Comment changes.
[gnupg.git] / g10 / keyedit.c
1 /* keyedit.c - keyedit stuff
2  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3  *               2008 Free Software Foundation, Inc.
4  *
5  * This file is part of GnuPG.
6  *
7  * GnuPG is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 3 of the License, or
10  * (at your option) any later version.
11  *
12  * GnuPG is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, see <http://www.gnu.org/licenses/>.
19  */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <errno.h>
26 #include <assert.h>
27 #include <ctype.h>
28 #ifdef HAVE_LIBREADLINE
29 #define GNUPG_LIBREADLINE_H_INCLUDED
30 #include <readline/readline.h>
31 #endif
32
33 #include "gpg.h"
34 #include "options.h"
35 #include "packet.h"
36 #include "status.h"
37 #include "iobuf.h"
38 #include "keydb.h"
39 #include "photoid.h"
40 #include "util.h"
41 #include "main.h"
42 #include "trustdb.h"
43 #include "filter.h"
44 #include "ttyio.h"
45 #include "status.h"
46 #include "i18n.h"
47 #include "keyserver-internal.h"
48
49 static void show_prefs( PKT_user_id *uid, PKT_signature *selfsig, int verbose);
50 static void show_names(KBNODE keyblock,PKT_public_key *pk,
51                        unsigned int flag,int with_prefs);
52 static void show_key_with_all_names( KBNODE keyblock, int only_marked,
53             int with_revoker, int with_fpr, int with_subkeys, int with_prefs );
54 static void show_key_and_fingerprint( KBNODE keyblock );
55 static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock,
56                         int photo, const char *photo_name );
57 static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
58 static int menu_delsig( KBNODE pub_keyblock );
59 static int menu_clean(KBNODE keyblock,int self_only);
60 static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
61 static int menu_addrevoker( KBNODE pub_keyblock,
62                             KBNODE sec_keyblock, int sensitive );
63 static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock );
64 static int menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock);
65 static int menu_set_primary_uid( KBNODE pub_keyblock, KBNODE sec_keyblock );
66 static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock );
67 static int menu_set_keyserver_url (const char *url,
68                                    KBNODE pub_keyblock, KBNODE sec_keyblock );
69 static int menu_set_notation(const char *string,
70                              KBNODE pub_keyblock,KBNODE sec_keyblock);
71 static int menu_select_uid( KBNODE keyblock, int idx );
72 static int menu_select_uid_namehash( KBNODE keyblock, const char *namehash );
73 static int menu_select_key( KBNODE keyblock, int idx );
74 static int count_uids( KBNODE keyblock );
75 static int count_uids_with_flag( KBNODE keyblock, unsigned flag );
76 static int count_keys_with_flag( KBNODE keyblock, unsigned flag );
77 static int count_selected_uids( KBNODE keyblock );
78 static int real_uids_left( KBNODE keyblock );
79 static int count_selected_keys( KBNODE keyblock );
80 static int menu_revsig( KBNODE keyblock );
81 static int menu_revuid( KBNODE keyblock, KBNODE sec_keyblock );
82 static int menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
83 static int menu_revsubkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
84 static int enable_disable_key( KBNODE keyblock, int disable );
85 static void menu_showphoto( KBNODE keyblock );
86
87 static int update_trust=0;
88
89 #define CONTROL_D ('D' - 'A' + 1)
90
91 #define NODFLG_BADSIG (1<<0)  /* bad signature */
92 #define NODFLG_NOKEY  (1<<1)  /* no public key */
93 #define NODFLG_SIGERR (1<<2)  /* other sig error */
94
95 #define NODFLG_MARK_A (1<<4)  /* temporary mark */
96 #define NODFLG_DELSIG (1<<5)  /* to be deleted */
97
98 #define NODFLG_SELUID (1<<8)  /* indicate the selected userid */
99 #define NODFLG_SELKEY (1<<9)  /* indicate the selected key */
100 #define NODFLG_SELSIG (1<<10) /* indicate a selected signature */
101
102 struct sign_attrib {
103     int non_exportable,non_revocable;
104     struct revocation_reason_info *reason;
105     byte trust_depth,trust_value;
106     char *trust_regexp;
107 };
108
109
110 #ifdef ENABLE_CARD_SUPPORT
111 /* Given a node SEC_NODE with a secret key or subkey, locate the
112    corresponding public key from pub_keyblock. */
113 static PKT_public_key *
114 find_pk_from_sknode (KBNODE pub_keyblock, KBNODE sec_node)
115 {
116   KBNODE node = pub_keyblock;
117   PKT_secret_key *sk;
118   PKT_public_key *pk;
119   
120   if (sec_node->pkt->pkttype == PKT_SECRET_KEY
121       && node->pkt->pkttype == PKT_PUBLIC_KEY)
122     return node->pkt->pkt.public_key;
123   if (sec_node->pkt->pkttype != PKT_SECRET_SUBKEY)
124     return NULL;
125   sk = sec_node->pkt->pkt.secret_key;
126   for (; node; node = node->next)
127     if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
128       {
129         pk = node->pkt->pkt.public_key;
130         if (pk->keyid[0] == sk->keyid[0] && pk->keyid[1] == sk->keyid[1])
131           return pk;
132       }
133       
134   return NULL;
135 }
136 #endif /* ENABLE_CARD_SUPPORT */
137
138
139 /* TODO: Fix duplicated code between here and the check-sigs/list-sigs
140    code in keylist.c. */
141 static int
142 print_and_check_one_sig_colon( KBNODE keyblock, KBNODE node,
143                                int *inv_sigs, int *no_key, int *oth_err,
144                                int *is_selfsig, int print_without_key )
145 {
146   PKT_signature *sig = node->pkt->pkt.signature;
147   int rc, sigrc;
148
149   /* TODO: Make sure a cached sig record here still has the pk that
150      issued it.  See also keylist.c:list_keyblock_print */
151
152   switch((rc=check_key_signature(keyblock,node,is_selfsig)))
153     {
154     case 0:
155       node->flag &= ~(NODFLG_BADSIG|NODFLG_NOKEY|NODFLG_SIGERR);
156       sigrc = '!';
157       break;
158     case G10ERR_BAD_SIGN:
159       node->flag = NODFLG_BADSIG;
160       sigrc = '-';
161       if( inv_sigs )
162         ++*inv_sigs;
163       break;
164     case G10ERR_NO_PUBKEY:
165     case G10ERR_UNU_PUBKEY:
166       node->flag = NODFLG_NOKEY;
167       sigrc = '?';
168       if( no_key )
169         ++*no_key;
170       break;
171     default:
172       node->flag = NODFLG_SIGERR;
173       sigrc = '%';
174       if( oth_err )
175         ++*oth_err;
176       break;
177     }
178
179   if( sigrc != '?' || print_without_key )
180     {
181       printf("sig:%c::%d:%08lX%08lX:%lu:%lu:",
182              sigrc,sig->pubkey_algo,(ulong)sig->keyid[0],(ulong)sig->keyid[1],
183              (ulong)sig->timestamp,(ulong)sig->expiredate);
184
185       if(sig->trust_depth || sig->trust_value)
186         printf("%d %d",sig->trust_depth,sig->trust_value);
187
188       printf(":");
189
190       if(sig->trust_regexp)
191         print_string(stdout,sig->trust_regexp,strlen(sig->trust_regexp),':');
192
193       printf("::%02x%c\n",sig->sig_class,sig->flags.exportable?'x':'l');
194
195       if(opt.show_subpackets)
196         print_subpackets_colon(sig);
197     }
198
199   return (sigrc == '!');
200 }
201
202
203 /****************
204  * Print information about a signature, check it and return true
205  * if the signature is okay. NODE must be a signature packet.
206  */
207 static int
208 print_and_check_one_sig( KBNODE keyblock, KBNODE node,
209                          int *inv_sigs, int *no_key, int *oth_err,
210                         int *is_selfsig, int print_without_key )
211 {
212     PKT_signature *sig = node->pkt->pkt.signature;
213     int rc, sigrc;
214     int is_rev = sig->sig_class == 0x30;
215
216     /* TODO: Make sure a cached sig record here still has the pk that
217        issued it.  See also keylist.c:list_keyblock_print */
218
219     switch( (rc = check_key_signature( keyblock, node, is_selfsig)) ) {
220       case 0:
221         node->flag &= ~(NODFLG_BADSIG|NODFLG_NOKEY|NODFLG_SIGERR);
222         sigrc = '!';
223         break;
224       case G10ERR_BAD_SIGN:
225         node->flag = NODFLG_BADSIG;
226         sigrc = '-';
227         if( inv_sigs )
228             ++*inv_sigs;
229         break;
230       case G10ERR_NO_PUBKEY:
231       case G10ERR_UNU_PUBKEY:
232         node->flag = NODFLG_NOKEY;
233         sigrc = '?';
234         if( no_key )
235             ++*no_key;
236         break;
237       default:
238         node->flag = NODFLG_SIGERR;
239         sigrc = '%';
240         if( oth_err )
241             ++*oth_err;
242         break;
243     }
244     if( sigrc != '?' || print_without_key ) {
245         tty_printf("%s%c%c %c%c%c%c%c%c %s %s",
246                    is_rev? "rev":"sig",sigrc,
247                    (sig->sig_class-0x10>0 &&
248                     sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
249                    sig->flags.exportable?' ':'L',
250                    sig->flags.revocable?' ':'R',
251                    sig->flags.policy_url?'P':' ',
252                    sig->flags.notation?'N':' ',
253                    sig->flags.expired?'X':' ',
254                    (sig->trust_depth>9)?'T':
255                    (sig->trust_depth>0)?'0'+sig->trust_depth:' ',
256                    keystr(sig->keyid),datestr_from_sig(sig));
257         if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
258           tty_printf(" %s",expirestr_from_sig(sig));
259         tty_printf("  ");
260         if( sigrc == '%' )
261             tty_printf("[%s] ", g10_errstr(rc) );
262         else if( sigrc == '?' )
263             ;
264         else if( *is_selfsig ) {
265             tty_printf( is_rev? _("[revocation]")
266                               : _("[self-signature]") );
267         }
268         else
269           {
270             size_t n;
271             char *p = get_user_id( sig->keyid, &n );
272             tty_print_utf8_string2(p, n, opt.screen_columns-keystrlen()-26-
273                                ((opt.list_options&LIST_SHOW_SIG_EXPIRE)?11:0));
274             xfree(p);
275           }
276         tty_printf("\n");
277
278         if(sig->flags.policy_url && (opt.list_options&LIST_SHOW_POLICY_URLS))
279           show_policy_url(sig,3,0);
280
281         if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
282           show_notation(sig,3,0,
283                         ((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
284                         ((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
285
286         if(sig->flags.pref_ks && (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
287           show_keyserver_url(sig,3,0);
288     }
289
290     return (sigrc == '!');
291 }
292
293
294
295 /****************
296  * Check the keysigs and set the flags to indicate errors.
297  * Returns true if error found.
