Return a posiive status message for a successfull passphrase change.
[gnupg.git] / g10 / keyedit.c
1 /* keyedit.c - keyedit stuff
2  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3  *               2008, 2009, 2010 Free Software Foundation, Inc.
4  *
5  * This file is part of GnuPG.
6  *
7  * GnuPG is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 3 of the License, or
10  * (at your option) any later version.
11  *
12  * GnuPG is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, see <http://www.gnu.org/licenses/>.
19  */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <errno.h>
26 #include <assert.h>
27 #include <ctype.h>
28 #ifdef HAVE_LIBREADLINE
29 #define GNUPG_LIBREADLINE_H_INCLUDED
30 #include <readline/readline.h>
31 #endif
32
33 #include "gpg.h"
34 #include "options.h"
35 #include "packet.h"
36 #include "status.h"
37 #include "iobuf.h"
38 #include "keydb.h"
39 #include "photoid.h"
40 #include "util.h"
41 #include "main.h"
42 #include "trustdb.h"
43 #include "filter.h"
44 #include "ttyio.h"
45 #include "status.h"
46 #include "i18n.h"
47 #include "keyserver-internal.h"
48
49 static void show_prefs( PKT_user_id *uid, PKT_signature *selfsig, int verbose);
50 static void show_names(KBNODE keyblock,PKT_public_key *pk,
51                        unsigned int flag,int with_prefs);
52 static void show_key_with_all_names( KBNODE keyblock, int only_marked,
53             int with_revoker, int with_fpr, int with_subkeys, int with_prefs );
54 static void show_key_and_fingerprint( KBNODE keyblock );
55 static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock,
56                         int photo, const char *photo_name );
57 static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
58 static int menu_delsig( KBNODE pub_keyblock );
59 static int menu_clean(KBNODE keyblock,int self_only);
60 static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
61 static int menu_addrevoker( KBNODE pub_keyblock,
62                             KBNODE sec_keyblock, int sensitive );
63 static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock );
64 static int menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock);
65 static int menu_set_primary_uid( KBNODE pub_keyblock, KBNODE sec_keyblock );
66 static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock );
67 static int menu_set_keyserver_url (const char *url,
68                                    KBNODE pub_keyblock, KBNODE sec_keyblock );
69 static int menu_set_notation(const char *string,
70                              KBNODE pub_keyblock,KBNODE sec_keyblock);
71 static int menu_select_uid( KBNODE keyblock, int idx );
72 static int menu_select_uid_namehash( KBNODE keyblock, const char *namehash );
73 static int menu_select_key( KBNODE keyblock, int idx );
74 static int count_uids( KBNODE keyblock );
75 static int count_uids_with_flag( KBNODE keyblock, unsigned flag );
76 static int count_keys_with_flag( KBNODE keyblock, unsigned flag );
77 static int count_selected_uids( KBNODE keyblock );
78 static int real_uids_left( KBNODE keyblock );
79 static int count_selected_keys( KBNODE keyblock );
80 static int menu_revsig( KBNODE keyblock );
81 static int menu_revuid( KBNODE keyblock, KBNODE sec_keyblock );
82 static int menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
83 static int menu_revsubkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
84 static int enable_disable_key( KBNODE keyblock, int disable );
85 static void menu_showphoto( KBNODE keyblock );
86
87 static int update_trust=0;
88
89 #define CONTROL_D ('D' - 'A' + 1)
90
91 #define NODFLG_BADSIG (1<<0)  /* bad signature */
92 #define NODFLG_NOKEY  (1<<1)  /* no public key */
93 #define NODFLG_SIGERR (1<<2)  /* other sig error */
94
95 #define NODFLG_MARK_A (1<<4)  /* temporary mark */
96 #define NODFLG_DELSIG (1<<5)  /* to be deleted */
97
98 #define NODFLG_SELUID (1<<8)  /* indicate the selected userid */
99 #define NODFLG_SELKEY (1<<9)  /* indicate the selected key */
100 #define NODFLG_SELSIG (1<<10) /* indicate a selected signature */
101
102 struct sign_attrib {
103     int non_exportable,non_revocable;
104     struct revocation_reason_info *reason;
105     byte trust_depth,trust_value;
106     char *trust_regexp;
107 };
108
109
110 #ifdef ENABLE_CARD_SUPPORT
111 /* Given a node SEC_NODE with a secret key or subkey, locate the
112    corresponding public key from pub_keyblock. */
113 static PKT_public_key *
114 find_pk_from_sknode (KBNODE pub_keyblock, KBNODE sec_node)
115 {
116   KBNODE node = pub_keyblock;
117   PKT_secret_key *sk;
118   PKT_public_key *pk;
119   
120   if (sec_node->pkt->pkttype == PKT_SECRET_KEY
121       && node->pkt->pkttype == PKT_PUBLIC_KEY)
122     return node->pkt->pkt.public_key;
123   if (sec_node->pkt->pkttype != PKT_SECRET_SUBKEY)
124     return NULL;
125   sk = sec_node->pkt->pkt.secret_key;
126   for (; node; node = node->next)
127     if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
128       {
129         pk = node->pkt->pkt.public_key;
130         if (pk->keyid[0] == sk->keyid[0] && pk->keyid[1] == sk->keyid[1])
131           return pk;
132       }
133       
134   return NULL;
135 }
136 #endif /* ENABLE_CARD_SUPPORT */
137
138
139 /* TODO: Fix duplicated code between here and the check-sigs/list-sigs
140    code in keylist.c. */
141 static int
142 print_and_check_one_sig_colon( KBNODE keyblock, KBNODE node,
143                                int *inv_sigs, int *no_key, int *oth_err,
144                                int *is_selfsig, int print_without_key )
145 {
146   PKT_signature *sig = node->pkt->pkt.signature;
147   int rc, sigrc;
148
149   /* TODO: Make sure a cached sig record here still has the pk that
150      issued it.  See also keylist.c:list_keyblock_print */
151
152   switch((rc=check_key_signature(keyblock,node,is_selfsig)))
153     {
154     case 0:
155       node->flag &= ~(NODFLG_BADSIG|NODFLG_NOKEY|NODFLG_SIGERR);
156       sigrc = '!';
157       break;
158     case G10ERR_BAD_SIGN:
159       node->flag = NODFLG_BADSIG;
160       sigrc = '-';
161       if( inv_sigs )
162         ++*inv_sigs;
163       break;
164     case G10ERR_NO_PUBKEY:
165     case G10ERR_UNU_PUBKEY:
166       node->flag = NODFLG_NOKEY;
167       sigrc = '?';
168       if( no_key )
169         ++*no_key;
170       break;
171     default:
172       node->flag = NODFLG_SIGERR;
173       sigrc = '%';
174       if( oth_err )
175         ++*oth_err;
176       break;
177     }
178
179   if( sigrc != '?' || print_without_key )
180     {
181       printf("sig:%c::%d:%08lX%08lX:%lu:%lu:",
182              sigrc,sig->pubkey_algo,(ulong)sig->keyid[0],(ulong)sig->keyid[1],
183              (ulong)sig->timestamp,(ulong)sig->expiredate);
184
185       if(sig->trust_depth || sig->trust_value)
186         printf("%d %d",sig->trust_depth,sig->trust_value);
187
188       printf(":");
189
190       if(sig->trust_regexp)
191         print_string(stdout,sig->trust_regexp,strlen(sig->trust_regexp),':');
192
193       printf("::%02x%c\n",sig->sig_class,sig->flags.exportable?'x':'l');
194
195       if(opt.show_subpackets)
196         print_subpackets_colon(sig);
197     }
198
199   return (sigrc == '!');
200 }
201
202
203 /****************
204  * Print information about a signature, check it and return true
205  * if the signature is okay. NODE must be a signature packet.
206  */
207 static int
208 print_and_check_one_sig( KBNODE keyblock, KBNODE node,
209                          int *inv_sigs, int *no_key, int *oth_err,
210                         int *is_selfsig, int print_without_key )
211 {
212     PKT_signature *sig = node->pkt->pkt.signature;
213     int rc, sigrc;
214     int is_rev = sig->sig_class == 0x30;
215
216     /* TODO: Make sure a cached sig record here still has the pk that
217        issued it.  See also keylist.c:list_keyblock_print */
218
219     switch( (rc = check_key_signature( keyblock, node, is_selfsig)) ) {
220       case 0:
221         node->flag &= ~(NODFLG_BADSIG|NODFLG_NOKEY|NODFLG_SIGERR);
222         sigrc = '!';
223         break;
224       case G10ERR_BAD_SIGN:
225         node->flag = NODFLG_BADSIG;
226         sigrc = '-';
227         if( inv_sigs )
228             ++*inv_sigs;
229         break;
230       case G10ERR_NO_PUBKEY:
231       case G10ERR_UNU_PUBKEY:
232         node->flag = NODFLG_NOKEY;
233         sigrc = '?';
234         if( no_key )
235             ++*no_key;
236         break;
237       default:
238         node->flag = NODFLG_SIGERR;
239         sigrc = '%';
240         if( oth_err )
241             ++*oth_err;
242         break;
243     }
244     if( sigrc != '?' || print_without_key ) {
245         tty_printf("%s%c%c %c%c%c%c%c%c %s %s",
246                    is_rev? "rev":"sig",sigrc,
247                    (sig->sig_class-0x10>0 &&
248                     sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
249                    sig->flags.exportable?' ':'L',
250                    sig->flags.revocable?' ':'R',
251                    sig->flags.policy_url?'P':' ',
252                    sig->flags.notation?'N':' ',
253                    sig->flags.expired?'X':' ',
254                    (sig->trust_depth>9)?'T':
255                    (sig->trust_depth>0)?'0'+sig->trust_depth:' ',
256                    keystr(sig->keyid),datestr_from_sig(sig));
257         if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
258           tty_printf(" %s",expirestr_from_sig(sig));
259         tty_printf("  ");
260         if( sigrc == '%' )
261             tty_printf("[%s] ", g10_errstr(rc) );
262         else if( sigrc == '?' )
263             ;
264         else if( *is_selfsig ) {
265             tty_printf( is_rev? _("[revocation]")
266                               : _("[self-signature]") );
267         }
268         else
269           {
270             size_t n;
271             char *p = get_user_id( sig->keyid, &n );
272             tty_print_utf8_string2(p, n, opt.screen_columns-keystrlen()-26-
273                                ((opt.list_options&LIST_SHOW_SIG_EXPIRE)?11:0));
274             xfree(p);
275           }
276         tty_printf("\n");
277
278         if(sig->flags.policy_url && (opt.list_options&LIST_SHOW_POLICY_URLS))
279           show_policy_url(sig,3,0);
280
281         if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
282           show_notation(sig,3,0,
283                         ((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
284                         ((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
285
286         if(sig->flags.pref_ks && (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
287           show_keyserver_url(sig,3,0);
288     }
289
290     return (sigrc == '!');
291 }
292
293
294
295 /****************
296  * Check the keysigs and set the flags to indicate errors.
297  * Returns true if error found.
