gpg: Make --export-ssh-key work for the primary key.
authorWerner Koch <wk@gnupg.org>
Tue, 14 Feb 2017 09:55:13 +0000 (10:55 +0100)
committerWerner Koch <wk@gnupg.org>
Tue, 14 Feb 2017 09:55:13 +0000 (10:55 +0100)
* g10/export.c (export_ssh_key): Also check the primary key.
--

If no suitable subkey was found for export, we now check whether the
primary key is suitable for export and export this one.  Without this
change it was only possible to export the primary key by using the '!'
suffix in the key specification.

Also added a sample key for testing this.

GnuPG-bug-id: 2957
Signed-off-by: Werner Koch <wk@gnupg.org>
g10/export.c
tests/openpgp/samplekeys/README
tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc [new file with mode: 0644]
tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc [new file with mode: 0644]

index f354ca0..8668126 100644 (file)
@@ -2208,6 +2208,48 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
               latest_key = node;
             }
         }
+
+      /* If no subkey was suitable check the primary key.  */
+      if (!latest_key
+          && (node = keyblock) && node->pkt->pkttype == PKT_PUBLIC_KEY)
+        {
+          pk = node->pkt->pkt.public_key;
+          if (DBG_LOOKUP)
+            log_debug ("\tchecking primary key %08lX\n",
+                       (ulong) keyid_from_pk (pk, NULL));
+          if (!(pk->pubkey_usage & PUBKEY_USAGE_AUTH))
+            {
+              if (DBG_LOOKUP)
+                log_debug ("\tprimary key not usable for authentication\n");
+            }
+          else if (!pk->flags.valid)
+            {
+              if (DBG_LOOKUP)
+                log_debug ("\tprimary key not valid\n");
+            }
+          else if (pk->flags.revoked)
+            {
+              if (DBG_LOOKUP)
+                log_debug ("\tprimary key has been revoked\n");
+            }
+          else if (pk->has_expired)
+            {
+              if (DBG_LOOKUP)
+                log_debug ("\tprimary key has expired\n");
+            }
+          else if (pk->timestamp > curtime && !opt.ignore_valid_from)
+            {
+              if (DBG_LOOKUP)
+                log_debug ("\tprimary key not yet valid\n");
+            }
+          else
+            {
+              if (DBG_LOOKUP)
+                log_debug ("\tprimary key is fine\n");
+              latest_date = pk->timestamp;
+              latest_key = node;
+            }
+        }
     }
 