298  */
299 static int
300 check_all_keysigs( KBNODE keyblock, int only_selected )
301 {
302     KBNODE kbctx;
303     KBNODE node;
304     int inv_sigs = 0;
305     int no_key = 0;
306     int oth_err = 0;
307     int has_selfsig = 0;
308     int mis_selfsig = 0;
309     int selected = !only_selected;
310     int anyuid = 0;
311
312     for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
313         if( node->pkt->pkttype == PKT_USER_ID ) {
314             PKT_user_id *uid = node->pkt->pkt.user_id;
315
316             if( only_selected )
317                 selected = (node->flag & NODFLG_SELUID);
318             if( selected ) {
319                 tty_printf("uid  ");
320                 tty_print_utf8_string( uid->name, uid->len );
321                 tty_printf("\n");
322                 if( anyuid && !has_selfsig )
323                     mis_selfsig++;
324                 has_selfsig = 0;
325                 anyuid = 1;
326             }
327         }
328         else if( selected && node->pkt->pkttype == PKT_SIGNATURE
329                  && ( (node->pkt->pkt.signature->sig_class&~3) == 0x10
330                      || node->pkt->pkt.signature->sig_class == 0x30 )  ) {
331             int selfsig;
332
333             if( print_and_check_one_sig( keyblock, node, &inv_sigs,
334                                         &no_key, &oth_err, &selfsig, 0 ) ) {
335                 if( selfsig )
336                     has_selfsig = 1;
337             }
338             /* Hmmm: should we update the trustdb here? */
339         }
340     }
341     if( !has_selfsig )
342         mis_selfsig++;
343     if( inv_sigs == 1 )
344         tty_printf(_("1 bad signature\n") );
345     else if( inv_sigs )
346         tty_printf(_("%d bad signatures\n"), inv_sigs );
347     if( no_key == 1 )
348         tty_printf(_("1 signature not checked due to a missing key\n") );
349     else if( no_key )
350         tty_printf(_("%d signatures not checked due to missing keys\n"), no_key );
351     if( oth_err == 1 )
352         tty_printf(_("1 signature not checked due to an error\n") );
353     else if( oth_err )
354         tty_printf(_("%d signatures not checked due to errors\n"), oth_err );
355     if( mis_selfsig == 1 )
356         tty_printf(_("1 user ID without valid self-signature detected\n"));
357     else if( mis_selfsig  )
358         tty_printf(_("%d user IDs without valid self-signatures detected\n"),
359                                                                     mis_selfsig);
360
361     return inv_sigs || no_key || oth_err || mis_selfsig;
362 }
363
364
365 static int
366 sign_mk_attrib( PKT_signature *sig, void *opaque )
367 {
368     struct sign_attrib *attrib = opaque;
369     byte buf[8];
370
371     if( attrib->non_exportable ) {
372         buf[0] = 0; /* not exportable */
373         build_sig_subpkt( sig, SIGSUBPKT_EXPORTABLE, buf, 1 );
374     }
375
376     if( attrib->non_revocable ) {
377         buf[0] = 0; /* not revocable */
378         build_sig_subpkt( sig, SIGSUBPKT_REVOCABLE, buf, 1 );
379     }
380
381     if( attrib->reason )
382         revocation_reason_build_cb( sig, attrib->reason );
383
384     if(attrib->trust_depth)
385       {
386         /* Not critical.  If someone doesn't understand trust sigs,
387            this can still be a valid regular signature. */
388         buf[0] = attrib->trust_depth;
389         buf[1] = attrib->trust_value;
390         build_sig_subpkt(sig,SIGSUBPKT_TRUST,buf,2);
391
392         /* Critical.  If someone doesn't understands regexps, this
393            whole sig should be invalid.  Note the +1 for the length -
394            regexps are null terminated. */
395         if(attrib->trust_regexp)
396           build_sig_subpkt(sig,SIGSUBPKT_FLAG_CRITICAL|SIGSUBPKT_REGEXP,
397                            attrib->trust_regexp,
398                            strlen(attrib->trust_regexp)+1);
399       }
400
401     return 0;
402 }
403
404 static void
405 trustsig_prompt(byte *trust_value,byte *trust_depth,char **regexp)
406 {
407   char *p;
408
409   *trust_value=0;
410   *trust_depth=0;
411   *regexp=NULL;
412
413   /* Same string as pkclist.c:do_edit_ownertrust */
414   tty_printf(_("Please decide how far you trust this user to correctly verify"
415                " other users' keys\n(by looking at passports, checking"
416                " fingerprints from different sources, etc.)\n"));
417   tty_printf("\n");
418   tty_printf (_("  %d = I trust marginally\n"), 1);
419   tty_printf (_("  %d = I trust fully\n"), 2);
420   tty_printf("\n");
421
422   while(*trust_value==0)
423     {
424       p = cpr_get("trustsig_prompt.trust_value",_("Your selection? "));
425       trim_spaces(p);
426       cpr_kill_prompt();
427       /* 60 and 120 are as per RFC2440 */
428       if(p[0]=='1' && !p[1])
429         *trust_value=60;
430       else if(p[0]=='2' && !p[1])
431         *trust_value=120;
432       xfree(p);
433     }
434
435   tty_printf("\n");
436
437   tty_printf(_(
438               "Please enter the depth of this trust signature.\n"
439               "A depth greater than 1 allows the key you are signing to make\n"
440               "trust signatures on your behalf.\n"));
441   tty_printf("\n");
442
443   while(*trust_depth==0)
444     {
445       p = cpr_get("trustsig_prompt.trust_depth",_("Your selection? "));
446       trim_spaces(p);
447       cpr_kill_prompt();
448       *trust_depth=atoi(p);
449       xfree(p);
450     }
451
452   tty_printf("\n");
453
454   tty_printf(_("Please enter a domain to restrict this signature, "
455                "or enter for none.\n"));
456
457   tty_printf("\n");
458
459   p=cpr_get("trustsig_prompt.trust_regexp",_("Your selection? "));
460   trim_spaces(p);
461   cpr_kill_prompt();
462
463   if(strlen(p)>0)
464     {
465       char *q=p;
466       int regexplen=100,ind;
467
468       *regexp=xmalloc(regexplen);
469
470       /* Now mangle the domain the user entered into a regexp.  To do
471          this, \-escape everything that isn't alphanumeric, and attach
472          "<[^>]+[@.]" to the front, and ">$" to the end. */
473
474       strcpy(*regexp,"<[^>]+[@.]");
475       ind=strlen(*regexp);
476
477       while(*q)
478         {
479           if(!((*q>='A' && *q<='Z')
480                || (*q>='a' && *q<='z') || (*q>='0' && *q<='9')))
481             (*regexp)[ind++]='\\';
482
483           (*regexp)[ind++]=*q;
484
485           if((regexplen-ind)<3)
486             {
487               regexplen+=100;
488               *regexp=xrealloc(*regexp,regexplen);
489             }
490
491           q++;
492         }
493
494       (*regexp)[ind]='\0';
495       strcat(*regexp,">$");
496     }
497
498   xfree(p);
499   tty_printf("\n");
500 }
501
502 /****************
503  * Loop over all locusr and and sign the uids after asking.
504  * If no user id is marked, all user ids will be signed;
505  * if some user_ids are marked those will be signed.
506  */
507 static int
508 sign_uids( KBNODE keyblock, strlist_t locusr, int *ret_modified,
509            int local, int nonrevocable, int trust, int interactive )
510 {
511     int rc = 0;
512     SK_LIST sk_list = NULL;
513     SK_LIST sk_rover = NULL;
514     PKT_secret_key *sk = NULL;
515     KBNODE node, uidnode;
516     PKT_public_key *primary_pk=NULL;
517     int select_all = !count_selected_uids(keyblock) || interactive;
518     int all_v3=1;
519
520     /* Are there any non-v3 sigs on this key already? */
521     if(PGP2)
522       for(node=keyblock;node;node=node->next)
523         if(node->pkt->pkttype==PKT_SIGNATURE &&
524            node->pkt->pkt.signature->version>3)
525           {
526             all_v3=0;
527             break;
528           }
529
530     /* build a list of all signators.
531      *    
532      * We use the CERT flag to request the primary which must always
533      * be one which is capable of signing keys.  I can't see a reason
534      * why to sign keys using a subkey.  Implementation of USAGE_CERT
535      * is just a hack in getkey.c and does not mean that a subkey
536      * marked as certification capable will be used. */
537     rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_CERT);
538     if( rc )
539         goto leave;
540
541     /* loop over all signators */
542     for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
543         u32 sk_keyid[2],pk_keyid[2];
544         char *p,*trust_regexp=NULL;
545         int force_v4=0,class=0,selfsig=0;
546         u32 duration=0,timestamp=0;
547         byte trust_depth=0,trust_value=0;
548
549         if(local || nonrevocable || trust ||
550            opt.cert_policy_url || opt.cert_notations)
551           force_v4=1;
552
553         /* we have to use a copy of the sk, because make_keysig_packet
554          * may remove the protection from sk and if we did other
555          * changes to the secret key, we would save the unprotected
556          * version */
557         if( sk )
558             free_secret_key(sk);
559         sk = copy_secret_key( NULL, sk_rover->sk );
560         keyid_from_sk( sk, sk_keyid );
561         /* set mark A for all selected user ids */
562         for( node=keyblock; node; node = node->next ) {
563             if( select_all || (node->flag & NODFLG_SELUID) )
564                 node->flag |= NODFLG_MARK_A;
565             else
566                 node->flag &= ~NODFLG_MARK_A;
567         }
568         /* reset mark for uids which are already signed */
569         uidnode = NULL;
570         for( node=keyblock; node; node = node->next ) {
571             if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
572                 primary_pk=node->pkt->pkt.public_key;
573                 keyid_from_pk( primary_pk, pk_keyid );
574
575                 /* Is this a self-sig? */
576                 if(pk_keyid[0]==sk_keyid[0] && pk_keyid[1]==sk_keyid[1])
577                   {
578                     selfsig=1;
579                     /* Do not force a v4 sig here, otherwise it would
580                        be difficult to remake a v3 selfsig.  If this
581                        is a v3->v4 promotion case, then we set
582                        force_v4 later anyway. */
583                     force_v4=0;
584                   }
585             }
586             else if( node->pkt->pkttype == PKT_USER_ID )
587               {
588                 uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
589                 if(uidnode)
590                   {
591                     int yesreally=0;
592                     char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
593                                               uidnode->pkt->pkt.user_id->len,
594                                               0);
595
596                     if(uidnode->pkt->pkt.user_id->is_revoked)
597                       {
598                         tty_printf(_("User ID \"%s\" is revoked."),user);
599
600                         if(selfsig)
601                           tty_printf("\n");
602                         else if(opt.expert)
603                           {
604                             tty_printf("\n");
605                             /* No, so remove the mark and continue */
606                             if(!cpr_get_answer_is_yes("sign_uid.revoke_okay",
607                                                       _("Are you sure you "
608                                                         "still want to sign "
609                                                         "it? (y/N) ")))
610                               {
611                                 uidnode->flag &= ~NODFLG_MARK_A;
612                                 uidnode=NULL;
613                               }
614                             else if(interactive)
615                               yesreally=1;
616                           }
617                         else
618                           {
619                             uidnode->flag &= ~NODFLG_MARK_A;
620                             uidnode=NULL;
621                             tty_printf(_("  Unable to sign.\n"));
622                           }
623                       }
624                     else if(uidnode->pkt->pkt.user_id->is_expired)
625                       {
626                         tty_printf(_("User ID \"%s\" is expired."),user);
627
628                         if(selfsig)
629                           tty_printf("\n");
630                         else if(opt.expert)
631                           {
632                             tty_printf("\n");
633                             /* No, so remove the mark and continue */
634                             if(!cpr_get_answer_is_yes("sign_uid.expire_okay",
635                                                       _("Are you sure you "
636                                                         "still want to sign "
637                                                         "it? (y/N) ")))
638                               {
639                                 uidnode->flag &= ~NODFLG_MARK_A;
640                                 uidnode=NULL;
641                               }
642                             else if(interactive)
643                               yesreally=1;
644                           }
645                         else
646                           {
647                             uidnode->flag &= ~NODFLG_MARK_A;
648                             uidnode=NULL;
649                             tty_printf(_("  Unable to sign.\n"));
650                           }
651                       }
652                     else if(!uidnode->pkt->pkt.user_id->created && !selfsig)
653                       {
654                         tty_printf(_("User ID \"%s\" is not self-signed."),
655                                    user);
656
657                         if(opt.expert)
658                           {
659                             tty_printf("\n");
660                             /* No, so remove the mark and continue */
661                             if(!cpr_get_answer_is_yes("sign_uid.nosig_okay",
662                                                       _("Are you sure you "
663                                                         "still want to sign "
664                                                         "it? (y/N) ")))
665                               {
666                                 uidnode->flag &= ~NODFLG_MARK_A;
667                                 uidnode=NULL;
668                               }
669                             else if(interactive)
670                               yesreally=1;
671                           }
672                         else
673                           {
674                             uidnode->flag &= ~NODFLG_MARK_A;
675                             uidnode=NULL;
676                             tty_printf(_("  Unable to sign.\n"));
677                           }
678                       }
679
680                     if(uidnode && interactive && !yesreally)
681                       {
682                         tty_printf(_("User ID \"%s\" is signable.  "),user);
683                         if(!cpr_get_answer_is_yes("sign_uid.sign_okay",
684                                                   _("Sign it? (y/N) ")))
685                           {
686                             uidnode->flag &= ~NODFLG_MARK_A;
687                             uidnode=NULL;
688                           }
689                       }
690
691                     xfree(user);
692                   }
693               }
694             else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
695                 && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
696                 if( sk_keyid[0] == node->pkt->pkt.signature->keyid[0]
697                     && sk_keyid[1] == node->pkt->pkt.signature->keyid[1] ) {
698                     char buf[50];
699                     char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
700                                               uidnode->pkt->pkt.user_id->len,
701                                               0);
702
703                     /* It's a v3 self-sig.  Make it into a v4 self-sig? */
704                     if(node->pkt->pkt.signature->version<4 && selfsig)
705                       {
706                         tty_printf(_("The self-signature on \"%s\"\n"
707                                      "is a PGP 2.x-style signature.\n"),user);
708  
709                         /* Note that the regular PGP2 warning below
710                            still applies if there are no v4 sigs on
711                            this key at all. */
712
713                         if(opt.expert)
714                           if(cpr_get_answer_is_yes("sign_uid.v4_promote_okay",
715                                                    _("Do you want to promote "
716                                                      "it to an OpenPGP self-"
717                                                      "signature? (y/N) ")))
718                             {
719                               force_v4=1;
720                               node->flag|=NODFLG_DELSIG;
721                               xfree(user);
722                               continue;
723                             }
724                       }
725
726                     /* Is the current signature expired? */
727                     if(node->pkt->pkt.signature->flags.expired)
728                       {
729                         tty_printf(_("Your current signature on \"%s\"\n"
730                                      "has expired.\n"),user);
731
732                         if(cpr_get_answer_is_yes("sign_uid.replace_expired_okay",
733                                                  _("Do you want to issue a "
734                                                    "new signature to replace "
735                                                    "the expired one? (y/N) ")))
736                           {
737                             /* Mark these for later deletion.  We
738                                don't want to delete them here, just in
739                                case the replacement signature doesn't
740                                happen for some reason.  We only delete
741                                these after the replacement is already
742                                in place. */
743
744                             node->flag|=NODFLG_DELSIG;
745                             xfree(user);
746                             continue;
747                           }
748                       }
749
750                     if(!node->pkt->pkt.signature->flags.exportable && !local)
751                       {
752                         /* It's a local sig, and we want to make a
753                            exportable sig. */
754                         tty_printf(_("Your current signature on \"%s\"\n"
755                                      "is a local signature.\n"),user);
756
757                         if(cpr_get_answer_is_yes("sign_uid.local_promote_okay",
758                                                  _("Do you want to promote "
759                                                    "it to a full exportable "
760                                                    "signature? (y/N) ")))
761                           {
762                             /* Mark these for later deletion.  We
763                                don't want to delete them here, just in
764                                case the replacement signature doesn't
765                                happen for some reason.  We only delete
766                                these after the replacement is already
767                                in place. */
768
769                             node->flag|=NODFLG_DELSIG;
770                             xfree(user);
771                             continue;
772                           }
773                       }
774
775                     /* Fixme: see whether there is a revocation in which