298  */
299 static int
300 check_all_keysigs( KBNODE keyblock, int only_selected )
301 {
302     KBNODE kbctx;
303     KBNODE node;
304     int inv_sigs = 0;
305     int no_key = 0;
306     int oth_err = 0;
307     int has_selfsig = 0;
308     int mis_selfsig = 0;
309     int selected = !only_selected;
310     int anyuid = 0;
311
312     for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
313         if( node->pkt->pkttype == PKT_USER_ID ) {
314             PKT_user_id *uid = node->pkt->pkt.user_id;
315
316             if( only_selected )
317                 selected = (node->flag & NODFLG_SELUID);
318             if( selected ) {
319                 tty_printf("uid  ");
320                 tty_print_utf8_string( uid->name, uid->len );
321                 tty_printf("\n");
322                 if( anyuid && !has_selfsig )
323                     mis_selfsig++;
324                 has_selfsig = 0;
325                 anyuid = 1;
326             }
327         }
328         else if( selected && node->pkt->pkttype == PKT_SIGNATURE
329                  && ( (node->pkt->pkt.signature->sig_class&~3) == 0x10
330                      || node->pkt->pkt.signature->sig_class == 0x30 )  ) {
331             int selfsig;
332
333             if( print_and_check_one_sig( keyblock, node, &inv_sigs,
334                                         &no_key, &oth_err, &selfsig, 0 ) ) {
335                 if( selfsig )
336                     has_selfsig = 1;
337             }
338             /* Hmmm: should we update the trustdb here? */
339         }
340     }
341     if( !has_selfsig )
342         mis_selfsig++;
343     if( inv_sigs == 1 )
344         tty_printf(_("1 bad signature\n") );
345     else if( inv_sigs )
346         tty_printf(_("%d bad signatures\n"), inv_sigs );
347     if( no_key == 1 )
348         tty_printf(_("1 signature not checked due to a missing key\n") );
349     else if( no_key )
350         tty_printf(_("%d signatures not checked due to missing keys\n"), no_key );
351     if( oth_err == 1 )
352         tty_printf(_("1 signature not checked due to an error\n") );
353     else if( oth_err )
354         tty_printf(_("%d signatures not checked due to errors\n"), oth_err );
355     if( mis_selfsig == 1 )
356         tty_printf(_("1 user ID without valid self-signature detected\n"));
357     else if( mis_selfsig  )
358         tty_printf(_("%d user IDs without valid self-signatures detected\n"),
359                                                                     mis_selfsig);
360
361     return inv_sigs || no_key || oth_err || mis_selfsig;
362 }
363
364
365 static int
366 sign_mk_attrib( PKT_signature *sig, void *opaque )
367 {
368     struct sign_attrib *attrib = opaque;
369     byte buf[8];
370
371     if( attrib->non_exportable ) {
372         buf[0] = 0; /* not exportable */
373         build_sig_subpkt( sig, SIGSUBPKT_EXPORTABLE, buf, 1 );
374     }
375
376     if( attrib->non_revocable ) {
377         buf[0] = 0; /* not revocable */
378         build_sig_subpkt( sig, SIGSUBPKT_REVOCABLE, buf, 1 );
379     }
380
381     if( attrib->reason )
382         revocation_reason_build_cb( sig, attrib->reason );
383
384     if(attrib->trust_depth)
385       {
386         /* Not critical.  If someone doesn't understand trust sigs,
387            this can still be a valid regular signature. */
388         buf[0] = attrib->trust_depth;
389         buf[1] = attrib->trust_value;
390         build_sig_subpkt(sig,SIGSUBPKT_TRUST,buf,2);
391
392         /* Critical.  If someone doesn't understands regexps, this
393            whole sig should be invalid.  Note the +1 for the length -
394            regexps are null terminated. */
395         if(attrib->trust_regexp)
396           build_sig_subpkt(sig,SIGSUBPKT_FLAG_CRITICAL|SIGSUBPKT_REGEXP,
397                            attrib->trust_regexp,
398                            strlen(attrib->trust_regexp)+1);
399       }
400
401     return 0;
402 }
403
404 static void
405 trustsig_prompt(byte *trust_value,byte *trust_depth,char **regexp)
406 {
407   char *p;
408
409   *trust_value=0;
410   *trust_depth=0;
411   *regexp=NULL;
412
413   /* Same string as pkclist.c:do_edit_ownertrust */
414   tty_printf(_("Please decide how far you trust this user to correctly verify"
415                " other users' keys\n(by looking at passports, checking"
416                " fingerprints from different sources, etc.)\n"));
417   tty_printf("\n");
418   tty_printf (_("  %d = I trust marginally\n"), 1);
419   tty_printf (_("  %d = I trust fully\n"), 2);
420   tty_printf("\n");
421
422   while(*trust_value==0)
423     {
424       p = cpr_get("trustsig_prompt.trust_value",_("Your selection? "));
425       trim_spaces(p);
426       cpr_kill_prompt();
427       /* 60 and 120 are as per RFC2440 */
428       if(p[0]=='1' && !p[1])
429         *trust_value=60;
430       else if(p[0]=='2' && !p[1])
431         *trust_value=120;
432       xfree(p);
433     }
434
435   tty_printf("\n");
436
437   tty_printf(_(
438               "Please enter the depth of this trust signature.\n"
439               "A depth greater than 1 allows the key you are signing to make\n"
440               "trust signatures on your behalf.\n"));
441   tty_printf("\n");
442
443   while(*trust_depth==0)
444     {
445       p = cpr_get("trustsig_prompt.trust_depth",_("Your selection? "));
446       trim_spaces(p);
447       cpr_kill_prompt();
448       *trust_depth=atoi(p);
449       xfree(p);
450     }
451
452   tty_printf("\n");
453
454   tty_printf(_("Please enter a domain to restrict this signature, "
455                "or enter for none.\n"));
456
457   tty_printf("\n");
458
459   p=cpr_get("trustsig_prompt.trust_regexp",_("Your selection? "));
460   trim_spaces(p);
461   cpr_kill_prompt();
462
463   if(strlen(p)>0)
464     {
465       char *q=p;
466       int regexplen=100,ind;
467
468       *regexp=xmalloc(regexplen);
469
470       /* Now mangle the domain the user entered into a regexp.  To do
471          this, \-escape everything that isn't alphanumeric, and attach
472          "<[^>]+[@.]" to the front, and ">$" to the end. */
473
474       strcpy(*regexp,"<[^>]+[@.]");
475       ind=strlen(*regexp);
476
477       while(*q)
478         {
479           if(!((*q>='A' && *q<='Z')
480                || (*q>='a' && *q<='z') || (*q>='0' && *q<='9')))
481             (*regexp)[ind++]='\\';
482
483           (*regexp)[ind++]=*q;
484
485           if((regexplen-ind)<3)
486             {
487               regexplen+=100;
488               *regexp=xrealloc(*regexp,regexplen);
489             }
490
491           q++;
492         }
493
494       (*regexp)[ind]='\0';
495       strcat(*regexp,">$");
496     }
497
498   xfree(p);
499   tty_printf("\n");
500 }
501
502 /****************
503  * Loop over all locusr and and sign the uids after asking.
504  * If no user id is marked, all user ids will be signed;
505  * if some user_ids are marked those will be signed.
506  */
507 static int
508 sign_uids( KBNODE keyblock, strlist_t locusr, int *ret_modified,
509            int local, int nonrevocable, int trust, int interactive )
510 {
511     int rc = 0;
512     SK_LIST sk_list = NULL;
513     SK_LIST sk_rover = NULL;
514     PKT_secret_key *sk = NULL;
515     KBNODE node, uidnode;
516     PKT_public_key *primary_pk=NULL;
517     int select_all = !count_selected_uids(keyblock) || interactive;
518     int all_v3=1;
519
520     /* Are there any non-v3 sigs on this key already? */
521     if(PGP2)
522       for(node=keyblock;node;node=node->next)
523         if(node->pkt->pkttype==PKT_SIGNATURE &&
524            node->pkt->pkt.signature->version>3)
525           {
526             all_v3=0;
527             break;
528           }
529
530     /* build a list of all signators.
531      *    
532      * We use the CERT flag to request the primary which must always
533      * be one which is capable of signing keys.  I can't see a reason
534      * why to sign keys using a subkey.  Implementation of USAGE_CERT
535      * is just a hack in getkey.c and does not mean that a subkey
536      * marked as certification capable will be used. */
537     rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_CERT);
538     if( rc )
539         goto leave;
540
541     /* loop over all signators */
542     for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
543         u32 sk_keyid[2],pk_keyid[2];
544         char *p,*trust_regexp=NULL;
545         int force_v4=0,class=0,selfsig=0;
546         u32 duration=0,timestamp=0;
547         byte trust_depth=0,trust_value=0;
548
549         if(local || nonrevocable || trust ||
550            opt.cert_policy_url || opt.cert_notations)
551           force_v4=1;
552
553         /* we have to use a copy of the sk, because make_keysig_packet
554          * may remove the protection from sk and if we did other
555          * changes to the secret key, we would save the unprotected
556          * version */
557         if( sk )
558             free_secret_key(sk);
559         sk = copy_secret_key( NULL, sk_rover->sk );
560         keyid_from_sk( sk, sk_keyid );
561         /* set mark A for all selected user ids */
562         for( node=keyblock; node; node = node->next ) {
563             if( select_all || (node->flag & NODFLG_SELUID) )
564                 node->flag |= NODFLG_MARK_A;
565             else
566                 node->flag &= ~NODFLG_MARK_A;
567         }
568         /* reset mark for uids which are already signed */
569         uidnode = NULL;
570         for( node=keyblock; node; node = node->next ) {
571             if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
572                 primary_pk=node->pkt->pkt.public_key;
573                 keyid_from_pk( primary_pk, pk_keyid );
574
575                 /* Is this a self-sig? */
576                 if(pk_keyid[0]==sk_keyid[0] && pk_keyid[1]==sk_keyid[1])
577                   {
578                     selfsig=1;
579                     /* Do not force a v4 sig here, otherwise it would
580                        be difficult to remake a v3 selfsig.  If this
581                        is a v3->v4 promotion case, then we set
582                        force_v4 later anyway. */
583                     force_v4=0;
584                   }
585             }
586             else if( node->pkt->pkttype == PKT_USER_ID )
587               {
588                 uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
589                 if(uidnode)
590                   {
591                     int yesreally=0;
592                     char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
593                                               uidnode->pkt->pkt.user_id->len,
594                                               0);
595
596                     if(uidnode->pkt->pkt.user_id->is_revoked)
597                       {
598                         tty_printf(_("User ID \"%s\" is revoked."),user);
599
600                         if(selfsig)
601                           tty_printf("\n");
602                         else if(opt.expert)
603                           {
604                             tty_printf("\n");
605                             /* No, so remove the mark and continue */
606                             if(!cpr_get_answer_is_yes("sign_uid.revoke_okay",
607                                                       _("Are you sure you "
608                                                         "still want to sign "
609                                                         "it? (y/N) ")))
610                               {
611                                 uidnode->flag &= ~NODFLG_MARK_A;
612                                 uidnode=NULL;
613                               }
614                             else if(interactive)
615                               yesreally=1;
616                           }
617                         else
618                           {
619                             uidnode->flag &= ~NODFLG_MARK_A;
620                             uidnode=NULL;
621                             tty_printf(_("  Unable to sign.\n"));
622                           }
623                       }
624                     else if(uidnode->pkt->pkt.user_id->is_expired)
625                       {
626                         tty_printf(_("User ID \"%s\" is expired."),user);
627
628                         if(selfsig)
629                           tty_printf("\n");
630                         else if(opt.expert)
631                           {
632                             tty_printf("\n");
633                             /* No, so remove the mark and continue */
634                             if(!cpr_get_answer_is_yes("sign_uid.expire_okay",
635                                                       _("Are you sure you "
636                                                         "still want to sign "
637                                                         "it? (y/N) ")))
638                               {
639                                 uidnode->flag &= ~NODFLG_MARK_A;
640                                 uidnode=NULL;
641                               }
642                             else if(interactive)
643                               yesreally=1;
644                           }
645                         else
646                           {
647                             uidnode->flag &= ~NODFLG_MARK_A;
648                             uidnode=NULL;
649                             tty_printf(_("  Unable to sign.\n"));
650                           }
651                       }
652                     else if(!uidnode->pkt->pkt.user_id->created && !selfsig)
653                       {
654                         tty_printf(_("User ID \"%s\" is not self-signed."),
655                                    user);
656
657                         if(opt.expert)
658                           {
659                             tty_printf("\n");
660                             /* No, so remove the mark and continue */
661                             if(!cpr_get_answer_is_yes("sign_uid.nosig_okay",
662                                                       _("Are you sure you "
663                                                         "still want to sign "
664                                                         "it? (y/N) ")))
665                               {
666                                 uidnode->flag &= ~NODFLG_MARK_A;
667                                 uidnode=NULL;
668                               }
669                             else if(interactive)
670                               yesreally=1;
671                           }
672                         else
673                           {
674                             uidnode->flag &= ~NODFLG_MARK_A;
675                             uidnode=NULL;
676                             tty_printf(_("  Unable to sign.\n"));
677                           }
678                       }
679
680                     if(uidnode && interactive && !yesreally)
681                       {
682                         tty_printf(_("User ID \"%s\" is signable.  "),user);
683                         if(!cpr_get_answer_is_yes("sign_uid.sign_okay",
684                                                   _("Sign it? (y/N) ")))
685                           {
686                             uidnode->flag &= ~NODFLG_MARK_A;
687                             uidnode=NULL;
688                           }
689                       }
690
691                     xfree(user);
692                   }
693               }
694             else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
695                 && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
696                 if( sk_keyid[0] == node->pkt->pkt.signature->keyid[0]
697                     && sk_keyid[1] == node->pkt->pkt.signature->keyid[1] ) {
698                     char buf[50];
699                     char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
700                                               uidnode->pkt->pkt.user_id->len,
701                                               0);
702
703                     /* It's a v3 self-sig.  Make it into a v4 self-sig? */
704                     if(node->pkt->pkt.signature->version<4 && selfsig)
705                       {
706                         tty_printf(_("The self-signature on \"%s\"\n"
707                                      "is a PGP 2.x-style signature.\n"),user);
708  
709                         /* Note that the regular PGP2 warning below
710                            still applies if there are no v4 sigs on
711                            this key at all. */
712
713                         if(opt.expert)
714                           if(cpr_get_answer_is_yes("sign_uid.v4_promote_okay",
715                                                    _("Do you want to promote "
716                                                      "it to an OpenPGP self-"
717                                                      "signature? (y/N) ")))
718                             {
719                               force_v4=1;
720                               node->flag|=NODFLG_DELSIG;
721                               xfree(user);
722                               continue;
723                             }
724                       }
725
726                     /* Is the current signature expired? */
727                     if(node->pkt->pkt.signature->flags.expired)
728                       {
729                         tty_printf(_("Your current signature on \"%s\"\n"
730                                      "has expired.\n"),user);
731
732                         if(cpr_get_answer_is_yes("sign_uid.replace_expired_okay",
733                                                  _("Do you want to issue a "
734                                                    "new signature to replace "
735                                                    "the expired one? (y/N) ")))
736                           {
737                             /* Mark these for later deletion.  We
738                                don't want to delete them here, just in
739                                case the replacement signature doesn't
740                                happen for some reason.  We only delete
741                                these after the replacement is already
742                                in place. */
743
744                             node->flag|=NODFLG_DELSIG;
745                             xfree(user);
746                             continue;
747                           }
748                       }
749
750                     if(!node->pkt->pkt.signature->flags.exportable && !local)
751                       {
752                         /* It's a local sig, and we want to make a
753                            exportable sig. */
754                         tty_printf(_("Your current signature on \"%s\"\n"
755                                      "is a local signature.\n"),user);
756
757                         if(cpr_get_answer_is_yes("sign_uid.local_promote_okay",
758                                                  _("Do you want to promote "
759                                                    "it to a full exportable "
760                                                    "signature? (y/N) ")))
761                           {
762                             /* Mark these for later deletion.  We
763                                don't want to delete them here, just in
764                                case the replacement signature doesn't
765                                happen for some reason.  We only delete
766                                these after the replacement is already
767                                in place. */
768
769                             node->flag|=NODFLG_DELSIG;
770                             xfree(user);
771                             continue;
772                           }
773                       }
774
775                     /* Fixme: see whether there is a revocation in which