   if (!latest_key)
index 29524d5..6f2399f 100644 (file)
@@ -17,3 +17,5 @@ E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection)
 rsa-rsa-sample-1.asc   RSA+RSA sample key (no passphrase)
 ed25519-cv25519-sample-1.asc  Ed25519+CV25519 sample key (no passphrase)
 silent-running.asc     Collection of sample secret keys (no passphrases)
+rsa-primary-auth-only.pub.asc  rsa2408 primary only, usage: cert,auth
+rsa-primary-auth-only.sec.asc  Ditto but the secret keyblock.
diff --git a/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc b/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc
new file mode 100644 (file)
index 0000000..f34999e
--- /dev/null
@@ -0,0 +1,23 @@
+pub   rsa2048 2017-02-14 [CA]
+      F74B4029E6906D12EBDA8EE3BD7744900FDABC8D
+      Keygrip = AB1BB1843677AF7CC4D6C14444320C3FF4147E98
+uid           [ unknown] ssh://host.example.net
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFiizWgBCACi28riS0AaC7UvXaZfoafEvcXq/MAq6akiowPf3eY4zz5DkBPf
+Ep3kGuDMAFqULvchIt9vpg719Zar/Xldi+UG+/KsDz+TT5k+nP6CwvBHbAXXtISv
+S51TKKnTFpvjcgJc1BMFN0pGf7JnZx1QfRfsZO2BvS4qVzYCWbSS9hlpMq4aIgOc
+ERBMsZYMPnI4ijbXysksecDC91kbJH0q5j8aGir5sDyrDwfVLp0SUAubRFU5gXuZ
+SEv9QmeV7XoXKXzk9KEYy7GUgoAJzabvbF0rVXqd3DE8KFkwK7rKBe8sGC04DWlK
+j/sHJcAfMSqCi/SZyYpO+FSfnB+uJ1BNc05hABEBAAG0FnNzaDovL2hvc3QuZXhh
+bXBsZS5uZXSJAU4EEwEIADgWIQT3S0Ap5pBtEuvajuO9d0SQD9q8jQUCWKLNaAIb
+IQULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRC9d0SQD9q8jZBrB/41MJWUeclV
+tM60+ydPNgUJwyRXpKdLIm/AtM1zOijlFkwsaMmzbFSFJJX98HGASHdU5OpL2Lv3
+1NNDNMbUuFumApVrLzJUBugFRb+8/uY7H3Z0/YKQ9g9OC3z7+uqFFv/+/wA+VdYX
+Zy6uim8E4OlJ41S68fQcMiTxbLTCDkvBbpf505t6JhNqF6JB+SBFQJXvRqjoydXf
+dyoiDz9N1V0ERzmGEiPewvHg2zWcVia07NGhxN3slQ3klOfYJQ8Ye72feNq1zKCy
+AyU3X8fL10XKWooCAU+t4hR5hXYxYTSZse5q0FHZ38Lt9c3ApMSZ2+ueeOtGbsH9
+kV8icGkI6KXp
+=zMXp
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc b/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc
new file mode 100644 (file)
index 0000000..9d72421
--- /dev/null
@@ -0,0 +1,38 @@
+sec   rsa2048 2017-02-14 [CA]
+      F74B4029E6906D12EBDA8EE3BD7744900FDABC8D
+      Keygrip = AB1BB1843677AF7CC4D6C14444320C3FF4147E98
+uid           [ unknown] ssh://host.example.net
+
+Passprase: none
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQOYBFiizWgBCACi28riS0AaC7UvXaZfoafEvcXq/MAq6akiowPf3eY4zz5DkBPf
+Ep3kGuDMAFqULvchIt9vpg719Zar/Xldi+UG+/KsDz+TT5k+nP6CwvBHbAXXtISv
+S51TKKnTFpvjcgJc1BMFN0pGf7JnZx1QfRfsZO2BvS4qVzYCWbSS9hlpMq4aIgOc
+ERBMsZYMPnI4ijbXysksecDC91kbJH0q5j8aGir5sDyrDwfVLp0SUAubRFU5gXuZ
+SEv9QmeV7XoXKXzk9KEYy7GUgoAJzabvbF0rVXqd3DE8KFkwK7rKBe8sGC04DWlK
+j/sHJcAfMSqCi/SZyYpO+FSfnB+uJ1BNc05hABEBAAEAB/wN0yan4HIdQ+fU5i2c
+v0uknI9+i9zW8mWUi84Puks0K15CZ1VTLHC8JQ6hgq4twhw3HeS7GkJO3X2K4BuQ
+tggdIv94slqtQKaQ9XbNgYraz/AMXZtIiNy0FdGaGmM6rY+ccwxM9w1BFXn+48v4
+lzCUCq/2wX53wwDSC5dpRPw8km6+uksFh3dfY8kgfpjU/lUCCwQiooYrQhut1EGB
+lDLRHp2ntC1xsnowtdPzluIHFetFSnmn2ehGqXqXtXLAMF0HOirViO5dUVMuj2Pe
+ra3IYVYANYK/7FEsRXHxU6aB/BSnubb5EiqB1Oi1JNyMrvYZnRsoRUaMjVgjA4ne
+RwD5BADBZN2USYGgciDVh7kvTbrtS1igPhoe3xUUQsM0hVIEwBzG4A4pWXznIQyW
+BziVTnRNp953EbHJIYdn7vmJzdiRKI+hOvrF8dfvVsq+fp4pWxrc+zrC6qptpo6H
+IhkHWUpyfIPuTI8d+glIUIuDshwKau0UZ8VDTOYuRYEZX9PrAwQA15RdS3geA1cf
+UK/ZaKs5VnohcLtEE/z3BlvlQaEdHxSQJSLYC4By7zKVOFZlZkHk36IPikwYNTgc
+P57aLe7rwNZqPhADue1ZN6Ypetvrek55lAYL9XoPJ/mWaYz6oDWWW8vHYqEPk8OL
+N8/8a6DhK0iydXi9/ztHQllbOt0EUcsEAJBjX84FgIi3VRotRSEDN/tIhekNo8p6
+Pl8YF4V8A1hCVBEKRIcsPVx603DFiGFRcQQcBbblqVG4fpOYYgiBtEgJksRiMg/o
+kmVkl8BPrIhBGe2ez7byhhFvJDAoOWCdH0MWGaPGUoCGTDvd046GE8B3UWN9TSmo
+qAqfrUG0hQVQLEa0FnNzaDovL2hvc3QuZXhhbXBsZS5uZXSJAU4EEwEIADgWIQT3
+S0Ap5pBtEuvajuO9d0SQD9q8jQUCWKLNaAIbIQULCQgHAgYVCAkKCwIEFgIDAQIe
+AQIXgAAKCRC9d0SQD9q8jZBrB/41MJWUeclVtM60+ydPNgUJwyRXpKdLIm/AtM1z
+OijlFkwsaMmzbFSFJJX98HGASHdU5OpL2Lv31NNDNMbUuFumApVrLzJUBugFRb+8
+/uY7H3Z0/YKQ9g9OC3z7+uqFFv/+/wA+VdYXZy6uim8E4OlJ41S68fQcMiTxbLTC
+DkvBbpf505t6JhNqF6JB+SBFQJXvRqjoydXfdyoiDz9N1V0ERzmGEiPewvHg2zWc
+Via07NGhxN3slQ3klOfYJQ8Ye72feNq1zKCyAyU3X8fL10XKWooCAU+t4hR5hXYx
+YTSZse5q0FHZ38Lt9c3ApMSZ2+ueeOtGbsH9kV8icGkI6KXp
+=3QG9
+-----END PGP PRIVATE KEY BLOCK-----