776                      * case we should allow to sign it again. */
777                     if (!node->pkt->pkt.signature->flags.exportable && local)
778                       tty_printf(_(
779                               "\"%s\" was already locally signed by key %s\n"),
780                                  user,keystr_from_sk(sk));
781                     else
782                       tty_printf(_("\"%s\" was already signed by key %s\n"),
783                                  user,keystr_from_sk(sk));
784
785                     if(opt.expert
786                        && cpr_get_answer_is_yes("sign_uid.dupe_okay",
787                                                 _("Do you want to sign it "
788                                                   "again anyway? (y/N) ")))
789                       {
790                         /* Don't delete the old sig here since this is
791                            an --expert thing. */
792                         xfree(user);
793                         continue;
794                       }
795
796                     sprintf (buf, "%08lX%08lX",
797                              (ulong)sk->keyid[0], (ulong)sk->keyid[1] );
798                     write_status_text (STATUS_ALREADY_SIGNED, buf);
799                     uidnode->flag &= ~NODFLG_MARK_A; /* remove mark */
800
801                     xfree(user);
802                 }
803             }
804         }
805
806         /* check whether any uids are left for signing */
807         if( !count_uids_with_flag(keyblock, NODFLG_MARK_A) )
808           {
809             tty_printf(_("Nothing to sign with key %s\n"),keystr_from_sk(sk));
810             continue;
811           }
812
813         /* Ask whether we really should sign these user id(s) */
814         tty_printf("\n");
815         show_key_with_all_names( keyblock, 1, 0, 1, 0, 0 );
816         tty_printf("\n");
817
818         if(primary_pk->expiredate && !selfsig)
819           {
820             u32 now=make_timestamp();
821
822             if(primary_pk->expiredate<=now)
823               {
824                 tty_printf(_("This key has expired!"));
825
826                 if(opt.expert)
827                   {
828                     tty_printf("  ");
829                     if(!cpr_get_answer_is_yes("sign_uid.expired_okay",
830                                               _("Are you sure you still "
831                                                 "want to sign it? (y/N) ")))
832                       continue;
833                   }
834                 else
835                   {
836                     tty_printf(_("  Unable to sign.\n"));
837                     continue;
838                   }
839               }
840             else
841               {
842                 tty_printf(_("This key is due to expire on %s.\n"),
843                            expirestr_from_pk(primary_pk));
844
845                 if(opt.ask_cert_expire)
846                   {
847                     char *answer=cpr_get("sign_uid.expire",
848                                          _("Do you want your signature to "
849                                            "expire at the same time? (Y/n) "));
850                     if(answer_is_yes_no_default(answer,1))
851                       {
852                         /* This fixes the signature timestamp we're
853                            going to make as now.  This is so the
854                            expiration date is exactly correct, and not
855                            a few seconds off (due to the time it takes
856                            to answer the questions, enter the
857                            passphrase, etc). */
858                         timestamp=now;
859                         duration=primary_pk->expiredate-now;
860                         force_v4=1;
861                       }
862
863                     cpr_kill_prompt();
864                     xfree(answer);
865                   }
866               }
867           }
868
869         /* Only ask for duration if we haven't already set it to match
870            the expiration of the pk */
871         if(!duration && !selfsig)
872           {
873             if(opt.ask_cert_expire)
874               duration=ask_expire_interval(1,opt.def_cert_expire);
875             else
876               duration=parse_expire_string(opt.def_cert_expire);
877           }
878
879         if(duration)
880           force_v4=1;
881
882         /* Is --pgp2 on, it's a v3 key, all the sigs on the key are
883            currently v3 and we're about to sign it with a v4 sig?  If
884            so, danger! */
885         if(PGP2 && all_v3 &&
886            (sk->version>3 || force_v4) && primary_pk->version<=3)
887           {
888             tty_printf(_("You may not make an OpenPGP signature on a "
889                          "PGP 2.x key while in --pgp2 mode.\n"));
890             tty_printf(_("This would make the key unusable in PGP 2.x.\n"));
891
892             if(opt.expert)
893               {
894                 if(!cpr_get_answer_is_yes("sign_uid.v4_on_v3_okay",
895                                           _("Are you sure you still "
896                                             "want to sign it? (y/N) ")))
897                   continue;
898
899                 all_v3=0;
900               }
901             else
902               continue;
903           }
904
905         if(selfsig)
906           ;
907         else
908           {
909             if(opt.batch || !opt.ask_cert_level)
910               class=0x10+opt.def_cert_level;
911             else
912               {
913                 char *answer;
914
915                 tty_printf(_("How carefully have you verified the key you are "
916                              "about to sign actually belongs\nto the person "
917                              "named above?  If you don't know what to "
918                              "answer, enter \"0\".\n"));
919                 tty_printf("\n");
920                 tty_printf(_("   (0) I will not answer.%s\n"),
921                            opt.def_cert_level==0?" (default)":"");
922                 tty_printf(_("   (1) I have not checked at all.%s\n"),
923                            opt.def_cert_level==1?" (default)":"");
924                 tty_printf(_("   (2) I have done casual checking.%s\n"),
925                            opt.def_cert_level==2?" (default)":"");
926                 tty_printf(_("   (3) I have done very careful checking.%s\n"),
927                            opt.def_cert_level==3?" (default)":"");
928                 tty_printf("\n");
929
930                 while(class==0)
931                   {
932                     answer = cpr_get("sign_uid.class",_("Your selection? "
933                                         "(enter `?' for more information): "));
934                     if(answer[0]=='\0')
935                       class=0x10+opt.def_cert_level; /* Default */
936                     else if(ascii_strcasecmp(answer,"0")==0)
937                       class=0x10; /* Generic */
938                     else if(ascii_strcasecmp(answer,"1")==0)
939                       class=0x11; /* Persona */
940                     else if(ascii_strcasecmp(answer,"2")==0)
941                       class=0x12; /* Casual */
942                     else if(ascii_strcasecmp(answer,"3")==0)
943                       class=0x13; /* Positive */
944                     else
945                       tty_printf(_("Invalid selection.\n"));
946
947                     xfree(answer);
948                   }
949               }
950
951             if(trust)
952               trustsig_prompt(&trust_value,&trust_depth,&trust_regexp);
953           }
954
955         p=get_user_id_native(sk_keyid);
956         tty_printf(_("Are you sure that you want to sign this key with your\n"
957                      "key \"%s\" (%s)\n"),p,keystr_from_sk(sk));
958         xfree(p);
959
960         if(selfsig)
961           {
962             tty_printf("\n");
963             tty_printf(_("This will be a self-signature.\n"));
964
965             if( local )
966               {
967                 tty_printf("\n");
968                 tty_printf(
969                          _("WARNING: the signature will not be marked "
970                            "as non-exportable.\n"));
971               }
972
973             if( nonrevocable )
974               {
975                 tty_printf("\n");
976                 tty_printf(
977                          _("WARNING: the signature will not be marked "
978                            "as non-revocable.\n"));
979               }
980           }
981         else
982           {
983             if( local )
984               {
985                 tty_printf("\n");
986                 tty_printf(
987                      _("The signature will be marked as non-exportable.\n"));
988               }
989
990             if( nonrevocable )
991               {
992                 tty_printf("\n");
993                 tty_printf(
994                       _("The signature will be marked as non-revocable.\n"));
995               }
996
997             switch(class)
998               {
999               case 0x11:
1000                 tty_printf("\n");
1001                 tty_printf(_("I have not checked this key at all.\n"));
1002                 break;
1003
1004               case 0x12:
1005                 tty_printf("\n");
1006                 tty_printf(_("I have checked this key casually.\n"));
1007                 break;
1008
1009               case 0x13:
1010                 tty_printf("\n");
1011                 tty_printf(_("I have checked this key very carefully.\n"));
1012                 break;
1013               }
1014           }
1015
1016         tty_printf("\n");
1017
1018         if( opt.batch && opt.answer_yes )
1019           ;
1020         else if( !cpr_get_answer_is_yes("sign_uid.okay",
1021                                         _("Really sign? (y/N) ")) )
1022             continue;
1023
1024         /* now we can sign the user ids */
1025       reloop: /* (must use this, because we are modifing the list) */
1026         primary_pk = NULL;
1027         for( node=keyblock; node; node = node->next ) {
1028             if( node->pkt->pkttype == PKT_PUBLIC_KEY )
1029                 primary_pk = node->pkt->pkt.public_key;
1030             else if( node->pkt->pkttype == PKT_USER_ID
1031                      && (node->flag & NODFLG_MARK_A) ) {
1032                 PACKET *pkt;
1033                 PKT_signature *sig;
1034                 struct sign_attrib attrib;
1035
1036                 assert( primary_pk );
1037                 memset( &attrib, 0, sizeof attrib );
1038                 attrib.non_exportable = local;
1039                 attrib.non_revocable = nonrevocable;
1040                 attrib.trust_depth = trust_depth;
1041                 attrib.trust_value = trust_value;
1042                 attrib.trust_regexp = trust_regexp;
1043                 node->flag &= ~NODFLG_MARK_A;
1044
1045                 /* we force creation of a v4 signature for local
1046                  * signatures, otherwise we would not generate the
1047                  * subpacket with v3 keys and the signature becomes
1048                  * exportable */
1049
1050                 if(selfsig)
1051                   rc = make_keysig_packet( &sig, primary_pk,
1052                                            node->pkt->pkt.user_id,
1053                                            NULL,
1054                                            sk,
1055                                            0x13, 0, force_v4?4:0, 0, 0,
1056                                            keygen_add_std_prefs, primary_pk);
1057                 else
1058                   rc = make_keysig_packet( &sig, primary_pk,
1059                                            node->pkt->pkt.user_id,
1060                                            NULL,
1061                                            sk,
1062                                            class, 0, force_v4?4:0,
1063                                            timestamp, duration,
1064                                            sign_mk_attrib, &attrib );
1065                 if( rc ) {
1066                     log_error(_("signing failed: %s\n"), g10_errstr(rc));
1067                     goto leave;
1068                 }
1069
1070                 *ret_modified = 1; /* we changed the keyblock */
1071                 update_trust = 1;
1072
1073                 pkt = xmalloc_clear( sizeof *pkt );
1074                 pkt->pkttype = PKT_SIGNATURE;
1075                 pkt->pkt.signature = sig;
1076                 insert_kbnode( node, new_kbnode(pkt), PKT_SIGNATURE );
1077                 goto reloop;
1078             }
1079         }
1080
1081         /* Delete any sigs that got promoted */
1082         for( node=keyblock; node; node = node->next )
1083           if( node->flag & NODFLG_DELSIG)
1084             delete_kbnode(node);
1085     } /* end loop over signators */
1086
1087   leave:
1088     release_sk_list( sk_list );
1089     if( sk )
1090         free_secret_key(sk);
1091     return rc;
1092 }
1093
1094
1095
1096 /****************
1097  * Change the passphrase of the primary and all secondary keys.
1098  * We use only one passphrase for all keys.
1099  */
1100 static int
1101 change_passphrase( KBNODE keyblock )
1102 {
1103     int rc = 0;
1104     int changed=0;
1105     KBNODE node;
1106     PKT_secret_key *sk;
1107     char *passphrase = NULL;
1108     int no_primary_secrets = 0;
1109     int any;
1110
1111     node = find_kbnode( keyblock, PKT_SECRET_KEY );
1112     if( !node ) {
1113         log_error("Oops; secret key not found anymore!\n");
1114         goto leave;
1115     }
1116     sk = node->pkt->pkt.secret_key;
1117
1118     for (any = 0, node=keyblock; node; node = node->next) {
1119         if (node->pkt->pkttype == PKT_SECRET_KEY 
1120             || node->pkt->pkttype == PKT_SECRET_SUBKEY) {
1121             PKT_secret_key *tmpsk = node->pkt->pkt.secret_key;
1122             if (!(tmpsk->is_protected
1123                   && (tmpsk->protect.s2k.mode == 1001 
1124                       || tmpsk->protect.s2k.mode == 1002))) {
1125                 any = 1;
1126                 break;
1127             }
1128         }
1129     }
1130     if (!any) {
1131         tty_printf (_("Key has only stub or on-card key items - "
1132                       "no passphrase to change.\n"));
1133         goto leave;
1134     }
1135         
1136     /* See how to handle this key.  */
1137     switch( is_secret_key_protected( sk ) ) {
1138       case -1:
1139         rc = G10ERR_PUBKEY_ALGO;
1140         break;
1141       case 0:
1142         tty_printf(_("This key is not protected.\n"));
1143         break;
1144       default:
1145         if( sk->protect.s2k.mode == 1001 ) {
1146             tty_printf(_("Secret parts of primary key are not available.\n"));
1147             no_primary_secrets = 1;
1148         }
1149         else if( sk->protect.s2k.mode == 1002 ) {
1150             tty_printf(_("Secret parts of primary key are stored on-card.\n"));
1151             no_primary_secrets = 1;
1152         }
1153         else {
1154             u32 keyid[2];
1155
1156             tty_printf(_("Key is protected.\n"));
1157             
1158             /* Clear the passphrase cache so that the user is required
1159                to enter the old passphrase.  */
1160             keyid_from_sk (sk, keyid);
1161             passphrase_clear_cache (keyid, NULL, 0);
1162
1163             rc = check_secret_key( sk, 0 );
1164             if( !rc )
1165                 passphrase = get_last_passphrase();
1166         }
1167         break;
1168     }
1169
1170     /* Unprotect all subkeys (use the supplied passphrase or ask)*/
1171     for(node=keyblock; !rc && node; node = node->next ) {
1172         if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1173             PKT_secret_key *subsk = node->pkt->pkt.secret_key;
1174             if ( !(subsk->is_protected
1175                    && (subsk->protect.s2k.mode == 1001 
1176                        || subsk->protect.s2k.mode == 1002))) {
1177                 set_next_passphrase( passphrase );
1178                 rc = check_secret_key( subsk, 0 );
1179                 if( !rc && !passphrase )
1180                     passphrase = get_last_passphrase();
1181             }
1182         }
1183     }
1184
1185     if( rc )
1186         tty_printf(_("Can't edit this key: %s\n"), g10_errstr(rc));
1187     else {
1188         DEK *dek = NULL;
1189         STRING2KEY *s2k = xmalloc_secure( sizeof *s2k );
1190         const char *errtext = NULL;
1191
1192         tty_printf(_("Enter the new passphrase for this secret key.\n\n") );
1193
1194         set_next_passphrase( NULL );
1195         for(;;) {
1196             int canceled;
1197
1198             s2k->mode = opt.s2k_mode;
1199             s2k->hash_algo = S2K_DIGEST_ALGO;
1200             dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo,
1201                                      s2k, 2, errtext, &canceled);
1202             if (!dek && canceled) {
1203                 rc = GPG_ERR_CANCELED;
1204                 break;
1205             }
1206             else if( !dek ) {
1207                 errtext = N_("passphrase not correctly repeated; try again");
1208                 tty_printf ("%s.\n", _(errtext));
1209             }
1210             else if( !dek->keylen ) {
1211                 rc = 0;
1212                 tty_printf(_( "You don't want a passphrase -"
1213                             " this is probably a *bad* idea!\n\n"));
1214                 if( cpr_get_answer_is_yes("change_passwd.empty.okay",
1215                                _("Do you really want to do this? (y/N) ")))
1216                   {
1217                     changed++;
1218                     break;
1219                   }
1220             }
1221             else { /* okay */
1222                 rc = 0;
1223                 if( !no_primary_secrets ) {
1224                     sk->protect.algo = dek->algo;
1225                     sk->protect.s2k = *s2k;
1226                     rc = protect_secret_key( sk, dek );
1227                 }
1228                 for(node=keyblock; !rc && node; node = node->next ) {
1229                     if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1230                         PKT_secret_key *subsk = node->pkt->pkt.secret_key;
1231                         if ( !(subsk->is_protected
1232                                && (subsk->protect.s2k.mode == 1001 
1233                                    || subsk->protect.s2k.mode == 1002))) {
1234                             subsk->protect.algo = dek->algo;
1235                             subsk->protect.s2k = *s2k;
1236                             rc = protect_secret_key( subsk, dek );
1237                         }
1238                     }
1239                 }
1240                 if( rc )
1241                     log_error("protect_secret_key failed: %s\n",
1242                               g10_errstr(rc) );
1243                 else
1244                   {
1245                     u32 keyid[2];
1246                     
1247                     /* Clear the cahce again so that the user is
1248                        required to enter the new passphrase at the
1249                        next operation.  */
1250                     keyid_from_sk (sk, keyid);
1251                     passphrase_clear_cache (keyid, NULL, 0);
1252
1253                     changed++;
1254                   }
1255                 break;
1256             }
1257         }
1258         xfree(s2k);
1259         xfree(dek);
1260     }
1261
1262   leave:
1263     xfree( passphrase );
1264     set_next_passphrase( NULL );
1265     return changed && !rc;
1266 }
1267
1268
1269 /****************
1270  * There are some keys out (due to a bug in gnupg), where the sequence
1271  * of the packets is wrong.  This function fixes that.