776                      * case we should allow to sign it again. */
777                     if (!node->pkt->pkt.signature->flags.exportable && local)
778                       tty_printf(_(
779                               "\"%s\" was already locally signed by key %s\n"),
780                                  user,keystr_from_sk(sk));
781                     else
782                       tty_printf(_("\"%s\" was already signed by key %s\n"),
783                                  user,keystr_from_sk(sk));
784
785                     if(opt.expert
786                        && cpr_get_answer_is_yes("sign_uid.dupe_okay",
787                                                 _("Do you want to sign it "
788                                                   "again anyway? (y/N) ")))
789                       {
790                         /* Don't delete the old sig here since this is
791                            an --expert thing. */
792                         xfree(user);
793                         continue;
794                       }
795
796                     sprintf (buf, "%08lX%08lX",
797                              (ulong)sk->keyid[0], (ulong)sk->keyid[1] );
798                     write_status_text (STATUS_ALREADY_SIGNED, buf);
799                     uidnode->flag &= ~NODFLG_MARK_A; /* remove mark */
800
801                     xfree(user);
802                 }
803             }
804         }
805
806         /* check whether any uids are left for signing */
807         if( !count_uids_with_flag(keyblock, NODFLG_MARK_A) )
808           {
809             tty_printf(_("Nothing to sign with key %s\n"),keystr_from_sk(sk));
810             continue;
811           }
812
813         /* Ask whether we really should sign these user id(s) */
814         tty_printf("\n");
815         show_key_with_all_names( keyblock, 1, 0, 1, 0, 0 );
816         tty_printf("\n");
817
818         if(primary_pk->expiredate && !selfsig)
819           {
820             u32 now=make_timestamp();
821
822             if(primary_pk->expiredate<=now)
823               {
824                 tty_printf(_("This key has expired!"));
825
826                 if(opt.expert)
827                   {
828                     tty_printf("  ");
829                     if(!cpr_get_answer_is_yes("sign_uid.expired_okay",
830                                               _("Are you sure you still "
831                                                 "want to sign it? (y/N) ")))
832                       continue;
833                   }
834                 else
835                   {
836                     tty_printf(_("  Unable to sign.\n"));
837                     continue;
838                   }
839               }
840             else
841               {
842                 tty_printf(_("This key is due to expire on %s.\n"),
843                            expirestr_from_pk(primary_pk));
844
845                 if(opt.ask_cert_expire)
846                   {
847                     char *answer=cpr_get("sign_uid.expire",
848                                          _("Do you want your signature to "
849                                            "expire at the same time? (Y/n) "));
850                     if(answer_is_yes_no_default(answer,1))
851                       {
852                         /* This fixes the signature timestamp we're
853                            going to make as now.  This is so the
854                            expiration date is exactly correct, and not
855                            a few seconds off (due to the time it takes
856                            to answer the questions, enter the
857                            passphrase, etc). */
858                         timestamp=now;
859                         duration=primary_pk->expiredate-now;
860                         force_v4=1;
861                       }
862
863                     cpr_kill_prompt();
864                     xfree(answer);
865                   }
866               }
867           }
868
869         /* Only ask for duration if we haven't already set it to match
870            the expiration of the pk */
871         if(!duration && !selfsig)
872           {
873             if(opt.ask_cert_expire)
874               duration=ask_expire_interval(1,opt.def_cert_expire);
875             else
876               duration=parse_expire_string(opt.def_cert_expire);
877           }
878
879         if(duration)
880           force_v4=1;
881
882         /* Is --pgp2 on, it's a v3 key, all the sigs on the key are
883            currently v3 and we're about to sign it with a v4 sig?  If
884            so, danger! */
885         if(PGP2 && all_v3 &&
886            (sk->version>3 || force_v4) && primary_pk->version<=3)
887           {
888             tty_printf(_("You may not make an OpenPGP signature on a "
889                          "PGP 2.x key while in --pgp2 mode.\n"));
890             tty_printf(_("This would make the key unusable in PGP 2.x.\n"));
891
892             if(opt.expert)
893               {
894                 if(!cpr_get_answer_is_yes("sign_uid.v4_on_v3_okay",
895                                           _("Are you sure you still "
896                                             "want to sign it? (y/N) ")))
897                   continue;
898
899                 all_v3=0;
900               }
901             else
902               continue;
903           }
904
905         if(selfsig)
906           ;
907         else
908           {
909             if(opt.batch || !opt.ask_cert_level)
910               class=0x10+opt.def_cert_level;
911             else
912               {
913                 char *answer;
914
915                 tty_printf(_("How carefully have you verified the key you are "
916                              "about to sign actually belongs\nto the person "
917                              "named above?  If you don't know what to "
918                              "answer, enter \"0\".\n"));
919                 tty_printf("\n");
920                 tty_printf(_("   (0) I will not answer.%s\n"),
921                            opt.def_cert_level==0?" (default)":"");
922                 tty_printf(_("   (1) I have not checked at all.%s\n"),
923                            opt.def_cert_level==1?" (default)":"");
924                 tty_printf(_("   (2) I have done casual checking.%s\n"),
925                            opt.def_cert_level==2?" (default)":"");
926                 tty_printf(_("   (3) I have done very careful checking.%s\n"),
927                            opt.def_cert_level==3?" (default)":"");
928                 tty_printf("\n");
929
930                 while(class==0)
931                   {
932                     answer = cpr_get("sign_uid.class",_("Your selection? "
933                                         "(enter `?' for more information): "));
934                     if(answer[0]=='\0')
935                       class=0x10+opt.def_cert_level; /* Default */
936                     else if(ascii_strcasecmp(answer,"0")==0)
937                       class=0x10; /* Generic */
938                     else if(ascii_strcasecmp(answer,"1")==0)
939                       class=0x11; /* Persona */
940                     else if(ascii_strcasecmp(answer,"2")==0)
941                       class=0x12; /* Casual */
942                     else if(ascii_strcasecmp(answer,"3")==0)
943                       class=0x13; /* Positive */
944                     else
945                       tty_printf(_("Invalid selection.\n"));
946
947                     xfree(answer);
948                   }
949               }
950
951             if(trust)
952               trustsig_prompt(&trust_value,&trust_depth,&trust_regexp);
953           }
954
955         p=get_user_id_native(sk_keyid);
956         tty_printf(_("Are you sure that you want to sign this key with your\n"
957                      "key \"%s\" (%s)\n"),p,keystr_from_sk(sk));
958         xfree(p);
959
960         if(selfsig)
961           {
962             tty_printf("\n");
963             tty_printf(_("This will be a self-signature.\n"));
964
965             if( local )
966               {
967                 tty_printf("\n");
968                 tty_printf(
969                          _("WARNING: the signature will not be marked "
970                            "as non-exportable.\n"));
971               }
972
973             if( nonrevocable )
974               {
975                 tty_printf("\n");
976                 tty_printf(
977                          _("WARNING: the signature will not be marked "
978                            "as non-revocable.\n"));
979               }
980           }
981         else
982           {
983             if( local )
984               {
985                 tty_printf("\n");
986                 tty_printf(
987                      _("The signature will be marked as non-exportable.\n"));
988               }
989
990             if( nonrevocable )
991               {
992                 tty_printf("\n");
993                 tty_printf(
994                       _("The signature will be marked as non-revocable.\n"));
995               }
996
997             switch(class)
998               {
999               case 0x11:
1000                 tty_printf("\n");
1001                 tty_printf(_("I have not checked this key at all.\n"));
1002                 break;
1003
1004               case 0x12:
1005                 tty_printf("\n");
1006                 tty_printf(_("I have checked this key casually.\n"));
1007                 break;
1008
1009               case 0x13:
1010                 tty_printf("\n");
1011                 tty_printf(_("I have checked this key very carefully.\n"));
1012                 break;
1013               }
1014           }
1015
1016         tty_printf("\n");
1017
1018         if( opt.batch && opt.answer_yes )
1019           ;
1020         else if( !cpr_get_answer_is_yes("sign_uid.okay",
1021                                         _("Really sign? (y/N) ")) )
1022             continue;
1023
1024         /* now we can sign the user ids */
1025       reloop: /* (must use this, because we are modifing the list) */
1026         primary_pk = NULL;
1027         for( node=keyblock; node; node = node->next ) {
1028             if( node->pkt->pkttype == PKT_PUBLIC_KEY )
1029                 primary_pk = node->pkt->pkt.public_key;
1030             else if( node->pkt->pkttype == PKT_USER_ID
1031                      && (node->flag & NODFLG_MARK_A) ) {
1032                 PACKET *pkt;
1033                 PKT_signature *sig;
1034                 struct sign_attrib attrib;
1035
1036                 assert( primary_pk );
1037                 memset( &attrib, 0, sizeof attrib );
1038                 attrib.non_exportable = local;
1039                 attrib.non_revocable = nonrevocable;
1040                 attrib.trust_depth = trust_depth;
1041                 attrib.trust_value = trust_value;
1042                 attrib.trust_regexp = trust_regexp;
1043                 node->flag &= ~NODFLG_MARK_A;
1044
1045                 /* we force creation of a v4 signature for local
1046                  * signatures, otherwise we would not generate the
1047                  * subpacket with v3 keys and the signature becomes
1048                  * exportable */
1049
1050                 if(selfsig)
1051                   rc = make_keysig_packet( &sig, primary_pk,
1052                                            node->pkt->pkt.user_id,
1053                                            NULL,
1054                                            sk,
1055                                            0x13, 0, force_v4?4:0, 0, 0,
1056                                            keygen_add_std_prefs, primary_pk);
1057                 else
1058                   rc = make_keysig_packet( &sig, primary_pk,
1059                                            node->pkt->pkt.user_id,
1060                                            NULL,
1061                                            sk,
1062                                            class, 0, force_v4?4:0,
1063                                            timestamp, duration,
1064                                            sign_mk_attrib, &attrib );
1065                 if( rc ) {
1066                     log_error(_("signing failed: %s\n"), g10_errstr(rc));
1067                     goto leave;
1068                 }
1069
1070                 *ret_modified = 1; /* we changed the keyblock */
1071                 update_trust = 1;
1072
1073                 pkt = xmalloc_clear( sizeof *pkt );
1074                 pkt->pkttype = PKT_SIGNATURE;
1075                 pkt->pkt.signature = sig;
1076                 insert_kbnode( node, new_kbnode(pkt), PKT_SIGNATURE );
1077                 goto reloop;
1078             }
1079         }
1080
1081         /* Delete any sigs that got promoted */
1082         for( node=keyblock; node; node = node->next )
1083           if( node->flag & NODFLG_DELSIG)
1084             delete_kbnode(node);
1085     } /* end loop over signators */
1086
1087   leave:
1088     release_sk_list( sk_list );
1089     if( sk )
1090         free_secret_key(sk);
1091     return rc;
1092 }
1093
1094
1095
1096 /****************
1097  * Change the passphrase of the primary and all secondary keys.
1098  * We use only one passphrase for all keys.
1099  */
1100 static int
1101 change_passphrase (KBNODE keyblock, int *r_err)
1102 {
1103     int rc = 0;
1104     int changed=0;
1105     KBNODE node;
1106     PKT_secret_key *sk;
1107     char *passphrase = NULL;
1108     int no_primary_secrets = 0;
1109     int any;
1110
1111     node = find_kbnode( keyblock, PKT_SECRET_KEY );
1112     if( !node ) {
1113         log_error("Oops; secret key not found anymore!\n");
1114         goto leave;
1115     }
1116     sk = node->pkt->pkt.secret_key;
1117
1118     for (any = 0, node=keyblock; node; node = node->next) {
1119         if (node->pkt->pkttype == PKT_SECRET_KEY 
1120             || node->pkt->pkttype == PKT_SECRET_SUBKEY) {
1121             PKT_secret_key *tmpsk = node->pkt->pkt.secret_key;
1122             if (!(tmpsk->is_protected
1123                   && (tmpsk->protect.s2k.mode == 1001 
1124                       || tmpsk->protect.s2k.mode == 1002))) {
1125                 any = 1;
1126                 break;
1127             }
1128         }
1129     }
1130     if (!any) {
1131         tty_printf (_("Key has only stub or on-card key items - "
1132                       "no passphrase to change.\n"));
1133         goto leave;
1134     }
1135         
1136     /* See how to handle this key.  */
1137     switch( is_secret_key_protected( sk ) ) {
1138       case -1:
1139         rc = G10ERR_PUBKEY_ALGO;
1140         break;
1141       case 0:
1142         tty_printf(_("This key is not protected.\n"));
1143         break;
1144       default:
1145         if( sk->protect.s2k.mode == 1001 ) {
1146             tty_printf(_("Secret parts of primary key are not available.\n"));
1147             no_primary_secrets = 1;
1148         }
1149         else if( sk->protect.s2k.mode == 1002 ) {
1150             tty_printf(_("Secret parts of primary key are stored on-card.\n"));
1151             no_primary_secrets = 1;
1152         }
1153         else {
1154             u32 keyid[2];
1155
1156             tty_printf(_("Key is protected.\n"));
1157             
1158             /* Clear the passphrase cache so that the user is required
1159                to enter the old passphrase.  */
1160             keyid_from_sk (sk, keyid);
1161             passphrase_clear_cache (keyid, NULL, 0);
1162
1163             rc = check_secret_key( sk, 0 );
1164             if( !rc )
1165                 passphrase = get_last_passphrase();
1166         }
1167         break;
1168     }
1169
1170     /* Unprotect all subkeys (use the supplied passphrase or ask)*/
1171     for(node=keyblock; !rc && node; node = node->next ) {
1172         if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1173             PKT_secret_key *subsk = node->pkt->pkt.secret_key;
1174             if ( !(subsk->is_protected
1175                    && (subsk->protect.s2k.mode == 1001 
1176                        || subsk->protect.s2k.mode == 1002))) {
1177                 set_next_passphrase( passphrase );
1178                 rc = check_secret_key( subsk, 0 );
1179                 if( !rc && !passphrase )
1180                     passphrase = get_last_passphrase();
1181             }
1182         }
1183     }
1184
1185     if( rc )
1186         tty_printf(_("Can't edit this key: %s\n"), g10_errstr(rc));
1187     else {
1188         DEK *dek = NULL;
1189         STRING2KEY *s2k = xmalloc_secure( sizeof *s2k );
1190         const char *errtext = NULL;
1191
1192         tty_printf(_("Enter the new passphrase for this secret key.\n\n") );
1193
1194         set_next_passphrase( NULL );
1195         for(;;) {
1196             int canceled;
1197
1198             s2k->mode = opt.s2k_mode;
1199             s2k->hash_algo = S2K_DIGEST_ALGO;
1200             dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo,
1201                                      s2k, 2, errtext, &canceled);
1202             if (!dek && canceled) {
1203                 rc = GPG_ERR_CANCELED;
1204                 break;
1205             }
1206             else if( !dek ) {
1207                 errtext = N_("passphrase not correctly repeated; try again");
1208                 tty_printf ("%s.\n", _(errtext));
1209             }
1210             else if( !dek->keylen ) {
1211                 rc = 0;
1212                 tty_printf(_( "You don't want a passphrase -"
1213                             " this is probably a *bad* idea!\n\n"));
1214                 if( cpr_get_answer_is_yes("change_passwd.empty.okay",
1215                                _("Do you really want to do this? (y/N) ")))
1216                   {
1217                     changed++;
1218                     break;
1219                   }
1220             }
1221             else { /* okay */
1222                 rc = 0;
1223                 if( !no_primary_secrets ) {
1224                     sk->protect.algo = dek->algo;
1225                     sk->protect.s2k = *s2k;
1226                     rc = protect_secret_key( sk, dek );
1227                 }
1228                 for(node=keyblock; !rc && node; node = node->next ) {
1229                     if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1230                         PKT_secret_key *subsk = node->pkt->pkt.secret_key;
1231                         if ( !(subsk->is_protected
1232                                && (subsk->protect.s2k.mode == 1001 
1233                                    || subsk->protect.s2k.mode == 1002))) {
1234                             subsk->protect.algo = dek->algo;
1235                             subsk->protect.s2k = *s2k;
1236                             rc = protect_secret_key( subsk, dek );
1237                         }
1238                     }
1239                 }
1240                 if( rc )
1241                     log_error("protect_secret_key failed: %s\n",
1242                               g10_errstr(rc) );
1243                 else
1244                   {
1245                     u32 keyid[2];
1246                     
1247                     /* Clear the cahce again so that the user is
1248                        required to enter the new passphrase at the
1249                        next operation.  */
1250                     keyid_from_sk (sk, keyid);
1251                     passphrase_clear_cache (keyid, NULL, 0);
1252
1253                     changed++;
1254                   }
1255                 break;
1256             }
1257         }
1258         xfree(s2k);
1259         xfree(dek);
1260     }
1261
1262   leave:
1263     xfree( passphrase );
1264     set_next_passphrase( NULL );
1265     if (r_err)
1266       *r_err = rc;
1267     return changed && !rc;
1268 }
1269
1270
1271 /****************
1272  * There are some keys out (due to a bug in gnupg), where the sequence
1273  * of the packets is wrong.  This function fixes that.
