must be at least v4 to carry the revocation key
2984      subpacket. */
2985   rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x1F, 0, 4, 0, 0,
2986                            keygen_add_revkey,&revkey );
2987   if( rc )
2988     {
2989       log_error("signing failed: %s\n", g10_errstr(rc) );
2990       goto fail;
2991     }
2992
2993   free_secret_key(sk);
2994   sk=NULL;
2995
2996   /* insert into secret keyblock */
2997   pkt = m_alloc_clear( sizeof *pkt );
2998   pkt->pkttype = PKT_SIGNATURE;
2999   pkt->pkt.signature = copy_signature(NULL, sig);
3000   insert_kbnode( sec_keyblock, new_kbnode(pkt), PKT_SIGNATURE );
3001
3002   /* insert into public keyblock */
3003   pkt = m_alloc_clear( sizeof *pkt );
3004   pkt->pkttype = PKT_SIGNATURE;
3005   pkt->pkt.signature = sig;
3006   insert_kbnode( pub_keyblock, new_kbnode(pkt), PKT_SIGNATURE );
3007
3008   return 1;
3009
3010  fail:
3011   if(sk)
3012     free_secret_key(sk);
3013   if(sig)
3014     free_seckey_enc(sig);
3015   if(revoker_pk)
3016     free_public_key(revoker_pk);
3017
3018   return 0;
3019 }
3020
3021
3022 static int
3023 menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
3024 {
3025     int n1, signumber, rc;
3026     u32 expiredate;
3027     int mainkey=0;
3028     PKT_secret_key *sk;    /* copy of the main sk */
3029     PKT_public_key *main_pk, *sub_pk;
3030     PKT_user_id *uid;
3031     KBNODE node;
3032     u32 keyid[2];
3033
3034     if( count_selected_keys( sec_keyblock ) ) {
3035         tty_printf(_("Please remove selections from the secret keys.\n"));
3036         return 0;
3037     }
3038
3039     n1 = count_selected_keys( pub_keyblock );
3040     if( n1 > 1 ) {
3041         tty_printf(_("Please select at most one secondary key.\n"));
3042         return 0;
3043     }
3044     else if( n1 )
3045         tty_printf(_("Changing expiration time for a secondary key.\n"));
3046     else
3047       {
3048         tty_printf(_("Changing expiration time for the primary key.\n"));
3049         mainkey=1;
3050         no_primary_warning(pub_keyblock);
3051       }
3052
3053     expiredate = ask_expiredate();
3054     node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
3055     sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
3056
3057     /* Now we can actually change the self signature(s) */
3058     main_pk = sub_pk = NULL;
3059     uid = NULL;
3060     signumber = 0;
3061     for( node=pub_keyblock; node; node = node->next ) {
3062         if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
3063             main_pk = node->pkt->pkt.public_key;
3064             keyid_from_pk( main_pk, keyid );
3065             main_pk->expiredate = expiredate;
3066         }
3067         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
3068                  && (node->flag & NODFLG_SELKEY ) ) {
3069             sub_pk = node->pkt->pkt.public_key;
3070             sub_pk->expiredate = expiredate;
3071         }
3072         else if( node->pkt->pkttype == PKT_USER_ID )
3073             uid = node->pkt->pkt.user_id;
3074         else if( main_pk && node->pkt->pkttype == PKT_SIGNATURE
3075                  && ( mainkey || sub_pk ) ) {
3076             PKT_signature *sig = node->pkt->pkt.signature;
3077             if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
3078                 && ( (mainkey && uid
3079                       && uid->created && (sig->sig_class&~3) == 0x10)
3080                      || (!mainkey && sig->sig_class == 0x18)  )
3081                 && sig->flags.chosen_selfsig )
3082               {
3083                 /* this is a selfsignature which is to be replaced */
3084                 PKT_signature *newsig;
3085                 PACKET *newpkt;
3086                 KBNODE sn;
3087                 int signumber2 = 0;
3088
3089                 signumber++;
3090
3091                 if( (mainkey && main_pk->version < 4)
3092                     || (!mainkey && sub_pk->version < 4 ) ) {
3093                     log_info(_(
3094                         "You can't change the expiration date of a v3 key\n"));
3095                     free_secret_key( sk );
3096                     return 0;
3097                 }
3098
3099                 /* find the corresponding secret self-signature */
3100                 for( sn=sec_keyblock; sn; sn = sn->next ) {
3101                     if( sn->pkt->pkttype == PKT_SIGNATURE ) {
3102                         PKT_signature *b = sn->pkt->pkt.signature;
3103                         if( keyid[0] == b->keyid[0] && keyid[1] == b->keyid[1]
3104                             && sig->sig_class == b->sig_class
3105                             && ++signumber2 == signumber )
3106                             break;
3107                     }
3108                 }
3109                 if( !sn )
3110                     log_info(_("No corresponding signature in secret ring\n"));
3111
3112                 if( mainkey )
3113                   rc = update_keysig_packet(&newsig, sig, main_pk, uid, NULL,
3114                                             sk, keygen_add_key_expire, main_pk);
3115                 else
3116                   rc = update_keysig_packet(&newsig, sig, main_pk, NULL, sub_pk,
3117                                             sk, keygen_add_key_expire, sub_pk );