1272  * Returns: true if the keyblock has been fixed.
1273  *
1274  * Note:  This function does not work if there is more than one user ID.
1275  */
1276 static int
1277 fix_keyblock( KBNODE keyblock )
1278 {
1279     KBNODE node, last, subkey;
1280     int fixed=0;
1281
1282     /* locate key signatures of class 0x10..0x13 behind sub key packets */
1283     for( subkey=last=NULL, node = keyblock; node;
1284                                             last=node, node = node->next ) {
1285         switch( node->pkt->pkttype ) {
1286           case PKT_PUBLIC_SUBKEY:
1287           case PKT_SECRET_SUBKEY:
1288             if( !subkey )
1289                 subkey = last; /* actually it is the one before the subkey */
1290             break;
1291           case PKT_SIGNATURE:
1292             if( subkey ) {
1293                 PKT_signature *sig = node->pkt->pkt.signature;
1294                 if( sig->sig_class >= 0x10 && sig->sig_class <= 0x13 ) {
1295                     log_info(_(
1296                         "moving a key signature to the correct place\n"));
1297                     last->next = node->next;
1298                     node->next = subkey->next;
1299                     subkey->next = node;
1300                     node = last;
1301                     fixed=1;
1302                 }
1303             }
1304             break;
1305           default: break;
1306         }
1307     }
1308
1309     return fixed;
1310 }
1311
1312 static int
1313 parse_sign_type(const char *str,int *localsig,int *nonrevokesig,int *trustsig)
1314 {
1315   const char *p=str;
1316
1317   while(*p)
1318     {
1319       if(ascii_strncasecmp(p,"l",1)==0)
1320         {
1321           *localsig=1;
1322           p++;
1323         }
1324       else if(ascii_strncasecmp(p,"nr",2)==0)
1325         {
1326           *nonrevokesig=1;
1327           p+=2;
1328         }
1329       else if(ascii_strncasecmp(p,"t",1)==0)
1330         {
1331           *trustsig=1;
1332           p++;
1333         }
1334       else
1335         return 0;
1336     }
1337
1338   return 1;
1339 }
1340
1341 \f
1342 /****************
1343  * Menu driven key editor.  If seckey_check is true, then a secret key
1344  * that matches username will be looked for.  If it is false, not all
1345  * commands will be available.
1346  *
1347  * Note: to keep track of some selection we use node->mark MARKBIT_xxxx.
1348  */
1349
1350 /* Need an SK for this command */
1351 #define KEYEDIT_NEED_SK 1
1352 /* Cannot be viewing the SK for this command */
1353 #define KEYEDIT_NOT_SK  2
1354 /* Must be viewing the SK for this command */
1355 #define KEYEDIT_ONLY_SK 4
1356 /* Match the tail of the string */
1357 #define KEYEDIT_TAIL_MATCH 8
1358
1359 enum cmdids
1360   {
1361     cmdNONE = 0,
1362     cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
1363     cmdREVSIG, cmdREVKEY, cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG,
1364     cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY,
1365     cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF,
1366     cmdEXPIRE, cmdBACKSIGN, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF,
1367     cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
1368     cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCLEAN,
1369     cmdMINIMIZE, cmdNOP
1370   };
1371
1372 static struct
1373 {
1374   const char *name;
1375   enum cmdids id;
1376   int flags;
1377   const char *desc;
1378 } cmds[] =
1379   { 
1380     { "quit"    , cmdQUIT      , 0, N_("quit this menu") },
1381     { "q"       , cmdQUIT      , 0, NULL   },
1382     { "save"    , cmdSAVE      , 0, N_("save and quit") },
1383     { "help"    , cmdHELP      , 0, N_("show this help") },
1384     { "?"       , cmdHELP      , 0, NULL   },
1385     { "fpr"     , cmdFPR       , 0, N_("show key fingerprint") },
1386     { "list"    , cmdLIST      , 0, N_("list key and user IDs") },
1387     { "l"       , cmdLIST      , 0, NULL   },
1388     { "uid"     , cmdSELUID    , 0, N_("select user ID N") },
1389     { "key"     , cmdSELKEY    , 0, N_("select subkey N") },
1390     { "check"   , cmdCHECK     , 0, N_("check signatures") },
1391     { "c"       , cmdCHECK     , 0, NULL },
1392     { "cross-certify", cmdBACKSIGN  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
1393     { "backsign", cmdBACKSIGN  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
1394     { "sign"    , cmdSIGN      , KEYEDIT_NOT_SK|KEYEDIT_TAIL_MATCH,
1395       N_("sign selected user IDs [* see below for related commands]") },
1396     { "s"       , cmdSIGN      , KEYEDIT_NOT_SK, NULL },
1397     /* "lsign" and friends will never match since "sign" comes first
1398        and it is a tail match.  They are just here so they show up in
1399        the help menu. */
1400     { "lsign"   , cmdNOP       , 0, N_("sign selected user IDs locally") },
1401     { "tsign"   , cmdNOP       , 0,
1402       N_("sign selected user IDs with a trust signature") },
1403     { "nrsign"  , cmdNOP       , 0,
1404       N_("sign selected user IDs with a non-revocable signature") },
1405
1406     { "debug"   , cmdDEBUG     , 0, NULL },
1407     { "adduid"  , cmdADDUID    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1408       N_("add a user ID") },
1409     { "addphoto", cmdADDPHOTO  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1410       N_("add a photo ID") },
1411     { "deluid"  , cmdDELUID    , KEYEDIT_NOT_SK,
1412       N_("delete selected user IDs") },
1413     /* delphoto is really deluid in disguise */
1414     { "delphoto", cmdDELUID    , KEYEDIT_NOT_SK, NULL },
1415
1416     { "addkey"  , cmdADDKEY    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1417       N_("add a subkey") },
1418
1419 #ifdef ENABLE_CARD_SUPPORT
1420     { "addcardkey", cmdADDCARDKEY , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1421       N_("add a key to a smartcard") },
1422     { "keytocard", cmdKEYTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK, 
1423       N_("move a key to a smartcard")},
1424     { "bkuptocard", cmdBKUPTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK, 
1425       N_("move a backup key to a smartcard")},
1426 #endif /*ENABLE_CARD_SUPPORT*/
1427
1428     { "delkey"  , cmdDELKEY    , KEYEDIT_NOT_SK,
1429       N_("delete selected subkeys") },
1430     { "addrevoker",cmdADDREVOKER,KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1431       N_("add a revocation key") },
1432     { "delsig"  , cmdDELSIG    , KEYEDIT_NOT_SK,
1433       N_("delete signatures from the selected user IDs") },
1434     { "expire"  , cmdEXPIRE    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1435       N_("change the expiration date for the key or selected subkeys") },
1436     { "primary" , cmdPRIMARY   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1437       N_("flag the selected user ID as primary")},
1438     { "toggle"  , cmdTOGGLE    , KEYEDIT_NEED_SK,
1439       N_("toggle between the secret and public key listings") },
1440     { "t"       , cmdTOGGLE    , KEYEDIT_NEED_SK, NULL },
1441     { "pref"    , cmdPREF      , KEYEDIT_NOT_SK,
1442       N_("list preferences (expert)")},
1443     { "showpref", cmdSHOWPREF  , KEYEDIT_NOT_SK,
1444       N_("list preferences (verbose)") },
1445     { "setpref" , cmdSETPREF   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1446       N_("set preference list for the selected user IDs") },
1447     /* Alias */
1448     { "updpref" , cmdSETPREF   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
1449
1450     { "keyserver",cmdPREFKS    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1451       N_("set the preferred keyserver URL for the selected user IDs")},
1452     { "notation", cmdNOTATION  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1453       N_("set a notation for the selected user IDs")},
1454     { "passwd"  , cmdPASSWD    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1455       N_("change the passphrase") },
1456     /* Alias */
1457     { "password", cmdPASSWD    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
1458
1459     { "trust"   , cmdTRUST     , KEYEDIT_NOT_SK, N_("change the ownertrust") },
1460     { "revsig"  , cmdREVSIG    , KEYEDIT_NOT_SK,
1461       N_("revoke signatures on the selected user IDs") },
1462     { "revuid"  , cmdREVUID    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1463       N_("revoke selected user IDs") },
1464     /* Alias */
1465     { "revphoto", cmdREVUID    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
1466
1467     { "revkey"  , cmdREVKEY    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
1468       N_("revoke key or selected subkeys") },
1469     { "enable"  , cmdENABLEKEY , KEYEDIT_NOT_SK, N_("enable key") },
1470     { "disable" , cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key") },
1471     { "showphoto",cmdSHOWPHOTO , 0, N_("show selected photo IDs") },
1472     { "clean",    cmdCLEAN     , KEYEDIT_NOT_SK,
1473       N_("compact unusable user IDs and remove unusable signatures from key")},
1474     { "minimize", cmdMINIMIZE  , KEYEDIT_NOT_SK,
1475       N_("compact unusable user IDs and remove all signatures from key") },
1476     { NULL, cmdNONE, 0, NULL }
1477   };
1478
1479 #ifdef HAVE_LIBREADLINE
1480
1481 /* These two functions are used by readline for command completion. */
1482
1483 static char *
1484 command_generator(const char *text,int state)
1485 {
1486   static int list_index,len;
1487   const char *name;
1488
1489   /* If this is a new word to complete, initialize now.  This includes
1490      saving the length of TEXT for efficiency, and initializing the
1491      index variable to 0. */
1492   if(!state)
1493     {
1494       list_index=0;
1495       len=strlen(text);
1496     }
1497
1498   /* Return the next partial match */
1499   while((name=cmds[list_index].name))
1500     {
1501       /* Only complete commands that have help text */
1502       if(cmds[list_index++].desc && strncmp(name,text,len)==0)
1503         return strdup(name);
1504     }
1505
1506   return NULL;
1507 }
1508
1509 static char **
1510 keyedit_completion(const char *text, int start, int end)
1511 {
1512   /* If we are at the start of a line, we try and command-complete.