1274  * Returns: true if the keyblock has been fixed.
1275  *
1276  * Note:  This function does not work if there is more than one user ID.
1277  */
1278 static int
1279 fix_keyblock( KBNODE keyblock )
1280 {
1281     KBNODE node, last, subkey;
1282     int fixed=0;
1283
1284     /* locate key signatures of class 0x10..0x13 behind sub key packets */
1285     for( subkey=last=NULL, node = keyblock; node;
1286                                             last=node, node = node->next ) {
1287         switch( node->pkt->pkttype ) {
1288           case PKT_PUBLIC_SUBKEY:
1289           case PKT_SECRET_SUBKEY:
1290             if( !subkey )
1291                 subkey = last; /* actually it is the one before the subkey */
1292             break;
1293           case PKT_SIGNATURE:
1294             if( subkey ) {
1295                 PKT_signature *sig = node->pkt->pkt.signature;
1296                 if( sig->sig_class >= 0x10 && sig->sig_class <= 0x13 ) {
1297                     log_info(_(
1298                         "moving a key signature to the correct place\n"));
1299                     last->next = node->next;
1300                     node->next = subkey->next;
1301                     subkey->next = node;
1302                     node = last;
1303                     fixed=1;
1304                 }
1305             }
1306             break;
1307           default: break;
1308         }
1309     }
1310
1311     return fixed;
1312 }
1313
1314 static int
1315 parse_sign_type(const char *str,int *localsig,int *nonrevokesig,int *trustsig)
1316 {
1317   const char *p=str;
1318
1319   while(*p)
1320     {
1321       if(ascii_strncasecmp(p,"l",1)==0)
1322         {
1323           *localsig=1;
1324           p++;
1325         }
1326       else if(ascii_strncasecmp(p,"nr",2)==0)
1327         {
1328           *nonrevokesig=1;
1329           p+=2;
1330         }
1331       else if(ascii_strncasecmp(p,"t",1)==0)
1332         {
1333           *trustsig=1;
1334           p++;
1335         }
1336       else
1337         return 0;
1338     }
1339
1340   return 1;
1341 }
1342
1343 \f
1344 /****************
1345  * Menu driven key editor.  If seckey_check is true, then a secret key
1346  * that matches username will be looked for.  If it is false, not all
1347  * commands will be available.
1348  *
1349  * Note: to keep track of some selection we use node->mark MARKBIT_xxxx.
1350  */
1351
1352 /* Need an SK for this command */
1353 #define KEYEDIT_NEED_SK 1
1354 /* Cannot be viewing the SK for this command */
1355 #define KEYEDIT_NOT_SK  2
1356 /* Must be viewing the SK for this command */
1357 #define KEYEDIT_ONLY_SK 4
1358 /* Match the tail of the string */
1359 #define KEYEDIT_TAIL_MATCH 8
1360
1361 enum cmdids
1362   {
1363     cmdNONE = 0,
1364     cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
1365     cmdREVSIG, cmdREVKEY, cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG,
1366     cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY,
1367     cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF,
1368     cmdEXPIRE, cmdBACKSIGN, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF,
1369     cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
1370     cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCLEAN,
1371     cmdMINIMIZE, cmdNOP
1372   };
1373
1374 static struct
1375 {
1376   const char *name;
1377   enum cmdids id;
1378   int flags;
1379   const char *desc;
1380 } cmds[] =
1381   { 
1382     { "quit"    , cmdQUIT      , 0, N_("quit this menu") },
1383     { "q"       , cmdQUIT      , 0, NULL   },
1384     { "save"    , cmdSAVE      , 0, N_("save and quit") },
1385     { "help"    , cmdHELP      , 0, N_("show this help") },
1386     { "?"       , cmdHELP      , 0, NULL   },
1387     { "fpr"     , cmdFPR       , 0, N_("show key fingerprint") },
1388     { "list"    , cmdLIST      , 0, N_("list key and user IDs") },
1389     { "l"       , cmdLIST      , 0, NULL   },
1390     { "uid"     , cmdSELUID    , 0, N_("select user ID N") },
1391     { "key"     , cmdSELKEY    , 0, N_("select subkey N") },
1392     { "check"   , cmdCHECK     , 0, N_("check signatures") },
1393     { "c"       , cmdCHECK     , 0, NULL },
1394     { "cross-certify", cmdBACKSIGN  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
1395     { "backsign", cmdBACKSIGN  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
1396     { "sign"    , cmdSIGN      , KEYEDIT_NOT_SK|KEYEDIT_TAIL_MATCH,
1397       N_("sign selected user IDs [* see below for related commands]") },
1398     { "s"       , cmdSIGN      , KEYEDIT_NOT_SK, NULL },
1399     /* "lsign" and friends will never match since "sign" comes first
1400        and it is a tail match.  They are just here so they show up in
1401        the help menu. */
1402     { "lsign"   , cmdNOP       , 0, N_("sign selected user IDs locally") },
1403     { "tsign"   , cmdNOP       , 0,
1404       N_("sign selected user IDs with a trust signature") },
1405     { "nrsign"  , cmdNOP       , 0,
1406       N_("sign selected user IDs with a non-revocable signature") },
1407
1408     { "debug"   , cmdDEBUG     , 0, NULL },
1409     { "adduid"  , cmdADDUID    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1410       N_("add a user ID") },
1411     { "addphoto", cmdADDPHOTO  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1412       N_("add a photo ID") },
1413     { "deluid"  , cmdDELUID    , KEYEDIT_NOT_SK,
1414       N_("delete selected user IDs") },
1415     /* delphoto is really deluid in disguise */
1416     { "delphoto", cmdDELUID    , KEYEDIT_NOT_SK, NULL },
1417
1418     { "addkey"  , cmdADDKEY    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1419       N_("add a subkey") },
1420
1421 #ifdef ENABLE_CARD_SUPPORT
1422     { "addcardkey", cmdADDCARDKEY , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1423       N_("add a key to a smartcard") },
1424     { "keytocard", cmdKEYTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK, 
1425       N_("move a key to a smartcard")},
1426     { "bkuptocard", cmdBKUPTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK, 
1427       N_("move a backup key to a smartcard")},
1428 #endif /*ENABLE_CARD_SUPPORT*/
1429
1430     { "delkey"  , cmdDELKEY    , KEYEDIT_NOT_SK,
1431       N_("delete selected subkeys") },
1432     { "addrevoker",cmdADDREVOKER,KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1433       N_("add a revocation key") },
1434     { "delsig"  , cmdDELSIG    , KEYEDIT_NOT_SK,
1435       N_("delete signatures from the selected user IDs") },
1436     { "expire"  , cmdEXPIRE    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1437       N_("change the expiration date for the key or selected subkeys") },
1438     { "primary" , cmdPRIMARY   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1439       N_("flag the selected user ID as primary")},
1440     { "toggle"  , cmdTOGGLE    , KEYEDIT_NEED_SK,
1441       N_("toggle between the secret and public key listings") },
1442     { "t"       , cmdTOGGLE    , KEYEDIT_NEED_SK, NULL },
1443     { "pref"    , cmdPREF      , KEYEDIT_NOT_SK,
1444       N_("list preferences (expert)")},
1445     { "showpref", cmdSHOWPREF  , KEYEDIT_NOT_SK,
1446       N_("list preferences (verbose)") },
1447     { "setpref" , cmdSETPREF   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1448       N_("set preference list for the selected user IDs") },
1449     /* Alias */
1450     { "updpref" , cmdSETPREF   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
1451
1452     { "keyserver",cmdPREFKS    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1453       N_("set the preferred keyserver URL for the selected user IDs")},
1454     { "notation", cmdNOTATION  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1455       N_("set a notation for the selected user IDs")},
1456     { "passwd"  , cmdPASSWD    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1457       N_("change the passphrase") },
1458     /* Alias */
1459     { "password", cmdPASSWD    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
1460
1461     { "trust"   , cmdTRUST     , KEYEDIT_NOT_SK, N_("change the ownertrust") },
1462     { "revsig"  , cmdREVSIG    , KEYEDIT_NOT_SK,
1463       N_("revoke signatures on the selected user IDs") },
1464     { "revuid"  , cmdREVUID    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1465       N_("revoke selected user IDs") },
1466     /* Alias */
1467     { "revphoto", cmdREVUID    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
1468
1469     { "revkey"  , cmdREVKEY    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1470       N_("revoke key or selected subkeys") },
1471     { "enable"  , cmdENABLEKEY , KEYEDIT_NOT_SK, N_("enable key") },
1472     { "disable" , cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key") },
1473     { "showphoto",cmdSHOWPHOTO , 0, N_("show selected photo IDs") },
1474     { "clean",    cmdCLEAN     , KEYEDIT_NOT_SK,
1475       N_("compact unusable user IDs and remove unusable signatures from key")},
1476     { "minimize", cmdMINIMIZE  , KEYEDIT_NOT_SK,
1477       N_("compact unusable user IDs and remove all signatures from key") },
1478     { NULL, cmdNONE, 0, NULL }
1479   };
1480
1481 #ifdef HAVE_LIBREADLINE
1482
1483 /* These two functions are used by readline for command completion. */
1484
1485 static char *
1486 command_generator(const char *text,int state)
1487 {
1488   static int list_index,len;
1489   const char *name;
1490
1491   /* If this is a new word to complete, initialize now.  This includes
1492      saving the length of TEXT for efficiency, and initializing the
1493      index variable to 0. */
1494   if(!state)
1495     {
1496       list_index=0;
1497       len=strlen(text);
1498     }
1499
1500   /* Return the next partial match */
1501   while((name=cmds[list_index].name))
1502     {
1503       /* Only complete commands that have help text */
1504       if(cmds[list_index++].desc && strncmp(name,text,len)==0)
1505         return strdup(name);
1506     }
1507
1508   return NULL;
1509 }
1510
1511 static char **
1512 keyedit_completion(const char *text, int start, int end)
1513 {
1514   /* If we are at the start of a line, we try and command-complete.
