[Pkg-gnupg-commit] [gnupg2] 70/102: g10: Export cleartext keys as cleartext
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jun 17 00:14:56 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit c41c46fa84cabbed74a13ded51fc3a817a919367
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Fri Jun 10 16:15:36 2016 -0400
g10: Export cleartext keys as cleartext
* g10/export.c (do_export_stream): If a key is stored by the agent in
cleartext, then try to export it as cleartext.
* tests/openpgp/export.test: For secret keys that are stored in
cleartext, test should try to export without pinentry interaction.
--
This restores the behavior of GnuPG 2.0 and 1.4 when exporting
passphraseless secret keys, and fixes the test suite accordingly.
GnuPG-bug-id: 2070, 2324
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
---
g10/export.c | 5 +++--
tests/openpgp/export.test | 28 ++++------------------------
2 files changed, 7 insertions(+), 26 deletions(-)
diff --git a/g10/export.c b/g10/export.c
index 25a3319..870cb45 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -1141,6 +1141,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
gcry_cipher_hd_t cipherhd = NULL;
char *cache_nonce = NULL;
struct export_stats_s dummystats;
+ int cleartext = 0;
if (!stats)
stats = &dummystats;
@@ -1445,7 +1446,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
serialno = NULL;
}
else
- err = agent_get_keyinfo (ctrl, hexgrip, &serialno, NULL);
+ err = agent_get_keyinfo (ctrl, hexgrip, &serialno, &cleartext);
if ((!err && serialno)
&& secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY)
@@ -1494,7 +1495,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
else if (!err)
{
err = receive_seckey_from_agent (ctrl, cipherhd,
- 0, &cache_nonce,
+ cleartext, &cache_nonce,
hexgrip, pk);
if (err)
{
diff --git a/tests/openpgp/export.test b/tests/openpgp/export.test
index e0fe926..9776760 100755
--- a/tests/openpgp/export.test
+++ b/tests/openpgp/export.test
@@ -61,8 +61,6 @@ assert_passphrases_consumed()
rm -f -- $logfile
}
-# XXX: Currently, gpg does not allow one to export private keys
-# without a passphrase (issue2070, issue2324).
export PINENTRY_USER_DATA="--logfile=$logfile --passphrasefile=$ppfile"
info "Checking key export."
@@ -78,23 +76,13 @@ do
check_armored_public_key $KEY.public
rm $KEY.public
+ # test without --armor:
+
if [ $KEY = D74C5F22 ]; then
# Key D74C5F22 is protected by a passphrase. Prepare this
# one. Currently, GnuPG does not ask for an export passphrase
# in this case.
prepare_passphrase "$usrpass1"
- else
- # We use a weak passphrase which we'll have to confirm.
- prepare_passphrase "export passphrase"
- prepare_passphrase_confirm
- prepare_passphrase "export passphrase"
-
- # Key C40FDECF has a subkey.
- if [ $KEY = C40FDECF ]; then
- prepare_passphrase "export passphrase"
- prepare_passphrase_confirm
- prepare_passphrase "export passphrase"
- fi
fi
$GPG --export-secret-keys $KEY >$KEY.private
@@ -103,21 +91,13 @@ do
assert_passphrases_consumed
+ # test with --armor:
+
if [ $KEY = D74C5F22 ]; then
# Key D74C5F22 is protected by a passphrase. Prepare this
# one. Currently, GnuPG does not ask for an export passphrase
# in this case.
prepare_passphrase "$usrpass1"
- else
- # We use a stronger passphrase here.
- prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
- prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
-
- # Key C40FDECF has a subkey.
- if [ $KEY = C40FDECF ]; then
- prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
- prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
- fi
fi
$GPG --armor --export-secret-keys $KEY >$KEY.private
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list