1513      If not, just do nothing for now. */
1514
1515   (void)end;
1516
1517   if(start==0)
1518     return rl_completion_matches(text,command_generator);
1519
1520   rl_attempted_completion_over=1;
1521
1522   return NULL;
1523 }
1524 #endif /* HAVE_LIBREADLINE */
1525
1526
1527 void
1528 keyedit_menu( const char *username, strlist_t locusr,
1529               strlist_t commands, int quiet, int seckey_check )
1530 {
1531     enum cmdids cmd = 0;
1532     int rc = 0;
1533     KBNODE keyblock = NULL;
1534     KEYDB_HANDLE kdbhd = NULL;
1535     KBNODE sec_keyblock = NULL;
1536     KEYDB_HANDLE sec_kdbhd = NULL;
1537     KBNODE cur_keyblock;
1538     char *answer = NULL;
1539     int redisplay = 1;
1540     int modified = 0;
1541     int sec_modified = 0;
1542     int toggle;
1543     int have_commands = !!commands;
1544
1545     if ( opt.command_fd != -1 )
1546         ;
1547     else if( opt.batch && !have_commands )
1548       {
1549         log_error(_("can't do this in batch mode\n"));
1550         goto leave;
1551       }
1552
1553 #ifdef HAVE_W32_SYSTEM
1554     /* Due to Windows peculiarities we need to make sure that the
1555        trustdb stale check is done before we open another file
1556        (i.e. by searching for a key).  In theory we could make sure
1557        that the files are closed after use but the open/close caches
1558        inhibits that and flushing the cache right before the stale
1559        check is not easy to implement.  Thus we take the easy way out
1560        and run the stale check as early as possible.  Note, that for
1561        non- W32 platforms it is run indirectly trough a call to
1562        get_validity ().  */
1563     check_trustdb_stale ();
1564 #endif
1565
1566     /* Get the public key */
1567     rc = get_pubkey_byname (NULL, NULL, username, &keyblock, &kdbhd, 1, 1);
1568     if( rc )
1569         goto leave;
1570     if( fix_keyblock( keyblock ) )
1571         modified++;
1572     if( collapse_uids( &keyblock ) )
1573         modified++;
1574     reorder_keyblock(keyblock);
1575     /* We modified the keyblock, so let's make sure the flags are
1576        right. */
1577     if (modified)
1578       merge_keys_and_selfsig (keyblock);
1579
1580     if(seckey_check)
1581       {/* see whether we have a matching secret key */
1582         PKT_public_key *pk = keyblock->pkt->pkt.public_key;
1583
1584         sec_kdbhd = keydb_new (1);
1585         {
1586             byte afp[MAX_FINGERPRINT_LEN];
1587             size_t an;
1588
1589             fingerprint_from_pk (pk, afp, &an);
1590             while (an < MAX_FINGERPRINT_LEN) 
1591                 afp[an++] = 0;
1592             rc = keydb_search_fpr (sec_kdbhd, afp);
1593         }
1594         if (!rc)
1595           {
1596             rc = keydb_get_keyblock (sec_kdbhd, &sec_keyblock);
1597             if (rc)
1598               {
1599                 log_error (_("error reading secret keyblock \"%s\": %s\n"),
1600                            username, g10_errstr(rc));
1601               }
1602             else
1603               {
1604                 merge_keys_and_selfsig( sec_keyblock );
1605                 if( fix_keyblock( sec_keyblock ) )
1606                   sec_modified++;
1607               }
1608           }
1609
1610         if (rc) {
1611             sec_keyblock = NULL;
1612             keydb_release (sec_kdbhd); sec_kdbhd = NULL;
1613             rc = 0;
1614         }
1615
1616         if( sec_keyblock && !quiet )
1617           tty_printf(_("Secret key is available.\n"));
1618     }
1619
1620     toggle = 0;
1621     cur_keyblock = keyblock;
1622     for(;;) { /* main loop */
1623         int i, arg_number, photo;
1624         const char *arg_string = "";
1625         char *p;
1626         PKT_public_key *pk=keyblock->pkt->pkt.public_key;
1627
1628         tty_printf("\n");
1629
1630         if( redisplay && !quiet )
1631           {
1632             show_key_with_all_names( cur_keyblock, 0, 1, 0, 1, 0 );
1633             tty_printf("\n");
1634             redisplay = 0;
1635           }
1636         do {
1637             xfree(answer);
1638             if( have_commands ) {
1639                 if( commands ) {
1640                     answer = xstrdup( commands->d );
1641                     commands = commands->next;
1642                 }
1643                 else if( opt.batch ) {
1644                     answer = xstrdup("quit");
1645                 }
1646                 else
1647                     have_commands = 0;
1648             }
1649             if( !have_commands )
1650               {
1651 #ifdef HAVE_LIBREADLINE
1652                 tty_enable_completion(keyedit_completion);
1653 #endif
1654                 answer = cpr_get_no_help("keyedit.prompt", _("Command> "));
1655                 cpr_kill_prompt();
1656                 tty_disable_completion();
1657               }
1658             trim_spaces(answer);
1659         } while( *answer == '#' );
1660
1661         arg_number = 0; /* Yes, here is the init which egcc complains about */
1662         photo = 0; /* This too */
1663         if( !*answer )
1664             cmd = cmdLIST;
1665         else if( *answer == CONTROL_D )
1666             cmd = cmdQUIT;
1667         else if( digitp(answer ) ) {
1668             cmd = cmdSELUID;
1669             arg_number = atoi(answer);
1670         }
1671         else {
1672             if( (p=strchr(answer,' ')) ) {
1673                 *p++ = 0;
1674                 trim_spaces(answer);
1675                 trim_spaces(p);
1676                 arg_number = atoi(p);
1677                 arg_string = p;
1678             }
1679
1680             for(i=0; cmds[i].name; i++ )
1681               {
1682                 if(cmds[i].flags & KEYEDIT_TAIL_MATCH)
1683                   {
1684                     size_t l=strlen(cmds[i].name);
1685                     size_t a=strlen(answer);
1686                     if(a>=l)
1687                       {
1688                         if(ascii_strcasecmp(&answer[a-l],cmds[i].name)==0)
1689                           {
1690                             answer[a-l]='\0';
1691                             break;
1692                           }
1693                       }
1694                   }
1695                 else if( !ascii_strcasecmp( answer, cmds[i].name ) )
1696                   break;
1697               }
1698             if((cmds[i].flags & KEYEDIT_NEED_SK) && !sec_keyblock )
1699               {
1700                 tty_printf(_("Need the secret key to do this.\n"));
1701                 cmd = cmdNOP;
1702               }
1703             else if(((cmds[i].flags & KEYEDIT_NOT_SK) && sec_keyblock
1704                      && toggle)
1705                     ||((cmds[i].flags & KEYEDIT_ONLY_SK) && sec_keyblock
1706                        && !toggle))
1707               {
1708                 tty_printf(_("Please use the command \"toggle\" first.\n"));
1709                 cmd = cmdNOP;
1710               }
1711             else
1712               cmd = cmds[i].id;
1713         }
1714         switch( cmd )
1715           {
1716           case cmdHELP:
1717             for(i=0; cmds[i].name; i++ )
1718               {
1719                 if((cmds[i].flags & KEYEDIT_NEED_SK) && !sec_keyblock )
1720                   ; /* skip if we do not have the secret key */
1721                 else if( cmds[i].desc )
1722                   tty_printf("%-11s %s\n", cmds[i].name, _(cmds[i].desc) );
1723               }
1724
1725             tty_printf("\n");
1726             tty_printf(_(
1727 "* The `sign' command may be prefixed with an `l' for local "
1728 "signatures (lsign),\n"
1729 "  a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
1730 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"));
1731
1732             break;
1733
1734           case cmdLIST:
1735             redisplay = 1;
1736             break;
1737
1738           case cmdFPR:
1739             show_key_and_fingerprint( keyblock );
1740             break;
1741
1742           case cmdSELUID:
1743             if(strlen(arg_string)==NAMEHASH_LEN*2)
1744               redisplay=menu_select_uid_namehash(cur_keyblock,arg_string);
1745             else
1746               redisplay=menu_select_uid(cur_keyblock,arg_number);
1747             break;
1748
1749           case cmdSELKEY:
1750             if( menu_select_key( cur_keyblock, arg_number ) )
1751                 redisplay = 1;
1752             break;
1753
1754           case cmdCHECK:
1755             /* we can only do this with the public key becuase the
1756              * check functions can't cope with secret keys and it
1757              * is questionable whether this would make sense at all */
1758             check_all_keysigs( keyblock, count_selected_uids(keyblock) );
1759             break;
1760
1761           case cmdSIGN: /* sign (only the public key) */
1762             {
1763               int localsig=0,nonrevokesig=0,trustsig=0,interactive=0;
1764
1765               if( pk->is_revoked )
1766                 {
1767                   tty_printf(_("Key is revoked."));
1768
1769                   if(opt.expert)
1770                     {
1771                       tty_printf("  ");
1772                       if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
1773                                                 _("Are you sure you still want"
1774                                                   " to sign it? (y/N) ")))
1775                         break;
1776                     }
1777                   else
1778                     {
1779                       tty_printf(_("  Unable to sign.\n"));
1780                       break;
1781                     }
1782                 }
1783
1784               if(count_uids(keyblock) > 1 && !count_selected_uids(keyblock)
1785                  && !cpr_get_answer_is_yes("keyedit.sign_all.okay",
1786                                            _("Really sign all user IDs?"
1787                                              " (y/N) ")))
1788                 {
1789                   if(opt.interactive)
1790                     interactive=1;
1791                   else
1792                     {
1793                       tty_printf(_("Hint: Select the user IDs to sign\n"));
1794                       have_commands = 0;
1795                       break;
1796                     }
1797
1798                 }
1799               /* What sort of signing are we doing? */
1800               if(!parse_sign_type(answer,&localsig,&nonrevokesig,&trustsig))
1801                 {
1802                   tty_printf(_("Unknown signature type `%s'\n"),answer);
1803                   break;
1804                 }
1805
1806               sign_uids(keyblock, locusr, &modified,
1807                         localsig, nonrevokesig, trustsig, interactive);
1808             }
1809             break;
1810
1811           case cmdDEBUG:
1812             dump_kbnode( cur_keyblock );
1813             break;
1814
1815           case cmdTOGGLE:
1816             toggle = !toggle;
1817             cur_keyblock = toggle? sec_keyblock : keyblock;
1818             redisplay = 1;
1819             break;
1820
1821           case cmdADDPHOTO:
1822             if (RFC2440 || RFC1991 || PGP2)
1823               {
1824                 tty_printf(
1825                    _("This command is not allowed while in %s mode.\n"),
1826                    compliance_option_string());
1827                 break;
1828               }
1829             photo=1;
1830             /* fall through */
1831
1832           case cmdADDUID:
1833             if( menu_adduid( keyblock, sec_keyblock, photo, arg_string ) )
1834               {
1835                 update_trust = 1;
1836                 redisplay = 1;
1837                 sec_modified = modified = 1;
1838                 merge_keys_and_selfsig( sec_keyblock );
1839                 merge_keys_and_selfsig( keyblock );
1840               }
1841             break;
1842
1843           case cmdDELUID: {
1844                 int n1;
1845
1846                 if( !(n1=count_selected_uids(keyblock)) )
1847                     tty_printf(_("You must select at least one user ID.\n"));
1848                 else if( real_uids_left(keyblock) < 1 )
1849                     tty_printf(_("You can't delete the last user ID!\n"));
1850                 else if( cpr_get_answer_is_yes("keyedit.remove.uid.okay",
1851                 n1 > 1? _("Really remove all selected user IDs? (y/N) ")
1852                             : _("Really remove this user ID? (y/N) ")
1853                        ) ) {
1854                     menu_deluid( keyblock, sec_keyblock );
1855                     redisplay = 1;
1856                     modified = 1;
1857                     if( sec_keyblock )
1858                        sec_modified = 1;
1859                 }
1860             }
1861             break;
1862
1863           case cmdDELSIG: {
1864                 int n1;
1865
1866                 if( !(n1=count_selected_uids(keyblock)) )
1867                     tty_printf(_("You must select at least one user ID.\n"));
1868                 else if( menu_delsig( keyblock ) ) {
1869                     /* no redisplay here, because it may scroll away some
1870                      * status output of delsig */
1871                     modified = 1;
1872                 }
1873             }
1874             break;
1875
1876           case cmdADDKEY:
1877             if( generate_subkeypair( keyblock, sec_keyblock ) ) {
1878                 redisplay = 1;
1879                 sec_modified = modified = 1;
1880                 merge_keys_and_selfsig( sec_keyblock );
1881                 merge_keys_and_selfsig( keyblock );
1882             }
1883             break;
1884
1885 #ifdef ENABLE_CARD_SUPPORT
1886           case cmdADDCARDKEY:
1887             if (card_generate_subkey (keyblock, sec_keyblock)) {
1888                 redisplay = 1;
1889                 sec_modified = modified = 1;
1890                 merge_keys_and_selfsig( sec_keyblock );
1891                 merge_keys_and_selfsig( keyblock );
1892             }
1893             break;
1894
1895         case cmdKEYTOCARD:
1896           {
1897             KBNODE node=NULL;
1898             switch ( count_selected_keys (sec_keyblock) )
1899               {
1900               case 0:
1901                 if (cpr_get_answer_is_yes 
1902                     ("keyedit.keytocard.use_primary",
1903                      /* TRANSLATORS: Please take care: This is about
1904                         moving the key and not about removing it.  */
1905                      _("Really move the primary key? (y/N) ")))
1906                   node = sec_keyblock;
1907                 break;
1908               case 1:
1909                 for (node = sec_keyblock; node; node = node->next )
1910                   {
1911                     if (node->pkt->pkttype == PKT_SECRET_SUBKEY 
1912                         && node->flag & NODFLG_SELKEY)
1913                       break;
1914                   }
1915                 break;
1916               default:
1917                 tty_printf(_("You must select exactly one key.\n"));
1918                 break;
1919               }
1920             if (node)
1921               {
1922                 PKT_public_key *xxpk = find_pk_from_sknode (keyblock, node);
1923                 if (card_store_subkey (node, xxpk?xxpk->pubkey_usage:0))
1924                   {
1925                     redisplay = 1;
1926                     sec_modified = 1;
1927                   }
1928               }
1929           }
1930           break;
1931
1932         case cmdBKUPTOCARD:
1933           {
1934             /* Ask for a filename, check whether this is really a
1935                backup key as generated by the card generation, parse
1936                that key and store it on card. */
1937             KBNODE node;
1938             const char *fname;
1939             PACKET *pkt;
1940             IOBUF a;
1941
1942             fname = arg_string;
1943             if (!*fname)
1944               {
1945                 tty_printf (_("Command expects a filename argument\n"));
1946                 break;
1947               }
1948
1949             /* Open that file.  */
1950             a = iobuf_open (fname);
1951             if (a && is_secured_file (iobuf_get_fd (a)))
1952               {
1953                 iobuf_close (a);
1954                 a = NULL;
1955                 errno = EPERM;
1956               }
1957             if (!a)
1958               {
1959                 tty_printf (_("Can't open `%s': %s\n"),
1960                             fname, strerror(errno));
1961                 break;
1962               }
1963             
1964             /* Parse and check that file.  */
1965             pkt = xmalloc (sizeof *pkt);
1966             init_packet (pkt);
1967             rc = parse_packet (a, pkt);
1968             iobuf_close (a);
1969             iobuf_ioctl (NULL, 2, 0, (char*)fname); /* (invalidate cache).  */
1970             if (!rc 
1971                 && pkt->pkttype != PKT_SECRET_KEY 
1972                 && pkt->pkttype != PKT_SECRET_SUBKEY)
1973               rc = G10ERR_NO_SECKEY;
1974             if (rc)
1975               {
1976                 tty_printf(_("Error reading backup key from `%s': %s\n"),
1977                            fname, g10_errstr (rc));
1978                 free_packet (pkt);
1979                 xfree (pkt);
1980                 break;
1981               }
1982             node = new_kbnode (pkt);
1983
1984             /* Store it.  */
1985             if (card_store_subkey (node, 0))
1986               {
1987                 redisplay = 1;
1988                 sec_modified = 1;
1989               }
1990             release_kbnode (node);
1991           }
1992           break;
1993
1994 #endif /* ENABLE_CARD_SUPPORT */
1995
1996           case cmdDELKEY: {
1997                 int n1;
1998
1999                 if( !(n1=count_selected_keys( keyblock )) )
2000                     tty_printf(_("You must select at least one key.\n"));
2001                 else if( !cpr_get_answer_is_yes( "keyedit.remove.subkey.okay",
2002                        n1 > 1?