1515      If not, just do nothing for now. */
1516
1517   (void)end;
1518
1519   if(start==0)
1520     return rl_completion_matches(text,command_generator);
1521
1522   rl_attempted_completion_over=1;
1523
1524   return NULL;
1525 }
1526 #endif /* HAVE_LIBREADLINE */
1527
1528
1529 void
1530 keyedit_menu( const char *username, strlist_t locusr,
1531               strlist_t commands, int quiet, int seckey_check )
1532 {
1533     enum cmdids cmd = 0;
1534     int rc = 0;
1535     KBNODE keyblock = NULL;
1536     KEYDB_HANDLE kdbhd = NULL;
1537     KBNODE sec_keyblock = NULL;
1538     KEYDB_HANDLE sec_kdbhd = NULL;
1539     KBNODE cur_keyblock;
1540     char *answer = NULL;
1541     int redisplay = 1;
1542     int modified = 0;
1543     int sec_modified = 0;
1544     int toggle;
1545     int have_commands = !!commands;
1546
1547     if ( opt.command_fd != -1 )
1548         ;
1549     else if( opt.batch && !have_commands )
1550       {
1551         log_error(_("can't do this in batch mode\n"));
1552         goto leave;
1553       }
1554
1555 #ifdef HAVE_W32_SYSTEM
1556     /* Due to Windows peculiarities we need to make sure that the
1557        trustdb stale check is done before we open another file
1558        (i.e. by searching for a key).  In theory we could make sure
1559        that the files are closed after use but the open/close caches
1560        inhibits that and flushing the cache right before the stale
1561        check is not easy to implement.  Thus we take the easy way out
1562        and run the stale check as early as possible.  Note, that for
1563        non- W32 platforms it is run indirectly trough a call to
1564        get_validity ().  */
1565     check_trustdb_stale ();
1566 #endif
1567
1568     /* Get the public key */
1569     rc = get_pubkey_byname (NULL, NULL, username, &keyblock, &kdbhd, 1, 1);
1570     if( rc )
1571         goto leave;
1572     if( fix_keyblock( keyblock ) )
1573         modified++;
1574     if( collapse_uids( &keyblock ) )
1575         modified++;
1576     reorder_keyblock(keyblock);
1577     /* We modified the keyblock, so let's make sure the flags are
1578        right. */
1579     if (modified)
1580       merge_keys_and_selfsig (keyblock);
1581
1582     if(seckey_check)
1583       {/* see whether we have a matching secret key */
1584         PKT_public_key *pk = keyblock->pkt->pkt.public_key;
1585
1586         sec_kdbhd = keydb_new (1);
1587         {
1588             byte afp[MAX_FINGERPRINT_LEN];
1589             size_t an;
1590
1591             fingerprint_from_pk (pk, afp, &an);
1592             while (an < MAX_FINGERPRINT_LEN) 
1593                 afp[an++] = 0;
1594             rc = keydb_search_fpr (sec_kdbhd, afp);
1595         }
1596         if (!rc)
1597           {
1598             rc = keydb_get_keyblock (sec_kdbhd, &sec_keyblock);
1599             if (rc)
1600               {
1601                 log_error (_("error reading secret keyblock \"%s\": %s\n"),
1602                            username, g10_errstr(rc));
1603               }
1604             else
1605               {
1606                 merge_keys_and_selfsig( sec_keyblock );
1607                 if( fix_keyblock( sec_keyblock ) )
1608                   sec_modified++;
1609               }
1610           }
1611
1612         if (rc) {
1613             sec_keyblock = NULL;
1614             keydb_release (sec_kdbhd); sec_kdbhd = NULL;
1615             rc = 0;
1616         }
1617
1618         if( sec_keyblock && !quiet )
1619           tty_printf(_("Secret key is available.\n"));
1620     }
1621
1622     toggle = 0;
1623     cur_keyblock = keyblock;
1624     for(;;) { /* main loop */
1625         int i, arg_number, photo;
1626         const char *arg_string = "";
1627         char *p;
1628         PKT_public_key *pk=keyblock->pkt->pkt.public_key;
1629
1630         tty_printf("\n");
1631
1632         if( redisplay && !quiet )
1633           {
1634             show_key_with_all_names( cur_keyblock, 0, 1, 0, 1, 0 );
1635             tty_printf("\n");
1636             redisplay = 0;
1637           }
1638         do {
1639             xfree(answer);
1640             if( have_commands ) {
1641                 if( commands ) {
1642                     answer = xstrdup( commands->d );
1643                     commands = commands->next;
1644                 }
1645                 else if( opt.batch ) {
1646                     answer = xstrdup("quit");
1647                 }
1648                 else
1649                     have_commands = 0;
1650             }
1651             if( !have_commands )
1652               {
1653 #ifdef HAVE_LIBREADLINE
1654                 tty_enable_completion(keyedit_completion);
1655 #endif
1656                 answer = cpr_get_no_help("keyedit.prompt", "gpg> ");
1657                 cpr_kill_prompt();
1658                 tty_disable_completion();
1659               }
1660             trim_spaces(answer);
1661         } while( *answer == '#' );
1662
1663         arg_number = 0; /* Yes, here is the init which egcc complains about */
1664         photo = 0; /* This too */
1665         if( !*answer )
1666             cmd = cmdLIST;
1667         else if( *answer == CONTROL_D )
1668             cmd = cmdQUIT;
1669         else if( digitp(answer ) ) {
1670             cmd = cmdSELUID;
1671             arg_number = atoi(answer);
1672         }
1673         else {
1674             if( (p=strchr(answer,' ')) ) {
1675                 *p++ = 0;
1676                 trim_spaces(answer);
1677                 trim_spaces(p);
1678                 arg_number = atoi(p);
1679                 arg_string = p;
1680             }
1681
1682             for(i=0; cmds[i].name; i++ )
1683               {
1684                 if(cmds[i].flags & KEYEDIT_TAIL_MATCH)
1685                   {
1686                     size_t l=strlen(cmds[i].name);
1687                     size_t a=strlen(answer);
1688                     if(a>=l)
1689                       {
1690                         if(ascii_strcasecmp(&answer[a-l],cmds[i].name)==0)
1691                           {
1692                             answer[a-l]='\0';
1693                             break;
1694                           }
1695                       }
1696                   }
1697                 else if( !ascii_strcasecmp( answer, cmds[i].name ) )
1698                   break;
1699               }
1700             if((cmds[i].flags & KEYEDIT_NEED_SK) && !sec_keyblock )
1701               {
1702                 tty_printf(_("Need the secret key to do this.\n"));
1703                 cmd = cmdNOP;
1704               }
1705             else if(((cmds[i].flags & KEYEDIT_NOT_SK) && sec_keyblock
1706                      && toggle)
1707                     ||((cmds[i].flags & KEYEDIT_ONLY_SK) && sec_keyblock
1708                        && !toggle))
1709               {
1710                 tty_printf(_("Please use the command \"toggle\" first.\n"));
1711                 cmd = cmdNOP;
1712               }
1713             else
1714               cmd = cmds[i].id;
1715         }
1716         switch( cmd )
1717           {
1718           case cmdHELP:
1719             for(i=0; cmds[i].name; i++ )
1720               {
1721                 if((cmds[i].flags & KEYEDIT_NEED_SK) && !sec_keyblock )
1722                   ; /* skip if we do not have the secret key */
1723                 else if( cmds[i].desc )
1724                   tty_printf("%-11s %s\n", cmds[i].name, _(cmds[i].desc) );
1725               }
1726
1727             tty_printf("\n");
1728             tty_printf(_(
1729 "* The `sign' command may be prefixed with an `l' for local "
1730 "signatures (lsign),\n"
1731 "  a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
1732 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"));
1733
1734             break;
1735
1736           case cmdLIST:
1737             redisplay = 1;
1738             break;
1739
1740           case cmdFPR:
1741             show_key_and_fingerprint( keyblock );
1742             break;
1743
1744           case cmdSELUID:
1745             if(strlen(arg_string)==NAMEHASH_LEN*2)
1746               redisplay=menu_select_uid_namehash(cur_keyblock,arg_string);
1747             else
1748               {
1749                 if (*arg_string == '*' 
1750                     && (!arg_string[1] || spacep (arg_string+1)))
1751                   arg_number = -1; /* Select all. */
1752                 redisplay = menu_select_uid (cur_keyblock, arg_number);
1753               }
1754             break;
1755
1756           case cmdSELKEY:
1757             {
1758               if (*arg_string == '*' 
1759                   && (!arg_string[1] || spacep (arg_string+1)))
1760                 arg_number = -1; /* Select all. */
1761               if (menu_select_key( cur_keyblock, arg_number))
1762                 redisplay = 1;
1763             }
1764             break;
1765
1766           case cmdCHECK:
1767             /* we can only do this with the public key becuase the
1768              * check functions can't cope with secret keys and it
1769              * is questionable whether this would make sense at all */
1770             check_all_keysigs( keyblock, count_selected_uids(keyblock) );
1771             break;
1772
1773           case cmdSIGN: /* sign (only the public key) */
1774             {
1775               int localsig=0,nonrevokesig=0,trustsig=0,interactive=0;
1776
1777               if( pk->is_revoked )
1778                 {
1779                   tty_printf(_("Key is revoked."));
1780
1781                   if(opt.expert)
1782                     {
1783                       tty_printf("  ");
1784                       if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
1785                                                 _("Are you sure you still want"
1786                                                   " to sign it? (y/N) ")))
1787                         break;
1788                     }
1789                   else
1790                     {
1791                       tty_printf(_("  Unable to sign.\n"));
1792                       break;
1793                     }
1794                 }
1795
1796               if(count_uids(keyblock) > 1 && !count_selected_uids(keyblock)
1797                  && !cpr_get_answer_is_yes("keyedit.sign_all.okay",
1798                                            _("Really sign all user IDs?"
1799                                              " (y/N) ")))
1800                 {
1801                   if(opt.interactive)
1802                     interactive=1;
1803                   else
1804                     {
1805                       tty_printf(_("Hint: Select the user IDs to sign\n"));
1806                       have_commands = 0;
1807                       break;
1808                     }
1809
1810                 }
1811               /* What sort of signing are we doing? */
1812               if(!parse_sign_type(answer,&localsig,&nonrevokesig,&trustsig))
1813                 {
1814                   tty_printf(_("Unknown signature type `%s'\n"),answer);
1815                   break;
1816                 }
1817
1818               sign_uids(keyblock, locusr, &modified,
1819                         localsig, nonrevokesig, trustsig, interactive);
1820             }
1821             break;
1822
1823           case cmdDEBUG:
1824             dump_kbnode( cur_keyblock );
1825             break;
1826
1827           case cmdTOGGLE:
1828             toggle = !toggle;
1829             cur_keyblock = toggle? sec_keyblock : keyblock;
1830             redisplay = 1;
1831             break;
1832
1833           case cmdADDPHOTO:
1834             if (RFC2440 || RFC1991 || PGP2)
1835               {
1836                 tty_printf(
1837                    _("This command is not allowed while in %s mode.\n"),
1838                    compliance_option_string());
1839                 break;
1840               }
1841             photo=1;
1842             /* fall through */
1843
1844           case cmdADDUID:
1845             if( menu_adduid( keyblock, sec_keyblock, photo, arg_string ) )
1846               {
1847                 update_trust = 1;
1848                 redisplay = 1;
1849                 sec_modified = modified = 1;
1850                 merge_keys_and_selfsig( sec_keyblock );
1851                 merge_keys_and_selfsig( keyblock );
1852               }
1853             break;
1854
1855           case cmdDELUID: {
1856                 int n1;
1857
1858                 if( !(n1=count_selected_uids(keyblock)) )
1859                     tty_printf(_("You must select at least one user ID.\n"));
1860                 else if( real_uids_left(keyblock) < 1 )
1861                     tty_printf(_("You can't delete the last user ID!\n"));
1862                 else if( cpr_get_answer_is_yes("keyedit.remove.uid.okay",
1863                 n1 > 1? _("Really remove all selected user IDs? (y/N) ")
1864                             : _("Really remove this user ID? (y/N) ")
1865                        ) ) {
1866                     menu_deluid( keyblock, sec_keyblock );
1867                     redisplay = 1;
1868                     modified = 1;
1869                     if( sec_keyblock )
1870                        sec_modified = 1;
1871                 }
1872             }
1873             break;
1874
1875           case cmdDELSIG: {
1876                 int n1;
1877
1878                 if( !(n1=count_selected_uids(keyblock)) )
1879                     tty_printf(_("You must select at least one user ID.\n"));
1880                 else if( menu_delsig( keyblock ) ) {
1881                     /* no redisplay here, because it may scroll away some
1882                      * status output of delsig */
1883                     modified = 1;
1884                 }
1885             }
1886             break;
1887
1888           case cmdADDKEY:
1889             if( generate_subkeypair( keyblock, sec_keyblock ) ) {
1890                 redisplay = 1;
1891                 sec_modified = modified = 1;
1892                 merge_keys_and_selfsig( sec_keyblock );
1893                 merge_keys_and_selfsig( keyblock );
1894             }
1895             break;
1896
1897 #ifdef ENABLE_CARD_SUPPORT
1898           case cmdADDCARDKEY:
1899             if (card_generate_subkey (keyblock, sec_keyblock)) {
1900                 redisplay = 1;
1901                 sec_modified = modified = 1;
1902                 merge_keys_and_selfsig( sec_keyblock );
1903                 merge_keys_and_selfsig( keyblock );
1904             }
1905             break;
1906
1907         case cmdKEYTOCARD:
1908           {
1909             KBNODE node=NULL;
1910             switch ( count_selected_keys (sec_keyblock) )
1911               {
1912               case 0:
1913                 if (cpr_get_answer_is_yes 
1914                     ("keyedit.keytocard.use_primary",
1915                      /* TRANSLATORS: Please take care: This is about
1916                         moving the key and not about removing it.  */
1917                      _("Really move the primary key? (y/N) ")))
1918                   node = sec_keyblock;
1919                 break;
1920               case 1:
1921                 for (node = sec_keyblock; node; node = node->next )
1922                   {
1923                     if (node->pkt->pkttype == PKT_SECRET_SUBKEY 
1924                         && node->flag & NODFLG_SELKEY)
1925                       break;
1926                   }
1927                 break;
1928               default:
1929                 tty_printf(_("You must select exactly one key.\n"));
1930                 break;
1931               }
1932             if (node)
1933               {
1934                 PKT_public_key *xxpk = find_pk_from_sknode (keyblock, node);
1935                 if (card_store_subkey (node, xxpk?xxpk->pubkey_usage:0))
1936                   {
1937                     redisplay = 1;
1938                     sec_modified = 1;
1939                   }
1940               }
1941           }
1942           break;
1943
1944         case cmdBKUPTOCARD:
1945           {
1946             /* Ask for a filename, check whether this is really a
1947                backup key as generated by the card generation, parse
1948                that key and store it on card. */
1949             KBNODE node;
1950             const char *fname;
1951             PACKET *pkt;
1952             IOBUF a;
1953
1954             fname = arg_string;
1955             if (!*fname)
1956               {
1957                 tty_printf (_("Command expects a filename argument\n"));
1958                 break;
1959               }
1960
1961             /* Open that file.  */
1962             a = iobuf_open (fname);
1963             if (a && is_secured_file (iobuf_get_fd (a)))
1964               {
1965                 iobuf_close (a);
1966                 a = NULL;
1967                 errno = EPERM;
1968               }
1969             if (!a)
1970               {
1971                 tty_printf (_("Can't open `%s': %s\n"),
1972                             fname, strerror(errno));
1973                 break;
1974               }
1975             
1976             /* Parse and check that file.  */
1977             pkt = xmalloc (sizeof *pkt);
1978             init_packet (pkt);
1979             rc = parse_packet (a, pkt);
1980             iobuf_close (a);
1981             iobuf_ioctl (NULL, 2, 0, (char*)fname); /* (invalidate cache).  */
1982             if (!rc 
1983                 && pkt->pkttype != PKT_SECRET_KEY 
1984                 && pkt->pkttype != PKT_SECRET_SUBKEY)
1985               rc = G10ERR_NO_SECKEY;
1986             if (rc)
1987               {
1988                 tty_printf(_("Error reading backup key from `%s': %s\n"),
1989                            fname, g10_errstr (rc));
1990                 free_packet (pkt);
1991                 xfree (pkt);
1992                 break;
1993               }
1994             node = new_kbnode (pkt);
1995
1996             /* Store it.  */
1997             if (card_store_subkey (node, 0))
1998               {
1999                 redisplay = 1;
2000                 sec_modified = 1;
2001               }
2002             release_kbnode (node);
2003           }
2004           break;
2005
2006 #endif /* ENABLE_CARD_SUPPORT */
2007
2008           case cmdDELKEY: {
2009                 int n1;
2010
2011                 if( !(n1=count_selected_keys( keyblock )) )
2012                     tty_printf(_("You must select at least one key.\n"));
2013                 else if( !cpr_get_answer_is_yes( "keyedit.remove.subkey.okay",
2014                        n1 > 1?
