diff options
| author | David Shaw <dshaw@jabberwocky.com> | 2002-07-19 07:08:54 +0200 |
|---|---|---|
| committer | David Shaw <dshaw@jabberwocky.com> | 2002-07-19 07:08:54 +0200 |
| commit | fc8d9e474187d4d7ace4fa257d1ea32cdc740e37 (patch) | |
| tree | 62a2d99fa8f7b74f7ed1aa159efd75cdea0f8196 /g10/revoke.c | |
| parent | * keyedit.c (show_key_with_all_names_colon): The 0x40 class bit in a (diff) | |
| download | gnupg2-fc8d9e474187d4d7ace4fa257d1ea32cdc740e37.tar.xz gnupg2-fc8d9e474187d4d7ace4fa257d1ea32cdc740e37.zip | |
* keyedit.c (keyedit_menu, menu_addrevoker): Allow specifying "sensitive"
as an argument to an addrevoker command. This sets the 0x40 sensitive
revoker flag.
* revoke.c (gen_desig_revoke): When generating a designated revocation,
include the direct key sig that contains the designated revoker subpacket.
This allows sensitive designated revocation subpackets to be exported.
Also indicate which revokers are sensitive in the first place.
Diffstat (limited to 'g10/revoke.c')
| -rw-r--r-- | g10/revoke.c | 58 |
1 files changed, 56 insertions, 2 deletions
diff --git a/g10/revoke.c b/g10/revoke.c index ca67d80e5..af7c32ef4 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -147,7 +147,7 @@ gen_desig_revoke( const char *uname ) char *p; u32 sk_keyid[2]; PKT_user_id *uid=NULL; - PKT_signature *selfsig=NULL; + PKT_signature *selfsig=NULL,*revsig=NULL; any=1; keyid_from_sk(sk,sk_keyid); @@ -172,7 +172,10 @@ gen_desig_revoke( const char *uname ) p = get_user_id( sk_keyid, &n ); tty_print_utf8_string( p, n ); m_free(p); - tty_printf("\n\n"); + tty_printf("\n"); + if(pk->revkey[i].class&0x40) + tty_printf(_("(This is a sensitive revocation key)\n")); + tty_printf("\n"); if( !cpr_get_answer_is_yes("gen_desig_revoke.okay", _("Create a revocation certificate for this key? ")) ) @@ -225,6 +228,57 @@ gen_desig_revoke( const char *uname ) goto leave; } + /* Include the direct key signature that contains this + revocation key. We're allowed to include sensitive + revocation keys along with a revocation, and this may + be the only time the recipient has seen it. */ + while(!revsig) + { + KBNODE signode; + + signode=find_next_kbnode(node,PKT_SIGNATURE); + if(!signode) + break; + + node=signode; + + if(keyid[0]==signode->pkt->pkt.signature->keyid[0] && + keyid[1]==signode->pkt->pkt.signature->keyid[1] && + IS_KEY_SIG(signode->pkt->pkt.signature)) + { + int j; + + for(j=0;j<signode->pkt->pkt.signature->numrevkeys;j++) + { + if(pk->revkey[i].class== + signode->pkt->pkt.signature->revkey[j]->class && + pk->revkey[i].algid== + signode->pkt->pkt.signature->revkey[j]->algid && + memcmp(pk->revkey[i].fpr, + signode->pkt->pkt.signature->revkey[j]->fpr, + MAX_FINGERPRINT_LEN)==0) + { + revsig=signode->pkt->pkt.signature; + break; + } + } + } + } + + if(revsig) + { + pkt.pkttype = PKT_SIGNATURE; + pkt.pkt.signature = revsig; + + rc = build_packet( out, &pkt ); + if( rc ) { + log_error(_("build_packet failed: %s\n"), g10_errstr(rc) ); + goto leave; + } + } + else + BUG(); + init_packet( &pkt ); pkt.pkttype = PKT_SIGNATURE; pkt.pkt.signature = sig; |