2003                    _("Do you really want to delete the selected keys? (y/N) "):
2004                         _("Do you really want to delete this key? (y/N) ")
2005                        ))
2006                     ;
2007                 else {
2008                     menu_delkey( keyblock, sec_keyblock );
2009                     redisplay = 1;
2010                     modified = 1;
2011                     if( sec_keyblock )
2012                        sec_modified = 1;
2013                 }
2014             }
2015             break;
2016
2017           case cmdADDREVOKER:
2018             {
2019               int sensitive=0;
2020
2021               if(ascii_strcasecmp(arg_string,"sensitive")==0)
2022                 sensitive=1;
2023               if( menu_addrevoker( keyblock, sec_keyblock, sensitive ) ) {
2024                 redisplay = 1;
2025                 sec_modified = modified = 1;
2026                 merge_keys_and_selfsig( sec_keyblock );
2027                 merge_keys_and_selfsig( keyblock );
2028               }
2029             }
2030             break;
2031
2032           case cmdREVUID: {
2033                 int n1;
2034
2035                 if( !(n1=count_selected_uids(keyblock)) )
2036                     tty_printf(_("You must select at least one user ID.\n"));
2037                 else if( cpr_get_answer_is_yes(
2038                             "keyedit.revoke.uid.okay",
2039                        n1 > 1? _("Really revoke all selected user IDs? (y/N) ")
2040                              : _("Really revoke this user ID? (y/N) ")
2041                        ) ) {
2042                   if(menu_revuid(keyblock,sec_keyblock))
2043                     {
2044                       modified=1;
2045                       redisplay=1;
2046                     }
2047                 }
2048             }
2049             break;
2050
2051           case cmdREVKEY:
2052             {
2053               int n1;
2054
2055               if( !(n1=count_selected_keys( keyblock )) )
2056                 {
2057                   if(cpr_get_answer_is_yes("keyedit.revoke.subkey.okay",
2058                                            _("Do you really want to revoke"
2059                                              " the entire key? (y/N) ")))
2060                     {
2061                       if(menu_revkey(keyblock,sec_keyblock))
2062                         modified=1;
2063
2064                       redisplay=1;
2065                     }
2066                 }
2067               else if(cpr_get_answer_is_yes("keyedit.revoke.subkey.okay",
2068                                             n1 > 1?
2069                                             _("Do you really want to revoke"
2070                                               " the selected subkeys? (y/N) "):
2071                                             _("Do you really want to revoke"
2072                                               " this subkey? (y/N) ")))
2073                 {
2074                   if( menu_revsubkey( keyblock, sec_keyblock ) )
2075                     modified = 1;
2076
2077                   redisplay = 1;
2078                 }
2079
2080               if(modified)
2081                 merge_keys_and_selfsig( keyblock );
2082             }
2083             break;
2084
2085           case cmdEXPIRE:
2086             if( menu_expire( keyblock, sec_keyblock ) )
2087               {
2088                 merge_keys_and_selfsig( sec_keyblock );
2089                 merge_keys_and_selfsig( keyblock );
2090                 sec_modified = 1;
2091                 modified = 1;
2092                 redisplay = 1;
2093               }
2094             break;
2095
2096           case cmdBACKSIGN:
2097             if(menu_backsign(keyblock,sec_keyblock))
2098               {
2099                 sec_modified = 1;
2100                 modified = 1;
2101                 redisplay = 1;
2102               }
2103             break;
2104
2105           case cmdPRIMARY:
2106             if( menu_set_primary_uid ( keyblock, sec_keyblock ) ) {
2107                 merge_keys_and_selfsig( keyblock );
2108                 modified = 1;
2109                 redisplay = 1;
2110             }
2111             break;
2112
2113           case cmdPASSWD:
2114             if( change_passphrase( sec_keyblock ) )
2115                 sec_modified = 1;
2116             break;
2117
2118           case cmdTRUST:
2119             if(opt.trust_model==TM_EXTERNAL)
2120               {
2121                 tty_printf (_("Owner trust may not be set while "
2122                               "using a user provided trust database\n"));
2123                 break;
2124               }
2125
2126             show_key_with_all_names( keyblock, 0, 0, 0, 1, 0 );
2127             tty_printf("\n");
2128             if( edit_ownertrust( find_kbnode( keyblock,
2129                                  PKT_PUBLIC_KEY )->pkt->pkt.public_key, 1 ) ) {
2130                 redisplay = 1;
2131                 /* No real need to set update_trust here as
2132                    edit_ownertrust() calls revalidation_mark()
2133                    anyway. */
2134                 update_trust=1;
2135             }
2136             break;
2137
2138           case cmdPREF:
2139             {
2140               int count=count_selected_uids(keyblock);
2141               assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
2142               show_names(keyblock,keyblock->pkt->pkt.public_key,
2143                          count?NODFLG_SELUID:0,1);
2144             }
2145             break;
2146
2147           case cmdSHOWPREF:
2148             {
2149               int count=count_selected_uids(keyblock);
2150               assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
2151               show_names(keyblock,keyblock->pkt->pkt.public_key,
2152                          count?NODFLG_SELUID:0,2);
2153             }
2154             break;
2155
2156           case cmdSETPREF:
2157             {
2158               PKT_user_id *tempuid;
2159
2160               keygen_set_std_prefs(!*arg_string?"default" : arg_string, 0);
2161
2162               tempuid=keygen_get_std_prefs();
2163               tty_printf(_("Set preference list to:\n"));
2164               show_prefs(tempuid,NULL,1);
2165               free_user_id(tempuid);
2166
2167               if(cpr_get_answer_is_yes("keyedit.setpref.okay",
2168                                        count_selected_uids (keyblock)?
2169                                        _("Really update the preferences"
2170                                          " for the selected user IDs? (y/N) "):
2171                                        _("Really update the preferences? (y/N) ")))
2172                 {
2173                   if ( menu_set_preferences (keyblock, sec_keyblock) )
2174                     {
2175                       merge_keys_and_selfsig (keyblock);
2176                       modified = 1;
2177                       redisplay = 1;
2178                     }
2179                 }
2180             }
2181             break;
2182
2183           case cmdPREFKS:
2184             if( menu_set_keyserver_url ( *arg_string?arg_string:NULL,
2185                                          keyblock, sec_keyblock ) )
2186               {
2187                 merge_keys_and_selfsig( keyblock );
2188                 modified = 1;
2189                 redisplay = 1;
2190               }
2191             break;
2192
2193           case cmdNOTATION:
2194             if( menu_set_notation ( *arg_string?arg_string:NULL,
2195                                     keyblock, sec_keyblock ) )
2196               {
2197                 merge_keys_and_selfsig( keyblock );
2198                 modified = 1;
2199                 redisplay = 1;
2200               }
2201             break;
2202
2203           case cmdNOP:
2204             break;
2205
2206           case cmdREVSIG:
2207             if( menu_revsig( keyblock ) ) {
2208                 redisplay = 1;
2209                 modified = 1;
2210             }
2211             break;
2212
2213           case cmdENABLEKEY:
2214           case cmdDISABLEKEY:
2215             if( enable_disable_key( keyblock, cmd == cmdDISABLEKEY ) ) {
2216                 redisplay = 1;
2217                 modified = 1;
2218             }
2219             break;
2220
2221           case cmdSHOWPHOTO:
2222             menu_showphoto(keyblock);
2223             break;
2224
2225           case cmdCLEAN:
2226             if(menu_clean(keyblock,0))
2227               redisplay=modified=1;
2228             break;
2229
2230           case cmdMINIMIZE:
2231             if(menu_clean(keyblock,1))
2232               redisplay=modified=1;
2233             break;
2234
2235           case cmdQUIT:
2236             if( have_commands )
2237                 goto leave;
2238             if( !modified && !sec_modified )
2239                 goto leave;
2240             if( !cpr_get_answer_is_yes("keyedit.save.okay",
2241                                         _("Save changes? (y/N) ")) ) {
2242                 if( cpr_enabled()
2243                     || cpr_get_answer_is_yes("keyedit.cancel.okay",
2244                                              _("Quit without saving? (y/N) ")))
2245                     goto leave;
2246                 break;
2247             }
2248             /* fall thru */
2249           case cmdSAVE:
2250             if( modified || sec_modified  ) {
2251                 if( modified ) {
2252                     rc = keydb_update_keyblock (kdbhd, keyblock);
2253                     if( rc ) {
2254                         log_error(_("update failed: %s\n"), g10_errstr(rc) );
2255                         break;
2256                     }
2257                 }
2258                 if( sec_modified ) {
2259                     rc = keydb_update_keyblock (sec_kdbhd, sec_keyblock );
2260                     if( rc ) {
2261                         log_error( _("update secret failed: %s\n"),
2262                                    g10_errstr(rc) );
2263                         break;
2264                     }
2265                 }
2266             }
2267             else
2268                 tty_printf(_("Key not changed so no update needed.\n"));
2269
2270             if( update_trust )
2271               {
2272                 revalidation_mark ();
2273                 update_trust=0;
2274               }
2275             goto leave;
2276
2277           case cmdINVCMD:
2278           default:
2279             tty_printf("\n");
2280             tty_printf(_("Invalid command  (try \"help\")\n"));
2281             break;
2282         }
2283     } /* end main loop */
2284
2285   leave:
2286     release_kbnode( keyblock );
2287     release_kbnode( sec_keyblock );
2288     keydb_release (kdbhd);
2289     xfree(answer);
2290 }
2291
2292 static void
2293 tty_print_notations(int indent,PKT_signature *sig)
2294 {
2295   int first=1;
2296   struct notation *notation,*nd;
2297
2298   if(indent<0)
2299     {
2300       first=0;
2301       indent=-indent;
2302     }
2303
2304   notation=sig_to_notation(sig);
2305
2306   for(nd=notation;nd;nd=nd->next)
2307     {
2308       if(!first)
2309         tty_printf("%*s",indent,"");
2310       else
2311         first=0;
2312
2313       tty_print_utf8_string(nd->name,strlen(nd->name));
2314       tty_printf("=");
2315       tty_print_utf8_string(nd->value,strlen(nd->value));
2316       tty_printf("\n");
2317     }
2318
2319   free_notation(notation);
2320 }
2321
2322 /****************
2323  * show preferences of a public keyblock.
2324  */
2325 static void
2326 show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
2327 {
2328     const prefitem_t fake={0,0};
2329     const prefitem_t *prefs;
2330     int i;
2331
2332     if( !uid )
2333         return;
2334
2335     if( uid->prefs )
2336         prefs=uid->prefs;
2337     else if(verbose)
2338         prefs=&fake;
2339     else
2340       return;
2341
2342     if (verbose) {
2343         int any, des_seen=0, sha1_seen=0, uncomp_seen=0;
2344
2345         tty_printf ("     ");
2346         tty_printf (_("Cipher: "));
2347         for(i=any=0; prefs[i].type; i++ ) {
2348             if( prefs[i].type == PREFTYPE_SYM ) {
2349                 if (any)
2350                     tty_printf (", ");
2351                 any = 1;
2352                 /* We don't want to display strings for experimental algos */
2353                 if (!openpgp_cipher_test_algo (prefs[i].value)
2354                     && prefs[i].value < 100 )
2355                     tty_printf ("%s",
2356                                 openpgp_cipher_algo_name (prefs[i].value));
2357                 else
2358                     tty_printf ("[%d]", prefs[i].value);
2359                 if (prefs[i].value == CIPHER_ALGO_3DES )
2360                     des_seen = 1;
2361             }    
2362         }
2363         if (!des_seen) {
2364             if (any)
2365                 tty_printf (", ");
2366             tty_printf ("%s", openpgp_cipher_algo_name (CIPHER_ALGO_3DES));
2367         }
2368         tty_printf ("\n     ");
2369         tty_printf (_("Digest: "));
2370         for(i=any=0; prefs[i].type; i++ ) {
2371             if( prefs[i].type == PREFTYPE_HASH ) {
2372                 if (any)
2373                     tty_printf (", ");
2374                 any = 1;
2375                 /* We don't want to display strings for experimental algos */
2376                 if (!gcry_md_test_algo (prefs[i].value)
2377                     && prefs[i].value < 100 )
2378                     tty_printf ("%s", gcry_md_algo_name (prefs[i].value) );
2379                 else
2380                     tty_printf ("[%d]", prefs[i].value);
2381                 if (prefs[i].value == DIGEST_ALGO_SHA1 )
2382                     sha1_seen = 1;
2383             }
2384         }
2385         if (!sha1_seen) {
2386             if (any)
2387                 tty_printf (", ");
2388             tty_printf ("%s", gcry_md_algo_name (DIGEST_ALGO_SHA1));
2389         }
2390         tty_printf ("\n     ");
2391         tty_printf (_("Compression: "));
2392         for(i=any=0; prefs[i].type; i++ ) {
2393             if( prefs[i].type == PREFTYPE_ZIP ) {
2394                 const char *s=compress_algo_to_string(prefs[i].value);
2395                 
2396                 if (any)
2397                     tty_printf (", ");
2398                 any = 1;
2399                 /* We don't want to display strings for experimental algos */
2400                 if (s && prefs[i].value < 100 )
2401                     tty_printf ("%s", s );
2402                 else
2403                     tty_printf ("[%d]", prefs[i].value);
2404                 if (prefs[i].value == COMPRESS_ALGO_NONE )
2405                     uncomp_seen = 1;
2406             }
2407         }
2408         if (!uncomp_seen) {
2409             if (any)
2410                 tty_printf (", ");
2411             else {
2412               tty_printf ("%s",compress_algo_to_string(COMPRESS_ALGO_ZIP));
2413               tty_printf (", ");
2414             }
2415             tty_printf ("%s",compress_algo_to_string(COMPRESS_ALGO_NONE));
2416         }
2417         if(uid->flags.mdc || !uid->flags.ks_modify)
2418           {
2419             tty_printf ("\n     ");
2420             tty_printf (_("Features: "));
2421             any=0;
2422             if(uid->flags.mdc)
2423               {
2424                 tty_printf ("MDC");
2425                 any=1;
2426               }
2427             if(!uid->flags.ks_modify)
2428               {
2429                 if(any)
2430                   tty_printf (", ");
2431                 tty_printf (_("Keyserver no-modify"));
2432               }
2433           }
2434         tty_printf("\n");