2015                    _("Do you really want to delete the selected keys? (y/N) "):
2016                         _("Do you really want to delete this key? (y/N) ")
2017                        ))
2018                     ;
2019                 else {
2020                     menu_delkey( keyblock, sec_keyblock );
2021                     redisplay = 1;
2022                     modified = 1;
2023                     if( sec_keyblock )
2024                        sec_modified = 1;
2025                 }
2026             }
2027             break;
2028
2029           case cmdADDREVOKER:
2030             {
2031               int sensitive=0;
2032
2033               if(ascii_strcasecmp(arg_string,"sensitive")==0)
2034                 sensitive=1;
2035               if( menu_addrevoker( keyblock, sec_keyblock, sensitive ) ) {
2036                 redisplay = 1;
2037                 sec_modified = modified = 1;
2038                 merge_keys_and_selfsig( sec_keyblock );
2039                 merge_keys_and_selfsig( keyblock );
2040               }
2041             }
2042             break;
2043
2044           case cmdREVUID: {
2045                 int n1;
2046
2047                 if( !(n1=count_selected_uids(keyblock)) )
2048                     tty_printf(_("You must select at least one user ID.\n"));
2049                 else if( cpr_get_answer_is_yes(
2050                             "keyedit.revoke.uid.okay",
2051                        n1 > 1? _("Really revoke all selected user IDs? (y/N) ")
2052                              : _("Really revoke this user ID? (y/N) ")
2053                        ) ) {
2054                   if(menu_revuid(keyblock,sec_keyblock))
2055                     {
2056                       modified=1;
2057                       redisplay=1;
2058                     }
2059                 }
2060             }
2061             break;
2062
2063           case cmdREVKEY:
2064             {
2065               int n1;
2066
2067               if( !(n1=count_selected_keys( keyblock )) )
2068                 {
2069                   if(cpr_get_answer_is_yes("keyedit.revoke.subkey.okay",
2070                                            _("Do you really want to revoke"
2071                                              " the entire key? (y/N) ")))
2072                     {
2073                       if(menu_revkey(keyblock,sec_keyblock))
2074                         modified=1;
2075
2076                       redisplay=1;
2077                     }
2078                 }
2079               else if(cpr_get_answer_is_yes("keyedit.revoke.subkey.okay",
2080                                             n1 > 1?
2081                                             _("Do you really want to revoke"
2082                                               " the selected subkeys? (y/N) "):
2083                                             _("Do you really want to revoke"
2084                                               " this subkey? (y/N) ")))
2085                 {
2086                   if( menu_revsubkey( keyblock, sec_keyblock ) )
2087                     modified = 1;
2088
2089                   redisplay = 1;
2090                 }
2091
2092               if(modified)
2093                 merge_keys_and_selfsig( keyblock );
2094             }
2095             break;
2096
2097           case cmdEXPIRE:
2098             if( menu_expire( keyblock, sec_keyblock ) )
2099               {
2100                 merge_keys_and_selfsig( sec_keyblock );
2101                 merge_keys_and_selfsig( keyblock );
2102                 sec_modified = 1;
2103                 modified = 1;
2104                 redisplay = 1;
2105               }
2106             break;
2107
2108           case cmdBACKSIGN:
2109             if(menu_backsign(keyblock,sec_keyblock))
2110               {
2111                 sec_modified = 1;
2112                 modified = 1;
2113                 redisplay = 1;
2114               }
2115             break;
2116
2117           case cmdPRIMARY:
2118             if( menu_set_primary_uid ( keyblock, sec_keyblock ) ) {
2119                 merge_keys_and_selfsig( keyblock );
2120                 modified = 1;
2121                 redisplay = 1;
2122             }
2123             break;
2124
2125           case cmdPASSWD:
2126             if (change_passphrase (sec_keyblock, NULL))
2127                 sec_modified = 1;
2128             break;
2129
2130           case cmdTRUST:
2131             if(opt.trust_model==TM_EXTERNAL)
2132               {
2133                 tty_printf (_("Owner trust may not be set while "
2134                               "using a user provided trust database\n"));
2135                 break;
2136               }
2137
2138             show_key_with_all_names( keyblock, 0, 0, 0, 1, 0 );
2139             tty_printf("\n");
2140             if( edit_ownertrust( find_kbnode( keyblock,
2141                                  PKT_PUBLIC_KEY )->pkt->pkt.public_key, 1 ) ) {
2142                 redisplay = 1;
2143                 /* No real need to set update_trust here as
2144                    edit_ownertrust() calls revalidation_mark()
2145                    anyway. */
2146                 update_trust=1;
2147             }
2148             break;
2149
2150           case cmdPREF:
2151             {
2152               int count=count_selected_uids(keyblock);
2153               assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
2154               show_names(keyblock,keyblock->pkt->pkt.public_key,
2155                          count?NODFLG_SELUID:0,1);
2156             }
2157             break;
2158
2159           case cmdSHOWPREF:
2160             {
2161               int count=count_selected_uids(keyblock);
2162               assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
2163               show_names(keyblock,keyblock->pkt->pkt.public_key,
2164                          count?NODFLG_SELUID:0,2);
2165             }
2166             break;
2167
2168           case cmdSETPREF:
2169             {
2170               PKT_user_id *tempuid;
2171
2172               keygen_set_std_prefs(!*arg_string?"default" : arg_string, 0);
2173
2174               tempuid=keygen_get_std_prefs();
2175               tty_printf(_("Set preference list to:\n"));
2176               show_prefs(tempuid,NULL,1);
2177               free_user_id(tempuid);
2178
2179               if(cpr_get_answer_is_yes("keyedit.setpref.okay",
2180                                        count_selected_uids (keyblock)?
2181                                        _("Really update the preferences"
2182                                          " for the selected user IDs? (y/N) "):
2183                                        _("Really update the preferences? (y/N) ")))
2184                 {
2185                   if ( menu_set_preferences (keyblock, sec_keyblock) )
2186                     {
2187                       merge_keys_and_selfsig (keyblock);
2188                       modified = 1;
2189                       redisplay = 1;
2190                     }
2191                 }
2192             }
2193             break;
2194
2195           case cmdPREFKS:
2196             if( menu_set_keyserver_url ( *arg_string?arg_string:NULL,
2197                                          keyblock, sec_keyblock ) )
2198               {
2199                 merge_keys_and_selfsig( keyblock );
2200                 modified = 1;
2201                 redisplay = 1;
2202               }
2203             break;
2204
2205           case cmdNOTATION:
2206             if( menu_set_notation ( *arg_string?arg_string:NULL,
2207                                     keyblock, sec_keyblock ) )
2208               {
2209                 merge_keys_and_selfsig( keyblock );
2210                 modified = 1;
2211                 redisplay = 1;
2212               }
2213             break;
2214
2215           case cmdNOP:
2216             break;
2217
2218           case cmdREVSIG:
2219             if( menu_revsig( keyblock ) ) {
2220                 redisplay = 1;
2221                 modified = 1;
2222             }
2223             break;
2224
2225           case cmdENABLEKEY:
2226           case cmdDISABLEKEY:
2227             if( enable_disable_key( keyblock, cmd == cmdDISABLEKEY ) ) {
2228                 redisplay = 1;
2229                 modified = 1;
2230             }
2231             break;
2232
2233           case cmdSHOWPHOTO:
2234             menu_showphoto(keyblock);
2235             break;
2236
2237           case cmdCLEAN:
2238             if(menu_clean(keyblock,0))
2239               redisplay=modified=1;
2240             break;
2241
2242           case cmdMINIMIZE:
2243             if(menu_clean(keyblock,1))
2244               redisplay=modified=1;
2245             break;
2246
2247           case cmdQUIT:
2248             if( have_commands )
2249                 goto leave;
2250             if( !modified && !sec_modified )
2251                 goto leave;
2252             if( !cpr_get_answer_is_yes("keyedit.save.okay",
2253                                         _("Save changes? (y/N) ")) ) {
2254                 if( cpr_enabled()
2255                     || cpr_get_answer_is_yes("keyedit.cancel.okay",
2256                                              _("Quit without saving? (y/N) ")))
2257                     goto leave;
2258                 break;
2259             }
2260             /* fall thru */
2261           case cmdSAVE:
2262             if( modified || sec_modified  ) {
2263                 if( modified ) {
2264                     rc = keydb_update_keyblock (kdbhd, keyblock);
2265                     if( rc ) {
2266                         log_error(_("update failed: %s\n"), g10_errstr(rc) );
2267                         break;
2268                     }
2269                 }
2270                 if( sec_modified ) {
2271                     rc = keydb_update_keyblock (sec_kdbhd, sec_keyblock );
2272                     if( rc ) {
2273                         log_error( _("update secret failed: %s\n"),
2274                                    g10_errstr(rc) );
2275                         break;
2276                     }
2277                 }
2278             }
2279             else
2280                 tty_printf(_("Key not changed so no update needed.\n"));
2281
2282             if( update_trust )
2283               {
2284                 revalidation_mark ();
2285                 update_trust=0;
2286               }
2287             goto leave;
2288
2289           case cmdINVCMD:
2290           default:
2291             tty_printf("\n");
2292             tty_printf(_("Invalid command  (try \"help\")\n"));
2293             break;
2294         }
2295     } /* end main loop */
2296
2297   leave:
2298     release_kbnode( keyblock );
2299     release_kbnode( sec_keyblock );
2300     keydb_release (kdbhd);
2301     xfree(answer);
2302 }
2303
2304
2305 /* Change the passphrase of the secret key identified by USERNAME.  */
2306 void
2307 keyedit_passwd (const char *username)
2308 {
2309   gpg_error_t err;
2310   PKT_public_key *pk;
2311   unsigned char fpr[MAX_FINGERPRINT_LEN];
2312   size_t fprlen;
2313   KEYDB_HANDLE kdh = NULL;
2314   KBNODE keyblock = NULL;
2315
2316   pk = xtrycalloc (1, sizeof *pk);
2317   if (!pk)
2318     {
2319       err = gpg_error_from_syserror ();
2320       goto leave;
2321     }
2322   err = get_pubkey_byname (NULL, pk, username, NULL, NULL, 1, 1);
2323   if (err)
2324     goto leave;
2325   fingerprint_from_pk (pk, fpr, &fprlen);
2326   while (fprlen < MAX_FINGERPRINT_LEN) 
2327     fpr[fprlen++] = 0;
2328   
2329   kdh = keydb_new (1);
2330   if (!kdh)
2331     {
2332       err = gpg_error (GPG_ERR_GENERAL);
2333       goto leave;
2334     }
2335
2336   err = keydb_search_fpr (kdh, fpr);
2337   if (err == -1 || gpg_err_code (err) == GPG_ERR_EOF)
2338     err = gpg_error (GPG_ERR_NO_SECKEY);
2339   if (err)
2340     goto leave;
2341
2342   err = keydb_get_keyblock (kdh, &keyblock);
2343   if (err) 
2344     goto leave;
2345
2346   if (!change_passphrase (keyblock, &err))
2347     goto leave;
2348
2349   err = keydb_update_keyblock (kdh, keyblock);
2350   if (err)
2351     log_error( _("update secret failed: %s\n"), gpg_strerror (err));
2352
2353  leave:
2354   release_kbnode (keyblock);
2355   if (pk)
2356     free_public_key (pk);
2357   keydb_release (kdh);
2358   if (err)
2359     {
2360       log_info ("error changing the passphrase for `%s': %s\n", 
2361                 username, gpg_strerror (err));
2362       write_status_error ("keyedit.passwd", gpg_err_code (err));
2363     }
2364   else
2365     write_status_text (STATUS_SUCCESS, "keyedit.passwd");
2366 }
2367
2368
2369 static void
2370 tty_print_notations(int indent,PKT_signature *sig)
2371 {
2372   int first=1;
2373   struct notation *notation,*nd;
2374
2375   if(indent<0)
2376     {
2377       first=0;
2378       indent=-indent;
2379     }
2380
2381   notation=sig_to_notation(sig);
2382
2383   for(nd=notation;nd;nd=nd->next)
2384     {
2385       if(!first)
2386         tty_printf("%*s",indent,"");
2387       else
2388         first=0;
2389
2390       tty_print_utf8_string(nd->name,strlen(nd->name));
2391       tty_printf("=");
2392       tty_print_utf8_string(nd->value,strlen(nd->value));
2393       tty_printf("\n");
2394     }
2395
2396   free_notation(notation);
2397 }
2398
2399 /****************
2400  * show preferences of a public keyblock.