3118                 if( rc ) {
3119                     log_error("make_keysig_packet failed: %s\n",
3120                                                     g10_errstr(rc));
3121                     free_secret_key( sk );
3122                     return 0;
3123                 }
3124                 /* replace the packet */
3125                 newpkt = m_alloc_clear( sizeof *newpkt );
3126                 newpkt->pkttype = PKT_SIGNATURE;
3127                 newpkt->pkt.signature = newsig;
3128                 free_packet( node->pkt );
3129                 m_free( node->pkt );
3130                 node->pkt = newpkt;
3131                 if( sn ) {
3132                     newpkt = m_alloc_clear( sizeof *newpkt );
3133                     newpkt->pkttype = PKT_SIGNATURE;
3134                     newpkt->pkt.signature = copy_signature( NULL, newsig );
3135                     free_packet( sn->pkt );
3136                     m_free( sn->pkt );
3137                     sn->pkt = newpkt;
3138                 }
3139                 sub_pk = NULL;
3140             }
3141         }
3142     }
3143
3144     free_secret_key( sk );
3145     update_trust=1;
3146     return 1;
3147 }
3148
3149 static int
3150 change_primary_uid_cb ( PKT_signature *sig, void *opaque )
3151 {
3152     byte buf[1];
3153
3154     /* first clear all primary uid flags so that we are sure none are
3155      * lingering around */
3156     delete_sig_subpkt (sig->hashed,   SIGSUBPKT_PRIMARY_UID);
3157     delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PRIMARY_UID);
3158
3159     /* if opaque is set,we want to set the primary id */
3160     if (opaque) { 
3161         buf[0] = 1;
3162         build_sig_subpkt (sig, SIGSUBPKT_PRIMARY_UID, buf, 1 );
3163     }
3164
3165     return 0;
3166 }
3167
3168
3169 /*
3170  * Set the primary uid flag for the selected UID.  We will also reset
3171  * all other primary uid flags.  For this to work with have to update
3172  * all the signature timestamps.  If we would do this with the current
3173  * time, we lose quite a lot of information, so we use a a kludge to
3174  * do this: Just increment the timestamp by one second which is
3175  * sufficient to updated a signature during import.
3176  */
3177 static int
3178 menu_set_primary_uid ( KBNODE pub_keyblock, KBNODE sec_keyblock )
3179 {
3180     PKT_secret_key *sk;    /* copy of the main sk */
3181     PKT_public_key *main_pk;
3182     PKT_user_id *uid;
3183     KBNODE node;
3184     u32 keyid[2];
3185     int selected;
3186     int attribute = 0;
3187     int modified = 0;
3188
3189     if ( count_selected_uids (pub_keyblock) != 1 ) {
3190         tty_printf(_("Please select exactly one user ID.\n"));
3191         return 0;
3192     }
3193
3194     node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
3195     sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
3196
3197     /* Now we can actually change the self signature(s) */
3198     main_pk = NULL;
3199     uid = NULL;
3200     selected = 0;
3201
3202     /* Is our selected uid an attribute packet? */
3203     for ( node=pub_keyblock; node; node = node->next )
3204       if (node->pkt->pkttype == PKT_USER_ID && node->flag & NODFLG_SELUID)
3205         attribute = (node->pkt->pkt.user_id->attrib_data!=NULL);
3206
3207     for ( node=pub_keyblock; node; node = node->next ) {
3208         if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
3209             break; /* ready */
3210
3211         if ( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
3212             main_pk = node->pkt->pkt.public_key;
3213             keyid_from_pk( main_pk, keyid );
3214         }
3215         else if ( node->pkt->pkttype == PKT_USER_ID ) {
3216             uid = node->pkt->pkt.user_id;
3217             selected = node->flag & NODFLG_SELUID;
3218         }
3219         else if ( main_pk && uid && node->pkt->pkttype == PKT_SIGNATURE ) {
3220             PKT_signature *sig = node->pkt->pkt.signature;
3221             if ( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
3222                  && (uid && (sig->sig_class&~3) == 0x10)
3223                  && attribute == (uid->attrib_data!=NULL)
3224                  && sig->flags.chosen_selfsig )
3225               {
3226               if(sig->version < 4) {
3227                 char *user=utf8_to_native(uid->name,strlen(uid->name),0);
3228
3229                 log_info(_("skipping v3 self-signature on user ID \"%s\"\n"),
3230                          user);
3231                 m_free(user);
3232               }
3233               else {
3234                 /* This is a selfsignature which is to be replaced.
3235                    We can just ignore v3 signatures because they are
3236                    not able to carry the primary ID flag.  We also
3237                    ignore self-sigs on user IDs that are not of the
3238                    same type that we are making primary.  That is, if
3239                    we are making a user ID primary, we alter user IDs.
3240                    If we are making an attribute packet primary, we
3241                    alter attribute packets. */
3242
3243                 /* FIXME: We must make sure that we only have one
3244              &n