2435
2436         if(selfsig)
2437           {
2438             const byte *pref_ks;
2439             size_t pref_ks_len;
2440
2441             pref_ks=parse_sig_subpkt(selfsig->hashed,
2442                                      SIGSUBPKT_PREF_KS,&pref_ks_len);
2443             if(pref_ks && pref_ks_len)
2444               {
2445                 tty_printf ("     ");
2446                 tty_printf(_("Preferred keyserver: "));
2447                 tty_print_utf8_string(pref_ks,pref_ks_len);
2448                 tty_printf("\n");
2449               }
2450
2451             if(selfsig->flags.notation)
2452               {
2453                 tty_printf ("     ");
2454                 tty_printf(_("Notations: "));
2455                 tty_print_notations(5+strlen(_("Notations: ")),selfsig);
2456               }
2457           }
2458     }
2459     else {
2460         tty_printf("    ");
2461         for(i=0; prefs[i].type; i++ ) {
2462             tty_printf( " %c%d", prefs[i].type == PREFTYPE_SYM   ? 'S' :
2463                                  prefs[i].type == PREFTYPE_HASH  ? 'H' :
2464                                  prefs[i].type == PREFTYPE_ZIP ? 'Z':'?',
2465                                  prefs[i].value);
2466         }
2467         if (uid->flags.mdc)
2468             tty_printf (" [mdc]");
2469         if (!uid->flags.ks_modify)
2470             tty_printf (" [no-ks-modify]");
2471         tty_printf("\n");
2472     }
2473 }
2474
2475 /* This is the version of show_key_with_all_names used when
2476    opt.with_colons is used.  It prints all available data in a easy to
2477    parse format and does not translate utf8 */
2478 static void
2479 show_key_with_all_names_colon (KBNODE keyblock)
2480 {
2481   KBNODE node;
2482   int i, j, ulti_hack=0;
2483   byte pk_version=0;
2484   PKT_public_key *primary=NULL;
2485
2486   /* the keys */
2487   for ( node = keyblock; node; node = node->next )
2488     {
2489       if (node->pkt->pkttype == PKT_PUBLIC_KEY
2490           || (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) )
2491         {
2492           PKT_public_key *pk = node->pkt->pkt.public_key;
2493           u32 keyid[2];
2494
2495           if (node->pkt->pkttype == PKT_PUBLIC_KEY)
2496             {
2497               pk_version = pk->version;
2498               primary=pk;
2499             }
2500
2501           keyid_from_pk (pk, keyid);
2502
2503           fputs (node->pkt->pkttype == PKT_PUBLIC_KEY?"pub:":"sub:", stdout);
2504           if (!pk->is_valid)
2505             putchar ('i');
2506           else if (pk->is_revoked)
2507             putchar ('r');
2508           else if (pk->has_expired)
2509             putchar ('e');
2510           else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks ))
2511             {
2512               int trust = get_validity_info (pk, NULL);
2513               if(trust=='u')
2514                 ulti_hack=1;
2515               putchar (trust);
2516             }
2517
2518           printf (":%u:%d:%08lX%08lX:%lu:%lu::",
2519                   nbits_from_pk (pk),
2520                   pk->pubkey_algo,
2521                   (ulong)keyid[0], (ulong)keyid[1],
2522                   (ulong)pk->timestamp,
2523                   (ulong)pk->expiredate );
2524           if (node->pkt->pkttype==PKT_PUBLIC_KEY
2525               && !(opt.fast_list_mode || opt.no_expensive_trust_checks ))
2526             putchar(get_ownertrust_info (pk));
2527           putchar(':');
2528           putchar (':');
2529           putchar (':');
2530           /* Print capabilities.  */
2531           if ( (pk->pubkey_usage & PUBKEY_USAGE_ENC) )
2532             putchar ('e');
2533           if ( (pk->pubkey_usage & PUBKEY_USAGE_SIG) )
2534             putchar ('s');
2535           if ( (pk->pubkey_usage & PUBKEY_USAGE_CERT) )
2536             putchar ('c');
2537           if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
2538             putchar ('a');
2539           putchar('\n');
2540           
2541           print_fingerprint (pk, NULL, 0);
2542           print_revokers(pk);
2543         }
2544     }
2545   
2546     /* the user ids */
2547     i = 0;
2548     for (node = keyblock; node; node = node->next) 
2549       {
2550         if ( node->pkt->pkttype == PKT_USER_ID )
2551           {
2552             PKT_user_id *uid = node->pkt->pkt.user_id;
2553
2554             ++i;
2555
2556             if(uid->attrib_data)
2557               printf("uat:");
2558             else
2559               printf("uid:");
2560
2561             if ( uid->is_revoked )
2562               printf("r::::::::");
2563             else if ( uid->is_expired )
2564               printf("e::::::::");
2565             else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
2566               printf("::::::::");
2567             else
2568               {
2569                 int uid_validity;
2570
2571                 if( primary && !ulti_hack )
2572                   uid_validity = get_validity_info( primary, uid );
2573                 else
2574                   uid_validity = 'u';
2575                 printf("%c::::::::",uid_validity);
2576               }
2577
2578             if(uid->attrib_data)
2579               printf ("%u %lu",uid->numattribs,uid->attrib_len);
2580             else
2581               print_string (stdout, uid->name, uid->len, ':');
2582
2583             putchar (':');
2584             /* signature class */
2585             putchar (':');
2586             /* capabilities */
2587             putchar (':');
2588             /* preferences */
2589             if (pk_version>3 || uid->selfsigversion>3)
2590               {
2591                 const prefitem_t *prefs = uid->prefs;
2592                 
2593                 for (j=0; prefs && prefs[j].type; j++)
2594                   {
2595                     if (j)
2596                       putchar (' ');
2597                     printf ("%c%d", prefs[j].type == PREFTYPE_SYM   ? 'S' :
2598                             prefs[j].type == PREFTYPE_HASH  ? 'H' :
2599                             prefs[j].type == PREFTYPE_ZIP ? 'Z':'?',
2600                             prefs[j].value);
2601                   } 
2602                 if (uid->flags.mdc)
2603                   printf (",mdc");
2604                 if (!uid->flags.ks_modify)
2605                   printf (",no-ks-modify");
2606               } 
2607             putchar (':');
2608             /* flags */
2609             printf ("%d,", i);
2610             if (uid->is_primary)
2611               putchar ('p');
2612             if (uid->is_revoked)
2613               putchar ('r');
2614             if (uid->is_expired)
2615               putchar ('e');
2616             if ((node->flag & NODFLG_SELUID))
2617               putchar ('s');
2618             if ((node->flag & NODFLG_MARK_A))
2619               putchar ('m');
2620             putchar (':');
2621             putchar('\n');
2622           }
2623       }
2624 }
2625
2626 static void
2627 show_names(KBNODE keyblock,PKT_public_key *pk,unsigned int flag,int with_prefs)
2628 {
2629   KBNODE node;
2630   int i=0;
2631
2632   for( node = keyblock; node; node = node->next )
2633     {
2634       if( node->pkt->pkttype == PKT_USER_ID
2635           && !is_deleted_kbnode(node))
2636         {
2637           PKT_user_id *uid = node->pkt->pkt.user_id;
2638           ++i;
2639           if(!flag || (flag && (node->flag & flag)))
2640             {
2641               if(!(flag&NODFLG_MARK_A) && pk)
2642                 tty_printf("%s ",uid_trust_string_fixed(pk,uid));
2643
2644               if( flag & NODFLG_MARK_A )
2645                 tty_printf("     ");
2646               else if( node->flag & NODFLG_SELUID )
2647                 tty_printf("(%d)* ", i);
2648               else if( uid->is_primary )
2649                 tty_printf("(%d). ", i);
2650               else
2651                 tty_printf("(%d)  ", i);
2652               tty_print_utf8_string( uid->name, uid->len );
2653               tty_printf("\n");
2654               if(with_prefs && pk)
2655                 {
2656                   if(pk->version>3 || uid->selfsigversion>3)
2657                     {
2658                       PKT_signature *selfsig=NULL;
2659                       KBNODE signode;
2660
2661                       for(signode=node->next;
2662                           signode && signode->pkt->pkttype==PKT_SIGNATURE;
2663                           signode=signode->next)
2664                         {
2665                           if(signode->pkt->pkt.signature->
2666                              flags.chosen_selfsig)
2667                             {
2668                               selfsig=signode->pkt->pkt.signature;
2669                               break;
2670                             }
2671                         }
2672
2673                       show_prefs (uid, selfsig, with_prefs == 2);
2674                     }
2675                   else
2676                     tty_printf(_("There are no preferences on a"
2677                                  " PGP 2.x-style user ID.\n"));
2678                 }
2679             }
2680         }
2681     }
2682 }
2683
2684 /****************
2685  * Display the key a the user ids, if only_marked is true, do only
2686  * so for user ids with mark A flag set and dont display the index number
2687  */
2688 static void
2689 show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
2690                          int with_fpr, int with_subkeys, int with_prefs )
2691 {
2692     KBNODE node;
2693     int i;
2694     int do_warn = 0;
2695     byte pk_version=0;
2696     PKT_public_key *primary=NULL;
2697
2698     if (opt.with_colons)
2699       {
2700         show_key_with_all_names_colon (keyblock);
2701         return;
2702       }
2703
2704     /* the keys */
2705     for( node = keyblock; node; node = node->next ) {
2706         if( node->pkt->pkttype == PKT_PUBLIC_KEY
2707             || (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY
2708                 && !is_deleted_kbnode(node)) ) {
2709             PKT_public_key *pk = node->pkt->pkt.public_key;
2710             const char *otrust="err",*trust="err";
2711
2712             if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
2713                 /* do it here, so that debug messages don't clutter the
2714                  * output */
2715                 static int did_warn = 0;
2716
2717                 trust = get_validity_string (pk, NULL);
2718                 otrust = get_ownertrust_string (pk);
2719
2720                 /* Show a warning once */
2721                 if (!did_warn
2722                     && (get_validity (pk, NULL) & TRUST_FLAG_PENDING_CHECK)) {
2723                     did_warn = 1;
2724                     do_warn = 1;
2725                 }
2726
2727                 pk_version=pk->version;
2728                 primary=pk;
2729             }
2730
2731             if(pk->is_revoked)
2732               {
2733                 char *user=get_user_id_string_native(pk->revoked.keyid);
2734                 const char *algo = gcry_pk_algo_name (pk->revoked.algo);
2735                 tty_printf(_("This key was revoked on %s by %s key %s\n"),
2736                            revokestr_from_pk(pk),algo?algo:"?",user);
2737                 xfree(user);
2738               }
2739
2740             if(with_revoker)
2741               {
2742                 if( !pk->revkey && pk->numrevkeys )
2743                   BUG();
2744                 else
2745                   for(i=0;i<pk->numrevkeys;i++)
2746                     {
2747                       u32 r_keyid[2];
2748                       char *user;
2749                       const char *algo;
2750
2751                       algo = gcry_pk_algo_name (pk->revkey[i].algid);
2752                       keyid_from_fingerprint(pk->revkey[i].fpr,
2753                                              MAX_FINGERPRINT_LEN,r_keyid);
2754
2755                       user=get_user_id_string_native(r_keyid);
2756                       tty_printf(_("This key may be revoked by %s key %s"),
2757                                  algo?algo:"?",user);
2758
2759                       if(pk->revkey[i].class&0x40)
2760                         {
2761                           tty_printf(" ");
2762                           tty_printf(_("(sensitive)"));
2763                         }
2764
2765                       tty_printf ("\n");
2766                       xfree(user);
2767                     }
2768               }
2769
2770             keyid_from_pk(pk,NULL);
2771             tty_printf("%s%c %4u%c/%s  ",
2772                        node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
2773                        (node->flag & NODFLG_SELKEY)? '*':' ',
2774                        nbits_from_pk( pk ),
2775                        pubkey_letter( pk->pubkey_algo ),
2776                        keystr(pk->keyid));
2777
2778             tty_printf(_("created: %s"),datestr_from_pk(pk));
2779             tty_printf("  ");
2780             if(pk->is_revoked)
2781               tty_printf(_("revoked: %s"),revokestr_from_pk(pk));
2782             else if(pk->has_expired)
2783               tty_printf(_("expired: %s"),expirestr_from_pk(pk));
2784             else
2785               tty_printf(_("expires: %s"),expirestr_from_pk(pk));
2786             tty_printf("  ");
2787             tty_printf(_("usage: %s"),usagestr_from_pk(pk));
2788             tty_printf("\n");
2789
2790             if( node->pkt->pkttype == PKT_PUBLIC_KEY )
2791               {
2792                 if(opt.trust_model!=TM_ALWAYS)
2793                   {
2794                     tty_printf("%*s", (int)keystrlen()+13,"");
2795                     /* Ownertrust is only meaningful for the PGP or
2796                        classic trust models */
2797                     if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
2798                       {
2799                         int width=14-strlen(otrust);
2800                         if(width<=0)
2801                           width=1;
2802                         tty_printf(_("trust: %s"), otrust);
2803                         tty_printf("%*s",width,"");
2804                       }
2805                     
2806                     tty_printf(_("validity: %s"), trust );
2807                     tty_printf("\n");
2808                   }
2809                 if( node->pkt->pkttype == PKT_PUBLIC_KEY
2810                     && (get_ownertrust (pk)&TRUST_FLAG_DISABLED))
2811                   {
2812                     tty_printf("*** ");
2813                     tty_printf(_("This key has been disabled"));
2814                     tty_printf("\n");
2815                   }
2816               }
2817
2818             if( node->pkt->pkttype == PKT_PUBLIC_KEY && with_fpr )
2819               {
2820                 print_fingerprint ( pk, NULL, 2 );
2821                 tty_printf("\n");
2822               }
2823         }
2824         else if( node->pkt->pkttype == PKT_SECRET_KEY
2825             || (with_subkeys && node->pkt->pkttype == PKT_SECRET_SUBKEY) )
2826           {
2827             PKT_secret_key *sk = node->pkt->pkt.secret_key;
2828             tty_printf("%s%c %4u%c/%s  ",
2829                        node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
2830                        (node->flag & NODFLG_SELKEY)? '*':' ',
2831                        nbits_from_sk( sk ),
2832                        pubkey_letter( sk->pubkey_algo ),
2833                        keystr_from_sk(sk));
2834             tty_printf(_("created: %s"),datestr_from_sk(sk));
2835             tty_printf("  ");
2836             tty_printf(_("expires: %s"),expirestr_from_sk(sk));
2837             tty_printf("\n");
2838             if (sk->is_protected && sk->protect.s2k.mode == 1002)