2401  */
2402 static void
2403 show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
2404 {
2405     const prefitem_t fake={0,0};
2406     const prefitem_t *prefs;
2407     int i;
2408
2409     if( !uid )
2410         return;
2411
2412     if( uid->prefs )
2413         prefs=uid->prefs;
2414     else if(verbose)
2415         prefs=&fake;
2416     else
2417       return;
2418
2419     if (verbose) {
2420         int any, des_seen=0, sha1_seen=0, uncomp_seen=0;
2421
2422         tty_printf ("     ");
2423         tty_printf (_("Cipher: "));
2424         for(i=any=0; prefs[i].type; i++ ) {
2425             if( prefs[i].type == PREFTYPE_SYM ) {
2426                 if (any)
2427                     tty_printf (", ");
2428                 any = 1;
2429                 /* We don't want to display strings for experimental algos */
2430                 if (!openpgp_cipher_test_algo (prefs[i].value)
2431                     && prefs[i].value < 100 )
2432                     tty_printf ("%s",
2433                                 openpgp_cipher_algo_name (prefs[i].value));
2434                 else
2435                     tty_printf ("[%d]", prefs[i].value);
2436                 if (prefs[i].value == CIPHER_ALGO_3DES )
2437                     des_seen = 1;
2438             }    
2439         }
2440         if (!des_seen) {
2441             if (any)
2442                 tty_printf (", ");
2443             tty_printf ("%s", openpgp_cipher_algo_name (CIPHER_ALGO_3DES));
2444         }
2445         tty_printf ("\n     ");
2446         tty_printf (_("Digest: "));
2447         for(i=any=0; prefs[i].type; i++ ) {
2448             if( prefs[i].type == PREFTYPE_HASH ) {
2449                 if (any)
2450                     tty_printf (", ");
2451                 any = 1;
2452                 /* We don't want to display strings for experimental algos */
2453                 if (!gcry_md_test_algo (prefs[i].value)
2454                     && prefs[i].value < 100 )
2455                     tty_printf ("%s", gcry_md_algo_name (prefs[i].value) );
2456                 else
2457                     tty_printf ("[%d]", prefs[i].value);
2458                 if (prefs[i].value == DIGEST_ALGO_SHA1 )
2459                     sha1_seen = 1;
2460             }
2461         }
2462         if (!sha1_seen) {
2463             if (any)
2464                 tty_printf (", ");
2465             tty_printf ("%s", gcry_md_algo_name (DIGEST_ALGO_SHA1));
2466         }
2467         tty_printf ("\n     ");
2468         tty_printf (_("Compression: "));
2469         for(i=any=0; prefs[i].type; i++ ) {
2470             if( prefs[i].type == PREFTYPE_ZIP ) {
2471                 const char *s=compress_algo_to_string(prefs[i].value);
2472                 
2473                 if (any)
2474                     tty_printf (", ");
2475                 any = 1;
2476                 /* We don't want to display strings for experimental algos */
2477                 if (s && prefs[i].value < 100 )
2478                     tty_printf ("%s", s );
2479                 else
2480                     tty_printf ("[%d]", prefs[i].value);
2481                 if (prefs[i].value == COMPRESS_ALGO_NONE )
2482                     uncomp_seen = 1;
2483             }
2484         }
2485         if (!uncomp_seen) {
2486             if (any)
2487                 tty_printf (", ");
2488             else {
2489               tty_printf ("%s",compress_algo_to_string(COMPRESS_ALGO_ZIP));
2490               tty_printf (", ");
2491             }
2492             tty_printf ("%s",compress_algo_to_string(COMPRESS_ALGO_NONE));
2493         }
2494         if(uid->flags.mdc || !uid->flags.ks_modify)
2495           {
2496             tty_printf ("\n     ");
2497             tty_printf (_("Features: "));
2498             any=0;
2499             if(uid->flags.mdc)
2500               {
2501                 tty_printf ("MDC");
2502                 any=1;
2503               }
2504             if(!uid->flags.ks_modify)
2505               {
2506                 if(any)
2507                   tty_printf (", ");
2508                 tty_printf (_("Keyserver no-modify"));
2509               }
2510           }
2511         tty_printf("\n");
2512
2513         if(selfsig)
2514           {
2515             const byte *pref_ks;
2516             size_t pref_ks_len;
2517
2518             pref_ks=parse_sig_subpkt(selfsig->hashed,
2519                                      SIGSUBPKT_PREF_KS,&pref_ks_len);
2520             if(pref_ks && pref_ks_len)
2521               {
2522                 tty_printf ("     ");
2523                 tty_printf(_("Preferred keyserver: "));
2524                 tty_print_utf8_string(pref_ks,pref_ks_len);
2525                 tty_printf("\n");
2526               }
2527
2528             if(selfsig->flags.notation)
2529               {
2530                 tty_printf ("     ");
2531                 tty_printf(_("Notations: "));
2532                 tty_print_notations(5+strlen(_("Notations: ")),selfsig);
2533               }
2534           }
2535     }
2536     else {
2537         tty_printf("    ");
2538         for(i=0; prefs[i].type; i++ ) {
2539             tty_printf( " %c%d", prefs[i].type == PREFTYPE_SYM   ? 'S' :
2540                                  prefs[i].type == PREFTYPE_HASH  ? 'H' :
2541                                  prefs[i].type == PREFTYPE_ZIP ? 'Z':'?',
2542                                  prefs[i].value);
2543         }
2544         if (uid->flags.mdc)
2545             tty_printf (" [mdc]");
2546         if (!uid->flags.ks_modify)
2547             tty_printf (" [no-ks-modify]");
2548         tty_printf("\n");
2549     }
2550 }
2551
2552 /* This is the version of show_key_with_all_names used when
2553    opt.with_colons is used.  It prints all available data in a easy to
2554    parse format and does not translate utf8 */
2555 static void
2556 show_key_with_all_names_colon (KBNODE keyblock)
2557 {
2558   KBNODE node;
2559   int i, j, ulti_hack=0;
2560   byte pk_version=0;
2561   PKT_public_key *primary=NULL;
2562
2563   /* the keys */
2564   for ( node = keyblock; node; node = node->next )
2565     {
2566       if (node->pkt->pkttype == PKT_PUBLIC_KEY
2567           || (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) )
2568         {
2569           PKT_public_key *pk = node->pkt->pkt.public_key;
2570           u32 keyid[2];
2571
2572           if (node->pkt->pkttype == PKT_PUBLIC_KEY)
2573             {
2574               pk_version = pk->version;
2575               primary=pk;
2576             }
2577
2578           keyid_from_pk (pk, keyid);
2579
2580           fputs (node->pkt->pkttype == PKT_PUBLIC_KEY?"pub:":"sub:", stdout);
2581           if (!pk->is_valid)
2582             putchar ('i');
2583           else if (pk->is_revoked)
2584             putchar ('r');
2585           else if (pk->has_expired)
2586             putchar ('e');
2587           else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks ))
2588             {
2589               int trust = get_validity_info (pk, NULL);
2590               if(trust=='u')
2591                 ulti_hack=1;
2592               putchar (trust);
2593             }
2594
2595           printf (":%u:%d:%08lX%08lX:%lu:%lu::",
2596                   nbits_from_pk (pk),
2597                   pk->pubkey_algo,
2598                   (ulong)keyid[0], (ulong)keyid[1],
2599                   (ulong)pk->timestamp,
2600                   (ulong)pk->expiredate );
2601           if (node->pkt->pkttype==PKT_PUBLIC_KEY
2602               && !(opt.fast_list_mode || opt.no_expensive_trust_checks ))
2603             putchar(get_ownertrust_info (pk));
2604           putchar(':');
2605           putchar (':');
2606           putchar (':');
2607           /* Print capabilities.  */
2608           if ( (pk->pubkey_usage & PUBKEY_USAGE_ENC) )
2609             putchar ('e');
2610           if ( (pk->pubkey_usage & PUBKEY_USAGE_SIG) )
2611             putchar ('s');
2612           if ( (pk->pubkey_usage & PUBKEY_USAGE_CERT) )
2613             putchar ('c');
2614           if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
2615             putchar ('a');
2616           putchar('\n');
2617           
2618           print_fingerprint (pk, NULL, 0);
2619           print_revokers(pk);
2620         }
2621     }
2622   
2623     /* the user ids */
2624     i = 0;
2625     for (node = keyblock; node; node = node->next) 
2626       {
2627         if ( node->pkt->pkttype == PKT_USER_ID )
2628           {
2629             PKT_user_id *uid = node->pkt->pkt.user_id;
2630
2631             ++i;
2632
2633             if(uid->attrib_data)
2634               printf("uat:");
2635             else
2636               printf("uid:");
2637
2638             if ( uid->is_revoked )
2639               printf("r::::::::");
2640             else if ( uid->is_expired )
2641               printf("e::::::::");
2642             else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
2643               printf("::::::::");
2644             else
2645               {
2646                 int uid_validity;
2647
2648                 if( primary && !ulti_hack )
2649                   uid_validity = get_validity_info( primary, uid );
2650                 else
2651                   uid_validity = 'u';
2652                 printf("%c::::::::",uid_validity);
2653               }
2654
2655             if(uid->attrib_data)
2656               printf ("%u %lu",uid->numattribs,uid->attrib_len);
2657             else
2658               print_string (stdout, uid->name, uid->len, ':');
2659
2660             putchar (':');
2661             /* signature class */
2662             putchar (':');
2663             /* capabilities */
2664             putchar (':');
2665             /* preferences */
2666             if (pk_version>3 || uid->selfsigversion>3)
2667               {
2668                 const prefitem_t *prefs = uid->prefs;
2669                 
2670                 for (j=0; prefs && prefs[j].type; j++)
2671                   {
2672                     if (j)
2673                       putchar (' ');
2674                     printf ("%c%d", prefs[j].type == PREFTYPE_SYM   ? 'S' :
2675                             prefs[j].type == PREFTYPE_HASH  ? 'H' :
2676                             prefs[j].type == PREFTYPE_ZIP ? 'Z':'?',
2677                             prefs[j].value);
2678                   } 
2679                 if (uid->flags.mdc)
2680                   printf (",mdc");
2681                 if (!uid->flags.ks_modify)
2682                   printf (",no-ks-modify");
2683               } 
2684             putchar (':');
2685             /* flags */
2686             printf ("%d,", i);
2687             if (uid->is_primary)
2688               putchar ('p');
2689             if (uid->is_revoked)
2690               putchar ('r');
2691             if (uid->is_expired)
2692               putchar ('e');
2693             if ((node->flag & NODFLG_SELUID))
2694               putchar ('s');
2695             if ((node->flag & NODFLG_MARK_A))
2696               putchar ('m');
2697             putchar (':');
2698             putchar('\n');
2699           }
2700       }
2701 }
2702
2703 static void
2704 show_names(KBNODE keyblock,PKT_public_key *pk,unsigned int flag,int with_prefs)
2705 {
2706   KBNODE node;
2707   int i=0;
2708
2709   for( node = keyblock; node; node = node->next )
2710     {
2711       if( node->pkt->pkttype == PKT_USER_ID
2712           && !is_deleted_kbnode(node))
2713         {
2714           PKT_user_id *uid = node->pkt->pkt.user_id;
2715           ++i;
2716           if(!flag || (flag && (node->flag & flag)))
2717             {
2718               if(!(flag&NODFLG_MARK_A) && pk)
2719                 tty_printf("%s ",uid_trust_string_fixed(pk,uid));
2720
2721               if( flag & NODFLG_MARK_A )
2722                 tty_printf("     ");
2723               else if( node->flag & NODFLG_SELUID )
2724                 tty_printf("(%d)* ", i);
2725               else if( uid->is_primary )
2726                 tty_printf("(%d). ", i);
2727               else
2728                 tty_printf("(%d)  ", i);
2729               tty_print_utf8_string( uid->name, uid->len );
2730               tty_printf("\n");
2731               if(with_prefs && pk)
2732                 {
2733                   if(pk->version>3 || uid->selfsigversion>3)
2734                     {
2735                       PKT_signature *selfsig=NULL;
2736                       KBNODE signode;
2737
2738                       for(signode=node->next;
2739                           signode && signode->pkt->pkttype==PKT_SIGNATURE;
2740                           signode=signode->next)
2741                         {
2742                           if(signode->pkt->pkt.signature->
2743                              flags.chosen_selfsig)
2744                             {
2745                               selfsig=signode->pkt->pkt.signature;
2746                               break;
2747                             }
2748                         }
2749
2750                       show_prefs (uid, selfsig, with_prefs == 2);
2751                     }
2752                   else
2753                     tty_printf(_("There are no preferences on a"
2754                                  " PGP 2.x-style user ID.\n"));
2755                 }
2756             }
2757         }
2758     }
2759 }
2760
2761 /****************
2762  * Display the key a the user ids, if only_marked is true, do only
2763  * so for user ids with mark A flag set and dont display the index number
2764  */
2765 static void
2766 show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
2767                          int with_fpr, int with_subkeys, int with_prefs )
2768 {
2769     KBNODE node;
2770     int i;
2771     int do_warn = 0;
2772     byte pk_version=0;
2773     PKT_public_key *primary=NULL;
2774
2775     if (opt.with_colons)
2776       {
2777         show_key_with_all_names_colon (keyblock);
2778         return;
2779       }
2780
2781     /* the keys */
2782     for( node = keyblock; node; node = node->next ) {
2783         if( node->pkt->pkttype == PKT_PUBLIC_KEY
2784             || (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY
2785                 && !is_deleted_kbnode(node)) ) {
2786             PKT_public_key *pk = node->pkt->pkt.public_key;
2787             const char *otrust="err",*trust="err";
2788
2789             if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
2790                 /* do it here, so that debug messages don't clutter the
2791                  * output */
2792                 static int did_warn = 0;
2793
2794                 trust = get_validity_string (pk, NULL);
2795                 otrust = get_ownertrust_string (pk);
2796
2797                 /* Show a warning once */
2798                 if (!did_warn
2799                     && (get_validity (pk, NULL) & TRUST_FLAG_PENDING_CHECK)) {
2800                     did_warn = 1;
2801                     do_warn = 1;
2802                 }
2803
2804                 pk_version=pk->version;
2805                 primary=pk;
2806             }
2807
2808             if(pk->is_revoked)
2809               {
2810                 char *user=get_user_id_string_native(pk->revoked.keyid);
2811                 const char *algo = gcry_pk_algo_name (pk->revoked.algo);
2812                 tty_printf(_("This key was revoked on %s by %s key %s\n"),
2813                            revokestr_from_pk(pk),algo?algo:"?",user);
2814                 xfree(user);
2815               }
2816
2817             if(with_revoker)
2818               {
2819                 if( !pk->revkey && pk->numrevkeys )
2820                   BUG();
2821                 else
2822                   for(i=0;i<pk->numrevkeys;i++)
2823                     {
2824                       u32 r_keyid[2];
2825                       char *user;
2826                       const char *algo;
2827
2828                       algo = gcry_pk_algo_name (pk->revkey[i].algid);
2829                       keyid_from_fingerprint(pk->revkey[i].fpr,
2830                                              MAX_FINGERPRINT_LEN,r_keyid);
2831
2832                       user=get_user_id_string_native(r_keyid);
2833                       tty_printf(_("This key may be revoked by %s key %s"),
2834                                  algo?algo:"?",user);
2835
2836                       if(pk->revkey[i].class&0x40)
2837                         {
2838                           tty_printf(" ");
2839                           tty_printf(_("(sensitive)"));
2840                         }
2841
2842                       tty_printf ("\n");