2839               {
2840                 tty_printf("                     ");
2841                 tty_printf(_("card-no: ")); 
2842                 if (sk->protect.ivlen == 16
2843                     && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
2844                   { /* This is an OpenPGP card. */
2845                     for (i=8; i < 14; i++)
2846                       {
2847                         if (i == 10)
2848                           tty_printf (" ");
2849                         tty_printf ("%02X", sk->protect.iv[i]);
2850                       }
2851                   }
2852                 else
2853                   { /* Something is wrong: Print all. */
2854                     for (i=0; i < sk->protect.ivlen; i++)
2855                       tty_printf ("%02X", sk->protect.iv[i]);
2856                   }
2857                 tty_printf ("\n");
2858               }
2859           }
2860     }
2861
2862     show_names(keyblock,primary,only_marked?NODFLG_MARK_A:0,with_prefs);
2863
2864     if (do_warn)
2865         tty_printf (_("Please note that the shown key validity"
2866                       " is not necessarily correct\n"
2867                       "unless you restart the program.\n")); 
2868 }
2869
2870
2871 /* Display basic key information.  This function is suitable to show
2872    information on the key without any dependencies on the trustdb or
2873    any other internal GnuPG stuff.  KEYBLOCK may either be a public or
2874    a secret key.*/
2875 void
2876 show_basic_key_info ( KBNODE keyblock )
2877 {
2878   KBNODE node;
2879   int i;
2880
2881   /* The primary key */
2882   for (node = keyblock; node; node = node->next)
2883     {
2884       if (node->pkt->pkttype == PKT_PUBLIC_KEY)
2885         {
2886           PKT_public_key *pk = node->pkt->pkt.public_key;
2887           
2888           /* Note, we use the same format string as in other show
2889              functions to make the translation job easier. */
2890           tty_printf ("%s  %4u%c/%s  ",
2891                       node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
2892                       nbits_from_pk( pk ),
2893                       pubkey_letter( pk->pubkey_algo ),
2894                       keystr_from_pk(pk));
2895           tty_printf(_("created: %s"),datestr_from_pk(pk));
2896           tty_printf("  ");
2897           tty_printf(_("expires: %s"),expirestr_from_pk(pk));
2898           tty_printf("\n");
2899           print_fingerprint ( pk, NULL, 3 );
2900           tty_printf("\n");
2901         }
2902       else if (node->pkt->pkttype == PKT_SECRET_KEY)
2903         {
2904           PKT_secret_key *sk = node->pkt->pkt.secret_key;
2905           tty_printf("%s  %4u%c/%s",
2906                      node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
2907                      nbits_from_sk( sk ),
2908                      pubkey_letter( sk->pubkey_algo ),
2909                      keystr_from_sk(sk));
2910           tty_printf(_("created: %s"),datestr_from_sk(sk));
2911           tty_printf("  ");
2912           tty_printf(_("expires: %s"),expirestr_from_sk(sk));
2913           tty_printf("\n");
2914           print_fingerprint (NULL, sk, 3 );
2915           tty_printf("\n");
2916         }
2917     }
2918
2919   /* The user IDs. */
2920   for (i=0, node = keyblock; node; node = node->next)
2921     {
2922       if (node->pkt->pkttype == PKT_USER_ID)
2923         {
2924           PKT_user_id *uid = node->pkt->pkt.user_id;
2925           ++i;
2926      
2927           tty_printf ("     ");
2928           if (uid->is_revoked)
2929             tty_printf("[%s] ",_("revoked"));
2930           else if ( uid->is_expired )
2931             tty_printf("[%s] ",_("expired"));
2932           tty_print_utf8_string (uid->name, uid->len);
2933           tty_printf ("\n");
2934         }
2935     }
2936 }
2937
2938 static void
2939 show_key_and_fingerprint( KBNODE keyblock )
2940 {
2941   KBNODE node;
2942   PKT_public_key *pk = NULL;
2943
2944   for( node = keyblock; node; node = node->next )
2945     {
2946       if( node->pkt->pkttype == PKT_PUBLIC_KEY )
2947         {
2948           pk = node->pkt->pkt.public_key;
2949           tty_printf("pub   %4u%c/%s %s ",
2950                      nbits_from_pk( pk ),
2951                      pubkey_letter( pk->pubkey_algo ),
2952                      keystr_from_pk(pk),
2953                      datestr_from_pk(pk) );
2954         }
2955       else if( node->pkt->pkttype == PKT_USER_ID )
2956         {
2957           PKT_user_id *uid = node->pkt->pkt.user_id;
2958           tty_print_utf8_string( uid->name, uid->len );
2959           break;
2960         }
2961     }
2962   tty_printf("\n");
2963   if( pk )
2964     print_fingerprint( pk, NULL, 2 );
2965 }
2966
2967
2968 /* Show a warning if no uids on the key have the primary uid flag
2969    set. */
2970 static void
2971 no_primary_warning(KBNODE keyblock)
2972 {
2973   KBNODE node;
2974   int have_primary=0,uid_count=0;
2975
2976   /* TODO: if we ever start behaving differently with a primary or
2977      non-primary attribute ID, we will need to check for attributes
2978      here as well. */
2979
2980   for(node=keyblock; node; node = node->next)
2981     {
2982       if(node->pkt->pkttype==PKT_USER_ID
2983          && node->pkt->pkt.user_id->attrib_data==NULL)
2984         {
2985           uid_count++;
2986
2987           if(node->pkt->pkt.user_id->is_primary==2)
2988             {
2989               have_primary=1;
2990               break;
2991             }
2992         }
2993     }
2994
2995   if(uid_count>1 && !have_primary)
2996     log_info(_("WARNING: no user ID has been marked as primary.  This command"
2997                " may\n              cause a different user ID to become"
2998                " the assumed primary.\n"));
2999 }
3000
3001 /****************
3002  * Ask for a new user id, do the selfsignature and put it into
3003  * both keyblocks.
3004  * Return true if there is a new user id
3005  */
3006 static int
3007 menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock,
3008              int photo, const char *photo_name)
3009 {
3010     PKT_user_id *uid;
3011     PKT_public_key *pk=NULL;
3012     PKT_secret_key *sk=NULL;
3013     PKT_signature *sig=NULL;
3014     PACKET *pkt;
3015     KBNODE node;
3016     KBNODE pub_where=NULL, sec_where=NULL;
3017     int rc;
3018
3019     for( node = pub_keyblock; node; pub_where = node, node = node->next ) {
3020         if( node->pkt->pkttype == PKT_PUBLIC_KEY )
3021             pk = node->pkt->pkt.public_key;
3022         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
3023             break;
3024     }
3025     if( !node ) /* no subkey */
3026         pub_where = NULL;
3027     for( node = sec_keyblock; node; sec_where = node, node = node->next ) {
3028         if( node->pkt->pkttype == PKT_SECRET_KEY )
3029             sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
3030         else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
3031             break;
3032     }
3033     if( !node ) /* no subkey */
3034         sec_where = NULL;
3035     assert(pk && sk);
3036
3037     if(photo) {
3038       int hasattrib=0;
3039
3040       for( node = pub_keyblock; node; node = node->next )
3041         if( node->pkt->pkttype == PKT_USER_ID &&
3042             node->pkt->pkt.user_id->attrib_data!=NULL)
3043           {
3044             hasattrib=1;
3045             break;
3046           }
3047
3048       /* It is legal but bad for compatibility to add a photo ID to a
3049          v3 key as it means that PGP2 will not be able to use that key
3050          anymore.  Also, PGP may not expect a photo on a v3 key.
3051          Don't bother to ask this if the key already has a photo - any
3052          damage has already been done at that point. -dms */
3053       if(pk->version==3 && !hasattrib)
3054         {
3055           if(opt.expert)
3056             {
3057               tty_printf(_("WARNING: This is a PGP2-style key.  "
3058                            "Adding a photo ID may cause some versions\n"
3059                            "         of PGP to reject this key.\n"));
3060
3061               if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay",
3062                                         _("Are you sure you still want "
3063                                           "to add it? (y/N) ")))
3064                 return 0;
3065             }
3066           else
3067             {
3068               tty_printf(_("You may not add a photo ID to "
3069                            "a PGP2-style key.\n"));
3070               return 0;
3071             }
3072         }
3073
3074       uid = generate_photo_id(pk,photo_name);
3075     } else
3076       uid = generate_user_id();
3077     if( !uid )
3078         return 0;
3079
3080     rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0, 0, 0,
3081                              keygen_add_std_prefs, pk );
3082     free_secret_key( sk );
3083     if( rc ) {
3084         log_error("signing failed: %s\n", g10_errstr(rc) );
3085         free_user_id(uid);
3086         return 0;
3087     }
3088
3089     /* insert/append to secret keyblock */
3090     pkt = xmalloc_clear( sizeof *pkt );
3091     pkt->pkttype = PKT_USER_ID;
3092     pkt->pkt.user_id = scopy_user_id(uid);
3093     node = new_kbnode(pkt);
3094     if( sec_where )
3095         insert_kbnode( sec_where, node, 0 );
3096     else
3097         add_kbnode( sec_keyblock, node );
3098     pkt = xmalloc_clear( sizeof *pkt );
3099     pkt->pkttype = PKT_SIGNATURE;
3100     pkt->pkt.signature = copy_signature(NULL, sig);
3101     if( sec_where )
3102         insert_kbnode( node, new_kbnode(pkt), 0 );
3103     else
3104         add_kbnode( sec_keyblock, new_kbnode(pkt) );
3105     /* insert/append to public keyblock */
3106     pkt = xmalloc_clear( sizeof *pkt );
3107     pkt->pkttype = PKT_USER_ID;
3108     pkt->pkt.user_id = uid;
3109     node = new_kbnode(pkt);
3110     if( pub_where )
3111         insert_kbnode( pub_where, node, 0 );
3112     else
3113         add_kbnode( pub_keyblock, node );
3114     pkt = xmalloc_clear( sizeof *pkt );
3115     pkt->pkttype = PKT_SIGNATURE;
3116     pkt->pkt.signature = copy_signature(NULL, sig);
3117     if( pub_where )
3118         insert_kbnode( node, new_kbnode(pkt), 0 );
3119     else
3120         add_kbnode( pub_keyblock, new_kbnode(pkt) );
3121     return 1;
3122 }
3123
3124
3125 /****************
3126  * Remove all selected userids from the keyrings
3127  */
3128 static void
3129 menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock )
3130 {
3131     KBNODE node;
3132     int selected=0;
3133
3134     for( node = pub_keyblock; node; node = node->next ) {
3135         if( node->pkt->pkttype == PKT_USER_ID ) {
3136             selected = node->flag & NODFLG_SELUID;
3137             if( selected ) {
3138                 /* Only cause a trust update if we delete a
3139                    non-revoked user id */
3140                 if(!node->pkt->pkt.user_id->is_revoked)
3141                   update_trust=1;
3142                 delete_kbnode( node );
3143                 if( sec_keyblock ) {
3144                     KBNODE snode;
3145                     int s_selected = 0;
3146                     PKT_user_id *uid = node->pkt->pkt.user_id;
3147                     for( snode = sec_keyblock; snode; snode = snode->next ) {
3148                         if( snode->pkt->pkttype == PKT_USER_ID ) {
3149                             PKT_user_id *suid = snode->pkt->pkt.user_id;
3150
3151                             s_selected =
3152                                 (uid->len == suid->len
3153                                  && !memcmp( uid->name, suid->name, uid->len));
3154                             if( s_selected )
3155                                 delete_kbnode( snode );
3156                         }
3157                         else if( s_selected
3158                                  && snode->pkt->pkttype == PKT_SIGNATURE )
3159                             delete_kbnode( snode );
3160                         else if( snode->pkt->pkttype == PKT_SECRET_SUBKEY )
3161                             s_selected = 0;
3162                     }
3163                 }
3164             }
3165         }
3166         else if( selected && node->pkt->pkttype == PKT_SIGNATURE )
3167             delete_kbnode( node );
3168         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
3169             selected = 0;
3170     }
3171     commit_kbnode( &pub_keyblock );
3172     if( sec_keyblock )
3173         commit_kbnode( &sec_keyblock );
3174 }
3175
3176
3177 static int
3178 menu_delsig( KBNODE pub_keyblock )
3179 {
3180     KBNODE node;
3181     PKT_user_id *uid = NULL;
3182     int changed=0;
3183
3184     for( node = pub_keyblock; node; node = node->next ) {
3185         if( node->pkt->pkttype == PKT_USER_ID ) {
3186             uid = (node->flag & NODFLG_SELUID)? node->pkt->pkt.user_id : NULL;
3187         }
3188         else if( uid && node->pkt->pkttype == PKT_SIGNATURE ) {
3189            int okay, valid, selfsig, inv_sig, no_key, other_err;
3190
3191             tty_printf("uid  ");
3192             tty_print_utf8_string( uid->name, uid->len );
3193             tty_printf("\n");
3194
3195             okay = inv_sig = no_key = other_err = 0;
3196             if(opt.with_colons)
3197               valid = print_and_check_one_sig_colon( pub_keyblock, node,
3198                                                &inv_sig, &no_key, &other_err,
3199                                                &selfsig, 1 );
3200             else
3201               valid = print_and_check_one_sig( pub_keyblock, node,
3202                                                &inv_sig, &no_key, &other_err,
3203                                                &selfsig, 1 );
3204
3205            if( valid ) {
3206                okay = cpr_get_answer_yes_no_quit(
3207                    "keyedit.delsig.valid",
3208                    _("Delete this good signature? (y/N/q)"));
3209
3210                /* Only update trust if we delete a good signature.
3211                   The other two cases do not affect trust. */
3212                if(okay)
3213                  update_trust=1;
3214            }
3215            else if( inv_sig || other_err )
3216                okay = cpr_get_answer_yes_no_quit(
3217                    "keyedit.delsig.invalid",
3218                    _("Delete this invalid signature? (y/N/q)"));
3219            else if( no_key )
3220                okay = cpr_get_answer_yes_no_quit(
3221                    "keyedit.delsig.unknown",
3222                    _("Delete this unknown signature? (y/N/q)"));
3223
3224             if( okay == -1 )
3225                 break;
3226            if( okay && selfsig && !cpr_get_answer_is_yes(
3227                                "keyedit.delsig.selfsig",
3228                               _("Really delete this self-signature? (y/N)") ))
3229                 okay = 0;
3230             if( okay ) {
3231                 delete_kbnode( node );
3232                 changed++;
3233             }
3234
3235         }
3236         else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
3237             uid = NULL;
3238     }
3239
3240     if( changed ) {
3241         commit_kbnode( &pub_keyblock );
3242         tty_printf( changed == 1? _("Deleted %d signature.\n")
3243                                 : _("Deleted %d signatures.\n"), changed );
3244     }
3245     else
3246         tty_printf( _("Nothing deleted.\n") );
3247
3248     return changed;
3249 }
3250
3251 static int
3252 menu_clean(KBNODE keyblock,int self_only)
3253 {
3254   KBNODE uidnode;
3255   int modified=0,select_all=!count_selected_uids(keyblock);