2843                       xfree(user);
2844                     }
2845               }
2846
2847             keyid_from_pk(pk,NULL);
2848             tty_printf("%s%c %4u%c/%s  ",
2849                        node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
2850                        (node->flag & NODFLG_SELKEY)? '*':' ',
2851                        nbits_from_pk( pk ),
2852                        pubkey_letter( pk->pubkey_algo ),
2853                        keystr(pk->keyid));
2854
2855             tty_printf(_("created: %s"),datestr_from_pk(pk));
2856             tty_printf("  ");
2857             if(pk->is_revoked)
2858               tty_printf(_("revoked: %s"),revokestr_from_pk(pk));
2859             else if(pk->has_expired)
2860               tty_printf(_("expired: %s"),expirestr_from_pk(pk));
2861             else
2862               tty_printf(_("expires: %s"),expirestr_from_pk(pk));
2863             tty_printf("  ");
2864             tty_printf(_("usage: %s"),usagestr_from_pk(pk));
2865             tty_printf("\n");
2866
2867             if( node->pkt->pkttype == PKT_PUBLIC_KEY )
2868               {
2869                 if(opt.trust_model!=TM_ALWAYS)
2870                   {
2871                     tty_printf("%*s", (int)keystrlen()+13,"");
2872                     /* Ownertrust is only meaningful for the PGP or
2873                        classic trust models */
2874                     if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
2875                       {
2876                         int width=14-strlen(otrust);
2877                         if(width<=0)
2878                           width=1;
2879                         tty_printf(_("trust: %s"), otrust);
2880                         tty_printf("%*s",width,"");
2881                       }
2882                     
2883                     tty_printf(_("validity: %s"), trust );
2884                     tty_printf("\n");
2885                   }
2886                 if( node->pkt->pkttype == PKT_PUBLIC_KEY
2887                     && (get_ownertrust (pk)&TRUST_FLAG_DISABLED))
2888                   {
2889                     tty_printf("*** ");
2890                     tty_printf(_("This key has been disabled"));
2891                     tty_printf("\n");
2892                   }
2893               }
2894
2895             if( node->pkt->pkttype == PKT_PUBLIC_KEY && with_fpr )
2896               {
2897                 print_fingerprint ( pk, NULL, 2 );
2898                 tty_printf("\n");
2899               }
2900         }
2901         else if( node->pkt->pkttype == PKT_SECRET_KEY
2902             || (with_subkeys && node->pkt->pkttype == PKT_SECRET_SUBKEY) )
2903           {
2904             PKT_secret_key *sk = node->pkt->pkt.secret_key;
2905             tty_printf("%s%c %4u%c/%s  ",
2906                        node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
2907                        (node->flag & NODFLG_SELKEY)? '*':' ',
2908                        nbits_from_sk( sk ),
2909                        pubkey_letter( sk->pubkey_algo ),
2910                        keystr_from_sk(sk));
2911             tty_printf(_("created: %s"),datestr_from_sk(sk));
2912             tty_printf("  ");
2913             tty_printf(_("expires: %s"),expirestr_from_sk(sk));
2914             tty_printf("\n");
2915             if (sk->is_protected && sk->protect.s2k.mode == 1002)
2916               {
2917                 tty_printf("                     ");
2918                 tty_printf(_("card-no: ")); 
2919                 if (sk->protect.ivlen == 16
2920                     && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
2921                   { /* This is an OpenPGP card. */
2922                     for (i=8; i < 14; i++)
2923                       {
2924                         if (i == 10)
2925                           tty_printf (" ");
2926                         tty_printf ("%02X", sk->protect.iv[i]);
2927                       }
2928                   }
2929                 else
2930                   { /* Something is wrong: Print all. */
2931                     for (i=0; i < sk->protect.ivlen; i++)
2932                       tty_printf ("%02X", sk->protect.iv[i]);
2933                   }
2934                 tty_printf ("\n");
2935               }
2936           }
2937     }
2938
2939     show_names(keyblock,primary,only_marked?NODFLG_MARK_A:0,with_prefs);
2940
2941     if (do_warn)
2942         tty_printf (_("Please note that the shown key validity"
2943                       " is not necessarily correct\n"
2944                       "unless you restart the program.\n")); 
2945 }
2946
2947
2948 /* Display basic key information.  This function is suitable to show
2949    information on the key without any dependencies on the trustdb or
2950    any other internal GnuPG stuff.  KEYBLOCK may either be a public or
2951    a secret key.*/
2952 void
2953 show_basic_key_info ( KBNODE keyblock )
2954 {
2955   KBNODE node;
2956   int i;
2957
2958   /* The primary key */
2959   for (node = keyblock; node; node = node->next)
2960     {
2961       if (node->pkt->pkttype == PKT_PUBLIC_KEY)
2962         {
2963           PKT_public_key *pk = node->pkt->pkt.public_key;
2964           
2965           /* Note, we use the same format string as in other show
2966              functions to make the translation job easier. */
2967           tty_printf ("%s  %4u%c/%s  ",
2968                       node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
2969                       nbits_from_pk( pk ),
2970                       pubkey_letter( pk->pubkey_algo ),
2971                       keystr_from_pk(pk));
2972           tty_printf(_("created: %s"),datestr_from_pk(pk));
2973           tty_printf("  ");
2974           tty_printf(_("expires: %s"),expirestr_from_pk(pk));
2975           tty_printf("\n");
2976           print_fingerprint ( pk, NULL, 3 );
2977           tty_printf("\n");
2978         }
2979       else if (node->pkt->pkttype == PKT_SECRET_KEY)
2980         {
2981           PKT_secret_key *sk = node->pkt->pkt.secret_key;
2982           tty_printf("%s  %4u%c/%s",
2983                      node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
2984                      nbits_from_sk( sk ),
2985                      pubkey_letter( sk->pubkey_algo ),
2986                      keystr_from_sk(sk));
2987           tty_printf(_("created: %s"),datestr_from_sk(sk));
2988           tty_printf("  ");
2989           tty_printf(_("expires: %s"),expirestr_from_sk(sk));
2990           tty_printf("\n");
2991           print_fingerprint (NULL, sk, 3 );
2992           tty_printf("\n");
2993         }
2994     }
2995
2996   /* The user IDs. */
2997   for (i=0, node = keyblock; node; node = node->next)
2998     {
2999       if (node->pkt->pkttype == PKT_USER_ID)
3000         {
3001           PKT_user_id *uid = node->pkt->pkt.user_id;
3002           ++i;
3003      
3004           tty_printf ("     ");
3005           if (uid->is_revoked)
3006             tty_printf("[%s] ",_("revoked"));
3007           else if ( uid->is_expired )
3008             tty_printf("[%s] ",_("expired"));
3009           tty_print_utf8_string (uid->name, uid->len);
3010           tty_printf ("\n");
3011         }
3012     }
3013 }
3014
3015 static void
3016 show_key_and_fingerprint( KBNODE keyblock )
3017 {
3018   KBNODE node;
3019   PKT_public_key *pk = NULL;
3020
3021   for( node = keyblock; node; node = node->next )
3022     {
3023       if( node->pkt->pkttype == PKT_PUBLIC_KEY )
3024         {
3025           pk = node->pkt->pkt.public_key;
3026           tty_printf("pub   %4u%c/%s %s ",
3027                      nbits_from_pk( pk ),
3028                      pubkey_letter( pk->pubkey_algo ),
3029                      keystr_from_pk(pk),
3030                      datestr_from_pk(pk) );
3031         }
3032       else if( node->pkt->pkttype == PKT_USER_ID )
3033         {
3034           PKT_user_id *uid = node->pkt->pkt.user_id;
3035           tty_print_utf8_string( uid->name, uid->len );
3036           break;
3037         }
3038     }
3039   tty_printf("\n");
3040   if( pk )
3041     print_fingerprint( pk, NULL, 2 );
3042 }
3043
3044
3045 /* Show a warning if no uids on the key have the primary uid flag
3046    set. */
3047 static void
3048 no_primary_warning(KBNODE keyblock)
3049 {
3050   KBNODE node;
3051   int have_primary=0,uid_count=0;
3052
3053   /* TODO: if we ever start behaving differently with a primary or
3054      non-primary attribute ID, we will need to check for attributes
3055      here as well. */
3056
3057   for(node=keyblock; node; node = node->next)
3058     {
3059       if(node->pkt->pkttype==PKT_USER_ID
3060          && node->pkt->pkt.user_id->attrib_data==NULL)
3061         {
3062           uid_count++;
3063
3064           if(node->pkt->pkt.user_id->is_primary==2)
3065             {
3066               have_primary=1;
3067               break;
3068             }
3069         }
3070     }
3071
3072   if(uid_count>1 && !have_primary)
3073     log_info(_("WARNING: no user ID has been marked as primary.  This command"
3074                " may\n              cause a different user ID to become"
3075                " the assumed primary.\n"));
3076 }
3077
3078 /****************
3079  * Ask for a new user id, do the selfsignature and put it into
3080  * both keyblocks.
3081  * Return true if there is a new user id
3082  */
3083 static int
3084 menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock,
3085              int photo, const char *photo_name)
3086 {
3087     PKT_user_id *uid;
3088     PKT_public_key *pk=NULL;
3089     PKT_secret_key *sk=NULL;
3090     PKT_signature *sig=NULL;
3091     PACKET *pkt;
3092     KBNODE node;
3093     KBNODE pub_where=NULL, sec_where=NULL;
3094     int rc;
3095
3096     for( node = pub_keyblock; node; pub_where = node, node = node->next ) {
3097         if( node->pkt->pkttype == PKT_PUBLIC_KEY )
3098             pk = node->pkt->pkt.public_key;
3099         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
3100             break;
3101     }
3102     if( !node ) /* no subkey */
3103         pub_where = NULL;
3104     for( node = sec_keyblock; node; sec_where = node, node = node->next ) {
3105         if( node->pkt->pkttype == PKT_SECRET_KEY )
3106             sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
3107         else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
3108             break;
3109     }
3110     if( !node ) /* no subkey */
3111         sec_where = NULL;
3112     assert(pk && sk);
3113
3114     if(photo) {
3115       int hasattrib=0;
3116
3117       for( node = pub_keyblock; node; node = node->next )
3118         if( node->pkt->pkttype == PKT_USER_ID &&
3119             node->pkt->pkt.user_id->attrib_data!=NULL)
3120           {
3121             hasattrib=1;
3122             break;
3123           }
3124
3125       /* It is legal but bad for compatibility to add a photo ID to a
3126          v3 key as it means that PGP2 will not be able to use that key
3127          anymore.  Also, PGP may not expect a photo on a v3 key.
3128          Don't bother to ask this if the key already has a photo - any
3129          damage has already been done at that point. -dms */
3130       if(pk->version==3 && !hasattrib)
3131         {
3132           if(opt.expert)
3133             {
3134               tty_printf(_("WARNING: This is a PGP2-style key.  "
3135                            "Adding a photo ID may cause some versions\n"
3136                            "         of PGP to reject this key.\n"));
3137
3138               if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay",
3139                                         _("Are you sure you still want "
3140                                           "to add it? (y/N) ")))
3141                 return 0;
3142             }
3143           else
3144             {
3145               tty_printf(_("You may not add a photo ID to "
3146                            "a PGP2-style key.\n"));
3147               return 0;
3148             }
3149         }
3150
3151       uid = generate_photo_id(pk,photo_name);
3152     } else
3153       uid = generate_user_id (pub_keyblock);
3154     if( !uid )
3155         return 0;
3156
3157     rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0, 0, 0,
3158                              keygen_add_std_prefs, pk );
3159     free_secret_key( sk );
3160     if( rc ) {
3161         log_error("signing failed: %s\n", g10_errstr(rc) );
3162         free_user_id(uid);
3163         return 0;
3164     }
3165
3166     /* insert/append to secret keyblock */
3167     pkt = xmalloc_clear( sizeof *pkt );
3168     pkt->pkttype = PKT_USER_ID;
3169     pkt->pkt.user_id = scopy_user_id(uid);
3170     node = new_kbnode(pkt);
3171     if( sec_where )
3172         insert_kbnode( sec_where, node, 0 );
3173     else
3174         add_kbnode( sec_keyblock, node );
3175     pkt = xmalloc_clear( sizeof *pkt );
3176     pkt->pkttype = PKT_SIGNATURE;
3177     pkt->pkt.signature = copy_signature(NULL, sig);
3178     if( sec_where )
3179         insert_kbnode( node, new_kbnode(pkt), 0 );
3180     else
3181         add_kbnode( sec_keyblock, new_kbnode(pkt) );
3182     /* insert/append to public keyblock */
3183     pkt = xmalloc_clear( sizeof *pkt );
3184     pkt->pkttype = PKT_USER_ID;
3185     pkt->pkt.user_id = uid;
3186     node = new_kbnode(pkt);
3187     if( pub_where )
3188         insert_kbnode( pub_where, node, 0 );
3189     else
3190         add_kbnode( pub_keyblock, node );
3191     pkt = xmalloc_clear( sizeof *pkt );
3192     pkt->pkttype = PKT_SIGNATURE;
3193     pkt->pkt.signature = copy_signature(NULL, sig);
3194     if( pub_where )
3195         insert_kbnode( node, new_kbnode(pkt), 0 );
3196     else
3197         add_kbnode( pub_keyblock, new_kbnode(pkt) );
3198     return 1;
3199 }
3200
3201
3202 /****************
3203  * Remove all selected userids from the keyrings
3204  */
3205 static void
3206 menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock )
3207 {
3208     KBNODE node;
3209     int selected=0;
3210
3211     for( node = pub_keyblock; node; node = node->next ) {
3212         if( node->pkt->pkttype == PKT_USER_ID ) {
3213             selected = node->flag & NODFLG_SELUID;
3214             if( selected ) {
3215                 /* Only cause a trust update if we delete a
3216                    non-revoked user id */
3217                 if(!node->pkt->pkt.user_id->is_revoked)
3218                   update_trust=1;
3219                 delete_kbnode( node );
3220                 if( sec_keyblock ) {
3221                     KBNODE snode;
3222                     int s_selected = 0;
3223                     PKT_user_id *uid = node->pkt->pkt.user_id;
3224                     for( snode = sec_keyblock; snode; snode = snode->next ) {
3225                         if( snode->pkt->pkttype == PKT_USER_ID ) {
3226                             PKT_user_id *suid = snode->pkt->pkt.user_id;
3227
3228                             s_selected =
3229                                 (uid->len == suid->len
3230                                  && !memcmp( uid->name, suid->name, uid->len));
3231                             if( s_selected )
3232                                 delete_kbnode( snode );
3233                         }
3234                         else if( s_selected
3235                                  && snode->pkt->pkttype == PKT_SIGNATURE )
3236                             delete_kbnode( snode );
3237                         else if( snode->pkt->pkttype == PKT_SECRET_SUBKEY )
3238                             s_selected = 0;
3239                     }
3240                 }
3241             }
3242         }
3243         else if( selected && node->pkt->pkttype == PKT_SIGNATURE )
3244             delete_kbnode( node );
3245         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
3246             selected = 0;
3247     }
3248     commit_kbnode( &pub_keyblock );
3249     if( sec_keyblock )
3250         commit_kbnode( &sec_keyblock );
3251 }
3252
3253
3254 static int
3255 menu_delsig( KBNODE pub_keyblock )
3256 {
3257     KBNODE node;
3258     PKT_user_id *uid = NULL;
3259     int changed=0;
3260
3261     for( node = pub_keyblock; node; node = node->next ) {
3262         if( node->pkt->pkttype == PKT_USER_ID ) {
3263             uid = (node->flag & NODFLG_SELUID)? node->pkt->pkt.user_id : NULL;
3264         }
3265         else if( uid && node->pkt->pkttype == PKT_SIGNATURE ) {
3266            int okay, valid, selfsig, inv_sig, no_key, other_err;
3267
3268             tty_printf("uid  ");<